On Wed, Oct 13, 2021 at 08:57:13AM -0400, Stefan Berger wrote: > Using swtpm v0.7.0 we can run swtpm_setup to create default config files > for swtpm_setup and swtpm-localca in session mode. Now a user can start > a VM with an attached TPM without having to run this program on the > command line before. This program needs to run once. > > This patch addresses the issue raised in > https://bugzilla.redhat.com/show_bug.cgi?id=2010649 > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > > --- > v4: > - Append stderr output to virReportError if swtpm_setup fails > > v3: > - Removed logfile parameter > > v2: > - fixed return code if swtpm_setup doesn't support the option > --- > src/qemu/qemu_tpm.c | 42 ++++++++++++++++++++++++++++++++++++++++++ > src/util/virtpm.c | 1 + > src/util/virtpm.h | 1 + > 3 files changed, 44 insertions(+) > > diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c > index 100481503c..f797a87fdc 100644 > --- a/src/qemu/qemu_tpm.c > +++ b/src/qemu/qemu_tpm.c > @@ -385,6 +385,45 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid, > return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_len); > } > > + > +/* > + * qemuTPMCreateConfigFiles: run swtpm_setup --create-config-files skip-if-exist > + */ > +static int > +qemuTPMCreateConfigFiles(void) > +{ > + g_autofree char *swtpm_setup = virTPMGetSwtpmSetup(); > + g_autoptr(virCommand) cmd = NULL; > + g_autofree char *errbuf = NULL; > + int exitstatus; > + > + if (!swtpm_setup) > + return -1; > + > + if (!virTPMSwtpmSetupCapsGet( > + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES)) > + return 0; > + > + cmd = virCommandNew(swtpm_setup); > + if (!cmd) > + return -1; > + > + virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL); > + virCommandClearCaps(cmd); > + virCommandSetErrorBuffer(cmd, &errbuf); > + > + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) { If virCommandRun returns < 0, it will have already reported an error message, so you only need to report an error in the exitstatus != 0 case. > + virReportError(VIR_ERR_INTERNAL_ERROR, > + _("Could not run '%s' to create config files. " > + "exitstatus: %d;\nError: %s"), > + swtpm_setup, exitstatus, errbuf); > + return -1; > + } > + > + return 0; > +} > + > + > /* > * qemuTPMEmulatorRunSetup > * > @@ -432,6 +471,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, > "this requires privileged mode for a " > "TPM 1.2\n"), 0600); > > + if (!privileged && qemuTPMCreateConfigFiles()) > + return -1; The error return value is < 0, rather than != 0, so the test should be: && qemuTPMCreateConfigFiles() < 0) > + > cmd = virCommandNew(swtpm_setup); > if (!cmd) > return -1; > diff --git a/src/util/virtpm.c b/src/util/virtpm.c > index 1a567139b4..0f50de866c 100644 > --- a/src/util/virtpm.c > +++ b/src/util/virtpm.c > @@ -45,6 +45,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature, > VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, > VIR_TPM_SWTPM_SETUP_FEATURE_LAST, > "cmdarg-pwdfile-fd", > + "cmdarg-create-config-files", > ); > > /** > diff --git a/src/util/virtpm.h b/src/util/virtpm.h > index d021a083b4..3bb03b3b33 100644 > --- a/src/util/virtpm.h > +++ b/src/util/virtpm.h > @@ -38,6 +38,7 @@ typedef enum { > > typedef enum { > VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD, > + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES, > > VIR_TPM_SWTPM_SETUP_FEATURE_LAST > } virTPMSwtpmSetupFeature; > -- > 2.31.1 > Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
