From dbd3f5c18175da60bc44298c1fef50eaecade34c4a06651f472a930a6f8618db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 13:39:06 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main ibmtss revision 388b92cf9d57c3b9c337828d1eabcff8 --- .gitattributes | 23 +++ 90-tpm-ibmtss.rules | 4 + ...not-disable-optimization-for-debug-b.patch | 28 +++ ibmtss.changes | 175 ++++++++++++++++++ ibmtss.spec | 128 +++++++++++++ ibmtss2.1.1.tar.gz | 3 + 6 files changed, 361 insertions(+) create mode 100644 .gitattributes create mode 100644 90-tpm-ibmtss.rules create mode 100644 ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch create mode 100644 ibmtss.changes create mode 100644 ibmtss.spec create mode 100644 ibmtss2.1.1.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/90-tpm-ibmtss.rules b/90-tpm-ibmtss.rules new file mode 100644 index 0000000..fee2b63 --- /dev/null +++ b/90-tpm-ibmtss.rules @@ -0,0 +1,4 @@ +# tpm devices can only be accessed by the tss user but the tss +# group members can access tpmrm devices +KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss" +KERNEL=="tpmrm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss" diff --git a/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch b/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch new file mode 100644 index 0000000..1f26055 --- /dev/null +++ b/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch @@ -0,0 +1,28 @@ +From 005064b673d937a305427eb9fa4d549f93f6090a Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 17 Aug 2020 18:21:51 +0200 +Subject: [PATCH] configure.ac: Do not disable optimization for debug build. + +This conflicts with FORTIFY_SOURCE and generates completely different +assembly for debug and procuction. + +Signed-off-by: Michal Suchanek +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +--- a/configure.ac ++++ b/configure.ac +@@ -62,7 +62,7 @@ AC_CHECK_FUNCS([gethostbyname memmove memset socket strerror strtoul]) + # Replace autotools default optimization + AC_ARG_ENABLE(debug, + AS_HELP_STRING([--enable-debug], [Build a TSS library used for debugging])) +- AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -O0"]) ++ AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -Wextra -Werror"]) + + # Linux requires -DTPM_POSIX + case $host_os in +-- +2.26.2 + diff --git a/ibmtss.changes b/ibmtss.changes new file mode 100644 index 0000000..4a17f91 --- /dev/null +++ b/ibmtss.changes @@ -0,0 +1,175 @@ +------------------------------------------------------------------- +Thu Nov 30 14:36:22 UTC 2023 - Pedro Monreal + +- Update to 2.1.1: + * Add man page for tpmproxy. +- Update to 2.1.0: + * Parse new IMA event log template data fields. + * Add option to verify IMA template data + * Correct minor regression test script typos. +- Update to 2.0.0 + * Expand TPMU_SENSITIVE_COMPOSITE to handle HW TPMs that return 5 + RSA primes. This is an ABI (not API) break. + * Add support for TPM2_ECC_Encrypt and TPM2_ECC_Decrypt + * Add more EFI event log handlers and event tracing. + * SW TPM test CA now uses SHA-256, not the deprecated SHA-1. + * Port tpmproxy for TPM 2.0 to Linux and Windows. + * Add many new EK root certificates. + * Remove OpenSSL functions deprecated in 3.x. + * Fix TSS bug when using encrypt and decrypt in a PWAP session. + * Add build flag to suppress SHA-1. +- Remove patches fixed upstream: + * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch + * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch + * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch + * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch + * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch + * ibmtss-openssl3-deprecation.patch + +------------------------------------------------------------------- +Wed Nov 9 13:33:51 UTC 2022 - Pedro Monreal + +- Build with OpenSSL 3.0 deprecated functions until fixed upstream +in the next version update [bsc#1205042] + * ibmtss-openssl3-deprecation.patch +- Add upstream patches to fix build with OpenSSL 3.0 + * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch + * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch + * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch + * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch + * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch + +------------------------------------------------------------------- +Thu Nov 25 11:48:53 UTC 2021 - Michal Suchanek + +- Fix certificate list, run all tests. + +------------------------------------------------------------------- +Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel + +- Update to upstream version 1.6.0 (jsc#SLE-18268). +- Drop patches from this release + - ibmtss-certifyx509-Fix-uninitialized-variable.patch + - ibmtss-fix-dsa-regression.patch + +------------------------------------------------------------------- +Thu Oct 1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez + +- Regression fix: + * utils: fix ABI break caused by additional argument to -rsa + * https://sourceforge.net/p/ibmtpm20tss/mailman/message/37119441/ +- Add ibmtss-fix-dsa-regression.patch + +------------------------------------------------------------------- +Mon Aug 17 14:38:12 UTC 2020 - Michal Suchanek + +- Update to upstream version 1.5.0 (jsc#SLE-13828). +- Fix build warning due to -O0 + + ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch +- Fix uninitialized variable warning + + ibmtss-certifyx509-Fix-uninitialized-variable.patch + +------------------------------------------------------------------- +Fri Mar 27 13:19:08 UTC 2020 - Dominique Leuenberger + +- Don't mess with Epoch: in the long run it can't but cause + problems. Upstreams that don't understand the meaning of version + numbers can't be helped with Epoch. Let's rely on the distro + features for dist-upgrade (that has no problem with a 'version + downgrade'. + +------------------------------------------------------------------- +Mon Mar 23 20:10:11 UTC 2020 - Michal Suchanek + +- Fix dependencies for epoch, remove useless define. + +------------------------------------------------------------------- +Fri Jan 31 11:53:40 UTC 2020 - Michal Suchanek + +- Update to upstream version 1.3.0 +- copy tpm device permission handling udev rule from tpm2-0-tss +- depend on user(tss) (boo#1162360). + +------------------------------------------------------------------- +Sat Aug 24 04:36:04 UTC 2019 - Jan Engelhardt + +- Disable static libs (standard openSUSE behavior) + +------------------------------------------------------------------- +Wed Aug 14 08:21:58 UTC 2019 - Michal Suchanek + +- Remove installed .cvsignore file +- Don't create already created directory + +------------------------------------------------------------------- +Fri Aug 9 15:52:02 UTC 2019 - Michal Suchanek + +- Don't install duplicate headers + +------------------------------------------------------------------- +Mon Jul 8 09:59:35 UTC 2019 - Michal Suchanek + +- Remove .la files + +------------------------------------------------------------------- +Thu Jul 4 16:51:35 UTC 2019 - Michal Suchanek + +- Update to v1047 (FATE#327307, jsc#SLE-6593, jsc#SLE-9179). + - now supports autotools + - supports library versioning + - installs tools with program prefx + - remove binary tool wrapper + - remove makefile.patch + +------------------------------------------------------------------- +Tue May 22 10:18:35 UTC 2018 - msuchanek@suse.com + +- Add post/postun ldconfig call + +------------------------------------------------------------------- +Fri May 18 21:55:16 UTC 2018 - jengelh@inai.de + +- Fix RPM groups + +------------------------------------------------------------------- +Thu May 17 13:12:22 UTC 2018 - msuchanek@suse.com + +- Split off library, spec-clean (bsc#1093612) + +------------------------------------------------------------------- +Thu Jan 18 08:34:51 UTC 2018 - msuchanek@suse.com + +- Enable test on BE + +------------------------------------------------------------------- +Wed Nov 8 15:35:53 UTC 2017 - msuchanek@suse.com + +- Update to upstream version 1045 - works with OpenSSL 1.1 (bsc#1066914) + +------------------------------------------------------------------- +Thu Mar 2 12:28:23 UTC 2017 - msuchanek@suse.com + +- fix description of -devel package + +------------------------------------------------------------------- +Wed Mar 1 17:06:55 UTC 2017 - meissner@suse.com + +- update to v755 (FATE#321601) + - This is the version prefered by IBM. + +------------------------------------------------------------------- +Wed Feb 8 09:33:13 UTC 2017 - jengelh@inai.de + +- Wrap description and spell out TSS. +- Move package description up before any build recipes, + this is the more usual layout. +- Drop unusable "return" command; %build already executes with + sh -e. + +------------------------------------------------------------------- +Fri Jan 27 11:44:04 UTC 2017 - msuchanek@suse.com + +- Import v713 (FATE#321601) +- Move to libdir and add wrapper script. +- repack source without makefile-beam which has incompatible + license and is not used in build anyway diff --git a/ibmtss.spec b/ibmtss.spec new file mode 100644 index 0000000..40a83f8 --- /dev/null +++ b/ibmtss.spec @@ -0,0 +1,128 @@ +# +# spec file for package ibmtss +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libversion 2 +%define libname libibmtss +%define libpkgname %{libname}%{libversion} + +Name: ibmtss +Version: 2.1.1 +Release: 0 +Summary: IBM's TPM 2.0 TSS +License: BSD-3-Clause +Group: Productivity/Security +URL: https://sourceforge.net/projects/ibmtpm20tss +Source: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz +Source1: 90-tpm-ibmtss.rules +Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: ibmswtpm2 +BuildRequires: libopenssl-devel +BuildRequires: libtool + +%description +This is a user space TCG Software Stack (TSS) for TPM 2.0. It +implements the functionality equivalent to the TCG TSS working +group's planned ESAPI, SAPI, and TCTI APIs. + +It comes with over 100 "TPM tools" that can be used for scripted +apps, rapid prototyping, education, and debugging. + +%package -n %{libpkgname} +Summary: Shared library for IBM's TPM 2.0 TSS +Group: System/Libraries +Recommends: %{name}-base = %{version} + +%description -n %{libpkgname} +Shared library for IBM's TPM 2.0 TSS tools + +%package base +Summary: IBM's TPM 2.0 TSS shared files +Group: Productivity/Security +BuildArch: noarch +Requires(post): user(tss) + +%description base +Includes IBM's TPM 2.0 TSS certificates and policy files. + +%package devel +Summary: IBM's TPM 2.0 TSS headers +Group: Development/Libraries/C and C++ +Requires: %{libpkgname} = %{version} +Requires: %{name} = %{version} + +%description devel +Includes IBM's TPM 2.0 TSS C header files + +%prep +%setup -q -c +%autopatch -p1 + +%build +autoreconf -ifv +%configure --enable-debug --disable-static +cd utils +sed -i -e "s|/home/kgold/tss2/utils|$PWD|" certificates/rootcerts.txt +%{_libexecdir}/%{name}/tpm_server & tpm_server="$!" +export CCFLAGS="%{optflags}" +export LNAFLAGS="-Wl,-rpath,%{_libdir}" +%{make_build} +testfailed=0 +TPM_INTERFACE_TYPE=socsim LD_LIBRARY_PATH=.libs ./reg.sh -a || testfailed=$? +kill "$tpm_server" || : +[ "$testfailed" -eq 0 ] +sed -i -e "s|$PWD|%{_datadir}/%{name}|" certificates/rootcerts.txt + +%install +install -m 644 -D -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE1} +cd utils +%make_install + +mkdir -p %{buildroot}/%{_datadir}/%{name} +cp -a policies certificates %{buildroot}/%{_datadir}/%{name} + +find %{buildroot} -type f -name "*.la" -delete -print +find %{buildroot} -name .cvsignore | xargs rm -v + +%post base +%_bindir/udevadm trigger -s tpm -s tpmrm || : +%post -n %{libpkgname} -p /sbin/ldconfig +%postun -n %{libpkgname} -p /sbin/ldconfig + +%files +%license LICENSE +%doc ibmtss.docx +%{_bindir}/tss* +%{_mandir}/man1/tss*.1%{?ext_man} + +%files -n %{libpkgname} +%{_libdir}/%{libname}*.so.%{version} +%{_libdir}/%{libname}*.so.%{libversion} + +%files base +%license LICENSE +%{_datadir}/%{name} +%{_prefix}/lib/udev/rules.d/* + +%files devel +%license LICENSE +%{_includedir}/%{name} +%{_libdir}/%{libname}*.so + +%changelog diff --git a/ibmtss2.1.1.tar.gz b/ibmtss2.1.1.tar.gz new file mode 100644 index 0000000..8af467d --- /dev/null +++ b/ibmtss2.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02d5e8686eb6742803e1521681ff377ca08ebec5a956f800fbc4fb13bc9658bd +size 1269381