pool/tpm2-0-tss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 619787 from home:mgerstner:branches:security

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/619787
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=61
This commit is contained in:
Matthias Gerstner 2018-06-29 14:14:43 +00:00 committed by Git OBS Bridge
parent 4e5c3e863e
commit 20164b1bf7
6 changed files with 171 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
1.3.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:30603dc70815570c60cb9c33749f935d651256b4c659b4cca341982d45f4d4d3
size 268391

3
2.0.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7dfd05f7d2c4d5339d1c9ecbdba25f4ea6df70e96b09928e15e0560cce02d525
size 853744

3
baselibs.conf
View File

@ -1 +1,2 @@
libsapi0
libtss2-sys0
libtss2-esys0

58
tpm2-0-tss.changes
View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Fri Jun 29 10:55:58 UTC 2018 - matthias.gerstner@suse.com
- update to new major version 2.0.0:
- version_fix.patch: removed, we're now using the distribution tarballs
where this problem shouldn't happen
- this update introduces an incompatible ABI to the previous version.
all libraries have been renamed so there is not really a relation to
the old version any more.
- upstream changelog:
## [2.0.0] - 2018-06-20
### Added
- Implementation of the Marshal/Unmarshal library (libtss2-mu)
- Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
- New implemetation of the TPM Command Transmission Interface (TCTI) for:
- communication with Linux TPM2 device driver: libtss2-tcti-device
- communication with Microsoft software simulator: libtss2-tcti-mssim
- New directory layout (API break)
- Updated documentation with new doxygen and updated man pages
- Support for Windows build with Visual Studio and clang, currently limited
to libtss2-mu and libtss2-sys
- Implementation of the new Attached Component (AC) commands
- Implementation of the new TPM2_PolicyAuthorizeNV command
- Implementation of the new TPM2_CreateLoaded command
- Implementation of the new TPM2_PolicyTemplate command
- Addition of _Complete functions to all TPM commands
- New logging framework
- Added const qualifiers to API input pointers (API break)
- Cleaned up headers and remove implementation.h and tpm2.h (API break)
### Changed
- Converted all cpp files to c, removed dependency on C++ compiler.
- Cleaned out a number of marshaling functions from the SAPI code.
- Update Linux / Unix OS detection to use non-obsolete macros.
- Changed TCTI macros to CamelCase (API break)
- Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
- Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
- Fixed order of parameters in AC commands: Input command authorizations
now come after the input handles, but still before the command parameters.
### Removed
- Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
### Fixed
- Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
- Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
CANCEL_OFF before every command.
- Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
- Fixed wrong return type for Tss2_Sys_Finalize (API break).
## [1.4.0] - 2018-03-02
### Added
- Attached Component commands from the last public review spec.
### Fixed
- Essential files missing from release tarballs are now included.
- Version string generation has been moved from configure.ac to the
bootstrap script. It is now stored in a file named `VERSION` that is
shipped in the release tarball.
- We've stopped shipping the built man page for InitSocketTcti.3 and now
ship the source.
-------------------------------------------------------------------
Wed Mar 7 14:48:50 UTC 2018 - matthias.gerstner@suse.com

164
tpm2-0-tss.spec
View File

@ -17,7 +17,7 @@
Name: tpm2-0-tss
Version: 1.3.0
Version: 2.0.0
Release: 0
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
License: BSD-2-Clause
@ -25,11 +25,8 @@ Group: Productivity/Security
Url: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/archive/%{version}.tar.gz
Source2: baselibs.conf
Patch0: version_fix.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: libgcrypt-devel
BuildRequires: pkg-config
Requires(pre): pwdutils
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -44,95 +41,150 @@ utilities.
Summary: Development headers for the Intel TSS library for TPM 2.0 chips
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libsapi0 = %{version}
Requires: libtcti-device0 = %{version}
Requires: libtcti-socket0 = %{version}
Requires: libtss2-esys0 = %{version}
Requires: libtss2-mu0 = %{version}
Requires: libtss2-sys0 = %{version}
Requires: libtss2-tcti-device0 = %{version}
Requires: libtss2-tcti-mssim0 = %{version}
Requires: tpm2-0-tss = %{version}
%description devel
This package provides the development files for the libsapi library
for accessing TPM 2.0 chips.
%package -n libsapi0
Summary: TPM2 System API library
# Non-SLPP package name from earlier
Group: System/Libraries
Obsoletes: libtss2 < %version-%release
Provides: libtss2 = %version-%release
%description -n libsapi0
This package provides the library to access the TSS (TCG Software Stack) for
This package provides the development files for the tpm2 stack's libraries for
accessing TPM 2.0 chips.
%package -n libtcti-device0
Summary: TCTI library for communicating with a TPM device node
%package -n libtss2-esys0
Summary: TPM2 Enhanced System API (ESAPI)
Group: System/Libraries
%description -n libtcti-device0
TPM Command Transmission Interface library for communicating with a
TPM device node.
%description -n libtss2-esys0
This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the
TPM2 specification. Additionally there are asynchronous versions of each
command. In addition to SAPI, the ESAPI performs tracking of meta data for
TPM object and automatic calculation of session based authorization and
encryption values. Both the synchronous and asynchronous API are exposed
through this library.
%package -n libtcti-socket0
Summary: TCTI library for communicating with a TPM over a socket
%package -n libtss2-sys0
Summary: TPM2 System API (SAPI)
Group: System/Libraries
%description -n libtcti-socket0
%description -n libtss2-sys0
System API (SAPI) as described in the system level API and TPM command
transmission interface specification. This API is a 1-to-1 mapping of the TPM2
commands documented in Part 3 of the TPM2 specification. Additionally there
are asynchronous versions of each command. These asynchronous variants may be
useful for integration into event-driven programming environments. Both the
synchronous and asynchronous API are exposed through this library.
%package -n libtss2-mu0
Summary: TPM2 marshaling/unmarshaling library
Group: System/Libraries
%description -n libtss2-mu0
Marshaling/Unmarshaling (MU) as described in the TCG TSS 2.0
Marshaling/Unmarshaling API Specification. This API provides a set of
marshaling and unmarshaling functions for all data types defined by the TPM
library specification.
%package -n libtss2-tcti-device0
Summary: TCTI interface library for using a native TPM device node
Group: System/Libraries
%description -n libtss2-tcti-device0
TPM Command Transmission Interface library for communicating with a
TPM over a socket.
TPM device node. This provides direct access to the TPM through the Linux
kernel driver.
%package -n libtss2-tcti-mssim0
Summary: TCTI interface library for Microsoft software TPM2 simulator
Group: System/Libraries
%description -n libtss2-tcti-mssim0
TPM Command Transmission Interface library for communicating using the
protocol exposed by the Microsoft software TPM2 simulator.
%prep
%setup -q -n tpm2-tss-%{version}
# TODO: XX:
# this fixes the autoconf version number which is determined via git and
# doesn't work in OBS. The distribution tarball may fix this in the future for
# us. If we don'T do this then the pkg-config *.pc files don't contain a
# version number and dependent packages like tpm2.0-tools fail to build.
%pre
# the same user is employed by trousers (and was employed by the old
# resourcemgr shipped with the tpm2-0-tss package):
#
# the version number needs to be fixed with each version change!
%patch0 -p1
# trousers just needs those accounts for dropping privileges to. The service
# starts as root and uses set*id to drop to tss, after the tpm device has been
# opened.
#
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
# by the tss user. Therefore we also need to install a udev rule file.
#
# trousers was here first and created the user like this, also giving it a
# home in /var/lib/tpm. I don't think the home directory is used by any of
# both packages ATM. Trousers is keeping state there, but the directory is
# owned by root and files are opened before dropping privileges. The passwd
# entry seems not to be evaluated.
#
# so I guess we can share the account between the two packages for now.
%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss
%_bindir/getent passwd tss >/dev/null || \
%{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \
-d %{_localstatedir}/lib/tpm tss
%build
# we are still using the source tarball here. there is a release tarball for
# 1.3.0, but some files like README and CHANGELOG are missing there. The next
# release should work for us.
bash bootstrap
%configure --disable-static
%configure --disable-static --with-udevrulesdir=%{_udevrulesdir}
make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# rename the rules file to have a numbered prefix as all others have, too
%define udev_rule_file 90-tpm.rules
mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
%post -n libsapi0 -p /sbin/ldconfig
%postun -n libsapi0 -p /sbin/ldconfig
%post -n libtcti-device0 -p /sbin/ldconfig
%postun -n libtcti-device0 -p /sbin/ldconfig
%post -n libtcti-socket0 -p /sbin/ldconfig
%postun -n libtcti-socket0 -p /sbin/ldconfig
%post
%_bindir/udevadm trigger -s tpm || :
%post -n libtss2-esys0 -p /sbin/ldconfig
%postun -n libtss2-esys0 -p /sbin/ldconfig
%post -n libtss2-sys0 -p /sbin/ldconfig
%postun -n libtss2-sys0 -p /sbin/ldconfig
%post -n libtss2-tcti-device0 -p /sbin/ldconfig
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%post -n libtss2-mu0 -p /sbin/ldconfig
%postun -n libtss2-mu0 -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc *.md LICENSE
%{_mandir}/man3/*
%{_mandir}/man7/tcti-*
%{_mandir}/man7/tss2-*
%{_udevrulesdir}/%{udev_rule_file}
%files devel
%defattr(-,root,root)
%{_includedir}/tcti
%{_includedir}/sapi
%{_includedir}/tss2
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files -n libsapi0
%files -n libtss2-esys0
%defattr(-,root,root)
%{_libdir}/libsapi.so.*
%{_libdir}/libtss2-esys.so.*
%files -n libtcti-device0
%files -n libtss2-sys0
%defattr(-,root,root)
%{_libdir}/libtcti-device.so.*
%{_libdir}/libtss2-sys.so.*
%files -n libtcti-socket0
%files -n libtss2-mu0
%defattr(-,root,root)
%{_libdir}/libtcti-socket.so.*
%{_libdir}/libtss2-mu.so.*
%files -n libtss2-tcti-device0
%defattr(-,root,root)
%{_libdir}/libtss2-tcti-device.so.*
%files -n libtss2-tcti-mssim0
%defattr(-,root,root)
%{_libdir}/libtss2-tcti-mssim.so.*
%changelog

11
version_fix.patch
View File

@ -1,11 +0,0 @@
Index: tpm2-tss-1.3.0/configure.ac
===================================================================
--- tpm2-tss-1.3.0.orig/configure.ac
+++ tpm2-tss-1.3.0/configure.ac
@@ -1,5 +1,5 @@
AC_INIT([tpm2-tss],
- [m4_esyscmd_s([git describe --tags --always --dirty])])
+ [1.3.0])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_CC
AC_PROG_CXX