summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlon Bar-Lev <alonbl@gentoo.org>2018-09-11 17:02:39 +0300
committerAlon Bar-Lev <alonbl@gentoo.org>2018-09-11 18:03:35 +0300
commit18779e114fbfcb80dc83b228b0581dd75f855a7f (patch)
treec2b65f975ca4f03c5270f98d9e487dfde08b653e /app-crypt
parentnet-libs/nodejs: Old. (diff)
downloadgentoo-18779e114fbfcb80dc83b228b0581dd75f855a7f.tar.gz
gentoo-18779e114fbfcb80dc83b228b0581dd75f855a7f.tar.bz2
gentoo-18779e114fbfcb80dc83b228b0581dd75f855a7f.zip
app-crypt/tpm-emulator: massive cleanup
Kernel module is optional now, no need to enforce it. Fix libdir issue. Support MTM emulator. Properly enable/disable openssl. Properly build kernel module. Rewrite of init.d scripts. Probably more. Closes: https://bugs.gentoo.org/show_bug.cgi?id=640734 Bug: https://bugs.gentoo.org/show_bug.cgi?id=540384 Package-Manager: Portage-2.3.40, Repoman-2.3.9
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch69
-rw-r--r--app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch120
-rw-r--r--app-crypt/tpm-emulator/files/tpm-emulator.confd-r21
-rw-r--r--app-crypt/tpm-emulator/files/tpm-emulator.initd-r246
-rw-r--r--app-crypt/tpm-emulator/metadata.xml3
-rw-r--r--app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild85
6 files changed, 324 insertions, 0 deletions
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch
index 7a299a15fbf5..ada748f7129a 100644
--- a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch
+++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch
@@ -29,3 +29,72 @@ index c362b56..4c49f54 100644
debug("TPM_ChangeAuthAsymFinish(): newAuthLink value does not match.");
return TPM_FAIL;
}
+From 035af1df2b18afd695150c6f9e426133b775c0a1 Mon Sep 17 00:00:00 2001
+From: Florian Larysch <fl@n621.de>
+Date: Tue, 24 Oct 2017 19:33:00 +0200
+Subject: [PATCH] tpm_command_handler: fix switch fallthrough
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compiling with a recent GCC fails as follows:
+
+ tpm-emulator/tpm/tpm_cmd_handler.c: In function ‘tpm_setup_rsp_auth’:
+ tpm-emulator/tpm/tpm_cmd_handler.c:3332:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
+ tpm_hmac_final(&hmac, rsp->auth2->auth);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ tpm-emulator/tpm/tpm_cmd_handler.c:3333:5: note: here
+ case TPM_TAG_RSP_AUTH1_COMMAND:
+
+Looking at the code, this does indeed seem unintentional. Add a break
+state in the appropriate place.
+---
+ tpm/tpm_cmd_handler.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
+index 288d1ce..5aea4e7 100644
+--- a/tpm/tpm_cmd_handler.c
++++ b/tpm/tpm_cmd_handler.c
+@@ -3330,6 +3330,7 @@ static void tpm_setup_rsp_auth(TPM_COMMAND_CODE ordinal, TPM_RESPONSE *rsp)
+ sizeof(rsp->auth2->nonceOdd.nonce));
+ tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1);
+ tpm_hmac_final(&hmac, rsp->auth2->auth);
++ break;
+ case TPM_TAG_RSP_AUTH1_COMMAND:
+ tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret));
+ tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest));
+--
+2.16.4
+
+From 0f4579e913aeb3a893631a3caee420a0e9803683 Mon Sep 17 00:00:00 2001
+From: Peter Huewe <peterhuewe@gmx.de>
+Date: Mon, 26 Jun 2017 00:25:43 +0200
+Subject: [PATCH] Workaround wrong fallthrough case by returning TPM_FAIL
+
+The spec says that the number of verified PCRs should be returned - which it currently does not and breaks compilation with gcc7
+See #26
+Since this code is probably unused anyway, we now simply return TPM_FAIL until someone comes up with a solution.
+
+Spec:
+https://www.trustedcomputinggroup.org/wp-content/uploads/Revision_7.02-_29April2010-tcg-mobile-trusted-module-1.0.pdf
+---
+ mtm/mtm_capability.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/mtm/mtm_capability.c b/mtm/mtm_capability.c
+index a09b116..4046de5 100644
+--- a/mtm/mtm_capability.c
++++ b/mtm/mtm_capability.c
+@@ -87,6 +87,8 @@ static TPM_RESULT cap_mtm_permanent_data(UINT32 subCapSize, BYTE *subCap,
+ tpm_free(*resp);
+ return TPM_FAIL;
+ }
++ error("[TPM_CAP_MTM_PERMANENT_DATA] SubCap 2 not Implemented");
++ return TPM_FAIL; // TODO not implemented.
+
+ case 3:
+ return return_UINT32(respSize, resp,
+--
+2.16.4
+
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch
new file mode 100644
index 000000000000..7fd775139b2d
--- /dev/null
+++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch
@@ -0,0 +1,120 @@
+
+Pull request:
+https://github.com/PeterHuewe/tpm-emulator/pull/37
+
+
+From 694b7c24ac09e0ec1e54ab71eb9c82a8d4f41d33 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Tue, 11 Sep 2018 14:08:49 +0300
+Subject: [PATCH 1/3] build: use GNUInstallDirs to allow override install
+ directories
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ CMakeLists.txt | 1 +
+ tddl/CMakeLists.txt | 6 +++---
+ tpmd/unix/CMakeLists.txt | 2 +-
+ 3 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index f362298..d047ce3 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -6,6 +6,7 @@
+ project(TPM_Emulator C)
+
+ cmake_minimum_required(VERSION 2.4)
++include(GNUInstallDirs)
+ set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS true)
+ if(COMMAND cmake_policy)
+ cmake_policy(SET CMP0003 NEW)
+diff --git a/tddl/CMakeLists.txt b/tddl/CMakeLists.txt
+index 0be3281..6cc63b3 100644
+--- a/tddl/CMakeLists.txt
++++ b/tddl/CMakeLists.txt
+@@ -15,9 +15,9 @@ elseif(WIN32)
+ set_target_properties(tddl PROPERTIES PREFIX "")
+ endif()
+
+-install(TARGETS tddl DESTINATION lib)
+-install(TARGETS tddl_static DESTINATION lib)
+-install(FILES "tddl.h" DESTINATION include)
++install(TARGETS tddl DESTINATION ${CMAKE_INSTALL_LIBDIR})
++install(TARGETS tddl_static DESTINATION ${CMAKE_INSTALL_LIBDIR})
++install(FILES "tddl.h" DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
+
+ include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+ add_executable(test_tddl test_tddl.c)
+diff --git a/tpmd/unix/CMakeLists.txt b/tpmd/unix/CMakeLists.txt
+index 40c436b..c5c394a 100644
+--- a/tpmd/unix/CMakeLists.txt
++++ b/tpmd/unix/CMakeLists.txt
+@@ -13,5 +13,5 @@ target_link_libraries(tpmd mtm tpm tpm_crypto)
+ else()
+ target_link_libraries(tpmd tpm tpm_crypto)
+ endif()
+-install(TARGETS tpmd RUNTIME DESTINATION bin)
++install(TARGETS tpmd RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+
+--
+2.16.4
+
+From 89bf733368dda265040cf44ff8be69a15ab66712 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Tue, 11 Sep 2018 16:36:12 +0300
+Subject: [PATCH 2/3] build: do not build mtm unless enabled
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ CMakeLists.txt | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index d047ce3..b8b68a3 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -67,7 +67,9 @@ include_directories(${CMAKE_BINARY_DIR})
+
+ # add internal libraries
+ add_subdirectory(tpm)
+-add_subdirectory(mtm)
++if(MTM_EMULATOR)
++ add_subdirectory(mtm)
++endif()
+ add_subdirectory(crypto)
+
+ # add TDDL
+--
+2.16.4
+
+From 24bbf683de0b0b24f0ec81d093c03e1f6a9570f2 Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Tue, 11 Sep 2018 14:20:19 +0300
+Subject: [PATCH 3/3] build: support BUILD_DEV to disable device build
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ CMakeLists.txt | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b8b68a3..9ae6562 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -76,7 +76,12 @@ add_subdirectory(crypto)
+ add_subdirectory(tddl)
+
+ # add kernel modules
+-add_subdirectory(tpmd_dev)
++if(NOT DEFINED BUILD_DEV)
++ set(BUILD_DEV ON)
++endif()
++if(BUILD_DEV)
++ add_subdirectory(tpmd_dev)
++endif()
+
+ # add executables
+ add_subdirectory(tpmd)
+--
+2.16.4
+
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2
new file mode 100644
index 000000000000..985fa4e774ca
--- /dev/null
+++ b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2
@@ -0,0 +1 @@
+STARTUP_MODE="save"
diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2
new file mode 100644
index 000000000000..abfbef900d00
--- /dev/null
+++ b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2
@@ -0,0 +1,46 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+
+STARTUP_MODE="${STARTUP_MODE:-save}";
+
+extra_started_commands="clear save deactivated"
+description="TPM emulator"
+command="/usr/bin/tpmd"
+my_command_args="-f"
+command_background=1
+command_user="tss:tss"
+pidfile="/var/run/${RC_SVCNAME}.pid"
+
+depend() {
+ use logger
+ after coldplug
+}
+
+start_pre() {
+ checkpath -d -m 0775 -o tss /var/run/tpm
+ service_set_value STARTUP_MODE "${STARTUP_MODE}"
+}
+
+start() {
+ command_args="${my_command_args} $(service_get_value STARTUP_MODE)"
+ default_start
+}
+
+_doit() {
+ service_set_value STARTUP_MODE "$1"
+ stop
+ start
+}
+
+clear() {
+ _doit clear
+}
+
+save() {
+ _doit save
+}
+
+deactivated() {
+ _doit deactivated
+}
diff --git a/app-crypt/tpm-emulator/metadata.xml b/app-crypt/tpm-emulator/metadata.xml
index e3da96029705..401103a0692f 100644
--- a/app-crypt/tpm-emulator/metadata.xml
+++ b/app-crypt/tpm-emulator/metadata.xml
@@ -8,4 +8,7 @@
<upstream>
<remote-id type="sourceforge">tpm-emulator</remote-id>
</upstream>
+ <use>
+ <flag name="mtm-emulator">Build the MTM emulator</flag>
+ </use>
</pkgmetadata>
diff --git a/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild
new file mode 100644
index 000000000000..9c7003c115f7
--- /dev/null
+++ b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+MODULES_OPTIONAL_USE="modules"
+inherit flag-o-matic user linux-mod cmake-utils udev
+
+MY_P=${P/-/_}
+DESCRIPTION="Emulator driver for tpm"
+HOMEPAGE="https://sourceforge.net/projects/tpm-emulator.berlios/"
+SRC_URI="mirror://sourceforge/tpm-emulator/${MY_P}.tar.gz"
+LICENSE="GPL-2"
+
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="libressl mtm-emulator ssl"
+RDEPEND="ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )"
+DEPEND="${RDEPEND}
+ !ssl? ( dev-libs/gmp )"
+
+S=${WORKDIR}/${P/-/_}
+
+PATCHES=(
+ "${FILESDIR}/${P}-build.patch"
+ "${FILESDIR}/${P}-cmake.patch"
+)
+
+pkg_setup() {
+ enewgroup tss
+ enewuser tss -1 -1 /var/lib/tpm tss
+ if use modules; then
+ CONFIG_CHECK="MODULES"
+ MODULE_NAMES="tpmd_dev(extra:tpmd_dev/linux:)"
+ BUILD_TARGETS="all tpmd_dev.rules"
+ BUILD_PARAMS="KERNEL_BUILD=${KERNEL_DIR}"
+ linux-mod_pkg_setup
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DUSE_OPENSSL=$(usex ssl ON OFF)
+ -DMTM_EMULATOR=$(usex mtm-emulator ON OFF)
+ -DBUILD_DEV=OFF
+ )
+ cmake-utils_src_configure
+
+ use modules && ln -s "${BUILD_DIR}/config.h" tpmd_dev/linux
+}
+
+src_compile() {
+ cmake-utils_src_compile
+ use modules && linux-mod_src_compile
+}
+
+src_install() {
+ cmake-utils_src_install
+ if use modules; then
+ linux-mod_src_install
+ udev_newrules "tpmd_dev/linux/tpmd_dev.rules" 60-tpmd_dev.rules
+ fi
+
+ newinitd "${FILESDIR}/${PN}.initd-r2" "${PN}"
+ newconfd "${FILESDIR}/${PN}.confd-r2" "${PN}"
+
+ keepdir /var/log/tpm
+ fowners tss:tss /var/log/tpm
+}
+
+pkg_postinst() {
+ if use modules; then
+ linux-mod_pkg_postinst
+
+ ewarn ""
+ ewarn "The new init.d script does not load the tpmd_dev any more as it is optional."
+ ewarn "If you use the tpmd_dev, please load it explicitly in /etc/conf.d/modules"
+ ewarn ""
+ fi
+
+ einfo "tpmd socket is located at /var/run/tpm/tpmd_socket:0"
+}