| 1 |
commit: 18779e114fbfcb80dc83b228b0581dd75f855a7f |
| 2 |
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Sep 11 14:02:39 2018 +0000 |
| 4 |
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Sep 11 15:03:35 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18779e11 |
| 7 |
|
| 8 |
app-crypt/tpm-emulator: massive cleanup |
| 9 |
|
| 10 |
Kernel module is optional now, no need to enforce it. |
| 11 |
|
| 12 |
Fix libdir issue. |
| 13 |
|
| 14 |
Support MTM emulator. |
| 15 |
|
| 16 |
Properly enable/disable openssl. |
| 17 |
|
| 18 |
Properly build kernel module. |
| 19 |
|
| 20 |
Rewrite of init.d scripts. |
| 21 |
|
| 22 |
Probably more. |
| 23 |
|
| 24 |
Closes: https://bugs.gentoo.org/show_bug.cgi?id=640734 |
| 25 |
Bug: https://bugs.gentoo.org/show_bug.cgi?id=540384 |
| 26 |
Package-Manager: Portage-2.3.40, Repoman-2.3.9 |
| 27 |
|
| 28 |
.../files/tpm-emulator-0.7.4-build.patch | 69 ++++++++++++ |
| 29 |
.../files/tpm-emulator-0.7.4-cmake.patch | 120 +++++++++++++++++++++ |
| 30 |
app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 | 1 + |
| 31 |
app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 | 46 ++++++++ |
| 32 |
app-crypt/tpm-emulator/metadata.xml | 3 + |
| 33 |
.../tpm-emulator/tpm-emulator-0.7.4-r2.ebuild | 85 +++++++++++++++ |
| 34 |
6 files changed, 324 insertions(+) |
| 35 |
|
| 36 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch |
| 37 |
index 7a299a15fbf..ada748f7129 100644 |
| 38 |
--- a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch |
| 39 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch |
| 40 |
@@ -29,3 +29,72 @@ index c362b56..4c49f54 100644 |
| 41 |
debug("TPM_ChangeAuthAsymFinish(): newAuthLink value does not match."); |
| 42 |
return TPM_FAIL; |
| 43 |
} |
| 44 |
+From 035af1df2b18afd695150c6f9e426133b775c0a1 Mon Sep 17 00:00:00 2001 |
| 45 |
+From: Florian Larysch <fl@××××.de> |
| 46 |
+Date: Tue, 24 Oct 2017 19:33:00 +0200 |
| 47 |
+Subject: [PATCH] tpm_command_handler: fix switch fallthrough |
| 48 |
+MIME-Version: 1.0 |
| 49 |
+Content-Type: text/plain; charset=UTF-8 |
| 50 |
+Content-Transfer-Encoding: 8bit |
| 51 |
+ |
| 52 |
+Compiling with a recent GCC fails as follows: |
| 53 |
+ |
| 54 |
+ tpm-emulator/tpm/tpm_cmd_handler.c: In function ‘tpm_setup_rsp_auth’: |
| 55 |
+ tpm-emulator/tpm/tpm_cmd_handler.c:3332:7: error: this statement may fall through [-Werror=implicit-fallthrough=] |
| 56 |
+ tpm_hmac_final(&hmac, rsp->auth2->auth); |
| 57 |
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 58 |
+ tpm-emulator/tpm/tpm_cmd_handler.c:3333:5: note: here |
| 59 |
+ case TPM_TAG_RSP_AUTH1_COMMAND: |
| 60 |
+ |
| 61 |
+Looking at the code, this does indeed seem unintentional. Add a break |
| 62 |
+state in the appropriate place. |
| 63 |
+--- |
| 64 |
+ tpm/tpm_cmd_handler.c | 1 + |
| 65 |
+ 1 file changed, 1 insertion(+) |
| 66 |
+ |
| 67 |
+diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c |
| 68 |
+index 288d1ce..5aea4e7 100644 |
| 69 |
+--- a/tpm/tpm_cmd_handler.c |
| 70 |
++++ b/tpm/tpm_cmd_handler.c |
| 71 |
+@@ -3330,6 +3330,7 @@ static void tpm_setup_rsp_auth(TPM_COMMAND_CODE ordinal, TPM_RESPONSE *rsp) |
| 72 |
+ sizeof(rsp->auth2->nonceOdd.nonce)); |
| 73 |
+ tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1); |
| 74 |
+ tpm_hmac_final(&hmac, rsp->auth2->auth); |
| 75 |
++ break; |
| 76 |
+ case TPM_TAG_RSP_AUTH1_COMMAND: |
| 77 |
+ tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret)); |
| 78 |
+ tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest)); |
| 79 |
+-- |
| 80 |
+2.16.4 |
| 81 |
+ |
| 82 |
+From 0f4579e913aeb3a893631a3caee420a0e9803683 Mon Sep 17 00:00:00 2001 |
| 83 |
+From: Peter Huewe <peterhuewe@×××.de> |
| 84 |
+Date: Mon, 26 Jun 2017 00:25:43 +0200 |
| 85 |
+Subject: [PATCH] Workaround wrong fallthrough case by returning TPM_FAIL |
| 86 |
+ |
| 87 |
+The spec says that the number of verified PCRs should be returned - which it currently does not and breaks compilation with gcc7 |
| 88 |
+See #26 |
| 89 |
+Since this code is probably unused anyway, we now simply return TPM_FAIL until someone comes up with a solution. |
| 90 |
+ |
| 91 |
+Spec: |
| 92 |
+https://www.trustedcomputinggroup.org/wp-content/uploads/Revision_7.02-_29April2010-tcg-mobile-trusted-module-1.0.pdf |
| 93 |
+--- |
| 94 |
+ mtm/mtm_capability.c | 2 ++ |
| 95 |
+ 1 file changed, 2 insertions(+) |
| 96 |
+ |
| 97 |
+diff --git a/mtm/mtm_capability.c b/mtm/mtm_capability.c |
| 98 |
+index a09b116..4046de5 100644 |
| 99 |
+--- a/mtm/mtm_capability.c |
| 100 |
++++ b/mtm/mtm_capability.c |
| 101 |
+@@ -87,6 +87,8 @@ static TPM_RESULT cap_mtm_permanent_data(UINT32 subCapSize, BYTE *subCap, |
| 102 |
+ tpm_free(*resp); |
| 103 |
+ return TPM_FAIL; |
| 104 |
+ } |
| 105 |
++ error("[TPM_CAP_MTM_PERMANENT_DATA] SubCap 2 not Implemented"); |
| 106 |
++ return TPM_FAIL; // TODO not implemented. |
| 107 |
+ |
| 108 |
+ case 3: |
| 109 |
+ return return_UINT32(respSize, resp, |
| 110 |
+-- |
| 111 |
+2.16.4 |
| 112 |
+ |
| 113 |
|
| 114 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch |
| 115 |
new file mode 100644 |
| 116 |
index 00000000000..7fd775139b2 |
| 117 |
--- /dev/null |
| 118 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch |
| 119 |
@@ -0,0 +1,120 @@ |
| 120 |
+ |
| 121 |
+Pull request: |
| 122 |
+https://github.com/PeterHuewe/tpm-emulator/pull/37 |
| 123 |
+ |
| 124 |
+ |
| 125 |
+From 694b7c24ac09e0ec1e54ab71eb9c82a8d4f41d33 Mon Sep 17 00:00:00 2001 |
| 126 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
| 127 |
+Date: Tue, 11 Sep 2018 14:08:49 +0300 |
| 128 |
+Subject: [PATCH 1/3] build: use GNUInstallDirs to allow override install |
| 129 |
+ directories |
| 130 |
+ |
| 131 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
| 132 |
+--- |
| 133 |
+ CMakeLists.txt | 1 + |
| 134 |
+ tddl/CMakeLists.txt | 6 +++--- |
| 135 |
+ tpmd/unix/CMakeLists.txt | 2 +- |
| 136 |
+ 3 files changed, 5 insertions(+), 4 deletions(-) |
| 137 |
+ |
| 138 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
| 139 |
+index f362298..d047ce3 100644 |
| 140 |
+--- a/CMakeLists.txt |
| 141 |
++++ b/CMakeLists.txt |
| 142 |
+@@ -6,6 +6,7 @@ |
| 143 |
+ project(TPM_Emulator C) |
| 144 |
+ |
| 145 |
+ cmake_minimum_required(VERSION 2.4) |
| 146 |
++include(GNUInstallDirs) |
| 147 |
+ set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS true) |
| 148 |
+ if(COMMAND cmake_policy) |
| 149 |
+ cmake_policy(SET CMP0003 NEW) |
| 150 |
+diff --git a/tddl/CMakeLists.txt b/tddl/CMakeLists.txt |
| 151 |
+index 0be3281..6cc63b3 100644 |
| 152 |
+--- a/tddl/CMakeLists.txt |
| 153 |
++++ b/tddl/CMakeLists.txt |
| 154 |
+@@ -15,9 +15,9 @@ elseif(WIN32) |
| 155 |
+ set_target_properties(tddl PROPERTIES PREFIX "") |
| 156 |
+ endif() |
| 157 |
+ |
| 158 |
+-install(TARGETS tddl DESTINATION lib) |
| 159 |
+-install(TARGETS tddl_static DESTINATION lib) |
| 160 |
+-install(FILES "tddl.h" DESTINATION include) |
| 161 |
++install(TARGETS tddl DESTINATION ${CMAKE_INSTALL_LIBDIR}) |
| 162 |
++install(TARGETS tddl_static DESTINATION ${CMAKE_INSTALL_LIBDIR}) |
| 163 |
++install(FILES "tddl.h" DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) |
| 164 |
+ |
| 165 |
+ include_directories(${CMAKE_CURRENT_SOURCE_DIR}) |
| 166 |
+ add_executable(test_tddl test_tddl.c) |
| 167 |
+diff --git a/tpmd/unix/CMakeLists.txt b/tpmd/unix/CMakeLists.txt |
| 168 |
+index 40c436b..c5c394a 100644 |
| 169 |
+--- a/tpmd/unix/CMakeLists.txt |
| 170 |
++++ b/tpmd/unix/CMakeLists.txt |
| 171 |
+@@ -13,5 +13,5 @@ target_link_libraries(tpmd mtm tpm tpm_crypto) |
| 172 |
+ else() |
| 173 |
+ target_link_libraries(tpmd tpm tpm_crypto) |
| 174 |
+ endif() |
| 175 |
+-install(TARGETS tpmd RUNTIME DESTINATION bin) |
| 176 |
++install(TARGETS tpmd RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) |
| 177 |
+ |
| 178 |
+-- |
| 179 |
+2.16.4 |
| 180 |
+ |
| 181 |
+From 89bf733368dda265040cf44ff8be69a15ab66712 Mon Sep 17 00:00:00 2001 |
| 182 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
| 183 |
+Date: Tue, 11 Sep 2018 16:36:12 +0300 |
| 184 |
+Subject: [PATCH 2/3] build: do not build mtm unless enabled |
| 185 |
+ |
| 186 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
| 187 |
+--- |
| 188 |
+ CMakeLists.txt | 4 +++- |
| 189 |
+ 1 file changed, 3 insertions(+), 1 deletion(-) |
| 190 |
+ |
| 191 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
| 192 |
+index d047ce3..b8b68a3 100644 |
| 193 |
+--- a/CMakeLists.txt |
| 194 |
++++ b/CMakeLists.txt |
| 195 |
+@@ -67,7 +67,9 @@ include_directories(${CMAKE_BINARY_DIR}) |
| 196 |
+ |
| 197 |
+ # add internal libraries |
| 198 |
+ add_subdirectory(tpm) |
| 199 |
+-add_subdirectory(mtm) |
| 200 |
++if(MTM_EMULATOR) |
| 201 |
++ add_subdirectory(mtm) |
| 202 |
++endif() |
| 203 |
+ add_subdirectory(crypto) |
| 204 |
+ |
| 205 |
+ # add TDDL |
| 206 |
+-- |
| 207 |
+2.16.4 |
| 208 |
+ |
| 209 |
+From 24bbf683de0b0b24f0ec81d093c03e1f6a9570f2 Mon Sep 17 00:00:00 2001 |
| 210 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
| 211 |
+Date: Tue, 11 Sep 2018 14:20:19 +0300 |
| 212 |
+Subject: [PATCH 3/3] build: support BUILD_DEV to disable device build |
| 213 |
+ |
| 214 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
| 215 |
+--- |
| 216 |
+ CMakeLists.txt | 7 ++++++- |
| 217 |
+ 1 file changed, 6 insertions(+), 1 deletion(-) |
| 218 |
+ |
| 219 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
| 220 |
+index b8b68a3..9ae6562 100644 |
| 221 |
+--- a/CMakeLists.txt |
| 222 |
++++ b/CMakeLists.txt |
| 223 |
+@@ -76,7 +76,12 @@ add_subdirectory(crypto) |
| 224 |
+ add_subdirectory(tddl) |
| 225 |
+ |
| 226 |
+ # add kernel modules |
| 227 |
+-add_subdirectory(tpmd_dev) |
| 228 |
++if(NOT DEFINED BUILD_DEV) |
| 229 |
++ set(BUILD_DEV ON) |
| 230 |
++endif() |
| 231 |
++if(BUILD_DEV) |
| 232 |
++ add_subdirectory(tpmd_dev) |
| 233 |
++endif() |
| 234 |
+ |
| 235 |
+ # add executables |
| 236 |
+ add_subdirectory(tpmd) |
| 237 |
+-- |
| 238 |
+2.16.4 |
| 239 |
+ |
| 240 |
|
| 241 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 |
| 242 |
new file mode 100644 |
| 243 |
index 00000000000..985fa4e774c |
| 244 |
--- /dev/null |
| 245 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 |
| 246 |
@@ -0,0 +1 @@ |
| 247 |
+STARTUP_MODE="save" |
| 248 |
|
| 249 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 |
| 250 |
new file mode 100644 |
| 251 |
index 00000000000..abfbef900d0 |
| 252 |
--- /dev/null |
| 253 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 |
| 254 |
@@ -0,0 +1,46 @@ |
| 255 |
+#!/sbin/openrc-run |
| 256 |
+# Copyright 1999-2018 Gentoo Foundation |
| 257 |
+# Distributed under the terms of the GNU General Public License, v2 or later |
| 258 |
+ |
| 259 |
+STARTUP_MODE="${STARTUP_MODE:-save}"; |
| 260 |
+ |
| 261 |
+extra_started_commands="clear save deactivated" |
| 262 |
+description="TPM emulator" |
| 263 |
+command="/usr/bin/tpmd" |
| 264 |
+my_command_args="-f" |
| 265 |
+command_background=1 |
| 266 |
+command_user="tss:tss" |
| 267 |
+pidfile="/var/run/${RC_SVCNAME}.pid" |
| 268 |
+ |
| 269 |
+depend() { |
| 270 |
+ use logger |
| 271 |
+ after coldplug |
| 272 |
+} |
| 273 |
+ |
| 274 |
+start_pre() { |
| 275 |
+ checkpath -d -m 0775 -o tss /var/run/tpm |
| 276 |
+ service_set_value STARTUP_MODE "${STARTUP_MODE}" |
| 277 |
+} |
| 278 |
+ |
| 279 |
+start() { |
| 280 |
+ command_args="${my_command_args} $(service_get_value STARTUP_MODE)" |
| 281 |
+ default_start |
| 282 |
+} |
| 283 |
+ |
| 284 |
+_doit() { |
| 285 |
+ service_set_value STARTUP_MODE "$1" |
| 286 |
+ stop |
| 287 |
+ start |
| 288 |
+} |
| 289 |
+ |
| 290 |
+clear() { |
| 291 |
+ _doit clear |
| 292 |
+} |
| 293 |
+ |
| 294 |
+save() { |
| 295 |
+ _doit save |
| 296 |
+} |
| 297 |
+ |
| 298 |
+deactivated() { |
| 299 |
+ _doit deactivated |
| 300 |
+} |
| 301 |
|
| 302 |
diff --git a/app-crypt/tpm-emulator/metadata.xml b/app-crypt/tpm-emulator/metadata.xml |
| 303 |
index e3da9602970..401103a0692 100644 |
| 304 |
--- a/app-crypt/tpm-emulator/metadata.xml |
| 305 |
+++ b/app-crypt/tpm-emulator/metadata.xml |
| 306 |
@@ -8,4 +8,7 @@ |
| 307 |
<upstream> |
| 308 |
<remote-id type="sourceforge">tpm-emulator</remote-id> |
| 309 |
</upstream> |
| 310 |
+ <use> |
| 311 |
+ <flag name="mtm-emulator">Build the MTM emulator</flag> |
| 312 |
+ </use> |
| 313 |
</pkgmetadata> |
| 314 |
|
| 315 |
diff --git a/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild |
| 316 |
new file mode 100644 |
| 317 |
index 00000000000..9c7003c115f |
| 318 |
--- /dev/null |
| 319 |
+++ b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild |
| 320 |
@@ -0,0 +1,85 @@ |
| 321 |
+# Copyright 1999-2018 Gentoo Foundation |
| 322 |
+# Distributed under the terms of the GNU General Public License v2 |
| 323 |
+ |
| 324 |
+EAPI=6 |
| 325 |
+MODULES_OPTIONAL_USE="modules" |
| 326 |
+inherit flag-o-matic user linux-mod cmake-utils udev |
| 327 |
+ |
| 328 |
+MY_P=${P/-/_} |
| 329 |
+DESCRIPTION="Emulator driver for tpm" |
| 330 |
+HOMEPAGE="https://sourceforge.net/projects/tpm-emulator.berlios/" |
| 331 |
+SRC_URI="mirror://sourceforge/tpm-emulator/${MY_P}.tar.gz" |
| 332 |
+LICENSE="GPL-2" |
| 333 |
+ |
| 334 |
+SLOT="0" |
| 335 |
+KEYWORDS="~amd64 ~x86" |
| 336 |
+ |
| 337 |
+IUSE="libressl mtm-emulator ssl" |
| 338 |
+RDEPEND="ssl? ( |
| 339 |
+ !libressl? ( dev-libs/openssl:0= ) |
| 340 |
+ libressl? ( dev-libs/libressl:0= ) |
| 341 |
+ )" |
| 342 |
+DEPEND="${RDEPEND} |
| 343 |
+ !ssl? ( dev-libs/gmp )" |
| 344 |
+ |
| 345 |
+S=${WORKDIR}/${P/-/_} |
| 346 |
+ |
| 347 |
+PATCHES=( |
| 348 |
+ "${FILESDIR}/${P}-build.patch" |
| 349 |
+ "${FILESDIR}/${P}-cmake.patch" |
| 350 |
+) |
| 351 |
+ |
| 352 |
+pkg_setup() { |
| 353 |
+ enewgroup tss |
| 354 |
+ enewuser tss -1 -1 /var/lib/tpm tss |
| 355 |
+ if use modules; then |
| 356 |
+ CONFIG_CHECK="MODULES" |
| 357 |
+ MODULE_NAMES="tpmd_dev(extra:tpmd_dev/linux:)" |
| 358 |
+ BUILD_TARGETS="all tpmd_dev.rules" |
| 359 |
+ BUILD_PARAMS="KERNEL_BUILD=${KERNEL_DIR}" |
| 360 |
+ linux-mod_pkg_setup |
| 361 |
+ fi |
| 362 |
+} |
| 363 |
+ |
| 364 |
+src_configure() { |
| 365 |
+ local mycmakeargs=( |
| 366 |
+ -DUSE_OPENSSL=$(usex ssl ON OFF) |
| 367 |
+ -DMTM_EMULATOR=$(usex mtm-emulator ON OFF) |
| 368 |
+ -DBUILD_DEV=OFF |
| 369 |
+ ) |
| 370 |
+ cmake-utils_src_configure |
| 371 |
+ |
| 372 |
+ use modules && ln -s "${BUILD_DIR}/config.h" tpmd_dev/linux |
| 373 |
+} |
| 374 |
+ |
| 375 |
+src_compile() { |
| 376 |
+ cmake-utils_src_compile |
| 377 |
+ use modules && linux-mod_src_compile |
| 378 |
+} |
| 379 |
+ |
| 380 |
+src_install() { |
| 381 |
+ cmake-utils_src_install |
| 382 |
+ if use modules; then |
| 383 |
+ linux-mod_src_install |
| 384 |
+ udev_newrules "tpmd_dev/linux/tpmd_dev.rules" 60-tpmd_dev.rules |
| 385 |
+ fi |
| 386 |
+ |
| 387 |
+ newinitd "${FILESDIR}/${PN}.initd-r2" "${PN}" |
| 388 |
+ newconfd "${FILESDIR}/${PN}.confd-r2" "${PN}" |
| 389 |
+ |
| 390 |
+ keepdir /var/log/tpm |
| 391 |
+ fowners tss:tss /var/log/tpm |
| 392 |
+} |
| 393 |
+ |
| 394 |
+pkg_postinst() { |
| 395 |
+ if use modules; then |
| 396 |
+ linux-mod_pkg_postinst |
| 397 |
+ |
| 398 |
+ ewarn "" |
| 399 |
+ ewarn "The new init.d script does not load the tpmd_dev any more as it is optional." |
| 400 |
+ ewarn "If you use the tpmd_dev, please load it explicitly in /etc/conf.d/modules" |
| 401 |
+ ewarn "" |
| 402 |
+ fi |
| 403 |
+ |
| 404 |
+ einfo "tpmd socket is located at /var/run/tpm/tpmd_socket:0" |
| 405 |
+} |
Archives