Accepting request 841653 from home:kailiu:branches:security
- Update Requires and BuildRequires for changes since 0.4.0. - Remove patch files that are no longer needed: * swtpm-adjust-seccomp-path.patch * swtpm-setup-tcsd-path.patch * swtpm-tpm-tools-path.patch - Update to version 0.5.0 OBS-URL: https://build.opensuse.org/request/show/841653 OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=7
This commit is contained in:
parent
20862cca74
commit
95cbe02092
@ -1,33 +0,0 @@
|
||||
From 8a3e012e509efcc3a7d8fb4b73ecf761577c0cf2 Mon Sep 17 00:00:00 2001
|
||||
From: Gary Lin <glin@suse.com>
|
||||
Date: Tue, 16 Jul 2019 17:03:26 +0800
|
||||
Subject: [PATCH] Adjust seccomp.h path
|
||||
|
||||
Signed-off-by: Gary Lin <glin@suse.com>
|
||||
---
|
||||
src/swtpm/swtpm.c | 2 +-
|
||||
src/swtpm/swtpm_chardev.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: swtpm-0.2.0/src/swtpm/Makefile.am
|
||||
===================================================================
|
||||
--- swtpm-0.2.0.orig/src/swtpm/Makefile.am
|
||||
+++ swtpm-0.2.0/src/swtpm/Makefile.am
|
||||
@@ -94,6 +94,7 @@ swtpm_CFLAGS = \
|
||||
$(HARDENING_CFLAGS) \
|
||||
$(GLIB_CFLAGS) \
|
||||
$(LIBFUSE_CFLAGS) \
|
||||
+ $(LIBSECCOMP_CFLAGS) \
|
||||
-DHAVE_SWTPM_CUSE_MAIN
|
||||
|
||||
swtpm_LDADD = \
|
||||
@@ -101,7 +102,8 @@ swtpm_LDADD = \
|
||||
$(LIBFUSE_LIBS) \
|
||||
$(GLIB_LIBS) \
|
||||
$(GTHREAD_LIBS) \
|
||||
- $(LIBTPMS_LIBS)
|
||||
+ $(LIBTPMS_LIBS) \
|
||||
+ $(LIBSECCOMP_LIBS)
|
||||
|
||||
swtpm_cuse_DEPENDENCIES = $(privlib_LTLIBRARIES)
|
||||
|
@ -1,13 +0,0 @@
|
||||
Index: swtpm-0.3.1/src/swtpm_setup/swtpm_setup.sh.in
|
||||
===================================================================
|
||||
--- swtpm-0.3.1.orig/src/swtpm_setup/swtpm_setup.sh.in
|
||||
+++ swtpm-0.3.1/src/swtpm_setup/swtpm_setup.sh.in
|
||||
@@ -2296,7 +2296,7 @@ main()
|
||||
fi
|
||||
|
||||
if [ $((flags & SETUP_TPM2_F)) -eq 0 ]; then
|
||||
- TCSD=$(type -P tcsd)
|
||||
+ TCSD=$(type -P /usr/sbin/tcsd)
|
||||
if [ -z "$TCSD" ]; then
|
||||
logerr "tcsd program not found. (PATH=$PATH)"
|
||||
exit 1
|
@ -1,13 +0,0 @@
|
||||
Index: swtpm-0.1.0-tpm2/configure.ac
|
||||
===================================================================
|
||||
--- swtpm-0.1.0-tpm2.orig/configure.ac
|
||||
+++ swtpm-0.1.0-tpm2/configure.ac
|
||||
@@ -160,7 +160,7 @@ AC_SUBST([LIBTPMS_LIBS])
|
||||
AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
|
||||
AC_SUBST([LIBRT_LIBS])
|
||||
|
||||
-AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine)
|
||||
+AC_PATH_PROG([TPM_NVDEFINE], tpm_nvdefine, path = '/usr/sbin/')
|
||||
if test "x$TPM_NVDEFINE" = "x"; then
|
||||
have_tcsd=no
|
||||
AC_MSG_WARN([NVRAM area tools are needed for TPM 1.2 certificate injection: tpm-tools package])
|
@ -1,3 +1,69 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 13 14:57:25 UTC 2020 - Kai Liu <kai.liu@suse.com>
|
||||
|
||||
- Update Requires and BuildRequires for changes since 0.4.0.
|
||||
|
||||
- Remove patch files that are no longer needed:
|
||||
* swtpm-adjust-seccomp-path.patch
|
||||
* swtpm-setup-tcsd-path.patch
|
||||
* swtpm-tpm-tools-path.patch
|
||||
|
||||
- Update to version 0.5.0
|
||||
* swtpm:
|
||||
- Write files atomically using a temp file and then renaming
|
||||
* swtpm_setup:
|
||||
- Removed remaining 'c' wrapper program
|
||||
- Do not truncate logfile when testing write-access (regression)
|
||||
- Remove TPM state file in case error occurred
|
||||
* swtpm-localca:
|
||||
- Rewrite in python
|
||||
- Allow passing pkcs11 PIN using signingkey_password
|
||||
- Allow passing environment variables needed for pkcs11 modules using
|
||||
swtpm-localca.conf and format 'env:VARNAME=VALUE'.
|
||||
* build-sys:
|
||||
- Add python-install and python-uninstall targets
|
||||
- Add configure option to disable installation of Python module
|
||||
- Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
|
||||
- Use AC_LINK_IFELSE to check whether support for hardening flags
|
||||
|
||||
- Changes from version 0.4.1
|
||||
* swtpm_setup:
|
||||
- Do not hardcode '/etc' but use SYSCONFDIR
|
||||
- Fix support for -h and -? options
|
||||
- Add missing .config path when using ${HOME}
|
||||
* swtpm-localca:
|
||||
- Apply password for signing key when creating platform cert
|
||||
- Properly apply passwords for localca signing key
|
||||
|
||||
- Changes from version 0.4.0
|
||||
* swtpm:
|
||||
- Invoke print capabilities after choosing TPM version
|
||||
- Add some recent syscalls to seccomp blacklist
|
||||
* swtpm_cert:
|
||||
- Support --ecc-curveid option to pass curve id
|
||||
* swtpm_setup & related scripts:
|
||||
- Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
|
||||
and TPM tools anymore; new dependencies:
|
||||
- python3: pip, cryptography, setuptools
|
||||
dropped dependencies for swtpm_setup:
|
||||
- tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
|
||||
- Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
|
||||
ECC NIST P384 curve; default RSA key size is still 2048
|
||||
- Added support for --rsa-keysize option
|
||||
- Extend script to create a CA using a TPM 2 for signing
|
||||
* tests:
|
||||
- Use the IBM TSS2 v1.5.0's test suite
|
||||
- Add test case for loading of an NVRAM completely full with keys
|
||||
- Have softhsm_setup use temporary directory for softhsm config & state
|
||||
- various other improvements
|
||||
* man pages:
|
||||
- Improvements
|
||||
* build-sys:
|
||||
- clang: properly test for linker flag 'now' and 'relro'
|
||||
- Gentoo: explicitly link libswtpm_libtpms with -lcrypto
|
||||
- Ownership of /var/lib/swtpm-localca is now tss:root and
|
||||
mode flags 0750.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 13 01:37:06 UTC 2020 - Kai Liu <kai.liu@suse.com>
|
||||
|
||||
|
21
swtpm.spec
21
swtpm.spec
@ -16,16 +16,13 @@
|
||||
#
|
||||
|
||||
Name: swtpm
|
||||
Version: 0.3.4
|
||||
Version: 0.5.0
|
||||
Release: 0
|
||||
Summary: Software TPM emulator
|
||||
License: BSD-3-Clause
|
||||
Group: System/Base
|
||||
Url: https://github.com/stefanberger/swtpm
|
||||
Source: https://github.com/stefanberger/swtpm/archive/v%{version}.tar.gz
|
||||
Patch1: swtpm-tpm-tools-path.patch
|
||||
Patch2: swtpm-setup-tcsd-path.patch
|
||||
Patch3: swtpm-adjust-seccomp-path.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: expect
|
||||
@ -38,17 +35,16 @@ BuildRequires: libopenssl-devel
|
||||
BuildRequires: libseccomp-devel
|
||||
BuildRequires: libtasn1-devel
|
||||
BuildRequires: libtpms-devel
|
||||
BuildRequires: python3-Twisted
|
||||
BuildRequires: python3-cryptography
|
||||
BuildRequires: socat
|
||||
BuildRequires: tpm-tools
|
||||
%if 0%{?suse_version} >= 1500
|
||||
BuildRequires: net-tools-deprecated
|
||||
%endif
|
||||
Requires: tpm-tools
|
||||
Requires: trousers
|
||||
%if 0%{?suse_version} >= 1500
|
||||
Requires: net-tools-deprecated
|
||||
%endif
|
||||
Requires: python3-cryptography
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -71,9 +67,6 @@ The development files for SWTPM
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
@ -97,6 +90,14 @@ make %{?_smp_mflags}
|
||||
%dir %{_libdir}/swtpm
|
||||
%{_libdir}/swtpm/*.so.*
|
||||
%{_mandir}/man8/swtpm*
|
||||
%dir %{python_sitelib}/py_swtpm_localca
|
||||
%dir %{python_sitelib}/py_swtpm_setup
|
||||
%pycache_only %{python_sitelib}/py_swtpm_localca/__pycache__
|
||||
%pycache_only %{python_sitelib}/py_swtpm_setup/__pycache__
|
||||
%{python_sitelib}/py_swtpm_localca/*.py
|
||||
%{python_sitelib}/py_swtpm_setup/*.py
|
||||
%{python_sitelib}/swtpm_localca*
|
||||
%{python_sitelib}/swtpm_setup*
|
||||
|
||||
%files devel
|
||||
%{_libdir}/swtpm/*.so
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:923ff1c317fc90681ebcfdec5f723ec9ea6a7972269eefc7f9bd0214466df137
|
||||
size 310183
|
3
v0.5.0.tar.gz
Normal file
3
v0.5.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:55d93fc3ba6643b1ca1d11018f86b917cd36a7e57bfe103614aed0a0c0360a0f
|
||||
size 309011
|
Loading…
Reference in New Issue
Block a user