diff options
author | Patrick Ohly <patrick.ohly@intel.com> | 2017-03-24 10:12:22 +0100 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-03-27 14:57:26 -0700 |
commit | 1cca28c3d544b18eb1622e03c1e2fa468ba0f7cc (patch) | |
tree | bef60bed54037b5fcdc419876a8e61be7281f131 | |
parent | 86b2a2b2ef6efd7b409699d28481582573933110 (diff) | |
download | meta-security-1cca28c3d544b18eb1622e03c1e2fa468ba0f7cc.tar.gz |
swtpm-wrappers: wrap more commands
Soon it might be possible to let qemu start swtpm directly, without
requiring root privileges as for swtpm_cuse. For that to work
we also need to wrap the swtpm binary. Just in case we now also
do it for everything.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-rw-r--r-- | recipes-tpm/swtpm/swtpm-wrappers.bb | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/recipes-tpm/swtpm/swtpm-wrappers.bb b/recipes-tpm/swtpm/swtpm-wrappers.bb index 676c35e..0af1db6 100644 --- a/recipes-tpm/swtpm/swtpm-wrappers.bb +++ b/recipes-tpm/swtpm/swtpm-wrappers.bb | |||
@@ -9,7 +9,13 @@ inherit native | |||
9 | RM_WORK_EXCLUDE += "${PN}" | 9 | RM_WORK_EXCLUDE += "${PN}" |
10 | 10 | ||
11 | do_create_wrapper () { | 11 | do_create_wrapper () { |
12 | cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF | 12 | # Wrap (almost) all swtpm binaries. Some get special wrappers and some |
13 | # are not needed. | ||
14 | for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do | ||
15 | exe=`basename $i` | ||
16 | case $exe in | ||
17 | swtpm_setup.sh) | ||
18 | cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF | ||
13 | #! /bin/sh | 19 | #! /bin/sh |
14 | # | 20 | # |
15 | # Wrapper around swtpm_setup.sh which adds parameters required to | 21 | # Wrapper around swtpm_setup.sh which adds parameters required to |
@@ -21,19 +27,25 @@ export PATH | |||
21 | # tcsd only allows to be run as root or tss. Pretend to be root... | 27 | # tcsd only allows to be run as root or tss. Pretend to be root... |
22 | exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" | 28 | exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" |
23 | EOF | 29 | EOF |
24 | 30 | ;; | |
25 | cat >${WORKDIR}/swtpm_cuse_oe.sh <<EOF | 31 | swtpm_setup) |
32 | true | ||
33 | ;; | ||
34 | *) | ||
35 | cat >${WORKDIR}/${exe}_oe.sh <<EOF | ||
26 | #! /bin/sh | 36 | #! /bin/sh |
27 | # | 37 | # |
28 | # Wrapper around swtpm_cuse which makes it easier to invoke | 38 | # Wrapper around $exe which makes it easier to invoke |
29 | # the right binary. Has to be run as root with TPM_PATH set | 39 | # the right binary. |
30 | # to a directory initialized as virtual TPM by swtpm_setup_oe.sh. | ||
31 | 40 | ||
32 | PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" | 41 | PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" |
33 | export PATH | 42 | export PATH |
34 | 43 | ||
35 | exec swtpm_cuse "\$@" | 44 | exec ${exe} "\$@" |
36 | EOF | 45 | EOF |
46 | ;; | ||
47 | esac | ||
48 | done | ||
37 | 49 | ||
38 | chmod a+rx ${WORKDIR}/*.sh | 50 | chmod a+rx ${WORKDIR}/*.sh |
39 | } | 51 | } |