i realized that you an do mustache templates with just plain jq:
jq -n -r \
--arg domains "$TENANT_DOMAIN" \
--arg hsm_type "$HSM_TYPE" \
--argjson enable_hello "$ENABLE_HELLO" \
'
"[global]\ndebug = true\ndomains = \($domains)\nhome_alias = CN\nhome_attr = CN\nid_attr_map = name\npam_allow_groups =\nuse_etc_skel = true\nlocal_groups = users\nhsm_type = \($hsm_type)\nenable_hello = \($enable_hello)"
' > "$BUILD_DIR/himmelblau.conf"
need to apply this idea to my kernel pull request scripts :-)
template here is:
[global]
debug = true
domains = {{domains}}
home_alias = CN
home_attr = CN
id_attr_map = name
pam_allow_groups =
use_etc_skel = true
local_groups = users
hsm_type = {{hsm_type}}
enable_hello = {{enable_hello}}
Copilotin tekoälyavustaja todettiin hyödyttömäksi https://www.mikrobitti.fi/uutiset/a/5e914bbc-0b78-4eaf-8295-51811364515c?ref=aggregaatit%3A2fb1&utm_source=dlvr.it&utm_medium=mastodon
The current feature set of upcoming tpm2sh 0.11. It’s quite basic but everything is tested with care and e.g., load does all the import dance for PKCS8 RSA and ECC keys without having to mess with openssl command line. I.e. single robust load command instead of:
tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
And generally flows are somewhat polished and will be polished further before released to not have any rough corners. Finally most of non-trivial functionality is tested against built-in TPM emulator MockTPM.
Sometime after 0.11 release I’ll add also --dry-run
switch that can exercise TPM commands with the emulator before applying them to the chip.
great now i have a single data-drive test where test cases translate between legacy (build/parse) and new (zerocopy fat pointers):
# ...
TPM_CC_Startup Response TPM_RC_FAILURE 80010000000a00000101
TPM_CC_Startup Response TPM_RC_CONTEXT_GAP 80010000000a00000901
TPM_CC_PCR_Read Response Success 800100000038000000000000000100000000000000010020dededededededededededededededededededededededededededededededed
# ...
awesome “cast” version of tpm_enum!
:
tpm_enum_cast! {
name: TpmRcBaseCast,
repr: TpmUint32,
value_enum: TpmRcBaseEnumCast,
value_repr: u32,
variants: {
(Success, 0x0000, "TPM_RC_SUCCESS"),
(BadTag, 0x001E, "TPM_RC_BAD_TAG"),
(Initialize, TPM_RC_VER1, "TPM_RC_INITIALIZE"),
(Failure, TPM_RC_VER1 | 0x001, "TPM_RC_FAILURE"),
// ...
And this is how it works:
let (ref, tail) = TpmsClockInfoCast::from_slice(bytes);
let TpmsClockInfoFieldRef::clock(clock) = ref.field(TpmsClockInfoField::clock).unwrap()