rust-keylime/keylime-agent.conf.diff

Index: rust-keylime-0.1.0+git.1663769444.6318234/keylime-agent.conf
===================================================================
--- rust-keylime-0.1.0+git.1663769444.6318234.orig/keylime-agent.conf
+++ rust-keylime-0.1.0+git.1663769444.6318234/keylime-agent.conf
@@ -10,10 +10,12 @@ version = "2.0"
 # If you set this to "generate", Keylime will create a random UUID.
 # If you set this to "hash_ek", Keylime will set the UUID to the result
 # of 'SHA256(public EK in PEM format)'.
-uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+uuid = "generate"
 
 # The binding address and port for the agent server
-ip = "127.0.0.1"
+# ip = "127.0.0.1"
+ip = "0.0.0.0"
 port = 9002
 
 # Address and port where the verifier and tenant can connect to reach the agent.
@@ -22,7 +24,8 @@ contact_ip = "127.0.0.1"
 contact_port = 9002
 
 # The address and port of registrar server which agent communicate with
-registrar_ip = "127.0.0.1"
+# registrar_ip = "127.0.0.1"
+registrar_ip = "<REMOTE_IP>"
 registrar_port = 8890
 
 # Enable mTLS communication between agent, verifier and tenant.
@@ -96,7 +99,8 @@ revocation_actions_dir = "/usr/libexec/k
 # Revocation IP & Port used by the agent to receive revocation
 # notifications from the verifier via zeromq.
 # This is optional and used only when 'enable_revocation_notifications' is 'true'.
-revocation_notification_ip = "127.0.0.1"
+# revocation_notification_ip = "127.0.0.1"
+revocation_notification_ip = "<REMOTE_IP>"
 revocation_notification_port = 8992
 
 # The path to the certificate to verify revocation messages received from the
Accepting request 1006459 from home:aplanas:branches:security - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy OBS-URL: https://build.opensuse.org/request/show/1006459 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26 2022-09-27 15:47:30 +00:00			`Index: rust-keylime-0.1.0+git.1663769444.6318234/keylime-agent.conf`
Accepting request 994355 from home:aplanas:branches:security - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf to keylime-agent.conf - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures OBS-URL: https://build.opensuse.org/request/show/994355 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=23 2022-08-10 15:04:54 +00:00			`===================================================================`
Accepting request 1006459 from home:aplanas:branches:security - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy OBS-URL: https://build.opensuse.org/request/show/1006459 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26 2022-09-27 15:47:30 +00:00			`--- rust-keylime-0.1.0+git.1663769444.6318234.orig/keylime-agent.conf`
			`+++ rust-keylime-0.1.0+git.1663769444.6318234/keylime-agent.conf`
			`@@ -10,10 +10,12 @@ version = "2.0"`
			`# If you set this to "generate", Keylime will create a random UUID.`
			`# If you set this to "hash_ek", Keylime will set the UUID to the result`
			`# of 'SHA256(public EK in PEM format)'.`
			`-uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"`
			`+# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"`
			`+uuid = "generate"`
Accepting request 994355 from home:aplanas:branches:security - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf to keylime-agent.conf - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures OBS-URL: https://build.opensuse.org/request/show/994355 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=23 2022-08-10 15:04:54 +00:00
			`# The binding address and port for the agent server`
Accepting request 1006459 from home:aplanas:branches:security - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy OBS-URL: https://build.opensuse.org/request/show/1006459 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26 2022-09-27 15:47:30 +00:00			`-ip = "127.0.0.1"`
			`+# ip = "127.0.0.1"`
			`+ip = "0.0.0.0"`
			`port = 9002`
Accepting request 994355 from home:aplanas:branches:security - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf to keylime-agent.conf - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures OBS-URL: https://build.opensuse.org/request/show/994355 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=23 2022-08-10 15:04:54 +00:00
			`# Address and port where the verifier and tenant can connect to reach the agent.`
Accepting request 1006459 from home:aplanas:branches:security - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy OBS-URL: https://build.opensuse.org/request/show/1006459 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26 2022-09-27 15:47:30 +00:00			`@@ -22,7 +24,8 @@ contact_ip = "127.0.0.1"`
			`contact_port = 9002`
Accepting request 994355 from home:aplanas:branches:security - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf to keylime-agent.conf - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures OBS-URL: https://build.opensuse.org/request/show/994355 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=23 2022-08-10 15:04:54 +00:00
			`# The address and port of registrar server which agent communicate with`
Accepting request 1006459 from home:aplanas:branches:security - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy OBS-URL: https://build.opensuse.org/request/show/1006459 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26 2022-09-27 15:47:30 +00:00			`-registrar_ip = "127.0.0.1"`
			`+# registrar_ip = "127.0.0.1"`
			`+registrar_ip = "<REMOTE_IP>"`
Accepting request 994355 from home:aplanas:branches:security - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf to keylime-agent.conf - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures OBS-URL: https://build.opensuse.org/request/show/994355 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=23 2022-08-10 15:04:54 +00:00			`registrar_port = 8890`

Accepting request 1006459 from home:aplanas:branches:security - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy OBS-URL: https://build.opensuse.org/request/show/1006459 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26 2022-09-27 15:47:30 +00:00			`# Enable mTLS communication between agent, verifier and tenant.`
			`@@ -96,7 +99,8 @@ revocation_actions_dir = "/usr/libexec/k`
			`# Revocation IP & Port used by the agent to receive revocation`
			`# notifications from the verifier via zeromq.`
			`# This is optional and used only when 'enable_revocation_notifications' is 'true'.`
			`-revocation_notification_ip = "127.0.0.1"`
			`+# revocation_notification_ip = "127.0.0.1"`
			`+revocation_notification_ip = "<REMOTE_IP>"`
			`revocation_notification_port = 8992`

			`# The path to the certificate to verify revocation messages received from the`