From 9736bcc92f01444d21c7170b045ff8e45baec02494e05a7b1646f4de43759a9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 13 Sep 2024 16:06:52 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main swtpm revision d74576ec7ec8d4bf8604d72ae8b885f1 --- swtpm-0.8.0.tar.gz | 3 -- swtpm-0.9.0.tar.gz | 3 ++ swtpm.changes | 88 ++++++++++++++++++++++++++++++++++++++++++++++ swtpm.spec | 29 +++++++++++++-- 4 files changed, 118 insertions(+), 5 deletions(-) delete mode 100644 swtpm-0.8.0.tar.gz create mode 100644 swtpm-0.9.0.tar.gz diff --git a/swtpm-0.8.0.tar.gz b/swtpm-0.8.0.tar.gz deleted file mode 100644 index f7d9874..0000000 --- a/swtpm-0.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ad433f9272fb794aafd550914d24cc0ca33d4652cfd087fa41b911fa9e54be3d -size 363951 diff --git a/swtpm-0.9.0.tar.gz b/swtpm-0.9.0.tar.gz new file mode 100644 index 0000000..89c5df7 --- /dev/null +++ b/swtpm-0.9.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9679ca171e8aaa3c4e4053e8bc1d10c8dabf0220bd4b16aba78743511c25f731 +size 370942 diff --git a/swtpm.changes b/swtpm.changes index 75020d1..8c48bb7 100644 --- a/swtpm.changes +++ b/swtpm.changes @@ -1,3 +1,91 @@ +------------------------------------------------------------------- +Thu Aug 1 07:23:27 UTC 2024 - Richard Rahl + +- update to 0.9.0: + - fixes: boo#1226398 + - swtpm: + - Use umask() to create/truncated state file rather than fchmod() + - Use fchmod to set mode bits provided by user + - Replace mkstemp with g_mkstemp_full (Coverity) + - fix typo in help message + - cuse: Fix Coverity complaints regarding locks + - Fix double free in error path + - Close fd after main loop + - Restore logging to stderr on log open failure + - swtpm_setup: + - Fail --pcr-banks without --tpm2 + - Fail --decryption or --allow-signing without --tpm2 + - Initialized argv in get_swtpm_capabilities() + - Flush spk after persisting to create room for another key + - Refactor duplicate code into swtpm_tpm2_write_cert_nvram + - Move persisting of certificate into tpm2_persist_certificate + - Pass key_type to function creating filename for key + - Add scheme parameter before curveid to createprimary_ecc + - Rename is_ek to preserve for future extension + - Mask-out EK and plaform certificate flags and set cert_flags + - Move common code into new function read_certificate_file() + - Exit with '0' upon --version rather than '1' + - Close file descriptors passed to swtpm process on parent side + - Make stdout unbuffered + - Use medium duration on TSC_PhysicalPresence to avoid timeouts + - Add poll() after write() and before read() to detect errors + - swtpm_localca: + - Add support for up to 20 bytes serial numbers + - Introduce --key as more generic alias for --ek + - Add missing NULL option to end of array + - Make stdout unbuffered + - swtpm_cert: + - Add support for serial numbers up to 20 bytes long + - swtpm_ioctl: + - Separate return code from flags + - Repeatedly call PTM_GET_INFO for long responses + - selinux: + - Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install) + - New SELinux policy that requires Fedora 40 or later + - tests: + - Fixed occurrences of stray '' before '-' + - Rearrange order of test cases to run some also as 'root' + - Add tests for command line options and combinations of options + - Add softhsm_setup to shellcheck'ed files and fix issues + - Add missing 'exit 1' on unexpected file size on --reconfigure + - Add test cases for swtpm_cert with max serial number + - Fix spelling mistakes + - reformat regexs for easier readability and extension + - ibmtss2: Add patch to disable x509 test with older libtpms + - Upgrade to ibmtss2 v2.0.1 + - Fixed several issues detected by shellcheck + - build-sys: + - Add support for --disable-tests to disable tests + - Display GMP_LIBS and GMP_CFLAGS + - Only display warning if pkg-config for gmp fails + - Add gmp library and devel package as dependency + - use PKG_CHECK_MODULES to check libtpms version + +------------------------------------------------------------------- +Thu Oct 19 00:43:29 UTC 2023 - William Brown + +- Add missing requires for certtool + +------------------------------------------------------------------- +Sat Sep 16 10:10:45 UTC 2023 - Marcus Meissner + +- Update to version 0.8.1: + - swtpm: + - Restore logging to stderr on log open failure + - swtpm_setup: + - Exit with '0' upon --version rather than '1'. + - Initialized @argv in get_swtpm_capabilities() + - swtpm_localca: + - Add missing NULL option to end of array + - SELinux: + - Add rules for user_tpm_t:sockfile to allow unlink + - Add rules for sock_file on user_tmp_t + +------------------------------------------------------------------- +Fri Jun 16 11:32:11 UTC 2023 - Manfred Hollstein + +- Make selinux optional to allow building this package for Leap, too. + ------------------------------------------------------------------- Tue May 2 09:55:28 UTC 2023 - Marcus Meissner diff --git a/swtpm.spec b/swtpm.spec index c5fabe8..2020917 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -1,7 +1,7 @@ # # spec file for package swtpm # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,12 @@ # +%if 0%{?suse_version} > 01500 +%bcond_without use_selinux +%else +%bcond_with use_selinux +%endif + # Scripts in this package are python3 %define skip_python2 1 # SELinux @@ -24,7 +30,7 @@ %define modulename2 swtpm_svirt %define modulename3 swtpmcuse Name: swtpm -Version: 0.8.0 +Version: 0.9.0 Release: 0 Summary: Software TPM emulator License: BSD-3-Clause @@ -38,6 +44,7 @@ BuildRequires: automake BuildRequires: expect BuildRequires: fuse-devel BuildRequires: glib2-devel +BuildRequires: gmp-devel BuildRequires: gnutls BuildRequires: iproute2 BuildRequires: libgnutls-devel @@ -47,13 +54,19 @@ BuildRequires: libtasn1-devel BuildRequires: libtool BuildRequires: libtpms-devel BuildRequires: pkgconfig +%if %{with use_selinux} BuildRequires: selinux-policy-devel BuildRequires: selinux-policy-targeted +%endif BuildRequires: socat BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(systemd) +# Required for certtool, which is used by swtpm-localca +Requires: gnutls Requires: iproute2 +%if %{with use_selinux} Requires: (%{name}-selinux if selinux-policy-base) +%endif Requires(pre): user(tss) %description @@ -74,6 +87,7 @@ Requires: libtpms-devel %description devel The development files for SWTPM +%if %{with use_selinux} %package selinux Summary: SELinux module for the Software TPM emulator Group: System/Management @@ -83,6 +97,7 @@ BuildArch: noarch %description selinux This package provides the SELinux module for the Software TPM emulator. +%endif %prep %autosetup @@ -94,14 +109,20 @@ autoreconf -fiv export PATH="$PATH:%{_sbindir}" %configure --with-openssl --disable-static \ --with-tss-user=root --with-tss-group=tss \ +%if %{with use_selinux} --with-selinux +%else + +%endif %make_build %install %make_install find %{buildroot} -type f -name "*.la" -delete -print +%if %{with use_selinux} mkdir %{buildroot}%{_datadir}/selinux/packages/targeted mv %{buildroot}%{_datadir}/selinux/packages/*.pp %{buildroot}%{_datadir}/selinux/packages/targeted +%endif mkdir -p %{buildroot}%{_localstatedir}/lib/swtpm-localca sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-tpmca sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-user-config-files @@ -109,6 +130,7 @@ sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm- %post -p /sbin/ldconfig %postun -p /sbin/ldconfig +%if %{with use_selinux} %pre selinux %selinux_relabel_pre -s %{selinuxtype} @@ -126,6 +148,7 @@ fi %posttrans selinux %selinux_relabel_post -s %{selinuxtype} +%endif %files %doc CHANGES README TODO @@ -144,10 +167,12 @@ fi %{_includedir}/swtpm %{_mandir}/man3/swtpm*%{?ext_man} +%if %{with use_selinux} %files selinux %{_datadir}/selinux/packages/targeted/*.pp %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename1} %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename2} %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename3} +%endif %changelog