commit 1fbd7d9ef119d7a0487a7234affe7683c43a7b80
author Leopold Schabel <leo@nexantic.com> Thu Oct 24 03:15:19 2019 +0200
committer Leopold Schabel <leo@nexantic.com> Thu Oct 24 03:15:19 2019 +0200
tree 04578ab2f193690a3bcdeb3e01d443af108fdbfa
parent 52804a1970bf8633c216fea4e165df4e88a16acc

Fix sandboxed build for :swtpm_data and expose signkey.pem and issuercert.pem

Test Plan: Built target, new files were exposed and sandboxed build worked.

X-Origin-Diff: phab/D213
GitOrigin-RevId: b2e27264edbeabfc664f1a8b1e047c163411a562

BUILD

diff --git a/BUILD b/BUILD
index 0057b1f..c9adb39 100644
--- a/BUILD
+++ b/BUILD
@@ -22,10 +22,24 @@
     name = "swtpm_data",
     outs = [
         "tpm/tpm2-00.permall",
+        "tpm/signkey.pem",
+        "tpm/issuercert.pem",
     ],
-    tags = ["local"],
     cmd = """
-    mkdir tpm
+    mkdir -p tpm/ca
+
+    cat <<EOF > tpm/swtpm.conf
+create_certs_tool= /usr/share/swtpm/swtpm-localca
+create_certs_tool_config = tpm/swtpm-localca.conf
+create_certs_tool_options = /etc/swtpm-localca.options
+EOF
+
+    cat <<EOF > tpm/swtpm-localca.conf
+statedir = tpm/ca
+signingkey = tpm/ca/signkey.pem
+issuercert = tpm/ca/issuercert.pem
+certserial = tpm/ca/certserial
+EOF
 
     swtpm_setup \
         --tpmstate tpm \
@@ -34,9 +48,12 @@
         --allow-signing \
         --tpm2 \
         --display \
-        --pcr-banks sha1,sha256,sha384,sha512
+        --pcr-banks sha1,sha256,sha384,sha512 \
+        --config tpm/swtpm.conf
 
-    cp tpm/tpm2-00.permall $@
+    cp tpm/tpm2-00.permall $(location tpm/tpm2-00.permall)
+    cp tpm/ca/issuercert.pem $(location tpm/issuercert.pem)
+    cp tpm/ca/signkey.pem $(location tpm/signkey.pem)
     """,
     visibility = ["//visibility:public"],
 )