Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revocation service cannot load pubkey #228

Closed
lkatalin opened this issue Jul 9, 2021 · 0 comments · Fixed by #229
Closed

Revocation service cannot load pubkey #228

lkatalin opened this issue Jul 9, 2021 · 0 comments · Fixed by #229
Labels
critical must fix for rust agent release

Comments

@lkatalin
Copy link
Contributor

lkatalin commented Jul 9, 2021

This happens when running the tenant with command:
[root@localhost ~]# keylime_tenant -v 127.0.0.1 -t 127.0.0.1 --uuid d432fbb3-d2f1-4a97-9ef7-75bd81c00000 --allowlist /root/allowlist.txt --include /root/senddir --cert /root/ca --exclude /root/excludes.txt -c add

 INFO  keylime_agent                  > Wrote payload decryption key to "/tmp/secure/unzipped/derived_tci_key"
 INFO  keylime_agent                  > Wrote decrypted payload to "/tmp/secure/unzipped/decrypted_payload"
 INFO  keylime_agent                  > Unzipping payload decrypted_payload to /tmp/secure/unzipped
 INFO  keylime_agent                  > Payload init script indicated: autorun.sh
 INFO  keylime_agent                  > Running script: "/tmp/secure/unzipped/autorun.sh"
 INFO  keylime_agent                  > "/tmp/secure/unzipped/autorun.sh" ran successfully
 INFO  keylime_agent::secure_mount    > Using existing secure storage tmpsfs mount /tmp/secure
 INFO  keylime_agent::revocation      > Connecting to revocation endpoint at tcp://127.0.0.1:8992...
 INFO  keylime_agent::revocation      > Loading the revocation certificate from /tmp/secure/unzipped/RevocationNotifier-cert.crt
Error: Configuration("Can not load pubkey")
[keylime-ima@localhost rust-keylime]$ cat /tmp/secure/unzipped/RevocationNotifier-cert.crt 
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIUGHwinFJqstG3gEpgrlnO0Y7ySvUwDQYJKoZIhvcNAQEL
BQAwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRIwEAYDVQQHEwlMZXhpbmd0
b24xDjAMBgNVBAoTBU1JVExMMQswCQYDVQQLEwI1MzEmMCQGA1UEAxMdS2V5bGlt
ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwNzA5MTk0OTAwWhcNMjIwNzA5
MTk0OTAwWjBoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEjAQBgNVBAcTCUxl
eGluZ3RvbjEOMAwGA1UEChMFTUlUTEwxCzAJBgNVBAsTAjUzMRswGQYDVQQDExJS
ZXZvY2F0aW9uTm90aWZpZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDXuiSBu5f0rqOmdEaPKcU4lFIKr2AjsX48xqw3qs2mpm1ByZgnc63NTFbRl0G+
381ptS8Ko1n9fYD9obvXbTTIeNoL15BdsY/CCfvE0DDl7g9Vh4Ngoq7E6sXUMML3
l/AcvQEcVFaxcBCvbmC1rndxT0qYX6Mw4HtVgfEUUlRrP/cOqQNEl287XeAVqnZY
FrgPJ6S85oNIKLfSNwGfM5QKPVew75EwRXYe2IAZ3TqBAb62UIPPipztLMynnv05
AfrceECSTppP/fRDaSyOp+61zYAE3/AFeVXafJXOqiDNArqJ8M4T2EHFWn89K+3K
cEdEcM0HaEm8WwO3kJQlSWu7AgMBAAGjgcwwgckwDgYDVR0PAQH/BAQDAgO4MB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBRmqtvvYVWAfMOQ6a2qea9enQRYHTAfBgNVHSMEGDAWgBSfTc8Zfeea7guN
eZzQp3zlyFbIBjAdBgNVHREEFjAUghJSZXZvY2F0aW9uTm90aWZpZXIwKwYDVR0f
BCQwIjAgoB6gHIYaaHR0cDovL2xvY2FsaG9zdDozODA4MC9jcmwwDQYJKoZIhvcN
AQELBQADggEBAKnOA84Qxc92qRB7a8GOouP6p/AcJUYvlReNOcVqPE3Ucv1WUqDZ
yvkYXuwXByAFwRiAkBQjB5V+XQfwBq1qyqyihUSpWhEOxAXMPShCYIps5ocZOCBi
SZ/rZ7G+4xHoabzJG4T5hWuuJkgcf7+SrrHu11bswLZZd8xzT3mfFsp38Kfrz6MB
UhH0BX7z0ZUVTc3Q59pXsilT3W1TMioeZLxWoYo5Y/ZH2o+KJiS/n5FpLlIe0boL
80tNYRfMsKCYq6L2CcgpOhTg/UfFpmeiZDkD7znmPLdqDdSCwzdWF1Q/Er5fvJxm
wcEaebCnFO60xIGxp14QwMpzWO3cEfyzq2g=
-----END CERTIFICATE-----
@lkatalin lkatalin added the critical must fix for rust agent release label Jul 9, 2021
@lkatalin lkatalin mentioned this issue Jul 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
critical must fix for rust agent release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bug in revocation service lkatalin/rust-keylime
1 participant
@lkatalin