Accepting request 754264 from home:gary_lin:swtpm

swtpm is a Libtpms-based TPM emulator and useful to testing tpm functions in qemu.

OBS-URL: https://build.opensuse.org/request/show/754264
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

swtpm-adjust-seccomp-path.patch

@@ -0,0 +1,40 @@
+From 8a3e012e509efcc3a7d8fb4b73ecf761577c0cf2 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Tue, 16 Jul 2019 17:03:26 +0800
+Subject: [PATCH] Adjust seccomp.h path
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ src/swtpm/swtpm.c         | 2 +-
+ src/swtpm/swtpm_chardev.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c
+index 3ecbb7b..7f1010f 100644
+--- a/src/swtpm/swtpm.c
++++ b/src/swtpm/swtpm.c
+@@ -51,7 +51,7 @@
+ #include <sys/socket.h>
+ 
+ #ifdef WITH_SECCOMP
+-# include <seccomp.h>
++# include <libseccomp/seccomp.h>
+ #endif
+ 
+ #include <libtpms/tpm_error.h>
+diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c
+index 6278621..c3d0a9f 100644
+--- a/src/swtpm/swtpm_chardev.c
++++ b/src/swtpm/swtpm_chardev.c
+@@ -51,7 +51,7 @@
+ #include <sys/ioctl.h>
+ 
+ #ifdef WITH_SECCOMP
+-# include <seccomp.h>
++# include <libseccomp/seccomp.h>
+ #endif
+ 
+ #include <libtpms/tpm_error.h>
+-- 
+2.22.0
+

swtpm-setup-tcsd-path.patch

@@ -0,0 +1,13 @@
+Index: swtpm-0.1.0-tpm2/src/swtpm_setup/swtpm_setup.sh.in
+===================================================================
+--- swtpm-0.1.0-tpm2.orig/src/swtpm_setup/swtpm_setup.sh.in
++++ swtpm-0.1.0-tpm2/src/swtpm_setup/swtpm_setup.sh.in
+@@ -2171,7 +2171,7 @@ main()
+ 	fi
+ 
+ 	if [ $((flags & SETUP_TPM2_F)) -eq 0 ]; then
+-		TCSD=`type -P tcsd`
++		TCSD=`type -P /usr/sbin/tcsd`
+ 		if [ -z "$TCSD" ]; then
+ 			logerr "tcsd program not found. (PATH=$PATH)"
+ 			exit 1

swtpm-tpm-tools-path.patch

@@ -0,0 +1,13 @@
+Index: swtpm-0.1.0-tpm2/configure.ac
+===================================================================
+--- swtpm-0.1.0-tpm2.orig/configure.ac
++++ swtpm-0.1.0-tpm2/configure.ac
+@@ -160,7 +160,7 @@ AC_SUBST([LIBTPMS_LIBS])
+ AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
+ AC_SUBST([LIBRT_LIBS])
+ 
+-AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
++AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine, path = '/usr/sbin/')
+ if test "x$TPM_NVDEFINE" = "x"; then
+     have_tcsd=no
+     AC_MSG_WARN([NVRAM area tools are needed for TPM 1.2 certificate injection: tpm-tools package])

swtpm.changes

@@ -0,0 +1,21 @@
+-------------------------------------------------------------------
+Thu Sep  5 08:00:27 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Update to 0.2.0
+  +Linux: swtpm now runs with a seccomp profile (blacklist) if
+           compiled with libseccomp support
+  + Added subpport for passing key and passphrase via file
+    descriptor
+  + TPM 2 commands can now be prefixed by 'the TCG header' and
+    responses will have a 4-byte prefix and 4-byte suffix.
+  + Added --print-capabilities command line option
+  + Proper handling on EINTR on read, poll, and write
+- Patches to adjust the pathes
+  + swtpm-tpm-tools-path.patch
+  + swtpm-setup-tcsd-path.patch
+  + swtpm-adjust-seccomp-path.patch
+
+-------------------------------------------------------------------
+Tue May 15 08:37:16 UTC 2018 - glin@suse.com
+
+- Initial import: 0.1.0-dev2

swtpm.spec

@@ -0,0 +1,106 @@
+#
+# spec file for package swtpm
+#
+# Copyright (c) 2019 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+Name:           swtpm
+Version:        0.2.0
+Release:        0
+Summary:        Software TPM emulator
+License:        BSD-3-Clause
+Group:          System/Base
+Url:            https://github.com/stefanberger/swtpm
+Source:         https://github.com/stefanberger/swtpm/archive/v%{version}.tar.gz
+Patch1:         swtpm-tpm-tools-path.patch
+Patch2:         swtpm-setup-tcsd-path.patch
+Patch3:         swtpm-adjust-seccomp-path.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  expect
+BuildRequires:  libtool
+BuildRequires:  fuse-devel
+BuildRequires:  glib2-devel
+BuildRequires:  gnutls
+BuildRequires:  libgnutls-devel
+BuildRequires:  libopenssl-devel
+BuildRequires:  libseccomp-devel
+BuildRequires:  libtasn1-devel
+BuildRequires:  libtpms-devel
+BuildRequires:  python3-Twisted
+BuildRequires:  socat
+BuildRequires:  tpm-tools
+%if 0%{?suse_version} > 1500 
+BuildRequires:  net-tools-deprecated
+%endif
+Requires:       tpm-tools
+Requires:       trousers
+%if 0%{?suse_version} > 1500 
+Requires:       net-tools-deprecated
+%endif
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+The SWTPM package provides TPM emulators with different front-end interfaces
+to libtpms. TPM emulators provide socket interfaces (TCP/IP) and the Linux
+CUSE interface for the creation of multiple native /dev/vtpm* devices.
+Those can be the targets of multiple QEMU cuse-tpm instances.
+
+%package        devel
+Summary:        Development files for swtpm
+Group:          Development/Libraries/C and C++
+Requires:       %{name} = %{version}
+Requires:       glib2-devel
+Requires:       libtpms-devel
+Requires:       libopenssl-devel
+
+%description    devel
+The development files for SWTPM
+
+%prep
+%setup -q -n %{name}-%{version}
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+
+%build
+./autogen.sh
+%configure --with-openssl --disable-static
+make %{?_smp_mflags}
+
+%install
+%make_install
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%doc README LICENSE
+%{_bindir}/swtpm*
+%config %{_sysconfdir}/swtpm*
+%dir %{_datadir}/swtpm
+%{_datadir}/swtpm/*
+%dir %{_libdir}/swtpm
+%{_libdir}/swtpm/*.so.*
+%{_mandir}/man8/swtpm*
+
+%files devel
+%{_libdir}/swtpm/*.so
+%{_libdir}/swtpm/*.la
+%dir %{_includedir}/swtpm/
+%{_includedir}/swtpm/*
+%{_mandir}/man3/swtpm*
+
+%changelog

v0.2.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:977477e341f8b5db0820c8d3cc9946652ef8d7a93403c4dcf88667f9a84ae999
+size 297419