This bug was fixed in the package libvirt - 7.6.0-0ubuntu3
---
libvirt (7.6.0-0ubuntu3) jammy; urgency=medium
* d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP: #1951975)
-- Christian Ehrhardt Wed, 24 Nov
2021 07:50:53 +0100
** Tags removed: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not use user tss for swtpm
To manage notifications about this bug go to:
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not use user tss for swtpm
FYI - uploaded to Jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not use user tss for swtpm
To manage notifications about this bug go to:
MR to review at
https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/411755
PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4710
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
#3 Fresh install of the new version
This now has /var/lib/swtpm-localca set to swtpm.
$ sudo ls -laF /var/lib/swtpm-localca
total 8
drwxr-x--- 2 swtpm root 4096 Nov 15 14:05 ./
drwxr-xr-x 49 root root 4096 Nov 15 14:05 ../
Starting the guest works and ownership is correct:
$ sudo ls -laFR
TL;DR
- the libvirt config change of this upload works fine
- actually since swtpm-tools switched the default this upload is required to
work without changing the .conf files
- for 22.04 this LGTM and can be uploaded after a MR review
- for SRUs it might need more considerations.
On one hand
#2 upgrade
The Postinst only modified /var/lib/swtpm-localca if it was not yet existing.
So in this case it did not modify it, but again that is only for PPA/Manual
users
and on a major upgrade (to 22.04) is ok as a admin task to resolve the former
to the new setup.
Upgrading to the new libvirt
#1 old state
ubuntu@node-horsea:~$ sudo ls -laFR /var/log/swtpm/libvirt/qemu
/run/libvirt/qemu/swtpm /var/lib/libvirt/swtpm
/run/libvirt/qemu/swtpm:
total 4
drwxrwx--- 2 libvirt-qemu tss 80 Nov 15 13:43 ./
drwxr-xr-x 5 root root 180 Nov 15 13:43 ../
-rw-r--r-- 1 tss tss4
Paths if used with libvirt before the upgrade
$ sudo apt install swtpm-tools
# Add to the guest a tpm2 emulation
It is important to realize that with the switch of swtpm-tools itself
to swtpm:swtpm broke usage with libvirt (up to this upload).
That is because
FYI
libvirt regressed in release and is a FTBFS on s390x.
88/162 virdrivermoduletest FAIL 0.04s exit status 1
128/162 storagepoolxml2argvtest FAIL 0.04s exit status 1
129/162 storagepoolxml2xmltest FAIL 0.03s exit status 1
It seems state and storage dir seem to be created on demand, not package
owned but existing on a live system. I'll see if that is true (and what
user it applied) when testing the builds.
The rest was straight forward and builds right now.
Initial (untested) branch and PPA available:
PPA:
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/411755
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not
@utkarsh: In the dependencies, please use "swtpm-tools" not "swtpm" as
it will need binaries from there. The most recent upload to swtpm
implemented the user we needed, so work on this is now unblocked.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
@Utkarsh - it would still be a great exercise to get the libvirt changes
all prepared and test on manually created swtpm users. Then whenever
this overall topic further resolves we are ready for it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Note: this will have multiple issues.
First of all user/group 'swtpm' are NOT YET provided by swtpm packages (that
was a "would" in the bug description).
But furthermore it seems that swtpm-tools will have a harder time to be
promoted to main than swtpm itself. I've spawned bug 1949060 to
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) => Utkarsh Gupta (utkarsh)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not use user tss for swtpm
To
@Steve - do you plan to upload the same to Debian so that I would change
libvirt there as well?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not use user tss for
Hi Steve,
after just "agreeing and tagging" before I have done an initial check on the
case.
Tasks:
Similar to the .spec file dir ownership needs to be set:
%dir %attr(0730, tss, tss) %{_localstatedir}/log/swtpm/libvirt/qemu/
We might want to look at the ALL swtpm related
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880
Title:
libvirt should not use user tss for swtpm
To manage notifications about this bug go to:
20 matches
Mail list logo
