[libvirt PATCH 0/2] rpm: minor swtpm fixes
Originally reported at https://src.fedoraproject.org/rpms/libvirt/pull-request/9 Daniel P. Berrangé (2): rpm: ensure swtpm tools are installed with QEMU rpm: fix ownership of the swtpm log directory libvirt.spec.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -- 2.29.2
These are needed for the <tpm> devices to be usable. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- libvirt.spec.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index f20a1c741b..2e026b0423 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -735,6 +735,9 @@ Requires: xz %if 0%{?fedora} || 0%{?rhel} > 7 Requires: systemd-container %endif + %if 0%{?fedora} || 0%{?rhel} > 7 +Requires: swtpm-tools + %endif %description daemon-driver-qemu The qemu driver plugin for the libvirtd daemon, providing -- 2.29.2
As soon as a guest using a <tpm> device is launched, libvirt will change the ownership to 'tss' user and group, which will cause RPM verify to then fail. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- libvirt.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 2e026b0423..c455aa7788 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1747,7 +1747,7 @@ exit 0 %{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug %{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/swtpm/ -%dir %attr(0711, root, root) %{_localstatedir}/log/swtpm/libvirt/qemu/ +%dir %attr(0711, tss, tss) %{_localstatedir}/log/swtpm/libvirt/qemu/ %{_bindir}/virt-qemu-run %{_mandir}/man1/virt-qemu-run.1* %endif -- 2.29.2
On Mon, Jan 04, 2021 at 06:05:17PM +0000, Daniel P. Berrangé wrote:
As soon as a guest using a <tpm> device is launched, libvirt will change the ownership to 'tss' user and group, which will cause RPM verify to then fail.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- libvirt.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in index 2e026b0423..c455aa7788 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1747,7 +1747,7 @@ exit 0 %{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug %{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/swtpm/ -%dir %attr(0711, root, root) %{_localstatedir}/log/swtpm/libvirt/qemu/ +%dir %attr(0711, tss, tss) %{_localstatedir}/log/swtpm/libvirt/qemu/
Mode should have been changed to 0730 too, since that is what the code (strangely) uses right now. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 1/4/21 1:05 PM, Daniel P. Berrangé wrote:
Originally reported at
https://src.fedoraproject.org/rpms/libvirt/pull-request/9
Daniel P. Berrangé (2): rpm: ensure swtpm tools are installed with QEMU rpm: fix ownership of the swtpm log directory
libvirt.spec.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
Reviewed-by: Laine Stump <laine@redhat.com> for both. (NB: for those who don't want to bother looking it up themselves - the Fedora pull request only mentioned installing the swtpm package, but I checked the spec file for swtpm to see what things only get installed by the swtpm-tools sub-package, and found that (at least) swtpm_setup and swtpm_ioctl (both used by libvirt via virCommand*()) are in swtpm-tools, so this is the correct Requires:).
participants (2)
-
Daniel P. Berrangé -
Laine Stump