snappy-hwe-snaps

Merge ~sylvain-pineau/snappy-hwe-snaps/+git/tpm2:home-interface into ~snappy-hwe-team/snappy-hwe-snaps/+git/tpm2:master

  1. Git
  2. lp:~sylvain-pineau/snappy-hwe-snaps/+git/tpm2
  3. home-interface
  4. Merge into master
Proposed by Sylvain Pineau
Status: Merged
Approved by: Simon Fels
Approved revision: 5b4da6946e2501ee9fb1057bbbbe8f1cdf8d41c4
Merged at revision: f5e11992934b19d6b0e63f326ff52b06670a6e0f
Proposed branch: ~sylvain-pineau/snappy-hwe-snaps/+git/tpm2:home-interface
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/tpm2:master
Diff against target: 185 lines (+32/-30)
3 files modified
snapcraft.yaml (+30/-29)
spread.yaml (+1/-1)
tests/main/installation/task.yaml (+1/-0)
Reviewer Review Type Date Requested Status
System Enablement Bot continuous-integration Approve
Sylvain Pineau (community) Needs Resubmitting
Simon Fels Approve
Review via email: mp+324748@code.launchpad.net

Description of the change

This MR adds the home interface to all tpm2 commands (+ a missing(?) network plug for akparse)

Note: need to modify the snap-declaration for tpm2 in the snap store to ensure that the home interface is auto-connected.

To post a comment you must log in.
Revision history for this message
Simon Fels (morphis) wrote :

LGTM, having a quick spread test to verify this works well would be great.

review: Needs Fixing
Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :

Add the missing spread test (but is assumes that the snap-declaration for tpm2 is updated)

review: Needs Resubmitting
Revision history for this message
Simon Fels (morphis) wrote :

Is there a way how we can test that at least one of these commands has now access to $HOME without having a TPM around?

Revision history for this message
Simon Fels (morphis) :
review: Approve
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

FAILED: Continuous integration, rev:5917b1c68a5adf66be75305090ec81db26479372
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1547/
Executed test runs:
    FAILURE: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/1837/console
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1455/console
    FAILURE: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/2219/console
    None: https://jenkins.canonical.com/system-enablement/job/generic-cleanup-snap/1416/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1547/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Simon Fels (morphis) wrote :

To allow spread to pass you need to add the home plug to https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/tpm2/tree/spread.yaml#n26

Revision history for this message
Sylvain Pineau (sylvain-pineau) wrote :

Add home to SNAP_AUTOCONNECT_CORE_PLUGS

review: Needs Resubmitting
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:5917b1c68a5adf66be75305090ec81db26479372
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1548/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/1838
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1456/console
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/2220
    None: https://jenkins.canonical.com/system-enablement/job/generic-cleanup-snap/1417/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1548/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/snapcraft.yaml b/snapcraft.yaml
2index 7764654..cfc67b8 100644
3--- a/snapcraft.yaml
4+++ b/snapcraft.yaml
5@@ -18,125 +18,126 @@ apps:
6 plugs: [tpm, network-bind]
7 activatecredential:
8 command: sbin/tpm2_activatecredential
9- plugs: [network]
10+ plugs: [network, home]
11 aliases: [tpm2_activatecredential]
12 akparse:
13 command: sbin/tpm2_akparse
14+ plugs: [network, home]
15 aliases: [tpm2_akparse]
16 certify:
17 command: sbin/tpm2_certify
18- plugs: [network]
19+ plugs: [network, home]
20 aliases: [tpm2_certify]
21 create:
22 command: sbin/tpm2_create
23- plugs: [network]
24+ plugs: [network, home]
25 aliases: [tpm2_create]
26 createprimary:
27 command: sbin/tpm2_createprimary
28- plugs: [network]
29+ plugs: [network, home]
30 aliases: [tpm2_createprimary]
31 encryptdecrypt:
32 command: sbin/tpm2_encryptdecrypt
33- plugs: [network]
34+ plugs: [network, home]
35 aliases: [tpm2_encryptdecrypt]
36 evictcontrol:
37 command: sbin/tpm2_evictcontrol
38- plugs: [network]
39+ plugs: [network, home]
40 aliases: [tpm2_evictcontrol]
41 getmanufec:
42 command: sbin/tpm2_getmanufec
43- plugs: [network]
44+ plugs: [network, home]
45 aliases: [tpm2_getmanufec]
46 getpubak:
47 command: sbin/tpm2_getpubak
48- plugs: [network]
49+ plugs: [network, home]
50 aliases: [tpm2_getpubak]
51 getpubek:
52 command: sbin/tpm2_getpubek
53- plugs: [network]
54+ plugs: [network, home]
55 aliases: [tpm2_getpubek]
56 getrandom:
57 command: sbin/tpm2_getrandom
58- plugs: [network]
59+ plugs: [network, home]
60 aliases: [tpm2_getrandom]
61 hash:
62 command: sbin/tpm2_hash
63- plugs: [network]
64+ plugs: [network, home]
65 aliases: [tpm2_hash]
66 hmac:
67 command: sbin/tpm2_hmac
68- plugs: [network]
69+ plugs: [network, home]
70 aliases: [tpm2_hmac]
71 listpcrs:
72 command: sbin/tpm2_listpcrs
73- plugs: [network]
74+ plugs: [network, home]
75 aliases: [tpm2_listpcrs]
76 load:
77 command: sbin/tpm2_load
78- plugs: [network]
79+ plugs: [network, home]
80 aliases: [tpm2_load]
81 loadexternal:
82 command: sbin/tpm2_loadexternal
83- plugs: [network]
84+ plugs: [network, home]
85 aliases: [tpm2_loadexternal]
86 makecredential:
87 command: sbin/tpm2_makecredential
88- plugs: [network]
89+ plugs: [network, home]
90 aliases: [tpm2_makecredential]
91 nvdefine:
92 command: sbin/tpm2_nvdefine
93- plugs: [network]
94+ plugs: [network, home]
95 aliases: [tpm2_nvdefine]
96 nvlist:
97 command: sbin/tpm2_nvlist
98- plugs: [network]
99+ plugs: [network, home]
100 aliases: [tpm2_nvlist]
101 nvread:
102 command: sbin/tpm2_nvread
103- plugs: [network]
104+ plugs: [network, home]
105 aliases: [tpm2_nvread]
106 nvrelease:
107 command: sbin/tpm2_nvrelease
108- plugs: [network]
109+ plugs: [network, home]
110 aliases: [tpm2_nvrelease]
111 nvwrite:
112 command: sbin/tpm2_nvwrite
113- plugs: [network]
114+ plugs: [network, home]
115 aliases: [tpm2_nvwrite]
116 quote:
117 command: sbin/tpm2_quote
118- plugs: [network]
119+ plugs: [network, home]
120 aliases: [tpm2_quote]
121 rc-decode:
122 command: sbin/tpm2_rc_decode
123 aliases: [tpm2_rc_decode]
124 readpublic:
125 command: sbin/tpm2_readpublic
126- plugs: [network]
127+ plugs: [network, home]
128 aliases: [tpm2_readpublic]
129 rsadecrypt:
130 command: sbin/tpm2_rsadecrypt
131- plugs: [network]
132+ plugs: [network, home]
133 aliases: [tpm2_rsadecrypt]
134 rsaencrypt:
135 command: sbin/tpm2_rsaencrypt
136- plugs: [network]
137+ plugs: [network, home]
138 aliases: [tpm2_rsaencrypt]
139 sign:
140 command: sbin/tpm2_sign
141- plugs: [network]
142+ plugs: [network, home]
143 aliases: [tpm2_sign]
144 takeownership:
145 command: sbin/tpm2_takeownership
146- plugs: [network]
147+ plugs: [network, home]
148 aliases: [tpm2_takeownership]
149 unseal:
150 command: sbin/tpm2_unseal
151- plugs: [network]
152+ plugs: [network, home]
153 aliases: [tpm2_unseal]
154 verifysignature:
155 command: sbin/tpm2_verifysignature
156- plugs: [network]
157+ plugs: [network, home]
158 aliases: [tpm2_verifysignature]
159
160 parts:
161diff --git a/spread.yaml b/spread.yaml
162index 0b5f803..2244e1e 100644
163--- a/spread.yaml
164+++ b/spread.yaml
165@@ -23,7 +23,7 @@ environment:
166 SNAP_ARCH: amd64
167 # Allow the host to pass the channel to use for the test run
168 SNAP_CHANNEL: $(HOST:echo $SNAP_CHANNEL)
169- SNAP_AUTOCONNECT_CORE_PLUGS: network network-bind tpm
170+ SNAP_AUTOCONNECT_CORE_PLUGS: home network network-bind tpm
171 SNAP_AUTO_ALIASES: tpm2_activatecredential tpm2_akparse tpm2_certify tpm2_create tpm2_createprimary tpm2_encryptdecrypt tpm2_evictcontrol tpm2_getmanufec tpm2_getpubak tpm2_getpubek tpm2_getrandom tpm2_hash tpm2_hmac tpm2_listpcrs tpm2_load tpm2_loadexternal tpm2_makecredential tpm2_nvdefine tpm2_nvlist tpm2_nvread tpm2_nvrelease tpm2_nvwrite tpm2_quote tpm2_rc_decode tpm2_readpublic tpm2_rsadecrypt tpm2_rsaencrypt tpm2_sign tpm2_takeownership tpm2_unseal tpm2_verifysignature
172
173 backends:
174diff --git a/tests/main/installation/task.yaml b/tests/main/installation/task.yaml
175index 7276da7..15177de 100644
176--- a/tests/main/installation/task.yaml
177+++ b/tests/main/installation/task.yaml
178@@ -5,6 +5,7 @@ execute: |
179 snap interfaces | grep -Pzq ":tpm +tpm2"
180 snap interfaces | grep -Pzq ":network +[a-z,-]*tpm2"
181 snap interfaces | grep -Pzq ":network-bind +[a-z,-]*tpm2"
182+ snap interfaces | grep -Pzq ":home +[a-z,-]*tpm2"
183
184 # Verify aliases are set up
185 test -x /snap/bin/tpm2_activatecredential

Subscribers

People subscribed via source and target branches