From 671fabd76057920f8220dfee579890ae567ae26d Mon Sep 17 00:00:00 2001 From: aaron-liwang <3214053332@qq.com> Date: Fri, 21 Jan 2022 22:16:11 +0800 Subject: [PATCH] install some test files and modify the test path to support the running of program. --- kunpengsecl.spec | 17 +++++++++++++++- update-rac-ima-bios-test-path.patch | 14 +++++++++++++ update-ras-rac-testfile-path.patch | 31 +++++++++++++++++++++++++++++ update-ras-test-config.patch | 25 +++++++++++++++++++++++ 4 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 update-rac-ima-bios-test-path.patch create mode 100644 update-ras-rac-testfile-path.patch create mode 100644 update-ras-test-config.patch diff --git a/kunpengsecl.spec b/kunpengsecl.spec index 99e6d53..e7ecd5d 100644 --- a/kunpengsecl.spec +++ b/kunpengsecl.spec @@ -3,12 +3,15 @@ Name: %{name} Version: %{version} -Release: 4%{?dist} +Release: 5%{?dist} Summary: A remote attestation security software components running on Kunpeng processors. Summary(zh_CN): 一款运行于鲲鹏处理器上的远程证明安全软件组件 License: Mulan PSL v2 URL: https://gitee.com/openeuler/kunpengsecl Source0: %{name}-v%{version}.tar.gz +Patch0000: update-ras-test-config.patch +Patch0001: update-ras-rac-testfile-path.patch +Patch0002: update-rac-ima-bios-test-path.patch BuildRequires: gettext make golang BuildRequires: protobuf-compiler openssl-devel @@ -38,6 +41,9 @@ This is the rahub rpm package. %prep %setup -q -c +%patch0000 -p1 +%patch0001 -p1 +%patch0002 -p1 %build make build @@ -49,6 +55,7 @@ rm -rf %{buildroot}/etc/ mkdir -p %{buildroot}/etc/attestation/rac/ mkdir -p %{buildroot}/etc/attestation/rahub/ mkdir -p %{buildroot}/etc/attestation/ras/ +mkdir -p %{buildroot}/etc/attestation/default_test rm -rf %{buildroot}/usr/share/ mkdir -p %{buildroot}/usr/share/attestation/rac/ mkdir -p %{buildroot}/usr/share/attestation/ras/ @@ -64,6 +71,9 @@ install -m 555 %{_builddir}/%{name}-%{version}/attestation/ras/pkg/ras %{buildro install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/raagent/config.yaml %{buildroot}/etc/attestation/rac/ install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/rahub/config.yaml %{buildroot}/etc/attestation/rahub/ install -m 644 %{_builddir}/%{name}-%{version}/attestation/ras/cmd/ras/config.yaml %{buildroot}/etc/attestation/ras/ +install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/raagent/ascii_runtime_measurements %{buildroot}/etc/attestation/default_test/ +install -m 644 %{_builddir}/%{name}-%{version}/attestation/rac/cmd/raagent/binary_bios_measurements %{buildroot}/etc/attestation/default_test/ +install -m 644 %{_builddir}/%{name}-%{version}/attestation/ras/cmd/ras/ecdsakey.pub %{buildroot}/etc/attestation/default_test/ install -m 555 %{_builddir}/%{name}-%{version}/attestation/quick-scripts/prepare-database-env.sh %{buildroot}/usr/share/attestation/ras/ install -m 555 %{_builddir}/%{name}-%{version}/attestation/quick-scripts/clear-database.sh %{buildroot}/usr/share/attestation/ras/ @@ -98,6 +108,8 @@ install -m 644 %{_builddir}/%{name}-%{version}/LICENSE %{buildroot}/usr/share/do %{_bindir}/raagent %{_bindir}/tbprovisioner %{_sysconfdir}/attestation/rac/config.yaml +%{_sysconfdir}/attestation/default_test/ascii_runtime_measurements +%{_sysconfdir}/attestation/default_test/binary_bios_measurements %{_datadir}/attestation/rac/containerintegritytool.sh %{_datadir}/attestation/rac/pcieintegritytool.sh %{_datadir}/attestation/rac/hostintegritytool.sh @@ -108,6 +120,7 @@ install -m 644 %{_builddir}/%{name}-%{version}/LICENSE %{buildroot}/usr/share/do %files ras %{_bindir}/ras %{_sysconfdir}/attestation/ras/config.yaml +%{_sysconfdir}/attestation/default_test/ecdsakey.pub %{_datadir}/attestation/ras/prepare-database-env.sh %{_datadir}/attestation/ras/clear-database.sh %{_datadir}/attestation/ras/createTable.sql @@ -129,6 +142,8 @@ rm -rf %{_builddir} rm -rf %{buildroot} %changelog +* Fri Jan 21 2022 aaron-liwang <3214053332@qq.com> - 1.0.0-5 +- install some test files to support the running of program. * Mon Dec 27 2021 gwei3 <11015100@qq.com> - 1.0.0-4 - update the source tar to remove intermediate files. * Wed Dec 08 2021 aaron-liwang <3214053332@qq.com> - 1.0.0-3 diff --git a/update-rac-ima-bios-test-path.patch b/update-rac-ima-bios-test-path.patch new file mode 100644 index 0000000..4880684 --- /dev/null +++ b/update-rac-ima-bios-test-path.patch @@ -0,0 +1,14 @@ +diff -Nuar kunpengsecl-v1.0.0-pre/attestation/rac/ractools/entity.go kunpengsecl-v1.0.0/attestation/rac/ractools/entity.go +--- kunpengsecl-v1.0.0-pre/attestation/rac/ractools/entity.go 2021-12-26 12:17:34.000000000 +0800 ++++ kunpengsecl-v1.0.0/attestation/rac/ractools/entity.go 2022-01-21 21:51:32.085148450 +0800 +@@ -29,8 +29,8 @@ + + const ( + emptyPassword = "" +- TestImaLogPath = "./ascii_runtime_measurements" +- TestBiosLogPath = "./binary_bios_measurements" ++ TestImaLogPath = "/etc/attestation/default_test/ascii_runtime_measurements" ++ TestBiosLogPath = "/etc/attestation/default_test/binary_bios_measurements" + ImaLogPath = "/sys/kernel/security/ima/ascii_runtime_measurements" + BiosLogPath = "/sys/kernel/security/tpm0/binary_bios_measurements" + ) diff --git a/update-ras-rac-testfile-path.patch b/update-ras-rac-testfile-path.patch new file mode 100644 index 0000000..04a2e87 --- /dev/null +++ b/update-ras-rac-testfile-path.patch @@ -0,0 +1,31 @@ +diff -Nuar kunpengsecl-v1.0.0-pre/attestation/ras/config/config.go kunpengsecl-v1.0.0/attestation/ras/config/config.go +--- kunpengsecl-v1.0.0-pre/attestation/ras/config/config.go 2021-12-26 12:17:34.000000000 +0800 ++++ kunpengsecl-v1.0.0/attestation/ras/config/config.go 2022-01-21 21:50:23.509081269 +0800 +@@ -67,8 +67,8 @@ + NullString = "" + extKey = ".key" + extCert = ".crt" +- RasRootKeyFileDefault = "./pca-root" +- RasPcaKeyFileDefault = "./pca-ek" ++ RasRootKeyFileDefault = strPathSysConf + "/default_test/pca-root" ++ RasPcaKeyFileDefault = strPathSysConf + "/default_test/pca-ek" + RasRootPrivKeyFile = "rasconfig.rootprivkeyfile" + RasRootKeyCertFile = "rasconfig.rootkeycertfile" + RasPcaPrivKeyFile = "rasconfig.pcaprivkeyfile" +@@ -97,13 +97,13 @@ + RasExtRules = "rasconfig.basevalue-extract-rules" + RasAutoUpdateConfig = "rasconfig.auto-update-config" + RasAuthKeyFile = "rasconfig.authkeyfile" +- RasAuthKeyFileDefault = "./ecdsakey" ++ RasAuthKeyFileDefault = strPathSysConf + "/default_test/ecdsakey" + // RAC + RacIKeyCertFileDefault = "./ic" + RacEKeyCertFile = "racconfig.ekcert" + RacIKeyCertFile = "racconfig.ikcert" +- RacEKFileDefaultTest = "./ectest" +- RacIKeyCertFileDefaultTest = "./ictest" ++ RacEKFileDefaultTest = strPathSysConf + "/default_test/ectest" ++ RacIKeyCertFileDefaultTest = strPathSysConf + "/default_test/ictest" + RacEKeyCertFileTest = "racconfig.ekcerttest" + RacIKeyCertFileTest = "racconfig.ikcerttest" + RacServer = "racconfig.server" // client connect to server diff --git a/update-ras-test-config.patch b/update-ras-test-config.patch new file mode 100644 index 0000000..d73f9c6 --- /dev/null +++ b/update-ras-test-config.patch @@ -0,0 +1,25 @@ +--- kunpengsecl-v1.0.0-pre/attestation/ras/cmd/ras/config.yaml 2021-12-26 12:17:34.000000000 +0800 ++++ kunpengsecl-v1.0.0/attestation/ras/cmd/ras/config.yaml 2022-01-21 21:48:55.182706734 +0800 +@@ -9,7 +9,7 @@ + hbduration: 5s + trustduration: 2m0s + rasconfig: +- authkeyfile: ./ecdsakey.pub ++ authkeyfile: /etc/attestation/default_test/ecdsakey.pub + auto-update-config: + isallupdate: false + updateclients: [] +@@ -31,9 +31,9 @@ + - 4 + changetime: 1970-01-01T08:00:00+08:00 + mgrstrategy: auto +- pcakeycertfile: ./pca-ek.crt +- pcaprivkeyfile: ./pca-ek.key ++ pcakeycertfile: /etc/attestation/default_test/pca-ek.crt ++ pcaprivkeyfile: /etc/attestation/default_test/pca-ek.key + port: 127.0.0.1:40001 + rest: 127.0.0.1:40002 +- rootkeycertfile: ./pca-root.crt +- rootprivkeyfile: ./pca-root.key ++ rootkeycertfile: /etc/attestation/default_test/pca-root.crt ++ rootprivkeyfile: /etc/attestation/default_test/pca-root.key