Sync from SUSE:SLFO:Main ibmtss revision 388b92cf9d57c3b9c337828d1eabcff8

2024-05-03 13:39:06 +02:00 · 2024-05-03 13:39:06 +02:00 · dbd3f5c181
commit dbd3f5c181
6 changed files with 361 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/90-tpm-ibmtss.rules
+++ b/90-tpm-ibmtss.rules
@ -0,0 +1,4 @@
+# tpm devices can only be accessed by the tss user but the tss
+# group members can access tpmrm devices
+KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss"
+KERNEL=="tpmrm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss"
--- a/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+++ b/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
@ -0,0 +1,28 @@
+From 005064b673d937a305427eb9fa4d549f93f6090a Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Mon, 17 Aug 2020 18:21:51 +0200
+Subject: [PATCH] configure.ac: Do not disable optimization for debug build.
+
+This conflicts with FORTIFY_SOURCE and generates completely different
+assembly for debug and procuction.
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+--- a/configure.ac
+++ b/configure.ac
+@@ -62,7 +62,7 @@ AC_CHECK_FUNCS([gethostbyname memmove memset socket strerror strtoul])
+ # Replace autotools default optimization
+ AC_ARG_ENABLE(debug,
+    AS_HELP_STRING([--enable-debug], [Build a TSS library used for debugging]))
+-   AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -O0"])
+   AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -Wextra -Werror"])
+ 
+ # Linux requires -DTPM_POSIX
+ case $host_os in
+-- 
+2.26.2
+
--- a/ibmtss.changes
+++ b/ibmtss.changes
@ -0,0 +1,175 @@
+-------------------------------------------------------------------
+Thu Nov 30 14:36:22 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.1.1:
+  * Add man page for tpmproxy.
+- Update to 2.1.0:
+  * Parse new IMA event log template data fields.
+  * Add option to verify IMA template data
+  * Correct minor regression test script typos.
+- Update to 2.0.0
+  * Expand TPMU_SENSITIVE_COMPOSITE to handle HW TPMs that return 5
+    RSA primes.  This is an ABI (not API) break.
+  * Add support for TPM2_ECC_Encrypt and TPM2_ECC_Decrypt
+  * Add more EFI event log handlers and event tracing.
+  * SW TPM test CA now uses SHA-256, not the deprecated SHA-1.
+  * Port tpmproxy for TPM 2.0 to Linux and Windows.
+  * Add many new EK root certificates.
+  * Remove OpenSSL functions deprecated in 3.x.
+  * Fix TSS bug when using encrypt and decrypt in a PWAP session.
+  * Add build flag to suppress SHA-1.
+- Remove patches fixed upstream:
+  * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch
+  * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch
+  * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch
+  * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch
+  * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
+  * ibmtss-openssl3-deprecation.patch
+
+-------------------------------------------------------------------
+Wed Nov  9 13:33:51 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Build with OpenSSL 3.0 deprecated functions until fixed upstream
+in the next version update [bsc#1205042]
+  * ibmtss-openssl3-deprecation.patch
+- Add upstream patches to fix build with OpenSSL 3.0
+  * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch
+  * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch
+  * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch
+  * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch
+  * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
+
+-------------------------------------------------------------------
+Thu Nov 25 11:48:53 UTC 2021 - Michal Suchanek <msuchanek@suse.com>
+
+- Fix certificate list, run all tests.
+
+-------------------------------------------------------------------
+Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel <pvorel@suse.cz>
+
+- Update to upstream version 1.6.0 (jsc#SLE-18268).
+- Drop patches from this release
+  - ibmtss-certifyx509-Fix-uninitialized-variable.patch
+  - ibmtss-fix-dsa-regression.patch
+
+-------------------------------------------------------------------
+Thu Oct  1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>
+
+- Regression fix:
+  * utils: fix ABI break caused by additional argument to -rsa
+  * https://sourceforge.net/p/ibmtpm20tss/mailman/message/37119441/
+- Add ibmtss-fix-dsa-regression.patch
+
+-------------------------------------------------------------------
+Mon Aug 17 14:38:12 UTC 2020 - Michal Suchanek <msuchanek@suse.de>
+
+- Update to upstream version 1.5.0 (jsc#SLE-13828).
+- Fix build warning due to -O0
+  + ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+- Fix uninitialized variable warning
+  + ibmtss-certifyx509-Fix-uninitialized-variable.patch
+
+-------------------------------------------------------------------
+Fri Mar 27 13:19:08 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Don't mess with Epoch: in the long run it can't but cause
+  problems. Upstreams that don't understand the meaning of version
+  numbers can't be helped with Epoch. Let's rely on the distro
+  features for dist-upgrade (that has no problem with a 'version
+  downgrade'.
+
+-------------------------------------------------------------------
+Mon Mar 23 20:10:11 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
+
+- Fix dependencies for epoch, remove useless define.
+
+-------------------------------------------------------------------
+Fri Jan 31 11:53:40 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
+
+- Update to upstream version 1.3.0
+- copy tpm device permission handling udev rule from tpm2-0-tss
+- depend on user(tss) (boo#1162360).
+
+-------------------------------------------------------------------
+Sat Aug 24 04:36:04 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Disable static libs (standard openSUSE behavior)
+
+-------------------------------------------------------------------
+Wed Aug 14 08:21:58 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
+
+- Remove installed .cvsignore file
+- Don't create already created directory
+
+-------------------------------------------------------------------
+Fri Aug  9 15:52:02 UTC 2019 - Michal Suchanek <msuchanek@suse.com>
+
+- Don't install duplicate headers
+
+-------------------------------------------------------------------
+Mon Jul  8 09:59:35 UTC 2019 - Michal Suchanek <msuchanek@suse.com>
+
+- Remove .la files
+
+-------------------------------------------------------------------
+Thu Jul  4 16:51:35 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
+
+- Update to v1047 (FATE#327307, jsc#SLE-6593, jsc#SLE-9179).
+  - now supports autotools
+  - supports library versioning
+  - installs tools with program prefx
+ - remove binary tool wrapper
+ - remove makefile.patch
+
+-------------------------------------------------------------------
+Tue May 22 10:18:35 UTC 2018 - msuchanek@suse.com
+
+- Add post/postun ldconfig call
+
+-------------------------------------------------------------------
+Fri May 18 21:55:16 UTC 2018 - jengelh@inai.de
+
+- Fix RPM groups
+
+-------------------------------------------------------------------
+Thu May 17 13:12:22 UTC 2018 - msuchanek@suse.com
+
+- Split off library, spec-clean (bsc#1093612)
+
+-------------------------------------------------------------------
+Thu Jan 18 08:34:51 UTC 2018 - msuchanek@suse.com
+
+- Enable test on BE
+
+-------------------------------------------------------------------
+Wed Nov  8 15:35:53 UTC 2017 - msuchanek@suse.com
+
+- Update to upstream version 1045 - works with OpenSSL 1.1 (bsc#1066914)
+
+-------------------------------------------------------------------
+Thu Mar  2 12:28:23 UTC 2017 - msuchanek@suse.com
+
+- fix description of -devel package
+
+-------------------------------------------------------------------
+Wed Mar  1 17:06:55 UTC 2017 - meissner@suse.com
+
+- update to v755 (FATE#321601)
+  - This is the version prefered by IBM.
+
+-------------------------------------------------------------------
+Wed Feb  8 09:33:13 UTC 2017 - jengelh@inai.de
+
+- Wrap description and spell out TSS.
+- Move package description up before any build recipes,
+  this is the more usual layout.
+- Drop unusable "return" command; %build already executes with
+  sh -e.
+
+-------------------------------------------------------------------
+Fri Jan 27 11:44:04 UTC 2017 - msuchanek@suse.com
+
+- Import v713 (FATE#321601)
+- Move to libdir and add wrapper script.
+- repack source without makefile-beam which has incompatible
+  license and is not used in build anyway
--- a/ibmtss.spec
+++ b/ibmtss.spec
@ -0,0 +1,128 @@
+#
+# spec file for package ibmtss
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define libversion 2
+%define libname libibmtss
+%define libpkgname %{libname}%{libversion}
+
+Name:           ibmtss
+Version:        2.1.1
+Release:        0
+Summary:        IBM's TPM 2.0 TSS
+License:        BSD-3-Clause
+Group:          Productivity/Security
+URL:            https://sourceforge.net/projects/ibmtpm20tss
+Source:         https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
+Source1:        90-tpm-ibmtss.rules
+Patch1:         ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  ibmswtpm2
+BuildRequires:  libopenssl-devel
+BuildRequires:  libtool
+
+%description
+This is a user space TCG Software Stack (TSS) for TPM 2.0. It
+implements the functionality equivalent to the TCG TSS working
+group's planned ESAPI, SAPI, and TCTI APIs.
+
+It comes with over 100 "TPM tools" that can be used for scripted
+apps, rapid prototyping, education, and debugging.
+
+%package -n %{libpkgname}
+Summary:        Shared library for IBM's TPM 2.0 TSS
+Group:          System/Libraries
+Recommends:     %{name}-base = %{version}
+
+%description -n %{libpkgname}
+Shared library for IBM's TPM 2.0 TSS tools
+
+%package base
+Summary:        IBM's TPM 2.0 TSS shared files
+Group:          Productivity/Security
+BuildArch:      noarch
+Requires(post): user(tss)
+
+%description base
+Includes IBM's TPM 2.0 TSS certificates and policy files.
+
+%package devel
+Summary:        IBM's TPM 2.0 TSS headers
+Group:          Development/Libraries/C and C++
+Requires:       %{libpkgname} = %{version}
+Requires:       %{name} = %{version}
+
+%description devel
+Includes IBM's TPM 2.0 TSS C header files
+
+%prep
+%setup -q -c
+%autopatch -p1
+
+%build
+autoreconf -ifv
+%configure --enable-debug --disable-static
+cd utils
+sed -i -e "s|/home/kgold/tss2/utils|$PWD|" certificates/rootcerts.txt
+%{_libexecdir}/%{name}/tpm_server & tpm_server="$!"
+export CCFLAGS="%{optflags}"
+export LNAFLAGS="-Wl,-rpath,%{_libdir}"
+%{make_build}
+testfailed=0
+TPM_INTERFACE_TYPE=socsim LD_LIBRARY_PATH=.libs ./reg.sh -a || testfailed=$?
+kill "$tpm_server" || :
+[ "$testfailed" -eq 0 ]
+sed -i -e "s|$PWD|%{_datadir}/%{name}|" certificates/rootcerts.txt
+
+%install
+install -m 644 -D -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE1}
+cd utils
+%make_install
+
+mkdir -p %{buildroot}/%{_datadir}/%{name}
+cp -a policies certificates %{buildroot}/%{_datadir}/%{name}
+
+find %{buildroot} -type f -name "*.la" -delete -print
+find %{buildroot} -name .cvsignore | xargs rm -v
+
+%post base
+%_bindir/udevadm trigger -s tpm -s tpmrm || :
+%post   -n %{libpkgname} -p /sbin/ldconfig
+%postun -n %{libpkgname} -p /sbin/ldconfig
+
+%files
+%license LICENSE
+%doc ibmtss.docx
+%{_bindir}/tss*
+%{_mandir}/man1/tss*.1%{?ext_man}
+
+%files -n %{libpkgname}
+%{_libdir}/%{libname}*.so.%{version}
+%{_libdir}/%{libname}*.so.%{libversion}
+
+%files base
+%license LICENSE
+%{_datadir}/%{name}
+%{_prefix}/lib/udev/rules.d/*
+
+%files devel
+%license LICENSE
+%{_includedir}/%{name}
+%{_libdir}/%{libname}*.so
+
+%changelog
--- a/ibmtss2.1.1.tar.gz
+++ b/ibmtss2.1.1.tar.gz