[PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway

[PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway

[Vitaly Chikunov]

Do not need to waste CPU cycles and time to install swtpm in CI
container if distribution does not have tssstartup, because we will
be not able to start it.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 .github/workflows/ci.yml | 8 +++++++-
 .travis.yml              | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git .github/workflows/ci.yml .github/workflows/ci.yml
index f08733a..2e0b1b0 100644
--- .github/workflows/ci.yml
+++ .github/workflows/ci.yml
@@ -112,7 +112,13 @@ jobs:
         ARCH="$ARCH" CC="$CC" TSS="$TSS" ./ci/$INSTALL.sh
 
     - name: Build swtpm
-      run: if [ ! "$VARIANT" ]; then which tpm_server || which swtpm || ./tests/install-swtpm.sh; fi
+      run: |
+        if [ ! "$VARIANT" ]; then
+          which tpm_server || which swtpm || \
+            if which tssstartup; then
+              ./tests/install-swtpm.sh;
+            fi
+        fi
 
     - name: Compiler version
       run: $CC --version
diff --git .travis.yml .travis.yml
index 5b07711..94fbb94 100644
--- .travis.yml
+++ .travis.yml
@@ -93,4 +93,4 @@ before_install:
 script:
     - INSTALL="${DISTRO%%:*}"
     - INSTALL="${INSTALL%%/*}"
-    - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ./tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
+    - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
-- 
2.29.3

[PATCH ima-evm-utils 2/3] CI: Do not use sudo when it does not needed

[Vitaly Chikunov]

Some distributions, such as ALT, cannot use sudo under root by default.
Error message will appear:

  root is not in the sudoers file.  This incident will be reported.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 tests/install-swtpm.sh | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git tests/install-swtpm.sh tests/install-swtpm.sh
index 2666748..51aa377 100755
--- tests/install-swtpm.sh
+++ tests/install-swtpm.sh
@@ -1,5 +1,13 @@
-#!/bin/sh
-set -ex
+#!/bin/sh -ex
+
+# No need to run via sudo if we already have permissions.
+# Also, some distros do not have sudo configured for root:
+#   `root is not in the sudoers file.  This incident will be reported.'
+if [ -w /usr/local/bin ]; then
+	SUDO=
+else
+	SUDO=sudo
+fi
 
 version=1637
 
@@ -9,5 +17,5 @@ cd ibmtpm$version
 tar --no-same-owner -xvzf ../download
 cd src
 make -j$(nproc)
-sudo cp tpm_server /usr/local/bin/
+$SUDO cp tpm_server /usr/local/bin/
 cd ../..
-- 
2.29.3

[PATCH ima-evm-utils 3/3] CI: Add support for ALT Linux

[Vitaly Chikunov]

Build on Sisyphus branch which is bleeding edge repository.
Package manager is apt-rpm (not APT as it may look from the scripts).

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 .github/workflows/ci.yml |  5 +++++
 .travis.yml              |  4 ++++
 ci/alt.sh                | 24 ++++++++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100755 ci/alt.sh

diff --git .github/workflows/ci.yml .github/workflows/ci.yml
index 2e0b1b0..088c041 100644
--- .github/workflows/ci.yml
+++ .github/workflows/ci.yml
@@ -92,6 +92,11 @@ jobs:
               CC: clang
               TSS: ibmtss
 
+          - container: "alt:sisyphus"
+            env:
+              CC: gcc
+              TSS: libtpm2-tss-devel
+
     container:
       image: ${{ matrix.container }}
       env: ${{ matrix.env }}
diff --git .travis.yml .travis.yml
index 94fbb94..7a76273 100644
--- .travis.yml
+++ .travis.yml
@@ -67,6 +67,10 @@ matrix:
           env: DISTRO=debian:stable TSS=ibmtss
           compiler: gcc
 
+        - os: linux
+          env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel
+          compiler: gcc
+
 before_install:
     # Tumbleweed requires podman and newest runc due docker incompatible with glibc 2.33 (faccessat2)
     - CONTAINER="${CONTAINER:-docker}"
diff --git ci/alt.sh ci/alt.sh
new file mode 100755
index 0000000..e7a891f
--- /dev/null
+++ ci/alt.sh
@@ -0,0 +1,24 @@
+#!/bin/sh -ex
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Install build env for ALT Linux
+
+apt-get update -y
+
+# rpm-build brings basic build envirenment with gcc, make, autotools, etc.
+apt-get install -y \
+	$CC \
+	$TSS \
+	asciidoc \
+	attr \
+	docbook-style-xsl \
+	libattr-devel \
+	libkeyutils-devel \
+	libssl-devel \
+	openssl \
+	openssl-gost-engine \
+	rpm-build \
+	wget \
+	xsltproc \
+	xxd
+
-- 
2.29.3

Re: [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway

[Mimi Zohar]

On Mon, 2021-07-12 at 08:16 +0300, Vitaly Chikunov wrote:
> Do not need to waste CPU cycles and time to install swtpm in CI
> container if distribution does not have tssstartup, because we will
> be not able to start it.
> 
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>

Thanks!  This and the other two patches are queued in next-testing (sf,
github).

Mimi