1 |
commit: 0df6c8964f4fe0fff2aac033e5f1622be55a4cfe |
2 |
Author: orbea <orbea <AT> riseup <DOT> net> |
3 |
AuthorDate: Tue Jul 5 07:01:35 2022 +0000 |
4 |
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com> |
5 |
CommitDate: Tue Jul 5 21:18:45 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=0df6c896 |
7 |
|
8 |
app-crypt/tpm2-tss: Add package |
9 |
|
10 |
Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380 |
11 |
Signed-off-by: orbea <orbea <AT> riseup.net> |
12 |
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com> |
13 |
|
14 |
app-crypt/tpm2-tss/Manifest | 1 + |
15 |
...1.0-Dont-run-systemd-sysusers-in-Makefile.patch | 29 ++++++ |
16 |
.../tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch | 84 +++++++++++++++++ |
17 |
app-crypt/tpm2-tss/metadata.xml | 20 +++++ |
18 |
app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild | 100 +++++++++++++++++++++ |
19 |
5 files changed, 234 insertions(+) |
20 |
|
21 |
diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest |
22 |
new file mode 100644 |
23 |
index 0000000..fbe1511 |
24 |
--- /dev/null |
25 |
+++ b/app-crypt/tpm2-tss/Manifest |
26 |
@@ -0,0 +1 @@ |
27 |
+DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23 |
28 |
|
29 |
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch |
30 |
new file mode 100644 |
31 |
index 0000000..b66b6e7 |
32 |
--- /dev/null |
33 |
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch |
34 |
@@ -0,0 +1,29 @@ |
35 |
+diff --git a/Makefile.am b/Makefile.am |
36 |
+index 183289f7..c791896c 100644 |
37 |
+--- a/Makefile.am |
38 |
++++ b/Makefile.am |
39 |
+@@ -689,24 +689,6 @@ endif #FAPI |
40 |
+ EXTRA_DIST += dist/tpm-udev.rules |
41 |
+ |
42 |
+ install-dirs: |
43 |
+-if HOSTOS_LINUX |
44 |
+-if SYSD_SYSUSERS |
45 |
+- @echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf" |
46 |
+- @systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group" |
47 |
+-else |
48 |
+- @echo "call make_tss_user_and_group" |
49 |
+- @$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group" |
50 |
+-endif |
51 |
+-if SYSD_TMPFILES |
52 |
+- @echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf" |
53 |
+- @systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions" |
54 |
+-else |
55 |
+- @echo "(call make_fapi_dirs) && (call set_fapi_permissions)" |
56 |
+- @-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions" |
57 |
+-endif |
58 |
+- @echo "call check_fapi_dirs" |
59 |
+- @$(call check_fapi_dirs) |
60 |
+-endif |
61 |
+ |
62 |
+ install-data-hook: install-dirs |
63 |
+ -if [ ! -z "$(udevrulesprefix)" ]; then \ |
64 |
|
65 |
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch |
66 |
new file mode 100644 |
67 |
index 0000000..211424c |
68 |
--- /dev/null |
69 |
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch |
70 |
@@ -0,0 +1,84 @@ |
71 |
+Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380 |
72 |
+ |
73 |
+From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001 |
74 |
+From: orbea <orbea@××××××.net> |
75 |
+Date: Mon, 4 Jul 2022 23:55:18 -0700 |
76 |
+Subject: [PATCH] Support LibreSSL |
77 |
+ |
78 |
+This works with LibreSSL 3.5.x. |
79 |
+ |
80 |
+Signed-off-by: orbea <orbea@××××××.net> |
81 |
+--- |
82 |
+ src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++--- |
83 |
+ src/tss2-fapi/fapi_crypto.c | 4 ++-- |
84 |
+ 2 files changed, 12 insertions(+), 5 deletions(-) |
85 |
+ |
86 |
+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c |
87 |
+index 89d312f70..961d7707f 100644 |
88 |
+--- a/src/tss2-esys/esys_crypto_ossl.c |
89 |
++++ b/src/tss2-esys/esys_crypto_ossl.c |
90 |
+@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context, |
91 |
+ "Error EVP_MD_CTX_create", cleanup); |
92 |
+ } |
93 |
+ |
94 |
+-#if OPENSSL_VERSION_NUMBER < 0x10101000L |
95 |
++#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER) |
96 |
+ if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) { |
97 |
+ #else |
98 |
+ /* this is preferred, but available since OpenSSL 1.1.1 only */ |
99 |
+@@ -558,7 +558,11 @@ iesys_cryptossl_random2b( |
100 |
+ int rc; |
101 |
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L |
102 |
+ const RAND_METHOD *rand_save = RAND_get_rand_method(); |
103 |
++#ifdef LIBRESSL_VERSION_NUMBER |
104 |
++ RAND_set_rand_method(RAND_SSLeay()); |
105 |
++#else |
106 |
+ RAND_set_rand_method(RAND_OpenSSL()); |
107 |
++#endif |
108 |
+ #else |
109 |
+ OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); |
110 |
+ if (!libctx) |
111 |
+@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, |
112 |
+ RSA *rsa_key = NULL; |
113 |
+ const EVP_MD * hashAlg = NULL; |
114 |
+ const RAND_METHOD *rand_save = RAND_get_rand_method(); |
115 |
+- |
116 |
++#ifdef LIBRESSL_VERSION_NUMBER |
117 |
++ RAND_set_rand_method(RAND_SSLeay()); |
118 |
++#else |
119 |
+ RAND_set_rand_method(RAND_OpenSSL()); |
120 |
++#endif |
121 |
+ #else |
122 |
+ OSSL_LIB_CTX *libctx = NULL; |
123 |
+ EVP_MD * hashAlg = NULL; |
124 |
+@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key, |
125 |
+ curveId = NID_secp521r1; |
126 |
+ key_size = 66; |
127 |
+ break; |
128 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
129 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
130 |
+ case TPM2_ECC_SM2_P256: |
131 |
+ curveId = NID_sm2; |
132 |
+ key_size = 32; |
133 |
+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c |
134 |
+index 2fe37c0c4..c1563237a 100644 |
135 |
+--- a/src/tss2-fapi/fapi_crypto.c |
136 |
++++ b/src/tss2-fapi/fapi_crypto.c |
137 |
+@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey) |
138 |
+ case TPM2_ECC_NIST_P521: |
139 |
+ curveId = NID_secp521r1; |
140 |
+ break; |
141 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
142 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
143 |
+ case TPM2_ECC_SM2_P256: |
144 |
+ curveId = NID_sm2; |
145 |
+ break; |
146 |
+@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp( |
147 |
+ case NID_secp521r1: |
148 |
+ tpmCurveId = TPM2_ECC_NIST_P521; |
149 |
+ break; |
150 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
151 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
152 |
+ case NID_sm2: |
153 |
+ tpmCurveId = TPM2_ECC_SM2_P256; |
154 |
+ break; |
155 |
|
156 |
diff --git a/app-crypt/tpm2-tss/metadata.xml b/app-crypt/tpm2-tss/metadata.xml |
157 |
new file mode 100644 |
158 |
index 0000000..0a726fa |
159 |
--- /dev/null |
160 |
+++ b/app-crypt/tpm2-tss/metadata.xml |
161 |
@@ -0,0 +1,20 @@ |
162 |
+<?xml version="1.0" encoding="UTF-8"?> |
163 |
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> |
164 |
+<pkgmetadata> |
165 |
+ <maintainer type="person" proxied="yes"> |
166 |
+ <email>salah.coronya@×××××.com</email> |
167 |
+ <name>Christopher Byrne</name> |
168 |
+ </maintainer> |
169 |
+ <maintainer type="project" proxied="proxy"> |
170 |
+ <email>proxy-maint@g.o</email> |
171 |
+ <name>Proxy Maintainers</name> |
172 |
+ </maintainer> |
173 |
+ <use> |
174 |
+ <flag name="fapi">Enable feature API (requires openssl as crypto backend)</flag> |
175 |
+ <flag name="mbedtls">Use <pkg>net-libs/mbedtls</pkg> as crypto engine</flag> |
176 |
+ <flag name="openssl">Use <pkg>dev-libs/openssl</pkg> as crypto engine</flag> |
177 |
+ </use> |
178 |
+ <upstream> |
179 |
+ <remote-id type="github">tpm2-software/tpm2-tss</remote-id> |
180 |
+ </upstream> |
181 |
+</pkgmetadata> |
182 |
|
183 |
diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild |
184 |
new file mode 100644 |
185 |
index 0000000..bc8875b |
186 |
--- /dev/null |
187 |
+++ b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild |
188 |
@@ -0,0 +1,100 @@ |
189 |
+# Copyright 1999-2022 Gentoo Authors |
190 |
+# Distributed under the terms of the GNU General Public License v2 |
191 |
+ |
192 |
+EAPI=7 |
193 |
+ |
194 |
+inherit autotools linux-info multilib-minimal tmpfiles udev |
195 |
+ |
196 |
+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack" |
197 |
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss" |
198 |
+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz" |
199 |
+ |
200 |
+LICENSE="BSD-2" |
201 |
+SLOT="0/3" |
202 |
+KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86" |
203 |
+IUSE="doc +fapi +openssl mbedtls static-libs test" |
204 |
+ |
205 |
+RESTRICT="!test? ( test )" |
206 |
+ |
207 |
+REQUIRED_USE="^^ ( mbedtls openssl ) |
208 |
+ fapi? ( openssl !mbedtls )" |
209 |
+ |
210 |
+RDEPEND="acct-group/tss |
211 |
+ acct-user/tss |
212 |
+ fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}] |
213 |
+ >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] ) |
214 |
+ mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] ) |
215 |
+ openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )" |
216 |
+ |
217 |
+DEPEND="${RDEPEND} |
218 |
+ test? ( app-crypt/swtpm |
219 |
+ dev-libs/uthash |
220 |
+ dev-util/cmocka |
221 |
+ fapi? ( >=net-misc/curl-7.80.0 ) )" |
222 |
+BDEPEND="sys-apps/acl |
223 |
+ virtual/pkgconfig |
224 |
+ doc? ( app-doc/doxygen )" |
225 |
+ |
226 |
+PATCHES=( |
227 |
+ "${FILESDIR}/${PN}-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch" |
228 |
+ "${FILESDIR}/${P}-libressl.patch" |
229 |
+) |
230 |
+ |
231 |
+pkg_setup() { |
232 |
+ local CONFIG_CHECK=" \ |
233 |
+ ~TCG_TPM |
234 |
+ " |
235 |
+ linux-info_pkg_setup |
236 |
+ kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required" |
237 |
+} |
238 |
+ |
239 |
+src_prepare() { |
240 |
+ default |
241 |
+ |
242 |
+ # See bug #833887 (and similar); eautoreconf means .pc file gets wrong version. |
243 |
+ sed -i \ |
244 |
+ "s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \ |
245 |
+ "configure.ac" || die |
246 |
+ |
247 |
+ eautoreconf |
248 |
+} |
249 |
+ |
250 |
+multilib_src_configure() { |
251 |
+ ECONF_SOURCE=${S} econf \ |
252 |
+ --localstatedir=/var \ |
253 |
+ $(use_enable doc doxygen-doc) \ |
254 |
+ $(use_enable fapi) \ |
255 |
+ $(use_enable static-libs static) \ |
256 |
+ $(multilib_native_use_enable test unit) \ |
257 |
+ $(multilib_native_use_enable test integration) \ |
258 |
+ $(multilib_native_use_enable test self-generated-certificate) \ |
259 |
+ --disable-tcti-libtpms \ |
260 |
+ --disable-defaultflags \ |
261 |
+ --disable-weakcrypto \ |
262 |
+ --with-crypto="$(usex mbedtls mbed ossl)" \ |
263 |
+ --with-runstatedir=/run \ |
264 |
+ --with-udevrulesdir="$(get_udevdir)/rules.d" \ |
265 |
+ --with-udevrulesprefix=60- \ |
266 |
+ --with-sysusersdir="/usr/lib/sysusers.d" \ |
267 |
+ --with-tmpfilesdir="/usr/lib/tmpfiles.d" |
268 |
+} |
269 |
+ |
270 |
+multilib_src_install() { |
271 |
+ default |
272 |
+ |
273 |
+ if [[ ${PV} != $(sed -n -e 's/^Version: //p' "${ED}/usr/$(get_libdir)/pkgconfig/tss2-sys.pc" || die) ]] ; then |
274 |
+ # Safeguard for bug #833887 |
275 |
+ die "pkg-config file version doesn't match ${PV}! Please report a bug!" |
276 |
+ fi |
277 |
+ |
278 |
+ find "${D}" -name '*.la' -delete || die |
279 |
+} |
280 |
+ |
281 |
+pkg_postinst() { |
282 |
+ tmpfiles_process tpm2-tss-fapi.conf |
283 |
+ udev_reload |
284 |
+} |
285 |
+ |
286 |
+pkg_postrm() { |
287 |
+ udev_reload |
288 |
+} |