Skip to content

Commit

Permalink
Implements new docker images for CI / test changes
Browse files Browse the repository at this point in the history 
Now that Python 3 support is merged, this change points towards
the updated v500 docker hub tags which contain images built for
Python 3 support.

This change also now builds keylime (setuptools) and calls
the components directly, as opposed to the former method
of subprocess calls directly to the files.
  • Loading branch information
Luke Hinds committed Sep 12, 2019
1 parent ebe88b9 commit ba9a1cf
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 66 deletions.
4 changes: 2 additions & 2 deletions .ci/run_local.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ REPO="/home/${USER}/keylime"

# keylime images
tpm12image="lukehinds/keylime-ci-tpm12"
tpm12tag="v300"
tpm12tag="v500"
tpm20image="lukehinds/keylime-ci-tpm20"
tpm20tag="v301"
tpm20tag="v501"

echo -e "Grabbing latest images"

Expand Down
14 changes: 5 additions & 9 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,13 @@ before_install:
echo "Only documentation files were updated, stopping build process."
exit
}
env:
global:
- container_id: $(mktemp)
- tpm12image: lukehinds/keylime-ci-tpm12
tpm12tag: v300
tpm12tag: v500
- tpm20image: lukehinds/keylime-ci-tpm20
tpm20tag: v301
tpm20tag: v501

services:
- docker
Expand All @@ -31,13 +30,10 @@ before_install:
- 'sudo docker pull ${tpm20image}:${tpm20tag}'

script:
# Run TPM 2.0 Tests
- docker run --detach --privileged -v $(pwd):/root/keylime -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${tpm20image}:${tpm20tag} > ${container_id}
- docker exec -u 0 -it --tty "$(cat ${container_id})" /bin/bash /root/keylime/.ci/test_wrapper.sh
# Run TPM 1.2 Tests
- >
docker run --privileged -v $(pwd):/root/keylime -it ${tpm12image}:${tpm12tag}
/bin/sh -c 'cd /root/keylime/test; chmod +x ./run_tests.sh; ./run_tests.sh -s openssl'
# Run TPM 2.0 Tests
- docker run --detach --privileged -v $(pwd):/root/keylime -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${tpm20image}:${tpm20tag} > ${container_id}
- docker exec -u 0 -it --tty "$(cat ${container_id})" /bin/bash /root/keylime/.ci/test_wrapper.sh
# Clean up
- 'sudo docker stop "$(cat ${container_id})"'
10 changes: 7 additions & 3 deletions docker/Dockerfile-tpm12
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

FROM fedora:30
MAINTAINER Luke Hinds <lhinds@redhat.com>
LABEL version="0.2" description="Keylime - Bootstrapping and Maintaining Trust in the Cloud"
LABEL version="5.0.0" description="Keylime - Bootstrapping and Maintaining Trust"

# environment variables
ARG BRANCH=master
Expand All @@ -25,15 +25,19 @@ RUN dnf -y install git \
python3-tornado \
python3-virtualenv \
python3-zmq \
python3-yaml \
python3-dbus \
python3-m2crypto \
python3-cryptography \
procps \
openssl-devel \
libtool \
gcc \
make \
automake \
m2crypto \
redhat-rpm-config \
libselinux-python
libselinux-python3

RUN dnf clean all

# Build and install TPM 1.2 simulator
Expand Down
56 changes: 14 additions & 42 deletions docker/Dockerfile-tpm20
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

FROM fedora:30
MAINTAINER Luke Hinds <lhinds@redhat.com>
LABEL version="3.0.0" description="Keylime - Bootstrapping and Maintaining Trust in the Cloud"
LABEL version="5.0.1" description="Keylime - Bootstrapping and Maintaining Trust in the Cloud"

ENV container docker
# environment variables
Expand All @@ -17,36 +17,33 @@ ENV container docker
ENV HOME /root
ENV KEYLIME_HOME ${HOME}/keylime
ENV TPM_HOME ${HOME}/swtpm2
ENV TPM2_TSS ${HOME}/tpm2-tss
ENV TPM2_TOOLS ${HOME}/tpm2-tools
ENV TPM2_ABRMD ${HOME}/tpm2-abrmd
RUN useradd --system --user-group tss

# Packaged dependencies
RUN dnf -y update
RUN dnf -y install dnf-plugins-core --allowerasing
RUN dnf -y builddep tpm2-tss
RUN dnf -y builddep tpm2-tools
RUN dnf -y install git \
dbus-devel \
golang \
openssl-devel \
ptyhon3-devel \
ptyhon3-pip \
ptyhon3-setuptools \
ptyhon3-tornado \
ptyhon3-virtualenv \
ptyhon3-zmq \
ptyhon3-yaml \
python3-devel \
python3-pip \
python3-setuptools \
python3-tornado \
python3-virtualenv \
python3-zmq \
python3-yaml \
python3-dbus \
python3-m2crypto \
python3-cryptography \
procps \
libtool \
tpm2-tss \
tpm2-tools \
tpm2-abrmd \
gcc \
make \
automake \
m2crypto \
redhat-rpm-config \
libselinux-python \
libselinux-python3 \
gnulib \
glib2-devel \
glib2-static \
Expand All @@ -70,31 +67,6 @@ RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
RUN systemctl set-default multi-user.target
ENV init /lib/systemd/systemd

# TPM-TSS

RUN git clone https://github.com/tpm2-software/tpm2-tss.git ${TPM2_TSS}
WORKDIR ${TPM2_TSS}
RUN ./bootstrap
RUN ./configure --prefix=/usr --disable-doxygen-doc
RUN make
RUN make install

# TPM2-TOOLS
RUN git clone https://github.com/tpm2-software/tpm2-tools.git ${TPM2_TOOLS}
WORKDIR ${TPM2_TOOLS}
RUN ./bootstrap
RUN SAPI_CFLAGS=' ' SAPI_LIBS='-ltss2-sys -L/usr/lib/' ./configure --prefix=/usr/local
RUN make
RUN make install

# Enable TPM-ABRMD service
RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git ${TPM2_ABRMD}
WORKDIR ${TPM2_ABRMD}
RUN ./bootstrap
RUN TSS2_SYS_CFLAGS=' ' TSS2_SYS_LIBS='-ltss2-sys -L/usr/lib/' ./configure --prefix=/usr
RUN make
RUN make install
RUN ldconfig

# Build and install TPM 2.0 simulator
WORKDIR ${TPM_HOME}
Expand Down
7 changes: 7 additions & 0 deletions test/run_tests.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,13 @@ echo $'\t\t\tInstalling test requirements'
echo "=================================================================================="
pip3 install $UMODE_OPT -r $KEYLIME_DIR/test/test-requirements.txt

# Install Keylime
echo
echo "=================================================================================="
echo $'\t\t\tInstalling Keylime'
echo "=================================================================================="
cd $KEYLIME_DIR
python3 setup.py install

# Run the tests as necessary
if [[ "$COVERAGE" -eq "1" ]] ; then
Expand Down
21 changes: 11 additions & 10 deletions test/test_restful.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,17 @@
else:
FORK_ARGS = ["python3"]


# Custom imports
PACKAGE_ROOT = Path(__file__).parents[1]
CODE_ROOT = (f"{PACKAGE_ROOT}/keylime/")
sys.path.insert(0, CODE_ROOT)
KEYLIME_DIR=(f"{PACKAGE_ROOT}/keylime")
sys.path.append(KEYLIME_DIR)

# Custom imports
# PACKAGE_ROOT = Path(__file__).parents[1]
# CODE_ROOT = (f"{PACKAGE_ROOT}/keylime/")
# sys.path.insert(0, CODE_ROOT)

# keylime imports
from keylime import common
from keylime import tornado_requests
from keylime import httpclient_requests
Expand Down Expand Up @@ -210,9 +215,8 @@ def launch_cloudverifier():
"""Start up the cloud verifier"""
global cv_process, script_env, FORK_ARGS
if cv_process is None:
filename = ["%s/cloud_verifier_tornado.py"%(CODE_ROOT)]
cv_process = subprocess.Popen(
FORK_ARGS + filename,
"keylime_verifier",
shell=False,
preexec_fn=os.setsid,
stdout=subprocess.PIPE,
Expand All @@ -236,12 +240,10 @@ def initthread():

def launch_registrar():
"""Start up the registrar"""
sys.path.insert(0, CODE_ROOT)
global reg_process, script_env, FORK_ARGS
if reg_process is None:
filename = ["%s/registrar.py"%(CODE_ROOT)]
reg_process = subprocess.Popen(
FORK_ARGS + filename,
"keylime_registrar",
shell=False,
preexec_fn=os.setsid,
stdout=subprocess.PIPE,
Expand All @@ -267,9 +269,8 @@ def launch_cloudagent():
"""Start up the cloud agent"""
global agent_process, script_env, FORK_ARGS
if agent_process is None:
filename = ["%s/cloud_agent.py"%(CODE_ROOT)]
agent_process = subprocess.Popen(
FORK_ARGS + filename,
"keylime_agent",
shell=False,
preexec_fn=os.setsid,
stdout=subprocess.PIPE,
Expand Down

0 comments on commit ba9a1cf

Please sign in to comment.