From 5451c8da4a74b341d3e9b677bdf444f6abfaa7f4 Mon Sep 17 00:00:00 2001
From: zhouliang121 <liang.a.zhou@linux.alibaba.com>
Date: Fri, 4 Mar 2022 10:48:02 +0800
Subject: [PATCH] CCv0: Update AA's launch command

1.Update AA's launch command according to latest implementation
2.Enable get_resource port which will be used by signature verification

Fixes: #3827
Signed-off-by: zhouliang121 <liang.a.zhou@linux.alibaba.com>
---
 src/agent/src/image_rpc.rs | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/agent/src/image_rpc.rs b/src/agent/src/image_rpc.rs
index 8d98f1d029..e1e68e3a6d 100644
--- a/src/agent/src/image_rpc.rs
+++ b/src/agent/src/image_rpc.rs
@@ -41,7 +41,8 @@ const SKOPEO_PATH: &str = "/usr/bin/skopeo";
 const UMOCI_PATH: &str = "/usr/local/bin/umoci";
 const IMAGE_OCI: &str = "image_oci";
 const AA_PATH: &str = "/usr/local/bin/attestation-agent";
-const AA_PORT: &str = "127.0.0.1:50000";
+const AA_KEYPROVIDER_PORT: &str = "127.0.0.1:50000";
+const AA_GETRESOURCE_PORT: &str = "127.0.0.1:50001";
 const OCICRYPT_CONFIG_PATH: &str = "/tmp/ocicrypt_config.json";
 const OCI_ANNOTATION_REF_NAME: &str = "org.opencontainers.image.ref.name";
 const OCI_IMAGE_MANIFEST_NAME: &str = "application/vnd.oci.image.manifest.v1+json";
@@ -383,7 +384,7 @@ impl ImageService {
         let ocicrypt_config = serde_json::json!({
             "key-providers": {
                 "attestation-agent":{
-                    "grpc":AA_PORT
+                    "grpc":AA_KEYPROVIDER_PORT
                 }
             }
         });
@@ -395,8 +396,10 @@ impl ImageService {
 
         // The Attestation Agent will run for the duration of the guest.
         Command::new(AA_PATH)
-            .arg("--grpc_sock")
-            .arg(AA_PORT)
+            .arg("--keyprovider_sock")
+            .arg(AA_KEYPROVIDER_PORT)
+            .arg("--getresource_sock")
+            .arg(AA_GETRESOURCE_PORT)
             .spawn()
             .unwrap();
     }