rpm/rust-keylime
SHA256
1
0
Fork 0
forked from pool/rust-keylime
Code Pull Requests Activity
rust-keylime/keylime-agent.conf.diff
Alberto Planas Dominguez ce2dcc18a0 Accepting request 1006459 from home:aplanas:branches:security 
- Rebase bindgen.patch and upstream the change
- Rebase keylime-agent.conf.diff
- Store the configuration file in /usr/etc/keylime/agent.conf
- Fix keylime user creation
- Drop webapp service port in firewall XML service file
- Update to version 0.1.0+git.1663769444.6318234:
  * Update comments in the configuration file
  * config: Align config locations with the python components
  * config: Add configuration file version
  * config: Add back support for KEYLIME_DIR env var
  * Change configuration format to TOML
  * Add support for using passphrase protected key
  * Do not try to load TPM data generated by another TPM
  * Allow using existing key and certificate
  * Remove the agent TPM data from the config struct
  * Rename the configuration options
  * Use password to generate EK when provided
  * Add tpm_ownerpassword option to keylime.conf
  * Add cargo audit to CI static tests
  * Add agent and faked_measured_boot_log tests context
  * Appease clippy

OBS-URL: https://build.opensuse.org/request/show/1006459
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26
2022-09-27 15:47:30 +00:00

40 lines
1.6 KiB
Diff
Raw Blame History

Index: rust-keylime-0.1.0+git.1663769444.6318234/keylime-agent.conf
===================================================================
--- rust-keylime-0.1.0+git.1663769444.6318234.orig/keylime-agent.conf
+++ rust-keylime-0.1.0+git.1663769444.6318234/keylime-agent.conf
@@ -10,10 +10,12 @@ version = "2.0"
# If you set this to "generate", Keylime will create a random UUID.
# If you set this to "hash_ek", Keylime will set the UUID to the result
# of 'SHA256(public EK in PEM format)'.
-uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+uuid = "generate"
# The binding address and port for the agent server
-ip = "127.0.0.1"
+# ip = "127.0.0.1"
+ip = "0.0.0.0"
port = 9002
# Address and port where the verifier and tenant can connect to reach the agent.
@@ -22,7 +24,8 @@ contact_ip = "127.0.0.1"
contact_port = 9002
# The address and port of registrar server which agent communicate with
-registrar_ip = "127.0.0.1"
+# registrar_ip = "127.0.0.1"
+registrar_ip = "<REMOTE_IP>"
registrar_port = 8890
# Enable mTLS communication between agent, verifier and tenant.
@@ -96,7 +99,8 @@ revocation_actions_dir = "/usr/libexec/k
# Revocation IP & Port used by the agent to receive revocation
# notifications from the verifier via zeromq.
# This is optional and used only when 'enable_revocation_notifications' is 'true'.
-revocation_notification_ip = "127.0.0.1"
+# revocation_notification_ip = "127.0.0.1"
+revocation_notification_ip = "<REMOTE_IP>"
revocation_notification_port = 8992
# The path to the certificate to verify revocation messages received from the
View Git Blame Copy Permalink