diff --git a/reproducible.patch b/reproducible.patch new file mode 100644 index 0000000..caa18d1 --- /dev/null +++ b/reproducible.patch @@ -0,0 +1,31 @@ +From 010ebd4a161e424e09e5d89a336a84a0a42c456e Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Sat, 27 May 2017 07:08:56 +0200 +Subject: [PATCH] sort input files + +when building packages (e.g. for openSUSE Linux) +(random) filesystem order of input files +influences ordering of functions in the output, +thus without the patch, builds (in disposable VMs) would differ. + +See https://reproducible-builds.org/ for why this matters. +--- + bootstrap | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bootstrap b/bootstrap +index 95a6dda..610e817 100755 +--- a/bootstrap ++++ b/bootstrap +@@ -8,7 +8,7 @@ src_listvar () { + suffix=$2 + var=$3 + +- find "${basedir}" -name "${suffix}" | tr '\n' ' ' | (echo -n "${var} = " && cat) ++ find "${basedir}" -name "${suffix}" | LC_ALL=C sort | tr '\n' ' ' | (echo -n "${var} = " && cat) + echo "" + } + +-- +2.12.0 + diff --git a/tpm2-0-tss.changes b/tpm2-0-tss.changes index e51ca5c..6ae4cd3 100644 --- a/tpm2-0-tss.changes +++ b/tpm2-0-tss.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Sat May 27 05:07:22 UTC 2017 - bwiedemann@suse.com + +- Add reproducible.patch to sort input files to make build reproducible + (boo#1041090) + +------------------------------------------------------------------- +Thu May 11 15:13:49 UTC 2017 - matthias.gerstner@suse.com + +- create tss user account and install udev rule to fix startup of resourcemgr + (bnc#1038586) + +------------------------------------------------------------------- +Wed May 10 13:33:16 CEST 2017 - mgerstner@suse.com + +- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing + to do with tpm2-tss. + ------------------------------------------------------------------- Tue Apr 11 14:26:14 UTC 2017 - meissner@suse.com diff --git a/tpm2-0-tss.spec b/tpm2-0-tss.spec index 587ff90..9003237 100644 --- a/tpm2-0-tss.spec +++ b/tpm2-0-tss.spec @@ -26,6 +26,8 @@ Url: https://github.com/01org/TPM2.0-TSS Source0: https://github.com/01org/TPM2.0-TSS/archive/%{version}.tar.gz Source2: baselibs.conf Patch0: tpm2-0-tss-configure.patch +# PATCH-FIX-UPSTREAM bmwiedemann https://github.com/01org/TPM2.0-TSS/pull/419 +Patch1: reproducible.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -36,7 +38,10 @@ Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -The tpm2-0-tss package provides a TPM 2.0 TSS implementation. +The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This +implementation is developed by INTEL. Note that the current resource manager +implementation is considered deprecated (a prototype, probably buggy and +insecure) by its developers. %package devel Summary: Development headers for the Intel TSS library for TPM 2.0 chips @@ -53,7 +58,6 @@ for accessing TPM 2.0 chips. %package -n libsapi0 Summary: TPM2 System API library Group: System/Libraries -Requires: trousers # Non-SLPP package name from earlier Obsoletes: libtss2 < %version-%release Provides: libtss2 = %version-%release @@ -81,6 +85,7 @@ TPM over a socket. %prep %setup -q -n TPM2.0-TSS-%{version} %patch0 -p1 +%patch1 -p1 %build bash bootstrap @@ -93,6 +98,8 @@ find %{buildroot} -type f -name "*.la" -delete -print install -D -m 0644 contrib/resourcemgr.service %{buildroot}/%{_unitdir}/resourcemgr.service sed -e 's#usr/local/sbin/#usr/sbin/#;' -i %{buildroot}/%{_unitdir}/resourcemgr.service ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr +%define udev_rule_file 90-tpm.rules +install -D -m 0644 contrib/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file} %post -n libsapi0 -p /sbin/ldconfig %postun -n libsapi0 -p /sbin/ldconfig @@ -102,6 +109,26 @@ ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr %postun -n libtcti-socket0 -p /sbin/ldconfig %pre +# the same user is employed by trousers: +# +# trousers just needs those accounts for dropping privileges to. The service +# starts as root and uses set*id to drop to tss, after the tpm device has been +# opened. +# +# resourcemgr has no set*id handling and thus requires /dev/tpm to be owned +# by the tss user. Therefore we also need to install a udev rule file. +# +# trousers was here first and created the user like this, also giving it a +# home in /var/lib/tpm. I don't think the home directory is used by any of +# both packages ATM. Trousers is keeping state there, but the directory is +# owned by root and files are opened before dropping privileges. The passwd +# entry seems not to be evaluated. +# +# so I guess we can share the account between the two packages for now. +%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss +%_bindir/getent passwd tss >/dev/null || \ + %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ + -d %{_localstatedir}/lib/tpm tss %service_add_pre resourcemgr.service %post @@ -119,6 +146,7 @@ ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr %{_sbindir}/resourcemgr /%{_unitdir}/resourcemgr.service %{_sbindir}/rcresourcemgr +%{_udevrulesdir}/%{udev_rule_file} %files devel %defattr(-,root,root) @@ -127,7 +155,7 @@ ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc ##only available in static form -#%{_libdir}/libtddl.a +#%%{_libdir}/libtddl.a %files -n libsapi0 %defattr(-,root,root)