install some test files and modify the test path to support the running of program.

2022-01-21 22:16:11 +08:00 · 2022-01-21 22:16:11 +08:00 · 671fabd760
commit 671fabd760
parent be33046b05
4 changed files with 86 additions and 1 deletions
--- a/kunpengsecl.spec
+++ b/kunpengsecl.spec
@ -3,12 +3,15 @@

 Name:            %{name}
 Version:         %{version}
-Release:         4%{?dist}
+Release:         5%{?dist}
 Summary:         A remote attestation security software components running on Kunpeng processors.
 Summary(zh_CN):  一款运行于鲲鹏处理器上的远程证明安全软件组件
 License:         Mulan PSL v2
 URL:             https://gitee.com/openeuler/kunpengsecl
 Source0:         %{name}-v%{version}.tar.gz
+Patch0000:       update-ras-test-config.patch
+Patch0001:       update-ras-rac-testfile-path.patch
+Patch0002:       update-rac-ima-bios-test-path.patch
 BuildRequires:   gettext make golang
 BuildRequires:   protobuf-compiler openssl-devel

@ -38,6 +41,9 @@ This is the rahub rpm package.

 %prep
 %setup -q -c
+%patch0000 -p1
+%patch0001 -p1
+%patch0002 -p1

 %build
 make build
@ -49,6 +55,7 @@ rm -rf %{buildroot}/etc/
 mkdir -p %{buildroot}/etc/attestation/rac/
 mkdir -p %{buildroot}/etc/attestation/rahub/
 mkdir -p %{buildroot}/etc/attestation/ras/
+mkdir -p %{buildroot}/etc/attestation/default_test
 rm -rf %{buildroot}/usr/share/
 mkdir -p %{buildroot}/usr/share/attestation/rac/
 mkdir -p %{buildroot}/usr/share/attestation/ras/
@ -64,6 +71,9 @@ install -m 555 %{_builddir}/%{name}-%{version}/attestation/ras/pkg/ras %{buildro
 install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/raagent/config.yaml %{buildroot}/etc/attestation/rac/
 install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/rahub/config.yaml %{buildroot}/etc/attestation/rahub/
 install -m 644 %{_builddir}/%{name}-%{version}/attestation/ras/cmd/ras/config.yaml %{buildroot}/etc/attestation/ras/
+install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/raagent/ascii_runtime_measurements %{buildroot}/etc/attestation/default_test/
+install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/raagent/binary_bios_measurements %{buildroot}/etc/attestation/default_test/
+install -m 644 %{_builddir}/%{name}-%{version}/attestation/ras/cmd/ras/ecdsakey.pub %{buildroot}/etc/attestation/default_test/

 install -m 555 %{_builddir}/%{name}-%{version}/attestation/quick-scripts/prepare-database-env.sh %{buildroot}/usr/share/attestation/ras/
 install -m 555 %{_builddir}/%{name}-%{version}/attestation/quick-scripts/clear-database.sh %{buildroot}/usr/share/attestation/ras/
@ -98,6 +108,8 @@ install -m 644 %{_builddir}/%{name}-%{version}/LICENSE %{buildroot}/usr/share/do
 %{_bindir}/raagent
 %{_bindir}/tbprovisioner
 %{_sysconfdir}/attestation/rac/config.yaml
+%{_sysconfdir}/attestation/default_test/ascii_runtime_measurements
+%{_sysconfdir}/attestation/default_test/binary_bios_measurements
 %{_datadir}/attestation/rac/containerintegritytool.sh
 %{_datadir}/attestation/rac/pcieintegritytool.sh
 %{_datadir}/attestation/rac/hostintegritytool.sh
@ -108,6 +120,7 @@ install -m 644 %{_builddir}/%{name}-%{version}/LICENSE %{buildroot}/usr/share/do
 %files   ras
 %{_bindir}/ras
 %{_sysconfdir}/attestation/ras/config.yaml
+%{_sysconfdir}/attestation/default_test/ecdsakey.pub
 %{_datadir}/attestation/ras/prepare-database-env.sh
 %{_datadir}/attestation/ras/clear-database.sh
 %{_datadir}/attestation/ras/createTable.sql
@ -129,6 +142,8 @@ rm -rf %{_builddir}
 rm -rf %{buildroot}

 %changelog
+* Fri Jan 21 2022 aaron-liwang <3214053332@qq.com> - 1.0.0-5
+-   install some test files to support the running of program.
 * Mon Dec 27 2021 gwei3 <11015100@qq.com> - 1.0.0-4
 -   update the source tar to remove intermediate files.
 * Wed Dec 08 2021 aaron-liwang <3214053332@qq.com> - 1.0.0-3
--- a/update-rac-ima-bios-test-path.patch
+++ b/update-rac-ima-bios-test-path.patch
@ -0,0 +1,14 @@
+diff -Nuar kunpengsecl-v1.0.0-pre/attestation/rac/ractools/entity.go kunpengsecl-v1.0.0/attestation/rac/ractools/entity.go
+--- kunpengsecl-v1.0.0-pre/attestation/rac/ractools/entity.go	2021-12-26 12:17:34.000000000 +0800
+++ kunpengsecl-v1.0.0/attestation/rac/ractools/entity.go	2022-01-21 21:51:32.085148450 +0800
+@@ -29,8 +29,8 @@
+ 
+ const (
+ 	emptyPassword   = ""
+-	TestImaLogPath  = "./ascii_runtime_measurements"
+-	TestBiosLogPath = "./binary_bios_measurements"
+	TestImaLogPath  = "/etc/attestation/default_test/ascii_runtime_measurements"
+	TestBiosLogPath = "/etc/attestation/default_test/binary_bios_measurements"
+ 	ImaLogPath      = "/sys/kernel/security/ima/ascii_runtime_measurements"
+ 	BiosLogPath     = "/sys/kernel/security/tpm0/binary_bios_measurements"
+ )
--- a/update-ras-rac-testfile-path.patch
+++ b/update-ras-rac-testfile-path.patch
@ -0,0 +1,31 @@
+diff -Nuar kunpengsecl-v1.0.0-pre/attestation/ras/config/config.go kunpengsecl-v1.0.0/attestation/ras/config/config.go
+--- kunpengsecl-v1.0.0-pre/attestation/ras/config/config.go	2021-12-26 12:17:34.000000000 +0800
+++ kunpengsecl-v1.0.0/attestation/ras/config/config.go	2022-01-21 21:50:23.509081269 +0800
+@@ -67,8 +67,8 @@
+ 	NullString            = ""
+ 	extKey                = ".key"
+ 	extCert               = ".crt"
+-	RasRootKeyFileDefault = "./pca-root"
+-	RasPcaKeyFileDefault  = "./pca-ek"
+	RasRootKeyFileDefault = strPathSysConf + "/default_test/pca-root"
+	RasPcaKeyFileDefault  = strPathSysConf + "/default_test/pca-ek"
+ 	RasRootPrivKeyFile    = "rasconfig.rootprivkeyfile"
+ 	RasRootKeyCertFile    = "rasconfig.rootkeycertfile"
+ 	RasPcaPrivKeyFile     = "rasconfig.pcaprivkeyfile"
+@@ -97,13 +97,13 @@
+ 	RasExtRules           = "rasconfig.basevalue-extract-rules"
+ 	RasAutoUpdateConfig   = "rasconfig.auto-update-config"
+ 	RasAuthKeyFile        = "rasconfig.authkeyfile"
+-	RasAuthKeyFileDefault = "./ecdsakey"
+	RasAuthKeyFileDefault = strPathSysConf + "/default_test/ecdsakey"
+ 	// RAC
+ 	RacIKeyCertFileDefault     = "./ic"
+ 	RacEKeyCertFile            = "racconfig.ekcert"
+ 	RacIKeyCertFile            = "racconfig.ikcert"
+-	RacEKFileDefaultTest       = "./ectest"
+-	RacIKeyCertFileDefaultTest = "./ictest"
+	RacEKFileDefaultTest       = strPathSysConf + "/default_test/ectest"
+	RacIKeyCertFileDefaultTest = strPathSysConf + "/default_test/ictest"
+ 	RacEKeyCertFileTest        = "racconfig.ekcerttest"
+ 	RacIKeyCertFileTest        = "racconfig.ikcerttest"
+ 	RacServer                  = "racconfig.server" // client connect to server
--- a/update-ras-test-config.patch
+++ b/update-ras-test-config.patch
@ -0,0 +1,25 @@
+--- kunpengsecl-v1.0.0-pre/attestation/ras/cmd/ras/config.yaml	2021-12-26 12:17:34.000000000 +0800
+++ kunpengsecl-v1.0.0/attestation/ras/cmd/ras/config.yaml	2022-01-21 21:48:55.182706734 +0800
+@@ -9,7 +9,7 @@
+   hbduration: 5s
+   trustduration: 2m0s
+ rasconfig:
+-  authkeyfile: ./ecdsakey.pub
+  authkeyfile: /etc/attestation/default_test/ecdsakey.pub
+   auto-update-config:
+     isallupdate: false
+     updateclients: []
+@@ -31,9 +31,9 @@
+       - 4
+   changetime: 1970-01-01T08:00:00+08:00
+   mgrstrategy: auto
+-  pcakeycertfile: ./pca-ek.crt
+-  pcaprivkeyfile: ./pca-ek.key
+  pcakeycertfile: /etc/attestation/default_test/pca-ek.crt
+  pcaprivkeyfile: /etc/attestation/default_test/pca-ek.key
+   port: 127.0.0.1:40001
+   rest: 127.0.0.1:40002
+-  rootkeycertfile: ./pca-root.crt
+-  rootprivkeyfile: ./pca-root.key
+  rootkeycertfile: /etc/attestation/default_test/pca-root.crt
+  rootprivkeyfile: /etc/attestation/default_test/pca-root.key