pool/rust-keylime
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rust-keylime/keylime-agent.conf.diff
Alberto Planas Dominguez b88b2eb241 Accepting request 1066186 from home:aplanas:branches:security 
- Drop zmq from the feature set
- Remove already merged patches:
  * 0001-keylime-agent-remove-const_err-deny.patch
  * 0001-Cargo.toml-tss-esapi-bindings.patch
- Update to version 0.1.0+git.1676549716.5382ed9:
  * Cargo: Update clap minimum version to 3.2
  * Cargo: Update uuid minimum version to 1.3
  * Cargo: Update tokio minimum version to 1.24 and reduce features
  * build(deps): bump tss-esapi from 7.1.0 to 7.2.0
  * cargo deb: include shim.py in packaging
  * build(deps): bump thiserror from 1.0.36 to 1.0.38
  * keylime-agent.conf: Add comments on how to override options
  * config: Fix overriding options with env vars
  * Add missing e2e tests and reordering tests based on alphabetical order
  * e2e tests: Fix test name
  * Store associated U keys, auth tags, and payloads together
  * Refactor ZeroMQ revocation listener to not block
  * keylime-agent: Gracefully shutdown on SIGINT
  * Refactor async code for keys and payloads
  * main: Move payload related functions to payloads module
  * main: Run ZeroMQ service in a separate task
  * Remove unused option "openstack" for obtaining uuid
  * algorithms: fix typo
  * clippy: fix uninlined_format_args warnings
  * clippy: fix needless_borrow warnings
  * crypto, mTLS: allow certificate chain for trusted_client_ca
  * build(deps): bump base64 from 0.13.0 to 0.13.1
  * build(deps): bump serde_json from 1.0.85 to 1.0.91
  * build(deps): bump libc from 0.2.133 to 0.2.139
  * build(deps): bump bumpalo from 3.11.0 to 3.12.0
  * build(deps): bump futures from 0.3.24 to 0.3.25
  * Cargo.toml: tss-esapi bindings
  * packit-ci: Disable Rawhide due to agent compilation issues
  * packit-ci: Add hotfix for tpm2-tss Fedora BZ#2158598
  * keylime-agent: remove const_err deny
  * build(deps): bump tokio from 1.23.0 to 1.24.2

OBS-URL: https://build.opensuse.org/request/show/1066186
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=36
2023-02-16 14:24:29 +00:00

53 lines
2.1 KiB
Diff
Raw Blame History

Index: rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent.conf
===================================================================
--- rust-keylime-0.1.0+git.1676549716.5382ed9.orig/keylime-agent.conf
+++ rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent.conf
@@ -19,13 +19,15 @@ version = "2.0"
# of 'SHA256(public EK in PEM format)'.
#
# To override, set KEYLIME_AGENT_UUID environment variable.
-uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+uuid = "generate"
# The binding IP address and port for the agent server
#
# To override ip, set KEYLIME_AGENT_IP environment variable.
# To override port, set KEYLIME_AGENT_PORT environment variable.
-ip = "127.0.0.1"
+# ip = "127.0.0.1"
+ip = "0.0.0.0"
port = 9002
# Address and port where the verifier and tenant can connect to reach the agent.
@@ -41,7 +43,8 @@ contact_port = 9002
# To override registrar_ip, set KEYLIME_AGENT_REGISTRAR_IP environment variable.
# To override registrar_port, set KEYLIME_AGENT_REGISTRAR_PORT environment
# variable.
-registrar_ip = "127.0.0.1"
+# registrar_ip = "127.0.0.1"
+registrar_ip = "<REMOTE_IP>"
registrar_port = 8890
# Enable mTLS communication between agent, verifier and tenant.
@@ -133,7 +136,8 @@ extract_payload_zip = true
#
# To override enable_revocation_notifications, set
# KEYLIME_AGENT_ENABLE_REVOCATION_NOTIFICATIONS environment variable.
-enable_revocation_notifications = true
+# enable_revocation_notifications = true
+enable_revocation_notifications = false
# The path to the directory containing the pre-installed revocation action
# scripts. Ideally should point to an fixed/immutable location subject to
@@ -151,7 +155,8 @@ revocation_actions_dir = "/usr/libexec/k
# KEYLIME_AGENT_REVOCATION_NOTIFICATION_IP environment variable.
# To override revocation_notification_port, set
# KEYLIME_AGENT_REVOCATION_NOTIFICATION_PORT environment variable.
-revocation_notification_ip = "127.0.0.1"
+# revocation_notification_ip = "127.0.0.1"
+revocation_notification_ip = "<REMOTE_IP>"
revocation_notification_port = 8992
# The path to the certificate to verify revocation messages received from the
Reference in New Issue View Git Blame Copy Permalink