If the key is not readable as the current user, such as tss:tss,
but it is there, we don't try to create it but error out.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
We are currently missing the Authority Key Id in the certificate used for
creating the EK cert. To get this, we create a root CA for our local CA
and use that root CA to sign the local CA's certificate. Our local
CA is now an intermediate CA and the Authority Key Id can now be copied
into the EK cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Certtool seems to not verify a certificate chain properly unless
the certificate has a distinguished name.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the hardcodes tss user and group and to configure with
--with-tss-user=tss --with-tss-group=tss to set the tss user
and group to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Disable the chown commands when building an RPM; we try to detect this
by the usage of DESTDIR.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Automatically create the signing key and a self-signed issuer
certificate if the state dir has to be created.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
