)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":5,"context_line":"CommitDate: 2021-05-06 11:31:37 -0400"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add a keylime-agent element."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Story: #2002713"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Task: #41304"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"0746ec3b_bbf7d7a0","line":8,"updated":"2021-05-17 18:08:34.000000000","message":"It would likely be helpful to reviewers to understand the value this element is attempting to provide, what cases it would be used in. Why it is important to high security environments like those of Bare Metal or even virtual machines where vTPMs are in use. Otherwise, this gets framed as \"it is just an ironic thing\", but the intent here is general workloads, at least as I understand it.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":5,"context_line":"CommitDate: 2021-05-06 11:31:37 -0400"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add a keylime-agent element."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Story: #2002713"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Task: #41304"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"d05c2108_8cd25a20","line":8,"in_reply_to":"0746ec3b_bbf7d7a0","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/README.rst":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Keylime is a trust system based on TPM Technology. Keylime-agent"},{"line_number":6,"context_line":"will be installed to run on the node and command "},{"line_number":7,"context_line":"Integrity Measurement Architecture (IMA) to collect measurements "},{"line_number":8,"context_line":"and send the measurements to the keylime verifier for attestation."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This element works with a software TPM 2.0 emulator. TPM utility "}],"source_content_type":"text/x-rst","patch_set":5,"id":"ec8d53ac_e9c842d6","line":7,"updated":"2021-05-17 18:08:34.000000000","message":"nit: excess whitespace on line 6 and 7.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Keylime is a trust system based on TPM Technology. Keylime-agent"},{"line_number":6,"context_line":"will be installed to run on the node and command "},{"line_number":7,"context_line":"Integrity Measurement Architecture (IMA) to collect measurements "},{"line_number":8,"context_line":"and send the measurements to the keylime verifier for attestation."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This element works with a software TPM 2.0 emulator. TPM utility "}],"source_content_type":"text/x-rst","patch_set":5,"id":"a0170f4c_9ec4c485","line":7,"in_reply_to":"ec8d53ac_e9c842d6","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":5,"context_line":"Keylime is a trust system based on TPM Technology. Keylime-agent"},{"line_number":6,"context_line":"will be installed to run on the node and command "},{"line_number":7,"context_line":"Integrity Measurement Architecture (IMA) to collect measurements "},{"line_number":8,"context_line":"and send the measurements to the keylime verifier for attestation."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This element works with a software TPM 2.0 emulator. TPM utility "},{"line_number":11,"context_line":"prerequisites are installed, including tpm2-tss software stack, "}],"source_content_type":"text/x-rst","patch_set":5,"id":"6462481b_c1947303","line":8,"updated":"2021-05-17 18:08:34.000000000","message":"You may want to stress how this is generally useful in terms of ensuring the machine\u0027s running software and state have not been maliciously modified, and that ultimately it provides the ability for such conditions to be identified with a running workload.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":5,"context_line":"Keylime is a trust system based on TPM Technology. Keylime-agent"},{"line_number":6,"context_line":"will be installed to run on the node and command "},{"line_number":7,"context_line":"Integrity Measurement Architecture (IMA) to collect measurements "},{"line_number":8,"context_line":"and send the measurements to the keylime verifier for attestation."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This element works with a software TPM 2.0 emulator. TPM utility "},{"line_number":11,"context_line":"prerequisites are installed, including tpm2-tss software stack, "}],"source_content_type":"text/x-rst","patch_set":5,"id":"62299054_40a530ca","line":8,"in_reply_to":"6462481b_c1947303","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":6,"context_line":"will be installed to run on the node and command "},{"line_number":7,"context_line":"Integrity Measurement Architecture (IMA) to collect measurements "},{"line_number":8,"context_line":"and send the measurements to the keylime verifier for attestation."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This element works with a software TPM 2.0 emulator. TPM utility "},{"line_number":11,"context_line":"prerequisites are installed, including tpm2-tss software stack, "},{"line_number":12,"context_line":"tpm2-tools utilities, and the tpm2-abrmd resource manager."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"**REFERENCES**"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"[1] https://github.com/keylime/"}],"source_content_type":"text/x-rst","patch_set":5,"id":"8dadb756_1588d07d","line":13,"range":{"start_line":9,"start_character":0,"end_line":13,"end_character":0},"updated":"2021-05-17 18:08:34.000000000","message":"Idealy, the emulator needs to be decoupled from this element. I should be able to build an element, and then get a slim no-un-neeeded item image, and be able to deploy it to a physical server with a TPM, and be able to use this software.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[{"line_number":6,"context_line":"will be installed to run on the node and command "},{"line_number":7,"context_line":"Integrity Measurement Architecture (IMA) to collect measurements "},{"line_number":8,"context_line":"and send the measurements to the keylime verifier for attestation."},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"This element works with a software TPM 2.0 emulator. TPM utility "},{"line_number":11,"context_line":"prerequisites are installed, including tpm2-tss software stack, "},{"line_number":12,"context_line":"tpm2-tools utilities, and the tpm2-abrmd resource manager."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"**REFERENCES**"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"[1] https://github.com/keylime/"}],"source_content_type":"text/x-rst","patch_set":5,"id":"00ab9a09_1b347904","line":13,"range":{"start_line":9,"start_character":0,"end_line":13,"end_character":0},"in_reply_to":"8dadb756_1588d07d","updated":"2021-05-17 20:30:53.000000000","message":"In case of using a TPM emulator, should I build a new element for it?","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/install.d/keylime-agent-source-install/80-keylime-agent-install":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":22,"context_line":""},{"line_number":23,"context_line":"# install tpm"},{"line_number":24,"context_line":"cd $TPMDIR/src"},{"line_number":25,"context_line":"# compile tpm emulator"},{"line_number":26,"context_line":"make"},{"line_number":27,"context_line":"# install tpm_server"},{"line_number":28,"context_line":"install -c -m 0755 $TPMDIR/src/tpm_server /usr/local/bin/tpm_server"},{"line_number":29,"context_line":"# install init_tpm_server script"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"3181a06e_21c9dec5","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":4},"updated":"2021-05-17 18:08:34.000000000","message":"Why is a tpm emulator needed?!?\n\nEdit: because they don\u0027t have one in all cases. Realistically the emulator should be removed from this and the element should be intended to stand on it\u0027s own in terms of working on baremetal or a vm with a vtpm for a running workload.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":44,"context_line":"$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent"},{"line_number":47,"context_line":"ln -s $VENVDIR/bin/keylime_ima_emulator /usr/local/bin/keylime_ima_emulator "},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"case \"$DIB_INIT_SYSTEM\" in"},{"line_number":50,"context_line":"    systemd)"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"7d86cd8f_965df160","line":47,"updated":"2021-05-17 18:08:34.000000000","message":"nit, excess space.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":44,"context_line":"$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent"},{"line_number":47,"context_line":"ln -s $VENVDIR/bin/keylime_ima_emulator /usr/local/bin/keylime_ima_emulator "},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"case \"$DIB_INIT_SYSTEM\" in"},{"line_number":50,"context_line":"    systemd)"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"9d25ac1d_74fe068d","line":47,"in_reply_to":"7d86cd8f_965df160","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fe2f499c3c9c5a6e6e96b76f665040df7416e8e4","unresolved":true,"context_lines":[{"line_number":61,"context_line":"        exit 1"},{"line_number":62,"context_line":"        ;;"},{"line_number":63,"context_line":"esac"},{"line_number":64,"context_line":""}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"8ca1ae67_da36fe08","line":64,"updated":"2021-05-17 18:12:24.000000000","message":"so semi-crazy related thought, wouldn\u0027t it make sense to allow an operator building a DIB image to deploy to also explicitly provide in their keylime deployment configuration as environment variables. The setting on the kernel command line is neat and I *think* is supportable for baremetal deployments, but makes it slightly harder to use when generally we want things to be easy.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[{"line_number":61,"context_line":"        exit 1"},{"line_number":62,"context_line":"        ;;"},{"line_number":63,"context_line":"esac"},{"line_number":64,"context_line":""}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"be621e43_2812ee20","line":64,"in_reply_to":"8ca1ae67_da36fe08","updated":"2021-05-17 20:30:53.000000000","message":"I think an operator can get the keylime configuration when they build the image. So it\u0027s a good idea to pass keylime configuration as environment variables.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/install.d/keylime-agent-source-install/keylime-agent.service":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":1,"context_line":"[Unit]"},{"line_number":2,"context_line":"Description\u003dThe Keylime agent"},{"line_number":3,"context_line":"Wants\u003dtpm2-abrmd.service"},{"line_number":4,"context_line":"After\u003dnetwork-online.target "},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"[Service]"},{"line_number":7,"context_line":"ExecStartPre\u003d/usr/local/bin/set-keylime-conf"}],"source_content_type":"application/octet-stream","patch_set":5,"id":"30dfb370_495ad334","line":4,"updated":"2021-05-17 18:08:34.000000000","message":"nit: excess space","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":1,"context_line":"[Unit]"},{"line_number":2,"context_line":"Description\u003dThe Keylime agent"},{"line_number":3,"context_line":"Wants\u003dtpm2-abrmd.service"},{"line_number":4,"context_line":"After\u003dnetwork-online.target "},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"[Service]"},{"line_number":7,"context_line":"ExecStartPre\u003d/usr/local/bin/set-keylime-conf"}],"source_content_type":"application/octet-stream","patch_set":5,"id":"b0d65726_09092ec8","line":4,"in_reply_to":"30dfb370_495ad334","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/install.d/keylime-agent-source-install/keylime-ima-emulator.service":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":1,"context_line":"[Unit]"},{"line_number":2,"context_line":"Description\u003dThe Keylime ima emulator"},{"line_number":3,"context_line":"Wants\u003dtpm2-abrmd.service"},{"line_number":4,"context_line":"Before\u003dkeylime-agent.service"},{"line_number":5,"context_line":"After\u003dnetwork-online.target "}],"source_content_type":"application/octet-stream","patch_set":5,"id":"63dff733_f7ed5754","line":2,"range":{"start_line":2,"start_character":24,"end_line":2,"end_character":27},"updated":"2021-05-17 18:08:34.000000000","message":"s/ima/Integrety Monitoring Agent/ ?","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[{"line_number":1,"context_line":"[Unit]"},{"line_number":2,"context_line":"Description\u003dThe Keylime ima emulator"},{"line_number":3,"context_line":"Wants\u003dtpm2-abrmd.service"},{"line_number":4,"context_line":"Before\u003dkeylime-agent.service"},{"line_number":5,"context_line":"After\u003dnetwork-online.target "}],"source_content_type":"application/octet-stream","patch_set":5,"id":"f1f92e49_851dba7e","line":2,"range":{"start_line":2,"start_character":24,"end_line":2,"end_character":27},"in_reply_to":"63dff733_f7ed5754","updated":"2021-05-17 20:30:53.000000000","message":"ima stands for integrity measurement architecture.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":2,"context_line":"Description\u003dThe Keylime ima emulator"},{"line_number":3,"context_line":"Wants\u003dtpm2-abrmd.service"},{"line_number":4,"context_line":"Before\u003dkeylime-agent.service"},{"line_number":5,"context_line":"After\u003dnetwork-online.target "},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[Service]"},{"line_number":8,"context_line":"ExecStart\u003d/usr/local/bin/keylime_ima_emulator"}],"source_content_type":"application/octet-stream","patch_set":5,"id":"7c091e1d_5718b88f","line":5,"updated":"2021-05-17 18:08:34.000000000","message":"nit excess space","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":2,"context_line":"Description\u003dThe Keylime ima emulator"},{"line_number":3,"context_line":"Wants\u003dtpm2-abrmd.service"},{"line_number":4,"context_line":"Before\u003dkeylime-agent.service"},{"line_number":5,"context_line":"After\u003dnetwork-online.target "},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[Service]"},{"line_number":8,"context_line":"ExecStart\u003d/usr/local/bin/keylime_ima_emulator"}],"source_content_type":"application/octet-stream","patch_set":5,"id":"f6628960_701c59fe","line":5,"in_reply_to":"7c091e1d_5718b88f","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/package-installs.yaml":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"06761767_0bd805f4","line":25,"updated":"2021-05-17 18:08:34.000000000","message":"So these are largely packages needed just to build the binaries. Among these I wouldn\u0027t expect them to all be present or need to be present on a purely package deployed system?\n\nI guess where I\u0027m going with this is we shouldn\u0027t end up in a situation where if I\u0027m creating an image to be my new secure server with attestation, and also by default always getting a c++ compiler suite plus devel packages.\n\nA fairly complex example of where some things get removed after just installing the base requirements to do the needful is located at https://github.com/openstack/ironic-python-agent-builder/blob/master/dib/ironic-python-agent-ramdisk/package-installs.yaml","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"b67a6c66_ae660bde","line":25,"in_reply_to":"06761767_0bd805f4","updated":"2021-05-17 20:30:53.000000000","message":"Make sense. I\u0027ll make them uninstalled after use.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/post-install.d/90-keylime-agent":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":11,"context_line":"        systemctl enable tpm_server"},{"line_number":12,"context_line":"        systemctl enable tpm2-abrmd"},{"line_number":13,"context_line":"        systemctl enable keylime-ima-emulator"},{"line_number":14,"context_line":"        systemctl enable keylime-agent      "},{"line_number":15,"context_line":"        ;;"},{"line_number":16,"context_line":"    *)"},{"line_number":17,"context_line":"        echo \"Unsupported init system $DIB_INIT_SYSTEM\""}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"cec24ddf_9728e56d","line":14,"updated":"2021-05-17 18:08:34.000000000","message":"nit: excess whitespace on line 10 and 14 on the end of the line.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":11,"context_line":"        systemctl enable tpm_server"},{"line_number":12,"context_line":"        systemctl enable tpm2-abrmd"},{"line_number":13,"context_line":"        systemctl enable keylime-ima-emulator"},{"line_number":14,"context_line":"        systemctl enable keylime-agent      "},{"line_number":15,"context_line":"        ;;"},{"line_number":16,"context_line":"    *)"},{"line_number":17,"context_line":"        echo \"Unsupported init system $DIB_INIT_SYSTEM\""}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"13fc3fe8_90a99356","line":14,"in_reply_to":"cec24ddf_9728e56d","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/source-repository-ibmtpm":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":1,"context_line":"ibmtpm tar /tmp/ibmtpm http://sourceforge.net/projects/ibmswtpm2/files/ibmtpm1119.tar.gz ."}],"source_content_type":"application/octet-stream","patch_set":5,"id":"56d5c212_c708b557","line":1,"range":{"start_line":1,"start_character":23,"end_line":1,"end_character":90},"updated":"2021-05-17 18:08:34.000000000","message":"Downloading a file from sourceforge is somewhat worrisome to me. I believe this is the emulator which I think should be able to be removed.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[{"line_number":1,"context_line":"ibmtpm tar /tmp/ibmtpm http://sourceforge.net/projects/ibmswtpm2/files/ibmtpm1119.tar.gz ."}],"source_content_type":"application/octet-stream","patch_set":5,"id":"d58026ae_64fbaa8b","line":1,"range":{"start_line":1,"start_character":23,"end_line":1,"end_character":90},"in_reply_to":"56d5c212_c708b557","updated":"2021-05-17 20:30:53.000000000","message":"Yes, this is the TPM emulator. I copied this from github.com/keylime/keylime-vagrant-ansible-tpm-emulator/blob/master/roles/ansible-keylime-tpm20/tasks/ibm-tpm.yml.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}],"diskimage_builder/elements/keylime-agent/static/usr/local/bin/set-keylime-conf":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fe2f499c3c9c5a6e6e96b76f665040df7416e8e4","unresolved":true,"context_lines":[{"line_number":5,"context_line":"set -o pipefail"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"# reads the keylime registrar ip address and port from the kernel command line"},{"line_number":8,"context_line":"# and set it "},{"line_number":9,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_ip\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":10,"context_line":"    sed -i \"s/^\\(registrar\\_ip\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"},{"line_number":11,"context_line":"fi"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"28e73be3_5d0eefe6","line":8,"updated":"2021-05-17 18:12:24.000000000","message":"Perhaps note that this is likely only used if someone deploys the machine and explicitly sets the parameters via the command line, like those being used by an ironic ramdisk or where someone has modified the arguments via post-boot configuration.  Being able to embed base default configuration may be good for general operators who aren\u0027t caring about the deployment process.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":5,"context_line":"set -o pipefail"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"# reads the keylime registrar ip address and port from the kernel command line"},{"line_number":8,"context_line":"# and set it "},{"line_number":9,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_ip\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":10,"context_line":"    sed -i \"s/^\\(registrar\\_ip\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"},{"line_number":11,"context_line":"fi"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"d9a894c4_3202b1de","line":8,"updated":"2021-05-17 18:08:34.000000000","message":"nit, excess space.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[{"line_number":5,"context_line":"set -o pipefail"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"# reads the keylime registrar ip address and port from the kernel command line"},{"line_number":8,"context_line":"# and set it "},{"line_number":9,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_ip\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":10,"context_line":"    sed -i \"s/^\\(registrar\\_ip\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"},{"line_number":11,"context_line":"fi"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"d8510164_047d0d5b","line":8,"in_reply_to":"28e73be3_5d0eefe6","updated":"2021-05-17 20:30:53.000000000","message":"gotcha","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":false,"context_lines":[{"line_number":5,"context_line":"set -o pipefail"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"# reads the keylime registrar ip address and port from the kernel command line"},{"line_number":8,"context_line":"# and set it "},{"line_number":9,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_ip\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":10,"context_line":"    sed -i \"s/^\\(registrar\\_ip\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"},{"line_number":11,"context_line":"fi"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"fd4b0df9_97aaccbb","line":8,"in_reply_to":"d9a894c4_3202b1de","updated":"2021-05-17 20:30:53.000000000","message":"Ack","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"63448b9155151c0cdbd21b9efc98e552f2b7b6e7","unresolved":true,"context_lines":[{"line_number":7,"context_line":"# reads the keylime registrar ip address and port from the kernel command line"},{"line_number":8,"context_line":"# and set it "},{"line_number":9,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_ip\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":10,"context_line":"    sed -i \"s/^\\(registrar\\_ip\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"},{"line_number":11,"context_line":"fi"},{"line_number":12,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_port\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":13,"context_line":"    sed -i \"s/^\\(registrar\\_port\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"8fb062e5_b96081e3","line":10,"updated":"2021-05-17 18:08:34.000000000","message":"This match is slightly... wow. I guess it feels like overkill, and I\u0027m not sure why we\u0027ve got variable_name\\s*\u003d in there.... I guess generally we start with a templated configuration in the element and inject it or just wholesale replace the line with the expected value, but I\u0027m guessing name variation is expected?","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"},{"author":{"_account_id":32617,"name":"Danni Shi","email":"sdanni@redhat.com","username":"sdanni"},"change_message_id":"06b9213482129ff4bdaea2eea29fb71735395315","unresolved":true,"context_lines":[{"line_number":7,"context_line":"# reads the keylime registrar ip address and port from the kernel command line"},{"line_number":8,"context_line":"# and set it "},{"line_number":9,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_ip\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":10,"context_line":"    sed -i \"s/^\\(registrar\\_ip\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"},{"line_number":11,"context_line":"fi"},{"line_number":12,"context_line":"if [[ $(\u003c/proc/cmdline) \u003d~ registrar_port\u003d\\\"?([^\\\"]+)\\\" ]]; then"},{"line_number":13,"context_line":"    sed -i \"s/^\\(registrar\\_port\\s*\u003d\\s*\\).*$/\\1\"${BASH_REMATCH[1]}\"/\" /etc/keylime.conf"}],"source_content_type":"application/x-shellscript","patch_set":5,"id":"41e9170c_0b8cdba4","line":10,"in_reply_to":"8fb062e5_b96081e3","updated":"2021-05-17 20:30:53.000000000","message":"I want to replace \"registrar_ip \u003d 127.0.0.1\" in the template conf with the actual ip of the remote keylime server that the agent talks with. Same with registrar_port. I think using exact match \"vairable_name \u003d \" can also work.","commit_id":"053120276ab99018d8288eeb66fa5a817e6f0402"}]}