* [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway
@ 2021-07-12 5:16 Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 2/3] CI: Do not use sudo when it does not needed Vitaly Chikunov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Vitaly Chikunov @ 2021-07-12 5:16 UTC (permalink / raw)
To: Mimi Zohar, Dmitry Kasatkin, linux-integrity
Do not need to waste CPU cycles and time to install swtpm in CI
container if distribution does not have tssstartup, because we will
be not able to start it.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
.github/workflows/ci.yml | 8 +++++++-
.travis.yml | 2 +-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git .github/workflows/ci.yml .github/workflows/ci.yml
index f08733a..2e0b1b0 100644
--- .github/workflows/ci.yml
+++ .github/workflows/ci.yml
@@ -112,7 +112,13 @@ jobs:
ARCH="$ARCH" CC="$CC" TSS="$TSS" ./ci/$INSTALL.sh
- name: Build swtpm
- run: if [ ! "$VARIANT" ]; then which tpm_server || which swtpm || ./tests/install-swtpm.sh; fi
+ run: |
+ if [ ! "$VARIANT" ]; then
+ which tpm_server || which swtpm || \
+ if which tssstartup; then
+ ./tests/install-swtpm.sh;
+ fi
+ fi
- name: Compiler version
run: $CC --version
diff --git .travis.yml .travis.yml
index 5b07711..94fbb94 100644
--- .travis.yml
+++ .travis.yml
@@ -93,4 +93,4 @@ before_install:
script:
- INSTALL="${DISTRO%%:*}"
- INSTALL="${INSTALL%%/*}"
- - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ./tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
+ - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
--
2.29.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH ima-evm-utils 2/3] CI: Do not use sudo when it does not needed
2021-07-12 5:16 [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Vitaly Chikunov
@ 2021-07-12 5:16 ` Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 3/3] CI: Add support for ALT Linux Vitaly Chikunov
2021-07-14 16:25 ` [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Mimi Zohar
2 siblings, 0 replies; 4+ messages in thread
From: Vitaly Chikunov @ 2021-07-12 5:16 UTC (permalink / raw)
To: Mimi Zohar, Dmitry Kasatkin, linux-integrity
Some distributions, such as ALT, cannot use sudo under root by default.
Error message will appear:
root is not in the sudoers file. This incident will be reported.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
tests/install-swtpm.sh | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git tests/install-swtpm.sh tests/install-swtpm.sh
index 2666748..51aa377 100755
--- tests/install-swtpm.sh
+++ tests/install-swtpm.sh
@@ -1,5 +1,13 @@
-#!/bin/sh
-set -ex
+#!/bin/sh -ex
+
+# No need to run via sudo if we already have permissions.
+# Also, some distros do not have sudo configured for root:
+# `root is not in the sudoers file. This incident will be reported.'
+if [ -w /usr/local/bin ]; then
+ SUDO=
+else
+ SUDO=sudo
+fi
version=1637
@@ -9,5 +17,5 @@ cd ibmtpm$version
tar --no-same-owner -xvzf ../download
cd src
make -j$(nproc)
-sudo cp tpm_server /usr/local/bin/
+$SUDO cp tpm_server /usr/local/bin/
cd ../..
--
2.29.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH ima-evm-utils 3/3] CI: Add support for ALT Linux
2021-07-12 5:16 [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 2/3] CI: Do not use sudo when it does not needed Vitaly Chikunov
@ 2021-07-12 5:16 ` Vitaly Chikunov
2021-07-14 16:25 ` [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Mimi Zohar
2 siblings, 0 replies; 4+ messages in thread
From: Vitaly Chikunov @ 2021-07-12 5:16 UTC (permalink / raw)
To: Mimi Zohar, Dmitry Kasatkin, linux-integrity
Build on Sisyphus branch which is bleeding edge repository.
Package manager is apt-rpm (not APT as it may look from the scripts).
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
.github/workflows/ci.yml | 5 +++++
.travis.yml | 4 ++++
ci/alt.sh | 24 ++++++++++++++++++++++++
3 files changed, 33 insertions(+)
create mode 100755 ci/alt.sh
diff --git .github/workflows/ci.yml .github/workflows/ci.yml
index 2e0b1b0..088c041 100644
--- .github/workflows/ci.yml
+++ .github/workflows/ci.yml
@@ -92,6 +92,11 @@ jobs:
CC: clang
TSS: ibmtss
+ - container: "alt:sisyphus"
+ env:
+ CC: gcc
+ TSS: libtpm2-tss-devel
+
container:
image: ${{ matrix.container }}
env: ${{ matrix.env }}
diff --git .travis.yml .travis.yml
index 94fbb94..7a76273 100644
--- .travis.yml
+++ .travis.yml
@@ -67,6 +67,10 @@ matrix:
env: DISTRO=debian:stable TSS=ibmtss
compiler: gcc
+ - os: linux
+ env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel
+ compiler: gcc
+
before_install:
# Tumbleweed requires podman and newest runc due docker incompatible with glibc 2.33 (faccessat2)
- CONTAINER="${CONTAINER:-docker}"
diff --git ci/alt.sh ci/alt.sh
new file mode 100755
index 0000000..e7a891f
--- /dev/null
+++ ci/alt.sh
@@ -0,0 +1,24 @@
+#!/bin/sh -ex
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Install build env for ALT Linux
+
+apt-get update -y
+
+# rpm-build brings basic build envirenment with gcc, make, autotools, etc.
+apt-get install -y \
+ $CC \
+ $TSS \
+ asciidoc \
+ attr \
+ docbook-style-xsl \
+ libattr-devel \
+ libkeyutils-devel \
+ libssl-devel \
+ openssl \
+ openssl-gost-engine \
+ rpm-build \
+ wget \
+ xsltproc \
+ xxd
+
--
2.29.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway
2021-07-12 5:16 [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 2/3] CI: Do not use sudo when it does not needed Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 3/3] CI: Add support for ALT Linux Vitaly Chikunov
@ 2021-07-14 16:25 ` Mimi Zohar
2 siblings, 0 replies; 4+ messages in thread
From: Mimi Zohar @ 2021-07-14 16:25 UTC (permalink / raw)
To: Vitaly Chikunov, Mimi Zohar, Dmitry Kasatkin, linux-integrity
On Mon, 2021-07-12 at 08:16 +0300, Vitaly Chikunov wrote:
> Do not need to waste CPU cycles and time to install swtpm in CI
> container if distribution does not have tssstartup, because we will
> be not able to start it.
>
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Thanks! This and the other two patches are queued in next-testing (sf,
github).
Mimi
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-14 16:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-12 5:16 [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 2/3] CI: Do not use sudo when it does not needed Vitaly Chikunov
2021-07-12 5:16 ` [PATCH ima-evm-utils 3/3] CI: Add support for ALT Linux Vitaly Chikunov
2021-07-14 16:25 ` [PATCH ima-evm-utils 1/3] CI: Do not install swtpm if it cannot work anyway Mimi Zohar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).