rust-keylime/keylime.conf.diff

diff --git a/keylime.conf b/keylime.conf
index 005c0af..fb9b737 100644
--- a/keylime.conf
+++ b/keylime.conf
@@ -4,7 +4,8 @@
 
 # Revocation IP & Port used by either the cloud_agent or keylime_ca to receive
 # revocation events from the verifier.
-receive_revocation_ip = 127.0.0.1
+# receive_revocation_ip = 127.0.0.1
+receive_revocation_ip = <REMOTE_IP>
 receive_revocation_port = 8992
 
 
@@ -13,7 +14,8 @@ receive_revocation_port = 8992
 #=============================================================================
 
 # The binding address and port for the agent server
-cloudagent_ip = 127.0.0.1
+# cloudagent_ip = 127.0.0.1
+cloudagent_ip = 0.0.0.0
 cloudagent_port = 9002
 
 # Address and port where the verifier and tenant can connect to reach the agent.
@@ -22,7 +24,8 @@ agent_contact_ip = 127.0.0.1
 agent_contact_port = 9002
 
 # The address and port of registrar server which agent communicate with
-registrar_ip = 127.0.0.1
+# registrar_ip = 127.0.0.1
+registrar_ip = <REMOTE_IP>
 registrar_port = 8890
 
 # The name of the RSA key that Keylime should use for protecting shares of U/V.
@@ -62,7 +65,8 @@ extract_payload_zip = True
 # 'dmidecode -s system-uuid'.
 # If you set this to "hostname", Keylime will use the full qualified domain
 # name of current host as the agent id.
-agent_uuid = d432fbb3-d2f1-4a97-9ef7-75bd81c00000
+# agent_uuid = d432fbb3-d2f1-4a97-9ef7-75bd81c00000
+agent_uuid = hostname
 
 # Whether to listen for revocation notifications from the verifier or not.
 listen_notfications = True
Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`diff --git a/keylime.conf b/keylime.conf`
			`index 005c0af..fb9b737 100644`
			`--- a/keylime.conf`
			`+++ b/keylime.conf`
			`@@ -4,7 +4,8 @@`
Accepting request 908894 from home:aplanas:branches:security - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs OBS-URL: https://build.opensuse.org/request/show/908894 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3 2021-07-28 13:39:06 +00:00
Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`# Revocation IP & Port used by either the cloud_agent or keylime_ca to receive`
			`# revocation events from the verifier.`
			`-receive_revocation_ip = 127.0.0.1`
			`+# receive_revocation_ip = 127.0.0.1`
			`+receive_revocation_ip = <REMOTE_IP>`
			`receive_revocation_port = 8992`


			`@@ -13,7 +14,8 @@ receive_revocation_port = 8992`
Accepting request 908894 from home:aplanas:branches:security - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs OBS-URL: https://build.opensuse.org/request/show/908894 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3 2021-07-28 13:39:06 +00:00			`#=============================================================================`

Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`# The binding address and port for the agent server`
Accepting request 908894 from home:aplanas:branches:security - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs OBS-URL: https://build.opensuse.org/request/show/908894 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3 2021-07-28 13:39:06 +00:00			`-cloudagent_ip = 127.0.0.1`
			`+# cloudagent_ip = 127.0.0.1`
			`+cloudagent_ip = 0.0.0.0`
			`cloudagent_port = 9002`

Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`# Address and port where the verifier and tenant can connect to reach the agent.`
			`@@ -22,7 +24,8 @@ agent_contact_ip = 127.0.0.1`
			`agent_contact_port = 9002`
Accepting request 908894 from home:aplanas:branches:security - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs OBS-URL: https://build.opensuse.org/request/show/908894 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3 2021-07-28 13:39:06 +00:00
Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`# The address and port of registrar server which agent communicate with`
Accepting request 908894 from home:aplanas:branches:security - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs OBS-URL: https://build.opensuse.org/request/show/908894 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3 2021-07-28 13:39:06 +00:00			`-registrar_ip = 127.0.0.1`
			`+# registrar_ip = 127.0.0.1`
Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`+registrar_ip = <REMOTE_IP>`
Accepting request 908894 from home:aplanas:branches:security - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs OBS-URL: https://build.opensuse.org/request/show/908894 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3 2021-07-28 13:39:06 +00:00			`registrar_port = 8890`

Accepting request 932540 from home:aplanas:branches:security - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) OBS-URL: https://build.opensuse.org/request/show/932540 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=5 2021-11-19 13:51:44 +00:00			`# The name of the RSA key that Keylime should use for protecting shares of U/V.`
			`@@ -62,7 +65,8 @@ extract_payload_zip = True`
			`# 'dmidecode -s system-uuid'.`
			`# If you set this to "hostname", Keylime will use the full qualified domain`
			`# name of current host as the agent id.`
			`-agent_uuid = d432fbb3-d2f1-4a97-9ef7-75bd81c00000`
			`+# agent_uuid = d432fbb3-d2f1-4a97-9ef7-75bd81c00000`
			`+agent_uuid = hostname`

			`# Whether to listen for revocation notifications from the verifier or not.`
			`listen_notfications = True`