Sync from SUSE:SLFO:Main swtpm revision d74576ec7ec8d4bf8604d72ae8b885f1

2024-09-13 16:06:52 +02:00 · 2024-09-13 16:06:52 +02:00 · 9736bcc92f
commit 9736bcc92f
parent fb5ea860a4
4 changed files with 118 additions and 5 deletions
--- a/swtpm-0.8.0.tar.gz
+++ b/swtpm-0.8.0.tar.gz
--- a/swtpm-0.9.0.tar.gz
+++ b/swtpm-0.9.0.tar.gz
--- a/swtpm.changes
+++ b/swtpm.changes
@ -1,3 +1,91 @@
 -------------------------------------------------------------------
 Thu Aug  1 07:23:27 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
 - update to 0.9.0:
  - fixes: boo#1226398
  - swtpm:
    - Use umask() to create/truncated state file rather than fchmod()
    - Use fchmod to set mode bits provided by user
    - Replace mkstemp with g_mkstemp_full (Coverity)
    - fix typo in help message
    - cuse: Fix Coverity complaints regarding locks
    - Fix double free in error path
    - Close fd after main loop
    - Restore logging to stderr on log open failure
  - swtpm_setup:
    - Fail --pcr-banks without --tpm2
    - Fail --decryption or --allow-signing without --tpm2
    - Initialized argv in get_swtpm_capabilities()
    - Flush spk after persisting to create room for another key
    - Refactor duplicate code into swtpm_tpm2_write_cert_nvram
    - Move persisting of certificate into tpm2_persist_certificate
    - Pass key_type to function creating filename for key
    - Add scheme parameter before curveid to createprimary_ecc
    - Rename is_ek to preserve for future extension
    - Mask-out EK and plaform certificate flags and set cert_flags
    - Move common code into new function read_certificate_file()
    - Exit with '0' upon --version rather than '1'
    - Close file descriptors passed to swtpm process on parent side
    - Make stdout unbuffered
    - Use medium duration on TSC_PhysicalPresence to avoid timeouts
    - Add poll() after write() and before read() to detect errors
  - swtpm_localca:
    - Add support for up to 20 bytes serial numbers
    - Introduce --key as more generic alias for --ek
    - Add missing NULL option to end of array
    - Make stdout unbuffered
  - swtpm_cert:
    - Add support for serial numbers up to 20 bytes long
  - swtpm_ioctl:
    - Separate return code from flags
    - Repeatedly call PTM_GET_INFO for long responses
  - selinux:
    - Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install)
    - New SELinux policy that requires Fedora 40 or later
  - tests:
    - Fixed occurrences of stray '' before '-'
    - Rearrange order of test cases to run some also as 'root'
    - Add tests for command line options and combinations of options
    - Add softhsm_setup to shellcheck'ed files and fix issues
    - Add missing 'exit 1' on unexpected file size on --reconfigure
    - Add test cases for swtpm_cert with max serial number
    - Fix spelling mistakes
    - reformat regexs for easier readability and extension
    - ibmtss2: Add patch to disable x509 test with older libtpms
    - Upgrade to ibmtss2 v2.0.1
    - Fixed several issues detected by shellcheck
  - build-sys:
    - Add support for --disable-tests to disable tests
    - Display GMP_LIBS and GMP_CFLAGS
    - Only display warning if pkg-config for gmp fails
    - Add gmp library and devel package as dependency
    - use PKG_CHECK_MODULES to check libtpms version
 -------------------------------------------------------------------
 Thu Oct 19 00:43:29 UTC 2023 - William Brown <william.brown@suse.com>
 - Add missing requires for certtool
 -------------------------------------------------------------------
 Sat Sep 16 10:10:45 UTC 2023 - Marcus Meissner <meissner@suse.com>
 - Update to version 0.8.1:
  - swtpm:
    -   Restore logging to stderr on log open failure
  - swtpm_setup:
    -   Exit with '0' upon --version rather than '1'.
    -   Initialized @argv in get_swtpm_capabilities()
  - swtpm_localca:
    -   Add missing NULL option to end of array
  - SELinux:
    -   Add rules for user_tpm_t:sockfile to allow unlink
    -   Add rules for sock_file on user_tmp_t
 -------------------------------------------------------------------
 Fri Jun 16 11:32:11 UTC 2023 - Manfred Hollstein <manfred.h@gmx.net>
 - Make selinux optional to allow building this package for Leap, too.
 -------------------------------------------------------------------
 Tue May  2 09:55:28 UTC 2023 - Marcus Meissner <meissner@suse.com>
--- a/swtpm.spec
+++ b/swtpm.spec
@ -1,7 +1,7 @@
 #
 # spec file for package swtpm
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,6 +16,12 @@
 #
 %if 0%{?suse_version} > 01500
 %bcond_without use_selinux
 %else
 %bcond_with use_selinux
 %endif
 # Scripts in this package are python3
 %define skip_python2 1
 # SELinux
@ -24,7 +30,7 @@
 %define modulename2 swtpm_svirt
 %define modulename3 swtpmcuse
 Name:           swtpm
-Version:        0.8.0
+Version:        0.9.0
 Release:        0
 Summary:        Software TPM emulator
 License:        BSD-3-Clause
@ -38,6 +44,7 @@ BuildRequires:  automake
 BuildRequires:  expect
 BuildRequires:  fuse-devel
 BuildRequires:  glib2-devel
 BuildRequires:  gmp-devel
 BuildRequires:  gnutls
 BuildRequires:  iproute2
 BuildRequires:  libgnutls-devel
@ -47,13 +54,19 @@ BuildRequires:  libtasn1-devel
 BuildRequires:  libtool
 BuildRequires:  libtpms-devel
 BuildRequires:  pkgconfig
 %if %{with use_selinux}
 BuildRequires:  selinux-policy-devel
 BuildRequires:  selinux-policy-targeted
 %endif
 BuildRequires:  socat
 BuildRequires:  pkgconfig(json-glib-1.0)
 BuildRequires:  pkgconfig(systemd)
 # Required for certtool, which is used by swtpm-localca
 Requires:       gnutls
 Requires:       iproute2
 %if %{with use_selinux}
 Requires:       (%{name}-selinux if selinux-policy-base)
 %endif
 Requires(pre):  user(tss)
 %description
@ -74,6 +87,7 @@ Requires:       libtpms-devel
 %description    devel
 The development files for SWTPM
 %if %{with use_selinux}
 %package        selinux
 Summary:        SELinux module for the Software TPM emulator
 Group:          System/Management
@ -83,6 +97,7 @@ BuildArch:      noarch
 %description    selinux
 This package provides the SELinux module for the Software TPM emulator.
 %endif
 %prep
 %autosetup
@ -94,14 +109,20 @@ autoreconf -fiv
 export PATH="$PATH:%{_sbindir}"
 %configure --with-openssl --disable-static \
     --with-tss-user=root --with-tss-group=tss \
 %if %{with use_selinux}
     --with-selinux
 %else
 %endif
 %make_build
 %install
 %make_install
 find %{buildroot} -type f -name "*.la" -delete -print
 %if %{with use_selinux}
 mkdir %{buildroot}%{_datadir}/selinux/packages/targeted
 mv %{buildroot}%{_datadir}/selinux/packages/*.pp %{buildroot}%{_datadir}/selinux/packages/targeted
 %endif
 mkdir -p %{buildroot}%{_localstatedir}/lib/swtpm-localca
 sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-tpmca
 sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-user-config-files
@ -109,6 +130,7 @@ sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 %if %{with use_selinux}
 %pre selinux
 %selinux_relabel_pre -s %{selinuxtype}
@ -126,6 +148,7 @@ fi
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 %endif
 %files
 %doc CHANGES README TODO
@ -144,10 +167,12 @@ fi
 %{_includedir}/swtpm
 %{_mandir}/man3/swtpm*%{?ext_man}
 %if %{with use_selinux}
 %files selinux
 %{_datadir}/selinux/packages/targeted/*.pp
 %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename1}
 %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename2}
 %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename3}
 %endif
 %changelog