#2 upgrade The Postinst only modified /var/lib/swtpm-localca if it was not yet existing. So in this case it did not modify it, but again that is only for PPA/Manual users and on a major upgrade (to 22.04) is ok as a admin task to resolve the former to the new setup.
Upgrading to the new libvirt will change the user it tries to run swtpm with. Since I used the default conf content before no prompt happened and the config is switched: ubuntu@node-horsea:~$ sudo grep swtpm /etc/libvirt/qemu.conf: # User for the swtpm TPM Emulator # Default is 'swtpm' as established by the swtpm-tools package. # which isn't needed to swtpm. swtpm_user = "swtpm" swtpm_group = "swtpm" Without breakage (this is the upgrade case where /var/lib/swtpm-localca still is owned by tss:tss) this works still fine. This is due to swtpm-localca being called by libvirtd upfront and not being related to the later run of swtpm itself. Logfile, tpm state and process are owned by swtpm now. 1 116 15361 1 20 0 7492 4084 - Ss ? 0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/ 5-f-tpm-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/65113265- 34d6-4358-b562-4d7508d6ff17/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/ qemu/f-tpm-swtpm.log --tpm2 --pid file=/run/libvirt/qemu/swtpm/5-f-tpm-swtpm.pid -rw-r--r-- 1 swtpm swtpm 4744 Nov 15 13:43 f-tpm-swtpm.log -rw------- 1 swtpm swtpm 6098 Nov 15 13:56 tpm2-00.permall -rw-r--r-- 1 swtpm swtpm 5 Nov 15 13:56 5-f-tpm-swtpm.pid The socket (where the guest reaches swtpm) still is libvirt-qemu as intended srw------- 1 libvirt-qemu kvm 0 Nov 15 13:56 5-f-tpm-swtpm.sock= But as I said, the local-ca content is tss still /var/lib/swtpm-localca: total 56 drwxr-x--- 2 tss root 4096 Nov 15 13:43 ./ drwxr-xr-x 49 root root 4096 Nov 15 13:52 ../ -rwxr-xr-x 1 tss tss 0 Nov 15 13:43 .lock.swtpm-localca* -rw-r--r-- 1 tss tss 5531 Nov 15 13:43 01.pem -rw-r--r-- 1 tss tss 1 Nov 15 13:43 certserial -rw-r--r-- 1 tss tss 48 Nov 15 13:43 index.txt -rw-r--r-- 1 tss tss 21 Nov 15 13:43 index.txt.attr -rw-r--r-- 1 tss tss 0 Nov 15 13:43 index.txt.old -rw-r--r-- 1 tss tss 5531 Nov 15 13:43 issuercert.pem -rw-r--r-- 1 tss tss 3 Nov 15 13:43 serial -rw-r--r-- 1 tss tss 3 Nov 15 13:43 serial.old -rw-r----- 1 tss tss 2459 Nov 15 13:43 signkey.pem -rw-r--r-- 1 tss tss 1468 Nov 15 13:43 swtpm-localca-rootca-cert.pem -rw-r----- 1 tss tss 2455 Nov 15 13:43 swtpm-localca-rootca-privkey.pem Note: purging swtpm-tools leaves /var/lib/swtpm-localca but dir itself behind, therefore purge+install does not get the state that a fresh install would. I think that is a bug and filed it at bug 1950986 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1948880 Title: libvirt should not use user tss for swtpm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1948880/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
