diff options
-rw-r--r-- | core/modules/libvirt-src/module.build | 6 | ||||
-rw-r--r-- | core/modules/libvirt-src/module.conf | 4 | ||||
-rwxr-xr-x | core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/46-add-to-libvirt-tpm.sh | 5 | ||||
-rw-r--r-- | core/modules/libvirt/module.conf | 1 | ||||
-rw-r--r-- | core/modules/swtpm/module.build | 11 |
5 files changed, 25 insertions, 2 deletions
diff --git a/core/modules/libvirt-src/module.build b/core/modules/libvirt-src/module.build index 936255cb..2b380cb3 100644 --- a/core/modules/libvirt-src/module.build +++ b/core/modules/libvirt-src/module.build @@ -4,11 +4,15 @@ LIBVIRT_QEMU_USR="libvirt-qemu" LIBVIRT_QEMU_GRP="kvm" LIBVIRT_PTHR_GRP="libvirt-passthrough" +# group to access software TPM module +# group is already created by swtpm module +LIBVIRT_STPM_GRP="libvirt-tpm" + module_init() { groupadd --system "${LIBVIRT_QEMU_GRP}" groupadd --system "${LIBVIRT_QEMU_USR}" groupadd --system "${LIBVIRT_PTHR_GRP}" - useradd --gid "${LIBVIRT_QEMU_GRP}" --groups "${LIBVIRT_QEMU_USR},${LIBVIRT_PTHR_GRP}" --system \ + useradd --gid "${LIBVIRT_QEMU_GRP}" --groups "${LIBVIRT_QEMU_USR},${LIBVIRT_PTHR_GRP},${LIBVIRT_STPM_GRP}" --system \ --no-create-home --home-dir "/var/lib/libvirt" "${LIBVIRT_QEMU_USR}" } diff --git a/core/modules/libvirt-src/module.conf b/core/modules/libvirt-src/module.conf index 32c95e48..e3f78eb5 100644 --- a/core/modules/libvirt-src/module.conf +++ b/core/modules/libvirt-src/module.conf @@ -1,5 +1,9 @@ #!/bin/bash +REQUIRED_MODULES=" + swtpm +" + REQUIRED_GIT=" https://gitlab.com/libvirt/libvirt.git||v7.7.0 " diff --git a/core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/46-add-to-libvirt-tpm.sh b/core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/46-add-to-libvirt-tpm.sh new file mode 100755 index 00000000..2ccec616 --- /dev/null +++ b/core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/46-add-to-libvirt-tpm.sh @@ -0,0 +1,5 @@ +#!/bin/ash + +adduser "${PAM_USER}" "libvirt-tpm" + +exit 0 diff --git a/core/modules/libvirt/module.conf b/core/modules/libvirt/module.conf index 68ca993a..11090887 100644 --- a/core/modules/libvirt/module.conf +++ b/core/modules/libvirt/module.conf @@ -2,7 +2,6 @@ REQUIRED_MODULES=" libvirt-src - swtpm " REQUIRED_BINARIES="" diff --git a/core/modules/swtpm/module.build b/core/modules/swtpm/module.build index 0d4264b4..6157017f 100644 --- a/core/modules/swtpm/module.build +++ b/core/modules/swtpm/module.build @@ -1,4 +1,11 @@ #!/bin/bash + +LIBVIRT_STPM_GRP="libvirt-tpm" + +module_init() { + groupadd --system "${LIBVIRT_STPM_GRP}" +} + fetch_source() { autoclone } @@ -61,6 +68,10 @@ build() { make || perror "'make' failed." DESTDIR="${DSTDIR}" make install || perror "'make install' failed." + # change group and permissions for libvirt-tpm members + chgrp "${LIBVIRT_STPM_GRP}" /var/lib/swtpm-localca + chmod 775 /var/lib/swtpm-localca + rm "${SRCDIR_BIN}/pkg-config" # restore old environment so that following pkg-config calls are not modified |