1 |
commit: 18779e114fbfcb80dc83b228b0581dd75f855a7f |
2 |
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Sep 11 14:02:39 2018 +0000 |
4 |
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Sep 11 15:03:35 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18779e11 |
7 |
|
8 |
app-crypt/tpm-emulator: massive cleanup |
9 |
|
10 |
Kernel module is optional now, no need to enforce it. |
11 |
|
12 |
Fix libdir issue. |
13 |
|
14 |
Support MTM emulator. |
15 |
|
16 |
Properly enable/disable openssl. |
17 |
|
18 |
Properly build kernel module. |
19 |
|
20 |
Rewrite of init.d scripts. |
21 |
|
22 |
Probably more. |
23 |
|
24 |
Closes: https://bugs.gentoo.org/show_bug.cgi?id=640734 |
25 |
Bug: https://bugs.gentoo.org/show_bug.cgi?id=540384 |
26 |
Package-Manager: Portage-2.3.40, Repoman-2.3.9 |
27 |
|
28 |
.../files/tpm-emulator-0.7.4-build.patch | 69 ++++++++++++ |
29 |
.../files/tpm-emulator-0.7.4-cmake.patch | 120 +++++++++++++++++++++ |
30 |
app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 | 1 + |
31 |
app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 | 46 ++++++++ |
32 |
app-crypt/tpm-emulator/metadata.xml | 3 + |
33 |
.../tpm-emulator/tpm-emulator-0.7.4-r2.ebuild | 85 +++++++++++++++ |
34 |
6 files changed, 324 insertions(+) |
35 |
|
36 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch |
37 |
index 7a299a15fbf..ada748f7129 100644 |
38 |
--- a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch |
39 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch |
40 |
@@ -29,3 +29,72 @@ index c362b56..4c49f54 100644 |
41 |
debug("TPM_ChangeAuthAsymFinish(): newAuthLink value does not match."); |
42 |
return TPM_FAIL; |
43 |
} |
44 |
+From 035af1df2b18afd695150c6f9e426133b775c0a1 Mon Sep 17 00:00:00 2001 |
45 |
+From: Florian Larysch <fl@××××.de> |
46 |
+Date: Tue, 24 Oct 2017 19:33:00 +0200 |
47 |
+Subject: [PATCH] tpm_command_handler: fix switch fallthrough |
48 |
+MIME-Version: 1.0 |
49 |
+Content-Type: text/plain; charset=UTF-8 |
50 |
+Content-Transfer-Encoding: 8bit |
51 |
+ |
52 |
+Compiling with a recent GCC fails as follows: |
53 |
+ |
54 |
+ tpm-emulator/tpm/tpm_cmd_handler.c: In function ‘tpm_setup_rsp_auth’: |
55 |
+ tpm-emulator/tpm/tpm_cmd_handler.c:3332:7: error: this statement may fall through [-Werror=implicit-fallthrough=] |
56 |
+ tpm_hmac_final(&hmac, rsp->auth2->auth); |
57 |
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
58 |
+ tpm-emulator/tpm/tpm_cmd_handler.c:3333:5: note: here |
59 |
+ case TPM_TAG_RSP_AUTH1_COMMAND: |
60 |
+ |
61 |
+Looking at the code, this does indeed seem unintentional. Add a break |
62 |
+state in the appropriate place. |
63 |
+--- |
64 |
+ tpm/tpm_cmd_handler.c | 1 + |
65 |
+ 1 file changed, 1 insertion(+) |
66 |
+ |
67 |
+diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c |
68 |
+index 288d1ce..5aea4e7 100644 |
69 |
+--- a/tpm/tpm_cmd_handler.c |
70 |
++++ b/tpm/tpm_cmd_handler.c |
71 |
+@@ -3330,6 +3330,7 @@ static void tpm_setup_rsp_auth(TPM_COMMAND_CODE ordinal, TPM_RESPONSE *rsp) |
72 |
+ sizeof(rsp->auth2->nonceOdd.nonce)); |
73 |
+ tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1); |
74 |
+ tpm_hmac_final(&hmac, rsp->auth2->auth); |
75 |
++ break; |
76 |
+ case TPM_TAG_RSP_AUTH1_COMMAND: |
77 |
+ tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret)); |
78 |
+ tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest)); |
79 |
+-- |
80 |
+2.16.4 |
81 |
+ |
82 |
+From 0f4579e913aeb3a893631a3caee420a0e9803683 Mon Sep 17 00:00:00 2001 |
83 |
+From: Peter Huewe <peterhuewe@×××.de> |
84 |
+Date: Mon, 26 Jun 2017 00:25:43 +0200 |
85 |
+Subject: [PATCH] Workaround wrong fallthrough case by returning TPM_FAIL |
86 |
+ |
87 |
+The spec says that the number of verified PCRs should be returned - which it currently does not and breaks compilation with gcc7 |
88 |
+See #26 |
89 |
+Since this code is probably unused anyway, we now simply return TPM_FAIL until someone comes up with a solution. |
90 |
+ |
91 |
+Spec: |
92 |
+https://www.trustedcomputinggroup.org/wp-content/uploads/Revision_7.02-_29April2010-tcg-mobile-trusted-module-1.0.pdf |
93 |
+--- |
94 |
+ mtm/mtm_capability.c | 2 ++ |
95 |
+ 1 file changed, 2 insertions(+) |
96 |
+ |
97 |
+diff --git a/mtm/mtm_capability.c b/mtm/mtm_capability.c |
98 |
+index a09b116..4046de5 100644 |
99 |
+--- a/mtm/mtm_capability.c |
100 |
++++ b/mtm/mtm_capability.c |
101 |
+@@ -87,6 +87,8 @@ static TPM_RESULT cap_mtm_permanent_data(UINT32 subCapSize, BYTE *subCap, |
102 |
+ tpm_free(*resp); |
103 |
+ return TPM_FAIL; |
104 |
+ } |
105 |
++ error("[TPM_CAP_MTM_PERMANENT_DATA] SubCap 2 not Implemented"); |
106 |
++ return TPM_FAIL; // TODO not implemented. |
107 |
+ |
108 |
+ case 3: |
109 |
+ return return_UINT32(respSize, resp, |
110 |
+-- |
111 |
+2.16.4 |
112 |
+ |
113 |
|
114 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch |
115 |
new file mode 100644 |
116 |
index 00000000000..7fd775139b2 |
117 |
--- /dev/null |
118 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch |
119 |
@@ -0,0 +1,120 @@ |
120 |
+ |
121 |
+Pull request: |
122 |
+https://github.com/PeterHuewe/tpm-emulator/pull/37 |
123 |
+ |
124 |
+ |
125 |
+From 694b7c24ac09e0ec1e54ab71eb9c82a8d4f41d33 Mon Sep 17 00:00:00 2001 |
126 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
127 |
+Date: Tue, 11 Sep 2018 14:08:49 +0300 |
128 |
+Subject: [PATCH 1/3] build: use GNUInstallDirs to allow override install |
129 |
+ directories |
130 |
+ |
131 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
132 |
+--- |
133 |
+ CMakeLists.txt | 1 + |
134 |
+ tddl/CMakeLists.txt | 6 +++--- |
135 |
+ tpmd/unix/CMakeLists.txt | 2 +- |
136 |
+ 3 files changed, 5 insertions(+), 4 deletions(-) |
137 |
+ |
138 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
139 |
+index f362298..d047ce3 100644 |
140 |
+--- a/CMakeLists.txt |
141 |
++++ b/CMakeLists.txt |
142 |
+@@ -6,6 +6,7 @@ |
143 |
+ project(TPM_Emulator C) |
144 |
+ |
145 |
+ cmake_minimum_required(VERSION 2.4) |
146 |
++include(GNUInstallDirs) |
147 |
+ set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS true) |
148 |
+ if(COMMAND cmake_policy) |
149 |
+ cmake_policy(SET CMP0003 NEW) |
150 |
+diff --git a/tddl/CMakeLists.txt b/tddl/CMakeLists.txt |
151 |
+index 0be3281..6cc63b3 100644 |
152 |
+--- a/tddl/CMakeLists.txt |
153 |
++++ b/tddl/CMakeLists.txt |
154 |
+@@ -15,9 +15,9 @@ elseif(WIN32) |
155 |
+ set_target_properties(tddl PROPERTIES PREFIX "") |
156 |
+ endif() |
157 |
+ |
158 |
+-install(TARGETS tddl DESTINATION lib) |
159 |
+-install(TARGETS tddl_static DESTINATION lib) |
160 |
+-install(FILES "tddl.h" DESTINATION include) |
161 |
++install(TARGETS tddl DESTINATION ${CMAKE_INSTALL_LIBDIR}) |
162 |
++install(TARGETS tddl_static DESTINATION ${CMAKE_INSTALL_LIBDIR}) |
163 |
++install(FILES "tddl.h" DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) |
164 |
+ |
165 |
+ include_directories(${CMAKE_CURRENT_SOURCE_DIR}) |
166 |
+ add_executable(test_tddl test_tddl.c) |
167 |
+diff --git a/tpmd/unix/CMakeLists.txt b/tpmd/unix/CMakeLists.txt |
168 |
+index 40c436b..c5c394a 100644 |
169 |
+--- a/tpmd/unix/CMakeLists.txt |
170 |
++++ b/tpmd/unix/CMakeLists.txt |
171 |
+@@ -13,5 +13,5 @@ target_link_libraries(tpmd mtm tpm tpm_crypto) |
172 |
+ else() |
173 |
+ target_link_libraries(tpmd tpm tpm_crypto) |
174 |
+ endif() |
175 |
+-install(TARGETS tpmd RUNTIME DESTINATION bin) |
176 |
++install(TARGETS tpmd RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) |
177 |
+ |
178 |
+-- |
179 |
+2.16.4 |
180 |
+ |
181 |
+From 89bf733368dda265040cf44ff8be69a15ab66712 Mon Sep 17 00:00:00 2001 |
182 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
183 |
+Date: Tue, 11 Sep 2018 16:36:12 +0300 |
184 |
+Subject: [PATCH 2/3] build: do not build mtm unless enabled |
185 |
+ |
186 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
187 |
+--- |
188 |
+ CMakeLists.txt | 4 +++- |
189 |
+ 1 file changed, 3 insertions(+), 1 deletion(-) |
190 |
+ |
191 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
192 |
+index d047ce3..b8b68a3 100644 |
193 |
+--- a/CMakeLists.txt |
194 |
++++ b/CMakeLists.txt |
195 |
+@@ -67,7 +67,9 @@ include_directories(${CMAKE_BINARY_DIR}) |
196 |
+ |
197 |
+ # add internal libraries |
198 |
+ add_subdirectory(tpm) |
199 |
+-add_subdirectory(mtm) |
200 |
++if(MTM_EMULATOR) |
201 |
++ add_subdirectory(mtm) |
202 |
++endif() |
203 |
+ add_subdirectory(crypto) |
204 |
+ |
205 |
+ # add TDDL |
206 |
+-- |
207 |
+2.16.4 |
208 |
+ |
209 |
+From 24bbf683de0b0b24f0ec81d093c03e1f6a9570f2 Mon Sep 17 00:00:00 2001 |
210 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
211 |
+Date: Tue, 11 Sep 2018 14:20:19 +0300 |
212 |
+Subject: [PATCH 3/3] build: support BUILD_DEV to disable device build |
213 |
+ |
214 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
215 |
+--- |
216 |
+ CMakeLists.txt | 7 ++++++- |
217 |
+ 1 file changed, 6 insertions(+), 1 deletion(-) |
218 |
+ |
219 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
220 |
+index b8b68a3..9ae6562 100644 |
221 |
+--- a/CMakeLists.txt |
222 |
++++ b/CMakeLists.txt |
223 |
+@@ -76,7 +76,12 @@ add_subdirectory(crypto) |
224 |
+ add_subdirectory(tddl) |
225 |
+ |
226 |
+ # add kernel modules |
227 |
+-add_subdirectory(tpmd_dev) |
228 |
++if(NOT DEFINED BUILD_DEV) |
229 |
++ set(BUILD_DEV ON) |
230 |
++endif() |
231 |
++if(BUILD_DEV) |
232 |
++ add_subdirectory(tpmd_dev) |
233 |
++endif() |
234 |
+ |
235 |
+ # add executables |
236 |
+ add_subdirectory(tpmd) |
237 |
+-- |
238 |
+2.16.4 |
239 |
+ |
240 |
|
241 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 |
242 |
new file mode 100644 |
243 |
index 00000000000..985fa4e774c |
244 |
--- /dev/null |
245 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 |
246 |
@@ -0,0 +1 @@ |
247 |
+STARTUP_MODE="save" |
248 |
|
249 |
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 |
250 |
new file mode 100644 |
251 |
index 00000000000..abfbef900d0 |
252 |
--- /dev/null |
253 |
+++ b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 |
254 |
@@ -0,0 +1,46 @@ |
255 |
+#!/sbin/openrc-run |
256 |
+# Copyright 1999-2018 Gentoo Foundation |
257 |
+# Distributed under the terms of the GNU General Public License, v2 or later |
258 |
+ |
259 |
+STARTUP_MODE="${STARTUP_MODE:-save}"; |
260 |
+ |
261 |
+extra_started_commands="clear save deactivated" |
262 |
+description="TPM emulator" |
263 |
+command="/usr/bin/tpmd" |
264 |
+my_command_args="-f" |
265 |
+command_background=1 |
266 |
+command_user="tss:tss" |
267 |
+pidfile="/var/run/${RC_SVCNAME}.pid" |
268 |
+ |
269 |
+depend() { |
270 |
+ use logger |
271 |
+ after coldplug |
272 |
+} |
273 |
+ |
274 |
+start_pre() { |
275 |
+ checkpath -d -m 0775 -o tss /var/run/tpm |
276 |
+ service_set_value STARTUP_MODE "${STARTUP_MODE}" |
277 |
+} |
278 |
+ |
279 |
+start() { |
280 |
+ command_args="${my_command_args} $(service_get_value STARTUP_MODE)" |
281 |
+ default_start |
282 |
+} |
283 |
+ |
284 |
+_doit() { |
285 |
+ service_set_value STARTUP_MODE "$1" |
286 |
+ stop |
287 |
+ start |
288 |
+} |
289 |
+ |
290 |
+clear() { |
291 |
+ _doit clear |
292 |
+} |
293 |
+ |
294 |
+save() { |
295 |
+ _doit save |
296 |
+} |
297 |
+ |
298 |
+deactivated() { |
299 |
+ _doit deactivated |
300 |
+} |
301 |
|
302 |
diff --git a/app-crypt/tpm-emulator/metadata.xml b/app-crypt/tpm-emulator/metadata.xml |
303 |
index e3da9602970..401103a0692 100644 |
304 |
--- a/app-crypt/tpm-emulator/metadata.xml |
305 |
+++ b/app-crypt/tpm-emulator/metadata.xml |
306 |
@@ -8,4 +8,7 @@ |
307 |
<upstream> |
308 |
<remote-id type="sourceforge">tpm-emulator</remote-id> |
309 |
</upstream> |
310 |
+ <use> |
311 |
+ <flag name="mtm-emulator">Build the MTM emulator</flag> |
312 |
+ </use> |
313 |
</pkgmetadata> |
314 |
|
315 |
diff --git a/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild |
316 |
new file mode 100644 |
317 |
index 00000000000..9c7003c115f |
318 |
--- /dev/null |
319 |
+++ b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild |
320 |
@@ -0,0 +1,85 @@ |
321 |
+# Copyright 1999-2018 Gentoo Foundation |
322 |
+# Distributed under the terms of the GNU General Public License v2 |
323 |
+ |
324 |
+EAPI=6 |
325 |
+MODULES_OPTIONAL_USE="modules" |
326 |
+inherit flag-o-matic user linux-mod cmake-utils udev |
327 |
+ |
328 |
+MY_P=${P/-/_} |
329 |
+DESCRIPTION="Emulator driver for tpm" |
330 |
+HOMEPAGE="https://sourceforge.net/projects/tpm-emulator.berlios/" |
331 |
+SRC_URI="mirror://sourceforge/tpm-emulator/${MY_P}.tar.gz" |
332 |
+LICENSE="GPL-2" |
333 |
+ |
334 |
+SLOT="0" |
335 |
+KEYWORDS="~amd64 ~x86" |
336 |
+ |
337 |
+IUSE="libressl mtm-emulator ssl" |
338 |
+RDEPEND="ssl? ( |
339 |
+ !libressl? ( dev-libs/openssl:0= ) |
340 |
+ libressl? ( dev-libs/libressl:0= ) |
341 |
+ )" |
342 |
+DEPEND="${RDEPEND} |
343 |
+ !ssl? ( dev-libs/gmp )" |
344 |
+ |
345 |
+S=${WORKDIR}/${P/-/_} |
346 |
+ |
347 |
+PATCHES=( |
348 |
+ "${FILESDIR}/${P}-build.patch" |
349 |
+ "${FILESDIR}/${P}-cmake.patch" |
350 |
+) |
351 |
+ |
352 |
+pkg_setup() { |
353 |
+ enewgroup tss |
354 |
+ enewuser tss -1 -1 /var/lib/tpm tss |
355 |
+ if use modules; then |
356 |
+ CONFIG_CHECK="MODULES" |
357 |
+ MODULE_NAMES="tpmd_dev(extra:tpmd_dev/linux:)" |
358 |
+ BUILD_TARGETS="all tpmd_dev.rules" |
359 |
+ BUILD_PARAMS="KERNEL_BUILD=${KERNEL_DIR}" |
360 |
+ linux-mod_pkg_setup |
361 |
+ fi |
362 |
+} |
363 |
+ |
364 |
+src_configure() { |
365 |
+ local mycmakeargs=( |
366 |
+ -DUSE_OPENSSL=$(usex ssl ON OFF) |
367 |
+ -DMTM_EMULATOR=$(usex mtm-emulator ON OFF) |
368 |
+ -DBUILD_DEV=OFF |
369 |
+ ) |
370 |
+ cmake-utils_src_configure |
371 |
+ |
372 |
+ use modules && ln -s "${BUILD_DIR}/config.h" tpmd_dev/linux |
373 |
+} |
374 |
+ |
375 |
+src_compile() { |
376 |
+ cmake-utils_src_compile |
377 |
+ use modules && linux-mod_src_compile |
378 |
+} |
379 |
+ |
380 |
+src_install() { |
381 |
+ cmake-utils_src_install |
382 |
+ if use modules; then |
383 |
+ linux-mod_src_install |
384 |
+ udev_newrules "tpmd_dev/linux/tpmd_dev.rules" 60-tpmd_dev.rules |
385 |
+ fi |
386 |
+ |
387 |
+ newinitd "${FILESDIR}/${PN}.initd-r2" "${PN}" |
388 |
+ newconfd "${FILESDIR}/${PN}.confd-r2" "${PN}" |
389 |
+ |
390 |
+ keepdir /var/log/tpm |
391 |
+ fowners tss:tss /var/log/tpm |
392 |
+} |
393 |
+ |
394 |
+pkg_postinst() { |
395 |
+ if use modules; then |
396 |
+ linux-mod_pkg_postinst |
397 |
+ |
398 |
+ ewarn "" |
399 |
+ ewarn "The new init.d script does not load the tpmd_dev any more as it is optional." |
400 |
+ ewarn "If you use the tpmd_dev, please load it explicitly in /etc/conf.d/modules" |
401 |
+ ewarn "" |
402 |
+ fi |
403 |
+ |
404 |
+ einfo "tpmd socket is located at /var/run/tpm/tpmd_socket:0" |
405 |
+} |