From 20164b1bf7150d120394e2d0a8a36e0444b19cdf58a959ae2f04021c753f0502 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Fri, 29 Jun 2018 14:14:43 +0000 Subject: [PATCH] Accepting request 619787 from home:mgerstner:branches:security OBS-URL: https://build.opensuse.org/request/show/619787 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=61 --- 1.3.0.tar.gz | 3 - 2.0.0.tar.gz | 3 + baselibs.conf | 3 +- tpm2-0-tss.changes | 58 ++++++++++++++++ tpm2-0-tss.spec | 164 +++++++++++++++++++++++++++++---------------- version_fix.patch | 11 --- 6 files changed, 171 insertions(+), 71 deletions(-) delete mode 100644 1.3.0.tar.gz create mode 100644 2.0.0.tar.gz delete mode 100644 version_fix.patch diff --git a/1.3.0.tar.gz b/1.3.0.tar.gz deleted file mode 100644 index bf7ecaf..0000000 --- a/1.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30603dc70815570c60cb9c33749f935d651256b4c659b4cca341982d45f4d4d3 -size 268391 diff --git a/2.0.0.tar.gz b/2.0.0.tar.gz new file mode 100644 index 0000000..3edf7da --- /dev/null +++ b/2.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7dfd05f7d2c4d5339d1c9ecbdba25f4ea6df70e96b09928e15e0560cce02d525 +size 853744 diff --git a/baselibs.conf b/baselibs.conf index f0e1bda..fa9d7a2 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1,2 @@ -libsapi0 +libtss2-sys0 +libtss2-esys0 diff --git a/tpm2-0-tss.changes b/tpm2-0-tss.changes index b92d324..67f40f0 100644 --- a/tpm2-0-tss.changes +++ b/tpm2-0-tss.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Fri Jun 29 10:55:58 UTC 2018 - matthias.gerstner@suse.com + +- update to new major version 2.0.0: + - version_fix.patch: removed, we're now using the distribution tarballs + where this problem shouldn't happen + - this update introduces an incompatible ABI to the previous version. + all libraries have been renamed so there is not really a relation to + the old version any more. + - upstream changelog: + ## [2.0.0] - 2018-06-20 + ### Added + - Implementation of the Marshal/Unmarshal library (libtss2-mu) + - Implementation of the Enhanced System API (libtss2-esys aka ESAPI) + - New implemetation of the TPM Command Transmission Interface (TCTI) for: + - communication with Linux TPM2 device driver: libtss2-tcti-device + - communication with Microsoft software simulator: libtss2-tcti-mssim + - New directory layout (API break) + - Updated documentation with new doxygen and updated man pages + - Support for Windows build with Visual Studio and clang, currently limited + to libtss2-mu and libtss2-sys + - Implementation of the new Attached Component (AC) commands + - Implementation of the new TPM2_PolicyAuthorizeNV command + - Implementation of the new TPM2_CreateLoaded command + - Implementation of the new TPM2_PolicyTemplate command + - Addition of _Complete functions to all TPM commands + - New logging framework + - Added const qualifiers to API input pointers (API break) + - Cleaned up headers and remove implementation.h and tpm2.h (API break) + ### Changed + - Converted all cpp files to c, removed dependency on C++ compiler. + - Cleaned out a number of marshaling functions from the SAPI code. + - Update Linux / Unix OS detection to use non-obsolete macros. + - Changed TCTI macros to CamelCase (API break) + - Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break) + - Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break) + - Fixed order of parameters in AC commands: Input command authorizations + now come after the input handles, but still before the command parameters. + ### Removed + - Removed all sysapi/sysapi_utils/*arshal_TPM*.c files + ### Fixed + - Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms + - Updated PlatformCommand function from libtss2-tcti-mssim to no longer send + CANCEL_OFF before every command. + - Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros + - Fixed wrong return type for Tss2_Sys_Finalize (API break). + + ## [1.4.0] - 2018-03-02 + ### Added + - Attached Component commands from the last public review spec. + ### Fixed + - Essential files missing from release tarballs are now included. + - Version string generation has been moved from configure.ac to the + bootstrap script. It is now stored in a file named `VERSION` that is + shipped in the release tarball. + - We've stopped shipping the built man page for InitSocketTcti.3 and now + ship the source. + ------------------------------------------------------------------- Wed Mar 7 14:48:50 UTC 2018 - matthias.gerstner@suse.com diff --git a/tpm2-0-tss.spec b/tpm2-0-tss.spec index 6d2aa5e..7819b57 100644 --- a/tpm2-0-tss.spec +++ b/tpm2-0-tss.spec @@ -17,7 +17,7 @@ Name: tpm2-0-tss -Version: 1.3.0 +Version: 2.0.0 Release: 0 Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips License: BSD-2-Clause @@ -25,11 +25,8 @@ Group: Productivity/Security Url: https://github.com/tpm2-software/tpm2-tss Source0: https://github.com/tpm2-software/tpm2-tss/archive/%{version}.tar.gz Source2: baselibs.conf -Patch0: version_fix.patch -BuildRequires: autoconf-archive -BuildRequires: automake BuildRequires: gcc-c++ -BuildRequires: libtool +BuildRequires: libgcrypt-devel BuildRequires: pkg-config Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -44,95 +41,150 @@ utilities. Summary: Development headers for the Intel TSS library for TPM 2.0 chips Group: Development/Libraries/C and C++ Requires: glibc-devel -Requires: libsapi0 = %{version} -Requires: libtcti-device0 = %{version} -Requires: libtcti-socket0 = %{version} +Requires: libtss2-esys0 = %{version} +Requires: libtss2-mu0 = %{version} +Requires: libtss2-sys0 = %{version} +Requires: libtss2-tcti-device0 = %{version} +Requires: libtss2-tcti-mssim0 = %{version} Requires: tpm2-0-tss = %{version} %description devel -This package provides the development files for the libsapi library -for accessing TPM 2.0 chips. - -%package -n libsapi0 -Summary: TPM2 System API library -# Non-SLPP package name from earlier -Group: System/Libraries -Obsoletes: libtss2 < %version-%release -Provides: libtss2 = %version-%release - -%description -n libsapi0 -This package provides the library to access the TSS (TCG Software Stack) for +This package provides the development files for the tpm2 stack's libraries for accessing TPM 2.0 chips. -%package -n libtcti-device0 -Summary: TCTI library for communicating with a TPM device node +%package -n libtss2-esys0 +Summary: TPM2 Enhanced System API (ESAPI) Group: System/Libraries -%description -n libtcti-device0 -TPM Command Transmission Interface library for communicating with a -TPM device node. +%description -n libtss2-esys0 +This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the +TPM2 specification. Additionally there are asynchronous versions of each +command. In addition to SAPI, the ESAPI performs tracking of meta data for +TPM object and automatic calculation of session based authorization and +encryption values. Both the synchronous and asynchronous API are exposed +through this library. -%package -n libtcti-socket0 -Summary: TCTI library for communicating with a TPM over a socket +%package -n libtss2-sys0 +Summary: TPM2 System API (SAPI) Group: System/Libraries -%description -n libtcti-socket0 +%description -n libtss2-sys0 +System API (SAPI) as described in the system level API and TPM command +transmission interface specification. This API is a 1-to-1 mapping of the TPM2 +commands documented in Part 3 of the TPM2 specification. Additionally there +are asynchronous versions of each command. These asynchronous variants may be +useful for integration into event-driven programming environments. Both the +synchronous and asynchronous API are exposed through this library. + +%package -n libtss2-mu0 +Summary: TPM2 marshaling/unmarshaling library +Group: System/Libraries + +%description -n libtss2-mu0 +Marshaling/Unmarshaling (MU) as described in the TCG TSS 2.0 +Marshaling/Unmarshaling API Specification. This API provides a set of +marshaling and unmarshaling functions for all data types defined by the TPM +library specification. + +%package -n libtss2-tcti-device0 +Summary: TCTI interface library for using a native TPM device node +Group: System/Libraries + +%description -n libtss2-tcti-device0 TPM Command Transmission Interface library for communicating with a -TPM over a socket. +TPM device node. This provides direct access to the TPM through the Linux +kernel driver. + +%package -n libtss2-tcti-mssim0 +Summary: TCTI interface library for Microsoft software TPM2 simulator +Group: System/Libraries + +%description -n libtss2-tcti-mssim0 +TPM Command Transmission Interface library for communicating using the +protocol exposed by the Microsoft software TPM2 simulator. %prep %setup -q -n tpm2-tss-%{version} -# TODO: XX: -# this fixes the autoconf version number which is determined via git and -# doesn't work in OBS. The distribution tarball may fix this in the future for -# us. If we don'T do this then the pkg-config *.pc files don't contain a -# version number and dependent packages like tpm2.0-tools fail to build. + +%pre +# the same user is employed by trousers (and was employed by the old +# resourcemgr shipped with the tpm2-0-tss package): # -# the version number needs to be fixed with each version change! -%patch0 -p1 +# trousers just needs those accounts for dropping privileges to. The service +# starts as root and uses set*id to drop to tss, after the tpm device has been +# opened. +# +# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned +# by the tss user. Therefore we also need to install a udev rule file. +# +# trousers was here first and created the user like this, also giving it a +# home in /var/lib/tpm. I don't think the home directory is used by any of +# both packages ATM. Trousers is keeping state there, but the directory is +# owned by root and files are opened before dropping privileges. The passwd +# entry seems not to be evaluated. +# +# so I guess we can share the account between the two packages for now. +%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss +%_bindir/getent passwd tss >/dev/null || \ + %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ + -d %{_localstatedir}/lib/tpm tss %build -# we are still using the source tarball here. there is a release tarball for -# 1.3.0, but some files like README and CHANGELOG are missing there. The next -# release should work for us. -bash bootstrap -%configure --disable-static +%configure --disable-static --with-udevrulesdir=%{_udevrulesdir} make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread %install %make_install find %{buildroot} -type f -name "*.la" -delete -print +# rename the rules file to have a numbered prefix as all others have, too +%define udev_rule_file 90-tpm.rules +mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file} -%post -n libsapi0 -p /sbin/ldconfig -%postun -n libsapi0 -p /sbin/ldconfig -%post -n libtcti-device0 -p /sbin/ldconfig -%postun -n libtcti-device0 -p /sbin/ldconfig -%post -n libtcti-socket0 -p /sbin/ldconfig -%postun -n libtcti-socket0 -p /sbin/ldconfig +%post +%_bindir/udevadm trigger -s tpm || : + +%post -n libtss2-esys0 -p /sbin/ldconfig +%postun -n libtss2-esys0 -p /sbin/ldconfig +%post -n libtss2-sys0 -p /sbin/ldconfig +%postun -n libtss2-sys0 -p /sbin/ldconfig +%post -n libtss2-tcti-device0 -p /sbin/ldconfig +%postun -n libtss2-tcti-device0 -p /sbin/ldconfig +%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig +%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig +%post -n libtss2-mu0 -p /sbin/ldconfig +%postun -n libtss2-mu0 -p /sbin/ldconfig %files %defattr(-,root,root) %doc *.md LICENSE %{_mandir}/man3/* -%{_mandir}/man7/tcti-* +%{_mandir}/man7/tss2-* +%{_udevrulesdir}/%{udev_rule_file} %files devel %defattr(-,root,root) -%{_includedir}/tcti -%{_includedir}/sapi +%{_includedir}/tss2 %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc -%files -n libsapi0 +%files -n libtss2-esys0 %defattr(-,root,root) -%{_libdir}/libsapi.so.* +%{_libdir}/libtss2-esys.so.* -%files -n libtcti-device0 +%files -n libtss2-sys0 %defattr(-,root,root) -%{_libdir}/libtcti-device.so.* +%{_libdir}/libtss2-sys.so.* -%files -n libtcti-socket0 +%files -n libtss2-mu0 %defattr(-,root,root) -%{_libdir}/libtcti-socket.so.* +%{_libdir}/libtss2-mu.so.* + +%files -n libtss2-tcti-device0 +%defattr(-,root,root) +%{_libdir}/libtss2-tcti-device.so.* + +%files -n libtss2-tcti-mssim0 +%defattr(-,root,root) +%{_libdir}/libtss2-tcti-mssim.so.* %changelog diff --git a/version_fix.patch b/version_fix.patch deleted file mode 100644 index c62fb79..0000000 --- a/version_fix.patch +++ /dev/null @@ -1,11 +0,0 @@ -Index: tpm2-tss-1.3.0/configure.ac -=================================================================== ---- tpm2-tss-1.3.0.orig/configure.ac -+++ tpm2-tss-1.3.0/configure.ac -@@ -1,5 +1,5 @@ - AC_INIT([tpm2-tss], -- [m4_esyscmd_s([git describe --tags --always --dirty])]) -+ [1.3.0]) - AC_CONFIG_MACRO_DIR([m4]) - AC_PROG_CC - AC_PROG_CXX