* [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2
@ 2024-11-07 15:05 Stefan Berger
2024-11-07 15:05 ` [PULL v2 1/1] tests: Adjust path for swtpm state to use path under /var/tmp/ Stefan Berger
2024-11-08 10:22 ` [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2 Peter Maydell
0 siblings, 2 replies; 3+ messages in thread
From: Stefan Berger @ 2024-11-07 15:05 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Stefan Berger
Hello!
This PR fixes the path used by swtpm to store its state and now uses a
path under /var/tmp rather than a path local to the test. We ran into
issues on Ubuntu when that path was under /mnt and therefore not
supported by the AppArmor profile of swtpm.
Stefan
The following changes since commit 63dc36944383f70f1c7a20f6104966d8560300fa:
Merge tag 'hw-misc-20241105' of https://github.com/philmd/qemu into staging (2024-11-06 17:28:45 +0000)
are available in the Git repository at:
https://github.com/stefanberger/qemu-tpm.git pull-tpm-2024-11-07-2
for you to fetch changes up to e3edada526f3ac28f71dc8ae7a0acbc76f8e2050:
tests: Adjust path for swtpm state to use path under /var/tmp/ (2024-11-07 09:57:20 -0500)
v2:
- Added missing comment into test file; generalized it a bit from Peter's
suggestion
Stefan Berger (1):
tests: Adjust path for swtpm state to use path under /var/tmp/
tests/functional/test_arm_aspeed.py | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--
2.47.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PULL v2 1/1] tests: Adjust path for swtpm state to use path under /var/tmp/
2024-11-07 15:05 [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2 Stefan Berger
@ 2024-11-07 15:05 ` Stefan Berger
2024-11-08 10:22 ` [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2 Peter Maydell
1 sibling, 0 replies; 3+ messages in thread
From: Stefan Berger @ 2024-11-07 15:05 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Stefan Berger, Cédric Le Goater
To avoid AppArmor-related test failures when functional test are run from
somewhere under /mnt, adjust the path to swtpm's state to use an AppArmor-
supported path, such as /var/tmp, which is provided by the python function
tempfile.TemporaryDirectory().
An update to swtpm's AppArmor profile is also being done to support /var/tmp.
Link: https://lore.kernel.org/qemu-devel/CAFEAcA8A=kWLtTZ+nua-MpzqkaEjW5srOYZruZnE2tB6vmoMig@mail.gmail.com/
Link: https://github.com/stefanberger/swtpm/pull/944
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: f04cb2d00d5c ("tests/functional: Convert most Aspeed machine tests")
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/functional/test_arm_aspeed.py | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/tests/functional/test_arm_aspeed.py b/tests/functional/test_arm_aspeed.py
index 9761fc06a4..274eb20e81 100644
--- a/tests/functional/test_arm_aspeed.py
+++ b/tests/functional/test_arm_aspeed.py
@@ -227,11 +227,14 @@ def test_arm_ast2600_evb_buildroot_tpm(self):
image_path = self.ASSET_BR2_202302_AST2600_TPM_FLASH.fetch()
- socket_dir = tempfile.TemporaryDirectory(prefix="qemu_")
- socket = os.path.join(socket_dir.name, 'swtpm-socket')
+ tpmstate_dir = tempfile.TemporaryDirectory(prefix="qemu_")
+ socket = os.path.join(tpmstate_dir.name, 'swtpm-socket')
+ # We must put the TPM state dir in /tmp/, not the build dir,
+ # because some distros use AppArmor to lock down swtpm and
+ # restrict the set of locations it can access files in.
subprocess.run(['swtpm', 'socket', '-d', '--tpm2',
- '--tpmstate', f'dir={self.vm.temp_dir}',
+ '--tpmstate', f'dir={tpmstate_dir.name}',
'--ctrl', f'type=unixio,path={socket}'])
self.vm.add_args('-chardev', f'socket,id=chrtpm,path={socket}')
--
2.47.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2
2024-11-07 15:05 [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2 Stefan Berger
2024-11-07 15:05 ` [PULL v2 1/1] tests: Adjust path for swtpm state to use path under /var/tmp/ Stefan Berger
@ 2024-11-08 10:22 ` Peter Maydell
1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2024-11-08 10:22 UTC (permalink / raw)
To: Stefan Berger; +Cc: qemu-devel
On Thu, 7 Nov 2024 at 15:05, Stefan Berger <stefanb@linux.ibm.com> wrote:
>
> Hello!
>
> This PR fixes the path used by swtpm to store its state and now uses a
> path under /var/tmp rather than a path local to the test. We ran into
> issues on Ubuntu when that path was under /mnt and therefore not
> supported by the AppArmor profile of swtpm.
>
> Stefan
>
> The following changes since commit 63dc36944383f70f1c7a20f6104966d8560300fa:
>
> Merge tag 'hw-misc-20241105' of https://github.com/philmd/qemu into staging (2024-11-06 17:28:45 +0000)
>
> are available in the Git repository at:
>
> https://github.com/stefanberger/qemu-tpm.git pull-tpm-2024-11-07-2
>
> for you to fetch changes up to e3edada526f3ac28f71dc8ae7a0acbc76f8e2050:
>
> tests: Adjust path for swtpm state to use path under /var/tmp/ (2024-11-07 09:57:20 -0500)
>
> v2:
> - Added missing comment into test file; generalized it a bit from Peter's
> suggestion
>
> Stefan Berger (1):
> tests: Adjust path for swtpm state to use path under /var/tmp/
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/9.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-11-08 10:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-07 15:05 [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2 Stefan Berger
2024-11-07 15:05 ` [PULL v2 1/1] tests: Adjust path for swtpm state to use path under /var/tmp/ Stefan Berger
2024-11-08 10:22 ` [PULL v2 0/1] Merge Aspeed TPM test 2024/11/07 v2 Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).