diff --git a/1229131-fix-swtpm-selinux-policy-mismatch.patch b/1229131-fix-swtpm-selinux-policy-mismatch.patch index 81698c0..b0ca27a 100644 --- a/1229131-fix-swtpm-selinux-policy-mismatch.patch +++ b/1229131-fix-swtpm-selinux-policy-mismatch.patch @@ -1,16 +1,16 @@ -Index: swtpm-0.9.0/src/selinux/swtpm.te +Index: swtpm-0.10.0/src/selinux/swtpm.te =================================================================== ---- swtpm-0.9.0.orig/src/selinux/swtpm.te -+++ swtpm-0.9.0/src/selinux/swtpm.te -@@ -8,6 +8,7 @@ policy_module(swtpm, 1.0.0) - require { +--- swtpm-0.10.0.orig/src/selinux/swtpm.te ++++ swtpm-0.10.0/src/selinux/swtpm.te +@@ -9,6 +9,7 @@ require { type qemu_var_run_t; + type svirt_image_t; type var_log_t; + type virt_log_t; type virt_var_lib_t; type virtqemud_t; type virtqemud_tmp_t; -@@ -29,6 +30,7 @@ allow swtpm_t qemu_var_run_t:file { crea +@@ -30,6 +31,7 @@ allow swtpm_t qemu_var_run_t:file { crea allow swtpm_t qemu_var_run_t:dir { add_name remove_name write }; allow swtpm_t qemu_var_run_t:sock_file { create setattr unlink }; allow swtpm_t var_log_t:file open; diff --git a/swtpm-0.10.0.tar.gz b/swtpm-0.10.0.tar.gz new file mode 100644 index 0000000..0edb243 --- /dev/null +++ b/swtpm-0.10.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9f10ae0d3123ab05c3808f8c8d39f633cf1a0cf142d6ac9b87b8364a682ac842 +size 414698 diff --git a/swtpm-0.9.0.tar.gz b/swtpm-0.9.0.tar.gz deleted file mode 100644 index 89c5df7..0000000 --- a/swtpm-0.9.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9679ca171e8aaa3c4e4053e8bc1d10c8dabf0220bd4b16aba78743511c25f731 -size 370942 diff --git a/swtpm-fix-build.patch b/swtpm-fix-build.patch index e0e0351..96758fa 100644 --- a/swtpm-fix-build.patch +++ b/swtpm-fix-build.patch @@ -1,8 +1,8 @@ -Index: swtpm-0.8.0/configure.ac +Index: swtpm-0.10.0/configure.ac =================================================================== ---- swtpm-0.8.0.orig/configure.ac -+++ swtpm-0.8.0/configure.ac -@@ -418,11 +418,11 @@ if test "x$enable_hardening" != "xno"; t +--- swtpm-0.10.0.orig/configure.ac ++++ swtpm-0.10.0/configure.ac +@@ -449,11 +449,11 @@ if test "x$enable_hardening" != "xno"; t # Some versions of gcc fail with -Wstack-protector, # some with -Wstack-protector-strong enabled if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then diff --git a/swtpm.changes b/swtpm.changes index 1474887..9ff57fb 100644 --- a/swtpm.changes +++ b/swtpm.changes @@ -1,3 +1,83 @@ +------------------------------------------------------------------- +Sat Dec 7 10:16:02 UTC 2024 - Bernhard Wiedemann + +- Fix build without %check (boo#1227364) + +------------------------------------------------------------------- +Wed Dec 4 10:34:20 UTC 2024 - Alberto Planas Dominguez + +- Update to 0.10.0: + + swtpm: + * Requires libtpms v0.10.0 + * Display tpmstate-opt-lock as a new capability + * Add support for lock option parameter to tpmstate option + * nvstore_linear: Add support for file-backend locking + * Remove broken logic to check for neither dir nor file backend + * Use ptm_cap_n to build PTM_GET_CAPABILITY response + * Define a structure to return PTM_GET_CAPABILITY result + * Implement --print-info to run TPMLIB_GetInfo with flags + * Support --profile fd= to read profile from file descriptor + * Support --profile file= to read profile from file + * Ignore remove-disabled parameter on non-'custom' profile + * Check for good entropy source in chroot environment + * Implement a check for HMAC+sha1 for testing future restriction + * Implement function to check whether a crypto algorithm is + disabled + * Print cmdarg-print-profiles as part of capabilities + * Check whether SHA1 signature support is disabled in profile + * Use TPMLIB_WasManufactured to check whether profile was applied + * Determine whether OpenSSL needs to be configured (FIPs, SHA1 + signature) + * Add support for --print-profiles option + * Print profile names as part of capabilities JSON + * Display new capability to allow setting a profile + * Add support for --profile option to set a profile on TPM 2 + + swtpm_setup: + * Comment flags for storage primary key and deprecate --create-spk + * Implement --print-profiles to display all profile + * Add profile entries to swtpm_setup.conf written by swtpm_setup + * Add support for --profile-name option + * Accept profiles with name starting with 'custom:' + * Support default profile from file in swtpm_setup.conf + * Support --profile-file-fd to read profile from file descriptor + * Support --profile-file to read profile from file + * Always log the active profile + * Implement --profile-remove-fips-disabled option + * Read default profile from swtpm_setup.conf + * Print profile names as part of capabilities JSON + * Add support for --profile parameter + * Get default rsa keysize from setup_setup.conf if not given + + swtpm_ioctl: + * Use ptm_cap_n for non-CUSE PTM_GET_CAPABILITY response + + selinux: + * Change write to append for appending to log + * Add rule for logging to svirt_image_t labeled files from swtpm_t + + tests: + * Update IBMTSS2 test suite to v2.4.0 + * Test activation of PCR banks when not all are available + * Enable SWTPM_TEST_PROFILE for running test_tpm2_ibmtss2 with + profile + * Add a check for OPENSSL_ENABLE_SHA1_SIGNATURES in log file + * Consolidate custom profile test cases and check for + StateFormatLevel + * Convert test_samples_create_tpmca to run installed + * Mention test_tpm2_libtpms_versions_profiles requiring + env. variables + * allow running ibmtss2 tests against installed version + * Derive support for CUSE from SWTPM_EXE help screen + * Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for IBMTSS2 test + * Extend test case testing across libtpms versions + * Add test case for testing profiles across libtpms versions + * Test the --profile option of swtpm_setup and swtpm + * teach them to run installed + * add installed-runner.sh + * install tests on the system + * lookup system binaries if INSTALLED is set + + build-sys: + * enable 64-bit file API on 32-bit systems + * Add -Wshadow to the CFLAGS + * Require that libtpms v0.10 is available for TPMLIB_SetProfile + ------------------------------------------------------------------- Thu Sep 19 10:55:54 UTC 2024 - Cathy Hu diff --git a/swtpm.spec b/swtpm.spec index 86ab28b..598dc92 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -30,7 +30,7 @@ %define modulename2 swtpm_svirt %define modulename3 swtpmcuse Name: swtpm -Version: 0.9.0 +Version: 0.10.0 Release: 0 Summary: Software TPM emulator License: BSD-3-Clause @@ -46,7 +46,7 @@ Patch0: swtpm-fix-build.patch # which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled # virt_log_t instead of var_log_t. # this patch allows swtpm_t to open the virt_log_t -Patch1: 1229131-fix-swtpm-selinux-policy-mismatch.patch +Patch1: 1229131-fix-swtpm-selinux-policy-mismatch.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: expect @@ -134,6 +134,13 @@ mv %{buildroot}%{_datadir}/selinux/packages/*.pp %{buildroot}%{_datadir}/selinux mkdir -p %{buildroot}%{_localstatedir}/lib/swtpm-localca sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-tpmca sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i %{buildroot}%{_datadir}/swtpm/swtpm-create-user-config-files +rm -fr %{buildroot}%{_libexecdir}/installed-tests + +%check +# fix check-local +# https://bugzilla.suse.com/show_bug.cgi?id=1204556#c9 +sed -i "s@\(-L\./\.libs\)@\1 -Wl,--no-as-needed@" src/Makefile +%make_build check %post -p /sbin/ldconfig %postun -p /sbin/ldconfig