From 48c2216868eb8c6bad4bb03b098c73f83be81f2b528e3c501ffb2676aae81206 Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Tue, 3 Dec 2024 15:09:05 +0000 Subject: [PATCH] Add ibmtss-2.4.0-fix-FTBFS-2026.patch to fix tests after 2026 (boo#1102840) OBS-URL: https://build.opensuse.org/package/show/security/ibmtss?expand=0&rev=49 --- .gitattributes | 23 +++ .gitignore | 1 + 90-tpm-ibmtss.rules | 4 + ibmtss-2.4.0-fix-FTBFS-2026.patch | 92 +++++++++ ibmtss-2.4.0.tar.gz | 3 + ...not-disable-optimization-for-debug-b.patch | 30 +++ ibmtss.changes | 192 ++++++++++++++++++ ibmtss.spec | 130 ++++++++++++ ibmtss2.1.1.tar.gz | 3 + ...angelog-and-autotools-version-update.patch | 69 +++++++ utils-Update-.so-version-to-2.4.patch | 104 ++++++++++ 11 files changed, 651 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 90-tpm-ibmtss.rules create mode 100644 ibmtss-2.4.0-fix-FTBFS-2026.patch create mode 100644 ibmtss-2.4.0.tar.gz create mode 100644 ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch create mode 100644 ibmtss.changes create mode 100644 ibmtss.spec create mode 100644 ibmtss2.1.1.tar.gz create mode 100644 tss-Commit-changelog-and-autotools-version-update.patch create mode 100644 utils-Update-.so-version-to-2.4.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/90-tpm-ibmtss.rules b/90-tpm-ibmtss.rules new file mode 100644 index 0000000..fee2b63 --- /dev/null +++ b/90-tpm-ibmtss.rules @@ -0,0 +1,4 @@ +# tpm devices can only be accessed by the tss user but the tss +# group members can access tpmrm devices +KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss" +KERNEL=="tpmrm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss" diff --git a/ibmtss-2.4.0-fix-FTBFS-2026.patch b/ibmtss-2.4.0-fix-FTBFS-2026.patch new file mode 100644 index 0000000..edd0726 --- /dev/null +++ b/ibmtss-2.4.0-fix-FTBFS-2026.patch @@ -0,0 +1,92 @@ +From 3a17ac01bea73d3568272d61b895a16a0bd85440 Mon Sep 17 00:00:00 2001 +From: Ken Goldman +Date: Sun, 23 Oct 2050 00:02:27 -0400 +Subject: [PATCH] certs: Issue new self signed test EK CA certificates. + +The original CA certificates for signing EKs for TSS regression +testing expired in 2026. This caused a failure in a distro that +expects tests to pass for 15 years from the present. The new one is +good until 2044. + +This affected neither the TSS nor the TPM vendor certificates. + +Signed-off-by: Ken Goldman +--- + utils/certificates/cacert.pem | 38 ++++++++++++++++---------------- + utils/certificates/cacertecc.pem | 22 +++++++++--------- + 2 files changed, 30 insertions(+), 30 deletions(-) + +diff --git a/utils/certificates/cacert.pem b/utils/certificates/cacert.pem +index b752ba54..5c7d1a5f 100644 +--- a/utils/certificates/cacert.pem ++++ b/utils/certificates/cacert.pem +@@ -1,21 +1,21 @@ + -----BEGIN CERTIFICATE----- +-MIIDbDCCAlKgAwIBAgIJALbpb8xivmmsMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV +-BAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoM +-A0lCTTEOMAwGA1UEAwwFRUsgQ0EwHhcNMTYwNTIzMTkwNjExWhcNMjYwMjIwMTkw +-NjExWjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 +-b3duMQwwCgYDVQQKDANJQk0xDjAMBgNVBAMMBUVLIENBMIIBIzANBgkqhkiG9w0B +-AQEFAAOCARAAMIIBCwKCAQICsUzdWU1yjZNL5QeJU/emaKBbOuHvZqdCvApjGM+T +-31XO1s52BkxRtOjULxd+xiK0xogdxDwwsnh/o/YR9zmj7aDVFz068WCEBvjKkClf +-KOk+1VpdAFzni+NNYMNESNul3ZWwEzpfBmghI7zJQrUBh1rn27PC9OtfTFhONzRT +-XPq5K2vScvU3Wz0papT4+hEmsd8YyhMYJr00cjV2bDzphZ7wg9YNNpUMJZ4yipYy +-4XLG+HVPb9DyERFQNpDooA/ZhCZVT8auDbdSvYyrO9q+Uxz30UeqXK3YnDCyk00k +-JCBWmf3TobjWMKwZO3gUIRMrBuJ7UsEtkkh8+jLaJ7Qcl68CAwEAAaNQME4wHQYD +-VR0OBBYEFMSPNuKcE6FeRlRc+DKJeakTyaDpMB8GA1UdIwQYMBaAFMSPNuKcE6Fe +-RlRc+DKJeakTyaDpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEDAAFr +-xBCzqiAkYNofYGNidpGrkiP2T3xj/hUx57HjVVoWNlVDBGsxbnoB+WlBqzApJLZC +-/XZs/zuvS4bnMiSUEw2v8v3/sAqkzMJN7VOg0US1etNjPSrlBmSeun/6HX0C+5M2 +-wQ836P6Y49PePvJO6zGdxJ9SlZ8jKNgtQgQKyUSViSEj0N09CndQJMnOPYIYhc+T +-/9/HPaNMymHu7Hep0/NgASoLnm8LzP+nzmR286L4DeZ47hKBHMbnTeNNlodEjh92 +-AyI4yaGKjujRjPokTHWUWjFt6t1VXn1cc6Sdpj2YVeFCjkjB9NmDV+Msv9h4UAqy +-K0wEax/1fsWqDeoom5I1NA== ++MIIDejCCAmCgAwIBAgIUVOe6TM3djGkrJ/G+ttuqcW2o/ccwDQYJKoZIhvcNAQEL ++BQAwSzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhZb3JrdG93 ++bjEMMAoGA1UECgwDSUJNMQ4wDAYDVQQDDAVFSyBDQTAeFw0yNDEwMjIwNDAwNDJa ++Fw00NDEwMTcwNDAwNDJaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8G ++A1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lCTTEOMAwGA1UEAwwFRUsgQ0EwggEj ++MA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAgKxTN1ZTXKNk0vlB4lT96ZooFs6 ++4e9mp0K8CmMYz5PfVc7WznYGTFG06NQvF37GIrTGiB3EPDCyeH+j9hH3OaPtoNUX ++PTrxYIQG+MqQKV8o6T7VWl0AXOeL401gw0RI26XdlbATOl8GaCEjvMlCtQGHWufb ++s8L0619MWE43NFNc+rkra9Jy9TdbPSlqlPj6ESax3xjKExgmvTRyNXZsPOmFnvCD ++1g02lQwlnjKKljLhcsb4dU9v0PIREVA2kOigD9mEJlVPxq4Nt1K9jKs72r5THPfR ++R6pcrdicMLKTTSQkIFaZ/dOhuNYwrBk7eBQhEysG4ntSwS2SSHz6MtontByXrwID ++AQABo1MwUTAdBgNVHQ4EFgQUxI824pwToV5GVFz4Mol5qRPJoOkwHwYDVR0jBBgw ++FoAUxI824pwToV5GVFz4Mol5qRPJoOkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG ++9w0BAQsFAAOCAQMAADawHyUjkBDBEjf9ITGSbdWhhPFAZ5R1YNxVY7gERFNIqm2/ ++K2C0Dj8L3eYr7dyGSafQfOaMZRHaDDx/LiIrrrGGfcDMoBLdCPNNp04etRIe6w+y ++pSM3ebJm2RW415L8YrirXVO+cUEWvLZcotvszLgE4hzt+mFosmIy5U3/MQU7RyiW ++LS066Nw2IXyisb2kKiwEqw+iC4eWvj6DWnjgHqZJ6/0zuV9RjJXDFEq5YvV6E13I ++2OnvDaoq9FRadXHJmqdlSbpzuLMY4JOftXOTps1kfejMun303HUfzf7+LiA1bOf4 ++UGt6LgzbOG72WRDQMKlhXNZcthNWtqU8ZCD0KQgP + -----END CERTIFICATE----- +diff --git a/utils/certificates/cacertecc.pem b/utils/certificates/cacertecc.pem +index a47eb31c..cfa802e4 100644 +--- a/utils/certificates/cacertecc.pem ++++ b/utils/certificates/cacertecc.pem +@@ -1,13 +1,13 @@ + -----BEGIN CERTIFICATE----- +-MIIB4zCCAYmgAwIBAgIJALX8+MVL3dXPMAoGCCqGSM49BAMCME4xCzAJBgNVBAYT +-AlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lC +-TTERMA8GA1UEAwwIRUsgRUMgQ0EwHhcNMTcwMTEzMjAzOTE2WhcNMjcwMTExMjAz +-OTE2WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 +-b3duMQwwCgYDVQQKDANJQk0xETAPBgNVBAMMCEVLIEVDIENBMFkwEwYHKoZIzj0C +-AQYIKoZIzj0DAQcDQgAEahnfxuCQ+NsMcDIe8GZxIiFSX65CXICk6zc3NLRPbPvq +-ToRdIanaP14TT6eu76FkNDzbtsY6PSMgVNTeAAnfGqNQME4wHQYDVR0OBBYEFAFk +-p5Lu8Z+laxVYak8/WHhLsG+lMB8GA1UdIwQYMBaAFAFkp5Lu8Z+laxVYak8/WHhL +-sG+lMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ9GClH24Y9NPpKdh +-3HTwudrjYPYyjK8o5HQ9c8Xc9ecCIQD0NgIj1iUvkEzgNoXS7UP1RD0MpKdzywqM +-5RyP15ckRA== ++MIIB8TCCAZegAwIBAgIUNMOdoYR8km3U06frlHaKH3I94pIwCgYIKoZIzj0EAwIw ++TjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhZb3JrdG93bjEM ++MAoGA1UECgwDSUJNMREwDwYDVQQDDAhFSyBFQyBDQTAeFw0yNDEwMjMxNTAwMjFa ++Fw00NDEwMTgxNTAwMjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8G ++A1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lCTTERMA8GA1UEAwwIRUsgRUMgQ0Ew ++WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqGd/G4JD42wxwMh7wZnEiIVJfrkJc ++gKTrNzc0tE9s++pOhF0hqdo/XhNPp67voWQ0PNu2xjo9IyBU1N4ACd8ao1MwUTAd ++BgNVHQ4EFgQUAWSnku7xn6VrFVhqTz9YeEuwb6UwHwYDVR0jBBgwFoAUAWSnku7x ++n6VrFVhqTz9YeEuwb6UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBF ++AiEAhLQDUXzw9zBXSgAM1PHdhKT9AcVN6DIOpZhniHwXnnQCIAM5Uzc7DrUpuWUM ++aXcP5Jnwafl78umJOocN/R72zWqt + -----END CERTIFICATE----- diff --git a/ibmtss-2.4.0.tar.gz b/ibmtss-2.4.0.tar.gz new file mode 100644 index 0000000..5be3dea --- /dev/null +++ b/ibmtss-2.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a0fde390a37ff5ba89bb7a3a5b6ca1f02d4ba330cb513347073959bf6feae836 +size 1403167 diff --git a/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch b/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch new file mode 100644 index 0000000..50ebbc3 --- /dev/null +++ b/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch @@ -0,0 +1,30 @@ +From 6d5c05a167d847ac21315aa4a1c171715cd816af Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 17 Aug 2020 18:21:51 +0200 +Subject: [PATCH] configure.ac: Do not override optimization for debug build. + +-O0 conflicts with FORTIFY_SOURCE and generates completely different +assembly for debug and production. If user passes in C flags let them +override the suggested -O0. + +Signed-off-by: Michal Suchanek +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 30e9254b339a..883c4bb84efa 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -67,7 +67,7 @@ AC_CHECK_FUNCS([gethostbyname memmove memset socket strerror strtoul]) + # Replace autotools default optimization + AC_ARG_ENABLE(debug, + AS_HELP_STRING([--enable-debug], [Build a TSS library used for debugging])) +- AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -O0"]) ++ AS_IF([test "$enable_debug" = "yes"], [CFLAGS="-O0 -g -ggdb $USER_CFLAGS -Wextra -Werror"]) + + # Linux requires -DTPM_POSIX + case $host_os in +-- +2.46.1 + diff --git a/ibmtss.changes b/ibmtss.changes new file mode 100644 index 0000000..60348c5 --- /dev/null +++ b/ibmtss.changes @@ -0,0 +1,192 @@ +------------------------------------------------------------------- +Tue Dec 3 07:26:17 UTC 2024 - Bernhard Wiedemann + +- Add ibmtss-2.4.0-fix-FTBFS-2026.patch to fix tests after 2026 (boo#1102840) + +------------------------------------------------------------------- +Mon Oct 21 09:23:53 UTC 2024 - Michal Suchanek + +- Update to 2.4.0: + * Add support for EK intermediate certificates + * Support different IMA log digest algorithms + * add regtest + * html documentation +- Refresh ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch +- tss-Commit-changelog-and-autotools-version-update.patch +- utils-Update-.so-version-to-2.4.patch + +------------------------------------------------------------------- +Thu Nov 30 14:36:22 UTC 2023 - Pedro Monreal + +- Update to 2.1.1: + * Add man page for tpmproxy. +- Update to 2.1.0: + * Parse new IMA event log template data fields. + * Add option to verify IMA template data + * Correct minor regression test script typos. +- Update to 2.0.0 + * Expand TPMU_SENSITIVE_COMPOSITE to handle HW TPMs that return 5 + RSA primes. This is an ABI (not API) break. + * Add support for TPM2_ECC_Encrypt and TPM2_ECC_Decrypt + * Add more EFI event log handlers and event tracing. + * SW TPM test CA now uses SHA-256, not the deprecated SHA-1. + * Port tpmproxy for TPM 2.0 to Linux and Windows. + * Add many new EK root certificates. + * Remove OpenSSL functions deprecated in 3.x. + * Fix TSS bug when using encrypt and decrypt in a PWAP session. + * Add build flag to suppress SHA-1. +- Remove patches fixed upstream: + * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch + * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch + * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch + * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch + * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch + * ibmtss-openssl3-deprecation.patch + +------------------------------------------------------------------- +Wed Nov 9 13:33:51 UTC 2022 - Pedro Monreal + +- Build with OpenSSL 3.0 deprecated functions until fixed upstream +in the next version update [bsc#1205042] + * ibmtss-openssl3-deprecation.patch +- Add upstream patches to fix build with OpenSSL 3.0 + * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch + * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch + * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch + * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch + * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch + +------------------------------------------------------------------- +Thu Nov 25 11:48:53 UTC 2021 - Michal Suchanek + +- Fix certificate list, run all tests. + +------------------------------------------------------------------- +Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel + +- Update to upstream version 1.6.0 (jsc#SLE-18268). +- Drop patches from this release + - ibmtss-certifyx509-Fix-uninitialized-variable.patch + - ibmtss-fix-dsa-regression.patch + +------------------------------------------------------------------- +Thu Oct 1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez + +- Regression fix: + * utils: fix ABI break caused by additional argument to -rsa + * https://sourceforge.net/p/ibmtpm20tss/mailman/message/37119441/ +- Add ibmtss-fix-dsa-regression.patch + +------------------------------------------------------------------- +Mon Aug 17 14:38:12 UTC 2020 - Michal Suchanek + +- Update to upstream version 1.5.0 (jsc#SLE-13828). +- Fix build warning due to -O0 + + ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch +- Fix uninitialized variable warning + + ibmtss-certifyx509-Fix-uninitialized-variable.patch + +------------------------------------------------------------------- +Fri Mar 27 13:19:08 UTC 2020 - Dominique Leuenberger + +- Don't mess with Epoch: in the long run it can't but cause + problems. Upstreams that don't understand the meaning of version + numbers can't be helped with Epoch. Let's rely on the distro + features for dist-upgrade (that has no problem with a 'version + downgrade'. + +------------------------------------------------------------------- +Mon Mar 23 20:10:11 UTC 2020 - Michal Suchanek + +- Fix dependencies for epoch, remove useless define. + +------------------------------------------------------------------- +Fri Jan 31 11:53:40 UTC 2020 - Michal Suchanek + +- Update to upstream version 1.3.0 +- copy tpm device permission handling udev rule from tpm2-0-tss +- depend on user(tss) (boo#1162360). + +------------------------------------------------------------------- +Sat Aug 24 04:36:04 UTC 2019 - Jan Engelhardt + +- Disable static libs (standard openSUSE behavior) + +------------------------------------------------------------------- +Wed Aug 14 08:21:58 UTC 2019 - Michal Suchanek + +- Remove installed .cvsignore file +- Don't create already created directory + +------------------------------------------------------------------- +Fri Aug 9 15:52:02 UTC 2019 - Michal Suchanek + +- Don't install duplicate headers + +------------------------------------------------------------------- +Mon Jul 8 09:59:35 UTC 2019 - Michal Suchanek + +- Remove .la files + +------------------------------------------------------------------- +Thu Jul 4 16:51:35 UTC 2019 - Michal Suchanek + +- Update to v1047 (FATE#327307, jsc#SLE-6593, jsc#SLE-9179). + - now supports autotools + - supports library versioning + - installs tools with program prefx + - remove binary tool wrapper + - remove makefile.patch + +------------------------------------------------------------------- +Tue May 22 10:18:35 UTC 2018 - msuchanek@suse.com + +- Add post/postun ldconfig call + +------------------------------------------------------------------- +Fri May 18 21:55:16 UTC 2018 - jengelh@inai.de + +- Fix RPM groups + +------------------------------------------------------------------- +Thu May 17 13:12:22 UTC 2018 - msuchanek@suse.com + +- Split off library, spec-clean (bsc#1093612) + +------------------------------------------------------------------- +Thu Jan 18 08:34:51 UTC 2018 - msuchanek@suse.com + +- Enable test on BE + +------------------------------------------------------------------- +Wed Nov 8 15:35:53 UTC 2017 - msuchanek@suse.com + +- Update to upstream version 1045 - works with OpenSSL 1.1 (bsc#1066914) + +------------------------------------------------------------------- +Thu Mar 2 12:28:23 UTC 2017 - msuchanek@suse.com + +- fix description of -devel package + +------------------------------------------------------------------- +Wed Mar 1 17:06:55 UTC 2017 - meissner@suse.com + +- update to v755 (FATE#321601) + - This is the version prefered by IBM. + +------------------------------------------------------------------- +Wed Feb 8 09:33:13 UTC 2017 - jengelh@inai.de + +- Wrap description and spell out TSS. +- Move package description up before any build recipes, + this is the more usual layout. +- Drop unusable "return" command; %build already executes with + sh -e. + +------------------------------------------------------------------- +Fri Jan 27 11:44:04 UTC 2017 - msuchanek@suse.com + +- Import v713 (FATE#321601) +- Move to libdir and add wrapper script. +- repack source without makefile-beam which has incompatible + license and is not used in build anyway diff --git a/ibmtss.spec b/ibmtss.spec new file mode 100644 index 0000000..fbe6c75 --- /dev/null +++ b/ibmtss.spec @@ -0,0 +1,130 @@ +# +# spec file for package ibmtss +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libversion 2 +%define libname libibmtss +%define libpkgname %{libname}%{libversion} + +Name: ibmtss +Version: 2.4.0 +Release: 0 +Summary: IBM's TPM 2.0 TSS +License: BSD-3-Clause +Group: Productivity/Security +URL: https://github.com/kgoldman/ibmtss +Source: https://github.com/kgoldman/ibmtss/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: 90-tpm-ibmtss.rules +Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch +Patch2: tss-Commit-changelog-and-autotools-version-update.patch +Patch3: utils-Update-.so-version-to-2.4.patch +Patch4: ibmtss-2.4.0-fix-FTBFS-2026.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: ibmswtpm2 +BuildRequires: libopenssl-devel +BuildRequires: libtool + +%description +This is a user space TCG Software Stack (TSS) for TPM 2.0. It +implements the functionality equivalent to the TCG TSS working +group's planned ESAPI, SAPI, and TCTI APIs. + +It comes with over 100 "TPM tools" that can be used for scripted +apps, rapid prototyping, education, and debugging. + +%package -n %{libpkgname} +Summary: Shared library for IBM's TPM 2.0 TSS +Group: System/Libraries +Recommends: %{name}-base = %{version} + +%description -n %{libpkgname} +Shared library for IBM's TPM 2.0 TSS tools + +%package base +Summary: IBM's TPM 2.0 TSS shared files +Group: Productivity/Security +BuildArch: noarch +Requires(post): user(tss) + +%description base +Includes IBM's TPM 2.0 TSS certificates and policy files. + +%package devel +Summary: IBM's TPM 2.0 TSS headers +Group: Development/Libraries/C and C++ +Requires: %{libpkgname} = %{version} +Requires: %{name} = %{version} + +%description devel +Includes IBM's TPM 2.0 TSS C header files + +%prep +%autosetup -p1 + +%build +autoreconf -ifv +%configure --enable-debug --disable-static +cd utils +sed -i -e "s|/home/kgold/tss2/utils|$PWD|" certificates/rootcerts.txt +%{_libexecdir}/%{name}/tpm_server & tpm_server="$!" +export CCFLAGS="%{optflags}" +export LNAFLAGS="-Wl,-rpath,%{_libdir}" +%{make_build} +testfailed=0 +TPM_INTERFACE_TYPE=socsim LD_LIBRARY_PATH=.libs ./reg.sh -a || testfailed=$? +kill "$tpm_server" || : +[ "$testfailed" -eq 0 ] +sed -i -e "s|$PWD|%{_datadir}/%{name}|" certificates/rootcerts.txt + +%install +install -m 644 -D -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE1} +cd utils +%make_install + +mkdir -p %{buildroot}/%{_datadir}/%{name} +cp -a policies certificates %{buildroot}/%{_datadir}/%{name} + +find %{buildroot} -type f -name "*.la" -delete -print +find %{buildroot} -name .cvsignore | xargs rm -v + +%post base +%_bindir/udevadm trigger -s tpm -s tpmrm || : +%post -n %{libpkgname} -p /sbin/ldconfig +%postun -n %{libpkgname} -p /sbin/ldconfig + +%files +%license LICENSE +%doc ibmtss.html ibmtss.docx README +%{_bindir}/tss* +%{_mandir}/man1/tss*.1%{?ext_man} + +%files -n %{libpkgname} +%{_libdir}/%{libname}*.so.%{version} +%{_libdir}/%{libname}*.so.%{libversion} + +%files base +%license LICENSE +%{_datadir}/%{name} +%{_prefix}/lib/udev/rules.d/* + +%files devel +%license LICENSE +%{_includedir}/%{name} +%{_libdir}/%{libname}*.so + +%changelog diff --git a/ibmtss2.1.1.tar.gz b/ibmtss2.1.1.tar.gz new file mode 100644 index 0000000..8af467d --- /dev/null +++ b/ibmtss2.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02d5e8686eb6742803e1521681ff377ca08ebec5a956f800fbc4fb13bc9658bd +size 1269381 diff --git a/tss-Commit-changelog-and-autotools-version-update.patch b/tss-Commit-changelog-and-autotools-version-update.patch new file mode 100644 index 0000000..2830733 --- /dev/null +++ b/tss-Commit-changelog-and-autotools-version-update.patch @@ -0,0 +1,69 @@ +From 851bdd1ba8f5bda7f739161ec8db27f3df383751 Mon Sep 17 00:00:00 2001 +From: Ken Goldman +Date: Mon, 14 Oct 2024 14:05:24 -0400 +Subject: [PATCH] tss: Commit changelog and autotools version update + +Signed-off-by: Ken Goldman +--- + ChangeLog | 12 ++++++++++++ + configure.ac | 6 +++--- + tss2.spec | 2 +- + 3 files changed, 16 insertions(+), 4 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index b2433926fa3e..024eda389b88 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,15 @@ ++---------------- ++Changes in 2.4.0 ++---------------- ++ ++Add support for SHA-256, SHA-384, and SHA-512 IMA event logs. Add ++local command line support and update the API to support ++attestation. Add known value test to event regression tests. Change ++the -ty switch to -ealg for event log angorithms. ++ ++Add support for EK intermediate certificates in the IWG standard ++locations. ++ + ---------------- + Changes in 2.3 1 + ---------------- +diff --git a/configure.ac b/configure.ac +index 081bc19528e0..30e9254b339a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3,13 +3,13 @@ + + # Set package release version" + # After committing set git tag version. +-AC_INIT(ibmtss, 2.3.1, kgold@linux.ibm.com) ++AC_INIT(ibmtss, 2.4.0, kgold@linux.ibm.com) + AC_PREREQ([2.63]) + + # Convert major.minor.micro to libtool versioning (current-revision-age) + TSSLIB_VER_MAJOR=2 +-TSSLIB_VER_MINOR=3 +-TSSLIB_VER_MICRO=1 ++TSSLIB_VER_MINOR=4 ++TSSLIB_VER_MICRO=0 + TSSLIB_VERSION_INFO=`expr $TSSLIB_VER_MAJOR + $TSSLIB_VER_MINOR`:$TSSLIB_VER_MICRO:$TSSLIB_VER_MINOR + AC_SUBST([TSSLIB_VERSION_INFO], [$TSSLIB_VERSION_INFO]) + +diff --git a/tss2.spec b/tss2.spec +index e32583d69b11..68c2047f96f5 100644 +--- a/tss2.spec ++++ b/tss2.spec +@@ -7,7 +7,7 @@ + + Name: tss2 + # this is the release of the TSS library +-Version: 2.3.2 ++Version: 2.4.0 + # this is the release of the fedora package, goes back to 1 when version changes + Release: 1%{?dist} + Epoch: 1 +-- +2.46.1 + diff --git a/utils-Update-.so-version-to-2.4.patch b/utils-Update-.so-version-to-2.4.patch new file mode 100644 index 0000000..e571b4d --- /dev/null +++ b/utils-Update-.so-version-to-2.4.patch @@ -0,0 +1,104 @@ +From 7cd742915823c0e18439c207018292c46deef513 Mon Sep 17 00:00:00 2001 +From: Ken Goldman +Date: Thu, 17 Oct 2024 16:41:36 -0400 +Subject: [PATCH] utils: Update .so version to 2.4 + +Signed-off-by: Ken Goldman +--- + utils/makefile.nofile | 4 ++-- + utils/makefiletpm12 | 4 ++-- + utils/makefiletpm20 | 4 ++-- + utils/makefiletpmc | 4 ++-- + 4 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/utils/makefile.nofile b/utils/makefile.nofile +index 860ab6f019db..f67581cd9f8b 100644 +--- a/utils/makefile.nofile ++++ b/utils/makefile.nofile +@@ -90,7 +90,7 @@ LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. + LNALIBS += -libmtssutils -libmtssmin + + # versioned shared library +-LIBTSSVERSIONED=libibmtssmin.so.2.1 ++LIBTSSVERSIONED=libibmtssmin.so.2.4 + + # soname field of the shared library + # which will be made symbolic link to the versioned shared library +@@ -109,7 +109,7 @@ endif + + # TSS utilities shared library + +-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.1 ++LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 + LIBTSSUTILSSONAME=libibmtssutils.so.2 + LIBTSSUTILS=libibmtssutils.so + +diff --git a/utils/makefiletpm12 b/utils/makefiletpm12 +index 9a115cbd3003..cae10cbec301 100644 +--- a/utils/makefiletpm12 ++++ b/utils/makefiletpm12 +@@ -103,7 +103,7 @@ LNALIBS += -libmtss + # shared library + + # versioned shared library +-LIBTSSVERSIONED=libibmtss.so.2.1 ++LIBTSSVERSIONED=libibmtss.so.2.4 + + # soname field of the shared library + # which will be made symbolic link to the versioned shared library +@@ -122,7 +122,7 @@ endif + + # TSS utilities shared library + +-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.1 ++LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 + LIBTSSUTILSSONAME=libibmtssutils.so.2 + LIBTSSUTILS=libibmtssutils.so + +diff --git a/utils/makefiletpm20 b/utils/makefiletpm20 +index f6e55a9e822f..88e9343b76e8 100644 +--- a/utils/makefiletpm20 ++++ b/utils/makefiletpm20 +@@ -140,7 +140,7 @@ LNALIBS += -libmtssutils -libmtss + # shared library + + # versioned shared library +-LIBTSSVERSIONED=libibmtss.so.2.3 ++LIBTSSVERSIONED=libibmtss.so.2.4 + + # soname field of the shared library + # which will be made symbolic link to the versioned shared library +@@ -159,7 +159,7 @@ endif + + # TSS utilities shared library + +-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.3 ++LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 + LIBTSSUTILSSONAME=libibmtssutils.so.2 + LIBTSSUTILS=libibmtssutils.so + +diff --git a/utils/makefiletpmc b/utils/makefiletpmc +index d2558f33b16b..00748b174bd4 100644 +--- a/utils/makefiletpmc ++++ b/utils/makefiletpmc +@@ -108,7 +108,7 @@ LNALIBS += -libmtssutils -libmtss + # shared library + + # versioned shared library +-LIBTSSVERSIONED=libibmtss.so.2.3 ++LIBTSSVERSIONED=libibmtss.so.2.4 + + # soname field of the shared library + # which will be made symbolic link to the versioned shared library +@@ -127,7 +127,7 @@ endif + + # TSS utilities shared library + +-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.3 ++LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 + LIBTSSUTILSSONAME=libibmtssutils.so.2 + LIBTSSUTILS=libibmtssutils.so + +-- +2.46.1 +