Bug 2152916

Summary: Test for available issuercert before creating CA [rhel-9.1.0.z]
Product: Red Hat Enterprise Linux 9 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: swtpmAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED ERRATA QA Contact: Yanqiu Zhang <yanqzhan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.2CC: ddepaula, jdenemar, lmen, marcandre.lureau, nmagnezi, xuzhang, yalzhang, yanqzhan, ymankad
Target Milestone: rcKeywords: AutomationTriaged, Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 0.7.0-4.20211109gitb79fd91 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2152618 Environment:
Last Closed: 2023-01-23 15:20:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2152618    
Bug Blocks:    

Comment 1 John Ferlan 2022-12-13 15:07:28 UTC 
I'll let Marc-Andre decide whether we should fix or not. From the PoV of layered products, there is no need since they'll only use EUS releases and 9.1 is not EUS.
Comment 5 Yanqiu Zhang 2023-01-04 03:39:20 UTC 
Verified with:
swtpm-0.7.0-4.20211109gitb79fd91.el9_1.x86_64

# rm -rf /var/lib/swtpm-localca/* ; for ((i = 0; i<1000;i++)); do rm -rf /tmp/vtpm${i}; mkdir -p /tmp/vtpm${i}; swtpm_setup --tpm2 --tpmstate /tmp/vtpm${i} --create-ek-cert --create-platform-cert --pcr-banks sha256 2>&1 | grep -i read & done

(No errors like: swtpm_localca exit with status 1: Need read rights on issuer certificate /var/lib/swtpm-localca/issuercert.pem for user root.
)
Comment 9 errata-xmlrpc 2023-01-23 15:20:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (swtpm bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0329