Sync from SUSE:SLFO:Main ibmtss revision 388b92cf9d57c3b9c337828d1eabcff8

This commit is contained in:
Adrian Schröter 2024-05-03 13:39:06 +02:00
commit dbd3f5c181
6 changed files with 361 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

4
90-tpm-ibmtss.rules Normal file
View File

@ -0,0 +1,4 @@
# tpm devices can only be accessed by the tss user but the tss
# group members can access tpmrm devices
KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss"
KERNEL=="tpmrm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss"

View File

@ -0,0 +1,28 @@
From 005064b673d937a305427eb9fa4d549f93f6090a Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 17 Aug 2020 18:21:51 +0200
Subject: [PATCH] configure.ac: Do not disable optimization for debug build.
This conflicts with FORTIFY_SOURCE and generates completely different
assembly for debug and procuction.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
--- a/configure.ac
+++ b/configure.ac
@@ -62,7 +62,7 @@ AC_CHECK_FUNCS([gethostbyname memmove memset socket strerror strtoul])
# Replace autotools default optimization
AC_ARG_ENABLE(debug,
AS_HELP_STRING([--enable-debug], [Build a TSS library used for debugging]))
- AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -O0"])
+ AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -Wextra -Werror"])
# Linux requires -DTPM_POSIX
case $host_os in
--
2.26.2

175
ibmtss.changes Normal file
View File

@ -0,0 +1,175 @@
-------------------------------------------------------------------
Thu Nov 30 14:36:22 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.1.1:
* Add man page for tpmproxy.
- Update to 2.1.0:
* Parse new IMA event log template data fields.
* Add option to verify IMA template data
* Correct minor regression test script typos.
- Update to 2.0.0
* Expand TPMU_SENSITIVE_COMPOSITE to handle HW TPMs that return 5
RSA primes. This is an ABI (not API) break.
* Add support for TPM2_ECC_Encrypt and TPM2_ECC_Decrypt
* Add more EFI event log handlers and event tracing.
* SW TPM test CA now uses SHA-256, not the deprecated SHA-1.
* Port tpmproxy for TPM 2.0 to Linux and Windows.
* Add many new EK root certificates.
* Remove OpenSSL functions deprecated in 3.x.
* Fix TSS bug when using encrypt and decrypt in a PWAP session.
* Add build flag to suppress SHA-1.
- Remove patches fixed upstream:
* ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch
* ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch
* ibmtss-utils-Remove-unused-variables-from-certifyx509.patch
* ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch
* ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
* ibmtss-openssl3-deprecation.patch
-------------------------------------------------------------------
Wed Nov 9 13:33:51 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Build with OpenSSL 3.0 deprecated functions until fixed upstream
in the next version update [bsc#1205042]
* ibmtss-openssl3-deprecation.patch
- Add upstream patches to fix build with OpenSSL 3.0
* ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch
* ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch
* ibmtss-utils-Remove-unused-variables-from-certifyx509.patch
* ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch
* ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
-------------------------------------------------------------------
Thu Nov 25 11:48:53 UTC 2021 - Michal Suchanek <msuchanek@suse.com>
- Fix certificate list, run all tests.
-------------------------------------------------------------------
Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel <pvorel@suse.cz>
- Update to upstream version 1.6.0 (jsc#SLE-18268).
- Drop patches from this release
- ibmtss-certifyx509-Fix-uninitialized-variable.patch
- ibmtss-fix-dsa-regression.patch
-------------------------------------------------------------------
Thu Oct 1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>
- Regression fix:
* utils: fix ABI break caused by additional argument to -rsa
* https://sourceforge.net/p/ibmtpm20tss/mailman/message/37119441/
- Add ibmtss-fix-dsa-regression.patch
-------------------------------------------------------------------
Mon Aug 17 14:38:12 UTC 2020 - Michal Suchanek <msuchanek@suse.de>
- Update to upstream version 1.5.0 (jsc#SLE-13828).
- Fix build warning due to -O0
+ ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
- Fix uninitialized variable warning
+ ibmtss-certifyx509-Fix-uninitialized-variable.patch
-------------------------------------------------------------------
Fri Mar 27 13:19:08 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Don't mess with Epoch: in the long run it can't but cause
problems. Upstreams that don't understand the meaning of version
numbers can't be helped with Epoch. Let's rely on the distro
features for dist-upgrade (that has no problem with a 'version
downgrade'.
-------------------------------------------------------------------
Mon Mar 23 20:10:11 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
- Fix dependencies for epoch, remove useless define.
-------------------------------------------------------------------
Fri Jan 31 11:53:40 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
- Update to upstream version 1.3.0
- copy tpm device permission handling udev rule from tpm2-0-tss
- depend on user(tss) (boo#1162360).
-------------------------------------------------------------------
Sat Aug 24 04:36:04 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Disable static libs (standard openSUSE behavior)
-------------------------------------------------------------------
Wed Aug 14 08:21:58 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
- Remove installed .cvsignore file
- Don't create already created directory
-------------------------------------------------------------------
Fri Aug 9 15:52:02 UTC 2019 - Michal Suchanek <msuchanek@suse.com>
- Don't install duplicate headers
-------------------------------------------------------------------
Mon Jul 8 09:59:35 UTC 2019 - Michal Suchanek <msuchanek@suse.com>
- Remove .la files
-------------------------------------------------------------------
Thu Jul 4 16:51:35 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
- Update to v1047 (FATE#327307, jsc#SLE-6593, jsc#SLE-9179).
- now supports autotools
- supports library versioning
- installs tools with program prefx
- remove binary tool wrapper
- remove makefile.patch
-------------------------------------------------------------------
Tue May 22 10:18:35 UTC 2018 - msuchanek@suse.com
- Add post/postun ldconfig call
-------------------------------------------------------------------
Fri May 18 21:55:16 UTC 2018 - jengelh@inai.de
- Fix RPM groups
-------------------------------------------------------------------
Thu May 17 13:12:22 UTC 2018 - msuchanek@suse.com
- Split off library, spec-clean (bsc#1093612)
-------------------------------------------------------------------
Thu Jan 18 08:34:51 UTC 2018 - msuchanek@suse.com
- Enable test on BE
-------------------------------------------------------------------
Wed Nov 8 15:35:53 UTC 2017 - msuchanek@suse.com
- Update to upstream version 1045 - works with OpenSSL 1.1 (bsc#1066914)
-------------------------------------------------------------------
Thu Mar 2 12:28:23 UTC 2017 - msuchanek@suse.com
- fix description of -devel package
-------------------------------------------------------------------
Wed Mar 1 17:06:55 UTC 2017 - meissner@suse.com
- update to v755 (FATE#321601)
- This is the version prefered by IBM.
-------------------------------------------------------------------
Wed Feb 8 09:33:13 UTC 2017 - jengelh@inai.de
- Wrap description and spell out TSS.
- Move package description up before any build recipes,
this is the more usual layout.
- Drop unusable "return" command; %build already executes with
sh -e.
-------------------------------------------------------------------
Fri Jan 27 11:44:04 UTC 2017 - msuchanek@suse.com
- Import v713 (FATE#321601)
- Move to libdir and add wrapper script.
- repack source without makefile-beam which has incompatible
license and is not used in build anyway

128
ibmtss.spec Normal file
View File

@ -0,0 +1,128 @@
#
# spec file for package ibmtss
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libversion 2
%define libname libibmtss
%define libpkgname %{libname}%{libversion}
Name: ibmtss
Version: 2.1.1
Release: 0
Summary: IBM's TPM 2.0 TSS
License: BSD-3-Clause
Group: Productivity/Security
URL: https://sourceforge.net/projects/ibmtpm20tss
Source: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
Source1: 90-tpm-ibmtss.rules
Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: ibmswtpm2
BuildRequires: libopenssl-devel
BuildRequires: libtool
%description
This is a user space TCG Software Stack (TSS) for TPM 2.0. It
implements the functionality equivalent to the TCG TSS working
group's planned ESAPI, SAPI, and TCTI APIs.
It comes with over 100 "TPM tools" that can be used for scripted
apps, rapid prototyping, education, and debugging.
%package -n %{libpkgname}
Summary: Shared library for IBM's TPM 2.0 TSS
Group: System/Libraries
Recommends: %{name}-base = %{version}
%description -n %{libpkgname}
Shared library for IBM's TPM 2.0 TSS tools
%package base
Summary: IBM's TPM 2.0 TSS shared files
Group: Productivity/Security
BuildArch: noarch
Requires(post): user(tss)
%description base
Includes IBM's TPM 2.0 TSS certificates and policy files.
%package devel
Summary: IBM's TPM 2.0 TSS headers
Group: Development/Libraries/C and C++
Requires: %{libpkgname} = %{version}
Requires: %{name} = %{version}
%description devel
Includes IBM's TPM 2.0 TSS C header files
%prep
%setup -q -c
%autopatch -p1
%build
autoreconf -ifv
%configure --enable-debug --disable-static
cd utils
sed -i -e "s|/home/kgold/tss2/utils|$PWD|" certificates/rootcerts.txt
%{_libexecdir}/%{name}/tpm_server & tpm_server="$!"
export CCFLAGS="%{optflags}"
export LNAFLAGS="-Wl,-rpath,%{_libdir}"
%{make_build}
testfailed=0
TPM_INTERFACE_TYPE=socsim LD_LIBRARY_PATH=.libs ./reg.sh -a || testfailed=$?
kill "$tpm_server" || :
[ "$testfailed" -eq 0 ]
sed -i -e "s|$PWD|%{_datadir}/%{name}|" certificates/rootcerts.txt
%install
install -m 644 -D -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE1}
cd utils
%make_install
mkdir -p %{buildroot}/%{_datadir}/%{name}
cp -a policies certificates %{buildroot}/%{_datadir}/%{name}
find %{buildroot} -type f -name "*.la" -delete -print
find %{buildroot} -name .cvsignore | xargs rm -v
%post base
%_bindir/udevadm trigger -s tpm -s tpmrm || :
%post -n %{libpkgname} -p /sbin/ldconfig
%postun -n %{libpkgname} -p /sbin/ldconfig
%files
%license LICENSE
%doc ibmtss.docx
%{_bindir}/tss*
%{_mandir}/man1/tss*.1%{?ext_man}
%files -n %{libpkgname}
%{_libdir}/%{libname}*.so.%{version}
%{_libdir}/%{libname}*.so.%{libversion}
%files base
%license LICENSE
%{_datadir}/%{name}
%{_prefix}/lib/udev/rules.d/*
%files devel
%license LICENSE
%{_includedir}/%{name}
%{_libdir}/%{libname}*.so
%changelog

BIN
ibmtss2.1.1.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.