Add fix for extra argument from clevis v15
Clevis v15 added an additional argument, which is either an empty string or the string "-y". This argument is not used in this PIN, but we checked the exact number of arguments to parse, which got changed. This also accepts more additional arguments, and just ignores them. Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
parent
e2f32d0fa0
commit
06b2cd9335
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "clevis-pin-tpm2"
|
name = "clevis-pin-tpm2"
|
||||||
version = "0.1.3"
|
version = "0.1.4"
|
||||||
description = "Clevis TPM2 PIN with policy support"
|
description = "Clevis TPM2 PIN with policy support"
|
||||||
authors = ["Patrick Uiterwijk <patrick@puiterwijk.org>"]
|
authors = ["Patrick Uiterwijk <patrick@puiterwijk.org>"]
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
|
|
|
@ -184,12 +184,12 @@ pub(super) fn get_mode_and_cfg(
|
||||||
if atty::is(atty::Stream::Stdin) {
|
if atty::is(atty::Stream::Stdin) {
|
||||||
return Ok((ActionMode::Help, None));
|
return Ok((ActionMode::Help, None));
|
||||||
}
|
}
|
||||||
let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() == 2 {
|
let (mode, cfgstr) = if args[0].contains("encrypt") && args.len() >= 2 {
|
||||||
(ActionMode::Encrypt, Some(&args[1]))
|
(ActionMode::Encrypt, Some(&args[1]))
|
||||||
} else if args[0].contains("decrypt") {
|
} else if args[0].contains("decrypt") {
|
||||||
(ActionMode::Decrypt, None)
|
(ActionMode::Decrypt, None)
|
||||||
} else if args.len() > 1 {
|
} else if args.len() > 1 {
|
||||||
if args[1] == "encrypt" && args.len() == 3 {
|
if args[1] == "encrypt" && args.len() >= 3 {
|
||||||
(ActionMode::Encrypt, Some(&args[2]))
|
(ActionMode::Encrypt, Some(&args[2]))
|
||||||
} else if args[1] == "decrypt" {
|
} else if args[1] == "decrypt" {
|
||||||
(ActionMode::Decrypt, None)
|
(ActionMode::Decrypt, None)
|
||||||
|
|
|
@ -5,6 +5,10 @@ ln -s clevis-pin-tpm2 target/debug/clevis-encrypt-tpm2plus
|
||||||
ln -s clevis-pin-tpm2 target/debug/clevis-decrypt-tpm2plus
|
ln -s clevis-pin-tpm2 target/debug/clevis-decrypt-tpm2plus
|
||||||
|
|
||||||
echo "Working: no sealing" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
|
echo "Working: no sealing" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
|
||||||
|
# This tests we can handle the extra argument (either empty string or -y) from Clevis v15
|
||||||
|
# https://github.com/latchset/clevis/commit/36fae7c2dbf030d6c74abaed945db7bf3c25d054
|
||||||
|
echo "Working: no sealing (clevis v15, empty)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' '' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
|
||||||
|
echo "Working: no sealing (clevis v15, -y)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' '-y' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
|
||||||
echo "Working: no sealing (clevis decrypt)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | clevis decrypt || (echo "Failed: no sealing (clevis decrypt)"; exit 1)
|
echo "Working: no sealing (clevis decrypt)" | ./target/debug/clevis-pin-tpm2 encrypt '{}' | clevis decrypt || (echo "Failed: no sealing (clevis decrypt)"; exit 1)
|
||||||
echo "Working: no sealing (clevis encrypt)" | clevis encrypt tpm2 '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing (clevis encrypt)"; exit 1)
|
echo "Working: no sealing (clevis encrypt)" | clevis encrypt tpm2 '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing (clevis encrypt)"; exit 1)
|
||||||
echo "Working: no sealing (renamed encrypt)" | ./target/debug/clevis-encrypt-tpm2plus '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
|
echo "Working: no sealing (renamed encrypt)" | ./target/debug/clevis-encrypt-tpm2plus '{}' | ./target/debug/clevis-pin-tpm2 decrypt || (echo "Failed: no sealing"; exit 1)
|
||||||
|
|
Loading…
Reference in a new issue