Get rid of the 'c' code that only changed the user and add for support of
the --runas option to change to a different user in the python part.
To get 'make distcheck' to work I needed to name the swtpm_setup python
script with the suffix .in so that it gets copied to the build directory
as swtpm_setup. We need to change execute permissions on this file after
copying.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch over to the new python implementation of swtpm_setup. We need to
also adjust test cases that involved the tcsd that otherwise fail for
various reasons. For in-place testing we need to adjust the PYTHONPATH
and PATH so that swtpm_setup.py can be found and so that swtpm_setup.py
then finds swtpm if it is not explicitly passed as parameter.
Adjust the man page for swtpm_setup to reflect the changes.
We now can run swtpm_setup as any user. However, libvirt still runs it
as tss:tss (for example), which is then creating the signing key as tss:tss
as well. Ideally libvirt would run it as tss:root or any other combination
since the tss group may be used for user wanting to access /dev/tpmrm0 for
example. We at least change the directory ownership of /var/lib/swtpm-localca
to tss:root and keep the world out of this directory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The OpenBSD implementation of 'od -tx1' prints two spaces between
hexbytes, thus the grep for "00 00 00 00" fails and we report an
invalid error. This patch fixes this by squeezing the two consecutive
spaces.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The Ubuntu (PPA) build system executes the build on an environment that
has problems with seccomp profiles. It does not allow us to run the test
suite with swtpm applying its seccomp profile since it fails with a
'bad system call' error. To work around this we introduce the env. variable
SWTPM_TEST_SECCOMP_OPT that we can set to "--seccomp action=none" to avoid
having swtpm apply it seccomp profile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Make sure that when keyfile/keyfile-fd or pwdfile/pwdfile-fd are passed
to swtpm_setup that the resulting state is actually encrypted. We check
for encrypted state by making sure that 4-byte sequences of 0-bytes are
not there while they are there for un-encrypted state.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
On some systems /bin/bash does not exists but the bash is somewhere
else and can be invoked with /usr/bin/env bash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some test cases that root has to run did not pass the out-of-tree
builds. We need to pass the top level source dir to these test cases
and change some variable accessing config files to the right directory
for the out-of-tree build to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Pass the top_builddir and top_srcdir via TESTS_ENVIRONMENT
variable in Makefile.am.
Use TESTDIR for the path to the test directory and replace
previously used DIR in all occurences.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support TPM 2 in swtpm_setup and swtpm_setup.sh.
Implement support for all command line options except for:
o --take-ownership and anything related to ownership passwords
o --lock-nvram
o --display
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
