ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-11 06:54:14 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

[#71] Dockerize TPM 1.2 Provisioner and Integrate with Docker Compose (#77)

Browse Source 
* [#71] Initial Dockerization of TPM 1.2 Provisioner

* Fix permissions on new script

* Fix current bugs

* [#71] Try a new direction for setting up TPM 1.2 Provisioner Testing

* [#71] Attempt to the latest version of Trousers on Travis CI VM for 1.2 Provisioner support

* [#71] Try IBM TPM 1.2 Emulator

* [#71] Move towards cleaning up work

* [#71] Update TPM1.2 Provisioner Docker to work with Docker Compose in Systems Test

* [#71] Get TPM 1.2 Provisioner to provision successfully in Docker container

* Update system tests script to include TPM 1.2 Provisioner container

* [#71] Separate TPM 1.2 and 2.0 Provisioner System Tests

* [#71] Pipe TPM Emulator log output to file to clear up system test output
This commit is contained in:
apldev3 2019-02-04 14:26:54 -05:00 committed by GitHub
parent afd5fd29e4
commit ec8c4b5c3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 311 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.ci/docker/.env
View File

@ -1,4 +1,5 @@
HIRS_ACA_PROVISIONER_IP=172.19.0.3 HIRS_ACA_PROVISIONER_IP=172.19.0.3
HIRS_ACA_PROVISIONER_TPM2_IP=172.19.0.4
TPM_ENABLED=true TPM_ENABLED=true
IMA_ENABLED=false IMA_ENABLED=false
@ -7,4 +8,6 @@ HIRS_ACA_PORTAL_PORT=8443
HIRS_BROKER_PORT=61616 HIRS_BROKER_PORT=61616
HIRS_ACA_PORTAL_CONTAINER_PORT=80 HIRS_ACA_PORTAL_CONTAINER_PORT=80
HIRS_ACA_HOSTNAME=hirsaca
HIRS_SUBNET=172.19.0.0/16 HIRS_SUBNET=172.19.0.0/16

17
.ci/docker/Dockerfile.tpmprovisioner Normal file
View File

@ -0,0 +1,17 @@
FROM hirs/hirs-ci:centos7
MAINTAINER apl.dev3@jhuapl.edu
# Install packages for installing HIRS TPM Provisioner
RUN yum -y update && yum clean all
# TODO: Remove vim-common if/when Paccor updates (Also update Paccor version below)
RUN yum install -y java-1.8.0-openjdk wget util-linux chkconfig sed systemd gmp-devel coreutils dmidecode bash autoconf autoconf-archive automake libtool pkgconfig m4 gcc-c++ openssl python-requests && yum clean all
# Install tpm_module for Communicating with TPM
RUN mkdir tpm_module && pushd tpm_module && wget https://github.com/nsacyber/HIRS/releases/download/v1.0.2/tpm_module-1.0.2-1541093721.d1bdf9.x86_64.rpm && yum -y install tpm_module-*.rpm && popd
# Install PACCOR for Device Info Gathering
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.0.6r3/paccor-1.0.6-3.noarch.rpm && yum -y install paccor-*.rpm && popd
# Install Software TPM for Provisioning
RUN mkdir tpm_emulator && pushd tpm_emulator && wget https://phoenixnap.dl.sourceforge.net/project/ibmswtpm/tpm4769tar.gz && tar -xzvf tpm4769tar.gz && pushd libtpm && ./autogen && ./configure && make && popd && pushd tpm && make -f makefile-tpm && popd && popd

50
.ci/docker/docker-compose-tpm2.yml Normal file
View File

@ -0,0 +1,50 @@
version: "3.1"
services:
aca:
image: hirs/hirs-ci:aca
container_name: hirs-aca
volumes:
- ../../:/HIRS
ports:
- "${HIRS_ACA_PORTAL_PORT}:${HIRS_ACA_PORTAL_CONTAINER_PORT}"
entrypoint: /bin/bash -c
command: [HIRS/.ci/integration-tests/setup-aca.sh]
hostname: ${HIRS_ACA_HOSTNAME}
networks:
hirs_aca_system_tests:
ipv4_address: ${HIRS_ACA_PORTAL_IP}
aliases:
- ${HIRS_ACA_HOSTNAME}
tpm2provisioner:
image: hirs/hirs-ci:tpm2provisioner
container_name: hirs-aca-provisioner-tpm2
depends_on:
- aca
volumes:
- ../../:/HIRS
entrypoint: /bin/bash -c
command: [HIRS/.ci/integration-tests/setup-tpm2provisioner.sh;
HIRS/.ci/system-tests/systems-test-centos7-tpm2.sh]
networks:
hirs_aca_system_tests:
ipv4_address: ${HIRS_ACA_PROVISIONER_TPM2_IP}
environment:
- HIRS_ACA_PROVISIONER_TPM2_IP=${HIRS_ACA_PROVISIONER_TPM2_IP}
- TPM_ENABLED=${TPM_ENABLED}
- IMA_ENABLED=${IMA_ENABLED}
- HIRS_ACA_PORTAL_IP=${HIRS_ACA_PORTAL_IP}
- HIRS_ACA_PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
- HIRS_BROKER_PORT=${HIRS_BROKER_PORT}
- HIRS_ACA_PORTAL_CONTAINER_PORT=${HIRS_ACA_PORTAL_CONTAINER_PORT}
- HIRS_ACA_HOSTNAME=${HIRS_ACA_HOSTNAME}
- HIRS_SUBNET=${HIRS_SUBNET}
networks:
hirs_aca_system_tests:
driver: bridge
ipam:
driver: default
config:
- subnet: ${HIRS_SUBNET}

29
.ci/docker/docker-compose.yml
View File

@ -8,25 +8,31 @@ services:
- ../../:/HIRS - ../../:/HIRS
ports: ports:
- "${HIRS_ACA_PORTAL_PORT}:${HIRS_ACA_PORTAL_CONTAINER_PORT}" - "${HIRS_ACA_PORTAL_PORT}:${HIRS_ACA_PORTAL_CONTAINER_PORT}"
entrypoint: /bin/bash -c entrypoint: /bin/bash -c
command: [HIRS/.ci/integration-tests/setup-aca.sh] command: [HIRS/.ci/integration-tests/setup-aca.sh]
hostname: ${HIRS_ACA_HOSTNAME}
networks: networks:
hirs_aca_system_tests: hirs_aca_system_tests:
ipv4_address: ${HIRS_ACA_PORTAL_IP} ipv4_address: ${HIRS_ACA_PORTAL_IP}
aliases:
- ${HIRS_ACA_HOSTNAME}
tpm2provisioner: tpmprovisioner:
image: hirs/hirs-ci:tpm2provisioner image: hirs/hirs-ci:tpmprovisioner
container_name: hirs-aca-provisioner-tpm2 container_name: hirs-aca-provisioner
depends_on: depends_on:
- aca - aca
volumes: volumes:
- ../../:/HIRS - ../../:/HIRS
entrypoint: /bin/bash -c entrypoint: /bin/bash -c
command: [HIRS/.ci/integration-tests/setup-tpm2provisioner.sh; command: [HIRS/.ci/integration-tests/setup-tpmprovisioner.sh;]
HIRS/.ci/system-tests/systems-test-centos7-tpm2.sh] devices:
- "/dev/mem:/dev/mem"
cap_add:
- sys_rawio
networks: networks:
hirs_aca_system_tests: hirs_aca_system_tests:
ipv4_address: ${HIRS_ACA_PROVISIONER_IP} ipv4_address: ${HIRS_ACA_PROVISIONER_IP}
environment: environment:
- HIRS_ACA_PROVISIONER_IP=${HIRS_ACA_PROVISIONER_IP} - HIRS_ACA_PROVISIONER_IP=${HIRS_ACA_PROVISIONER_IP}
- TPM_ENABLED=${TPM_ENABLED} - TPM_ENABLED=${TPM_ENABLED}
@ -35,12 +41,13 @@ services:
- HIRS_ACA_PORTAL_PORT=${HIRS_ACA_PORTAL_PORT} - HIRS_ACA_PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
- HIRS_BROKER_PORT=${HIRS_BROKER_PORT} - HIRS_BROKER_PORT=${HIRS_BROKER_PORT}
- HIRS_ACA_PORTAL_CONTAINER_PORT=${HIRS_ACA_PORTAL_CONTAINER_PORT} - HIRS_ACA_PORTAL_CONTAINER_PORT=${HIRS_ACA_PORTAL_CONTAINER_PORT}
- HIRS_ACA_HOSTNAME=${HIRS_ACA_HOSTNAME}
- HIRS_SUBNET=${HIRS_SUBNET} - HIRS_SUBNET=${HIRS_SUBNET}
networks: networks:
hirs_aca_system_tests: hirs_aca_system_tests:
driver: bridge driver: bridge
ipam: ipam:
driver: default driver: default
config: config:
- subnet: ${HIRS_SUBNET} - subnet: ${HIRS_SUBNET}

68
.ci/integration-tests/setup-tpm2provisioner.sh
View File

@ -10,10 +10,10 @@ until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:
done done
echo "ACA is up!" echo "ACA is up!"
# Function to install provisioner packages. # Function to install TPM2 Provisioner packages.
function InstallProvisioner { function InstallProvisioner {
echo "===========Installing Provisioner Packages...===========" echo "===========Installing TPM2 Provisioner Packages...==========="
pushd /HIRS pushd /HIRS
if [ ! -d package/rpm/RPMS ]; then if [ ! -d package/rpm/RPMS ]; then
./package/package.centos.sh ./package/package.centos.sh
@ -23,38 +23,38 @@ function InstallProvisioner {
} }
# Function to initialize the TPM2 Emulator # Function to initialize the TPM2 Emulator
function InitTpmEmulator { function InitTpm2Emulator {
echo "===========Initializing TPM2 Emulator...===========" echo "===========Initializing TPM2 Emulator...==========="
mkdir -p /var/run/dbus mkdir -p /var/run/dbus
if [ -e /var/run/dbus/pid ]; then if [ -e /var/run/dbus/pid ]; then
rm /var/run/dbus/pid rm /var/run/dbus/pid
fi fi
if [ -e /var/run/dbus/system_bus_socket ]; then if [ -e /var/run/dbus/system_bus_socket ]; then
rm /var/run/dbus/system_bus_socket rm /var/run/dbus/system_bus_socket
fi fi
# Start the DBus # Start the DBus
dbus-daemon --fork --system dbus-daemon --fork --system
echo "DBus started" echo "DBus started"
# Give DBus time to start up # Give DBus time to start up
sleep 5 sleep 5
/ibmtpm/src/./tpm_server & /ibmtpm/src/./tpm_server &
echo "TPM Emulator started" echo "TPM Emulator started"
tpm2-abrmd -t socket & tpm2-abrmd -t socket &
echo "TPM2-Abrmd started" echo "TPM2-Abrmd started"
# Give ABRMD time to start and register on the DBus # Give ABRMD time to start and register on the DBus
sleep 5 sleep 5
# EK and PC Certificate # EK and PC Certificate
ek_cert_der="/HIRS/.ci/integration-tests/certs/ek_cert.der" ek_cert_der="/HIRS/.ci/integration-tests/certs/ek_cert.der"
platform_cert="platformAttributeCertificate.pem" platform_cert="platformAttributeCertificate.pem"
echo "Creating Platform Cert for Container." echo "Creating Platform Cert for Container."
PC_DIR=/var/hirs/pc_generation PC_DIR=/var/hirs/pc_generation
mkdir -p $PC_DIR mkdir -p $PC_DIR
@ -63,12 +63,12 @@ function InitTpmEmulator {
/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile /opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile
/opt/paccor/bin/observer -c $PC_DIR/componentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile /opt/paccor/bin/observer -c $PC_DIR/componentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile
/opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/integration-tests/certs/ca.key -P /HIRS/.ci/integration-tests/certs/ca.crt --pem -f $PC_DIR/$platform_cert /opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/integration-tests/certs/ca.key -P /HIRS/.ci/integration-tests/certs/ca.crt --pem -f $PC_DIR/$platform_cert
if tpm2_nvlist | grep -q 0x1c00002; then if tpm2_nvlist | grep -q 0x1c00002; then
echo "Released NVRAM for EK." echo "Released NVRAM for EK."
tpm2_nvrelease -x 0x1c00002 -a 0x40000001 tpm2_nvrelease -x 0x1c00002 -a 0x40000001
fi fi
# Define nvram space to enable loading of EK cert (-x NV Index, -a handle to # Define nvram space to enable loading of EK cert (-x NV Index, -a handle to
# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t # authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t
# specifies attribute value in publicInfo struct # specifies attribute value in publicInfo struct
@ -76,26 +76,26 @@ function InitTpmEmulator {
size=$(cat $ek_cert_der | wc -c) size=$(cat $ek_cert_der | wc -c)
echo "Define NVRAM location for EK cert of size $size." echo "Define NVRAM location for EK cert of size $size."
tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
# Load key into TPM nvram # Load key into TPM nvram
echo "Loading EK cert into NVRAM." echo "Loading EK cert into NVRAM."
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
if tpm2_nvlist | grep -q 0x1c90000; then if tpm2_nvlist | grep -q 0x1c90000; then
echo "Released NVRAM for PC." echo "Released NVRAM for PC."
tpm2_nvrelease -x 0x1c90000 -a 0x40000001 tpm2_nvrelease -x 0x1c90000 -a 0x40000001
fi fi
# Store the platform certificate in the TPM's NVRAM # Store the platform certificate in the TPM's NVRAM
size=$(cat $PC_DIR/$platform_cert | wc -c) size=$(cat $PC_DIR/$platform_cert | wc -c)
echo "Define NVRAM location for PC cert of size $size." echo "Define NVRAM location for PC cert of size $size."
tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size
echo "Loading PC cert into NVRAM." echo "Loading PC cert into NVRAM."
tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert
echo "===========TPM2 Emulator Initialization Complete!===========" echo "===========TPM2 Emulator Initialization Complete!==========="
# Set Logging to INFO Level # Set Logging to INFO Level
sed -i "s/WARN/INFO/" /etc/hirs/TPM2_Provisioner/log4cplus_config.ini sed -i "s/WARN/INFO/" /etc/hirs/TPM2_Provisioner/log4cplus_config.ini
} }
@ -103,27 +103,27 @@ function InitTpmEmulator {
# Function to update the hirs-site.config file # Function to update the hirs-site.config file
function UpdateHirsSiteConfigFile { function UpdateHirsSiteConfigFile {
HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config" HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
echo "" echo ""
echo "===========Updating ${HIRS_SITE_CONFIG}, using values from /HIRS/.ci/docker/.env file...===========" echo "===========Updating ${HIRS_SITE_CONFIG}, using values from /HIRS/.ci/docker/.env file...==========="
cat /HIRS/.ci/docker/.env cat /HIRS/.ci/docker/.env
cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
#******************************************* #*******************************************
#* HIRS site configuration properties file #* HIRS site configuration properties file
#******************************************* #*******************************************
CLIENT_HOSTNAME=${HIRS_ACA_PROVISIONER_IP} CLIENT_HOSTNAME=${HIRS_ACA_PROVISIONER_TPM2_IP}
TPM_ENABLED=${TPM_ENABLED} TPM_ENABLED=${TPM_ENABLED}
IMA_ENABLED=${IMA_ENABLED} IMA_ENABLED=${IMA_ENABLED}
# Site-specific configuration # Site-specific configuration
ATTESTATION_CA_FQDN=${HIRS_ACA_PORTAL_IP} ATTESTATION_CA_FQDN=${HIRS_ACA_HOSTNAME}
ATTESTATION_CA_PORT=${HIRS_ACA_PORTAL_PORT} ATTESTATION_CA_PORT=${HIRS_ACA_PORTAL_PORT}
BROKER_FQDN=${HIRS_ACA_PORTAL_IP} BROKER_FQDN=${HIRS_ACA_PORTAL_IP}
BROKER_PORT=${HIRS_BROKER_PORT} BROKER_PORT=${HIRS_BROKER_PORT}
PORTAL_FQDN=${HIRS_ACA_PORTAL_IP} PORTAL_FQDN=${HIRS_ACA_PORTAL_IP}
PORTAL_PORT=${HIRS_ACA_PORTAL_PORT} PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
DEFAULT_SITE_CONFIG_FILE DEFAULT_SITE_CONFIG_FILE
echo "===========New HIRS Config File===========" echo "===========New HIRS Config File==========="
@ -133,11 +133,11 @@ DEFAULT_SITE_CONFIG_FILE
# Install packages # Install packages
InstallProvisioner InstallProvisioner
# Install TPM Emulator # Install TPM2 Emulator
InitTpmEmulator InitTpm2Emulator
# Update the hir-site.config file # Update the hirs-site.config file
UpdateHirsSiteConfigFile UpdateHirsSiteConfigFile
echo "" echo ""
echo "===========HIRS ACA Provisioner Setup Complete!===========" echo "===========HIRS ACA TPM2 Provisioner Setup Complete!==========="

110
.ci/integration-tests/setup-tpmprovisioner.sh Executable file
View File

@ -0,0 +1,110 @@
#!/bin/bash
# Script to setup the TPM Provisioner Docker Image for Integration Tests
set -e
# Wait for ACA to boot
echo "Waiting for ACA to spin up..."
until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep '302 Found'`" != "" ]; do
:
done
echo "ACA is up!"
# Function to install Provisioner packages.
function InstallProvisioner {
echo "===========Installing Provisioner Packages...==========="
pushd /HIRS
if [ ! -d package/rpm/RPMS ]; then
./package/package.centos.sh
fi
yum install -y package/rpm/RPMS/noarch/HIRS_Provisioner_TPM_1_2*.el7.noarch.rpm
popd
}
# Function to initialize the TPM Emulator
function InitTpmEmulator {
echo "===========Initializing TPM Emulator...==========="
# Set variables for server
export TPM_PATH=/tpm_emulator/tpm_storage
export TPM_PORT=6543
# Set variables for client utils
export TPM_SERVER_NAME=localhost
export TPM_SERVER_PORT=6543
# Set variable for TrouSerS
export TCSD_TCP_DEVICE_PORT=6543
mkdir -p $TPM_PATH
pushd /tpm_emulator
# Activate Software TPM
./tpm/tpm_server > tpm.log 2>&1 &
./libtpm/utils/tpmbios
# Restart Software TPM after Activation
pkill tpm_server
./tpm/tpm_server > tpm.log 2>&1 &
./libtpm/utils/tpmbios
# Create EK on Software TPM
./libtpm/utils/createek
# Initialize last memory address
./libtpm/utils/nv_definespace -in ffffffff -sz 0
popd
echo "Starting TrouSerS Daemon"
tcsd -e
echo "Testing TPM Connectivity"
tpm_selftest
echo "===========TPM Emulator Initialization Complete!==========="
}
# Function to update the hirs-site.config file
function UpdateHirsSiteConfigFile {
HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
echo ""
echo "===========Updating ${HIRS_SITE_CONFIG}, using values from /HIRS/.ci/docker/.env file...==========="
cat /HIRS/.ci/docker/.env
cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
#*******************************************
#* HIRS site configuration properties file
#*******************************************
CLIENT_HOSTNAME=${HIRS_ACA_PROVISIONER_IP}
TPM_ENABLED=${TPM_ENABLED}
IMA_ENABLED=${IMA_ENABLED}
# Site-specific configuration
ATTESTATION_CA_FQDN=${HIRS_ACA_HOSTNAME}
ATTESTATION_CA_PORT=${HIRS_ACA_PORTAL_PORT}
BROKER_FQDN=${HIRS_ACA_PORTAL_IP}
BROKER_PORT=${HIRS_BROKER_PORT}
PORTAL_FQDN=${HIRS_ACA_PORTAL_IP}
PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
DEFAULT_SITE_CONFIG_FILE
echo "===========New HIRS Config File==========="
cat /etc/hirs/hirs-site.config
}
# Install packages
InstallProvisioner
# Install TPM Emulator
InitTpmEmulator
# Update the hirs-site.config file
UpdateHirsSiteConfigFile
echo ""
echo "===========HIRS ACA Provisioner Setup Complete!==========="

56
.ci/system-tests/run-system-tests-tpm2.sh Executable file
View File

@ -0,0 +1,56 @@
#!/bin/bash
# Script to run the System Tests for HIRS TPM 2.0 Provisioner
set -e
echo ""
echo "System Tests Starting..."
echo ""
# Start System Testing Docker Environment
cd .ci/docker
docker-compose -f docker-compose-tpm2.yml up -d
tpm2_container_id="$(docker ps -aqf "name=hirs-aca-provisioner-tpm2")"
echo "TPM2 Container ID: $tpm2_container_id"
tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')"
echo "TPM2 Container Status: $tpm2_container_status"
while [[ $tpm2_container_status == "running" ]]
do
sleep 10
# Add status message, so Travis will not time out.
# It may timeout if it hasn't received output for more than 10 minutes.
echo "Still running tests, please wait..."
tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')"
done
# Store container exit codes
tpm2_container_exit_code="$(docker inspect $tpm2_container_id --format='{{.State.ExitCode}}')"
echo "TPM2 Container Exit Code: $tpm2_container_exit_code"
# Display container logs
echo ""
echo "===========hirs-aca-provisioner-tpm2 System Tests Log:==========="
docker logs $tpm2_container_id
echo ""
echo "End of TPM 2.0 System Tests, cleaning up..."
echo ""
# Clean up services and network
docker-compose down
# Return container exit codes
if [[ $tpm2_container_exit_code == 0 ]]
then
echo "SUCCESS: TPM 2.0 System tests passed"
exit 0
fi
echo "ERROR: System tests failed"
exit 1

38
.ci/system-tests/run-system-tests.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Script to run the System Tests for HIRS # Script to run the System Tests for HIRS TPM 1.2 Provisioner
set -e set -e
@ -13,42 +13,42 @@ cd .ci/docker
docker-compose up -d docker-compose up -d
tpm2_container_id="$(docker ps -aqf "name=hirs-aca-provisioner-tpm2")" tpm_container_id="$(docker ps -aqf "name=hirs-aca-provisioner")"
echo "TPM2 Container ID: $tpm2_container_id" echo "TPM Container ID: $tpm_container_id"
tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')" tpm_container_status="$(docker inspect $tpm_container_id --format='{{.State.Status}}')"
echo "TPM2 Container Status: $tpm2_container_status" echo "TPM Container Status: $tpm_container_status"
while [ $tpm2_container_status == "running" ] while [[ $tpm_container_status == "running" ]]
do do
sleep 10 sleep 10
# Add status message, so Travis will not time out. # Add status message, so Travis will not time out.
# It may timeout if it hasn't received output for more than 10 minutes. # It may timeout if it hasn't received output for more than 10 minutes.
echo "Still running tests, please wait..." echo "Still running tests, please wait..."
tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')" tpm_container_status="$(docker inspect $tpm_container_id --format='{{.State.Status}}')"
done done
# Store TPM2 container exit code # Store container exit codes
tpm2_container_exit_code="$(docker inspect $tpm2_container_id --format='{{.State.ExitCode}}')" tpm_container_exit_code="$(docker inspect $tpm_container_id --format='{{.State.ExitCode}}')"
echo "TPM2 Container Exit Code: $tpm2_container_exit_code" echo "TPM Container Exit Code: $tpm_container_exit_code"
# Display TPM2 container log # Display container logs
echo "" echo ""
echo "===========hirs-aca-provisioner-tpm2 System Tests Log:===========" echo "===========hirs-aca-provisioner System Tests Log:==========="
docker logs $tpm2_container_id docker logs $tpm_container_id
echo "" echo ""
echo "End of System Tests, cleaning up..." echo "End of TPM 1.2 System Tests, cleaning up..."
echo "" echo ""
# Clean up services and network # Clean up services and network
docker-compose down docker-compose down
# Return TPM2 container exit code # Return container exit codes
if [[ $tpm2_container_exit_code == 0 ]] if [[ $tpm_container_exit_code == 0 ]]
then then
echo "SUCCESS: System tests passed" echo "SUCCESS: TPM 1.2 System tests passed"
exit 0 exit 0
fi fi

4
.travis.yml
View File

@ -47,3 +47,7 @@ jobs:
script: .ci/system-tests/./run-system-tests.sh script: .ci/system-tests/./run-system-tests.sh
env: null env: null
name: "System Tests" name: "System Tests"
- stage: system-tests
script: .ci/system-tests/./run-system-tests-tpm2.sh
env: null
name: "System Tests TPM2"