- Enable unit testing

- Update to 1.9.1 + Fixed * configure: Change mistaken += to =. use user supplied --prefix even when p11kit is detected. * Remove warning about unable to find FAPI when it's is not-compiled in and not chosen as the beckend. * Fix memory leaks in tpm_create_transient_primary_from_template. * Fix NULL pointer dereference in db.c on uses of CKA_ALLOWED_MECHANISMS. * Fix offset miscalculation in FAPI backend that was corrupting data. * Support CKM_ECDH1_DERIVE via C_DeriveKey. * Fix usages of tpm2-ptool for its wrapped tpm2_ptool in tests. * Fix failing db upgrades on double conversion to int. * Fix db lock file due to missing parenthesis and order of operations. * documentation: Fix use of objects where tokens was meant. + Changed * --enable-fapi to --with-fapi. Note this is not a major version bump as its internal to builders only. However --enable-fapi left in place for backwards compat. + Add maintainer public key: tpm2-pkcs11.keyring OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=18
2024-12-12 13:14:38 +00:00 · 2024-12-12 13:14:38 +00:00 · 878388cbc8
commit 878388cbc8
9 changed files with 397 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/tpm2-pkcs11-1.9.0.tar.gz
+++ b/tpm2-pkcs11-1.9.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b
+size 1396590
--- a/tpm2-pkcs11-1.9.0.tar.gz.asc
+++ b/tpm2-pkcs11-1.9.0.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPZLrwACgkQbeLpB44f
+UMG/fxAAq6LcxojU451o7FavO481TX3zq3qyYTmEkrTtRO2rnbKEyOcDP75FOYG7
+8gFFEZYNgucFU9qW9vzqe7d4whokijozNVcUy7+Wz/qr2e2DTEom8jC/1FIrBwQT
+Ahn6w+vCjYm8ZBcBO5w97U8ZDOB7FOovFRZBMaDuyWeEVsVxN3xWupAmth4B6L2h
+W8CmuQZTDAX2SmbbjnmBSCDkW8/hyuSIcHzsTRUxeRsVe2WVoGKUkl39zDHOJsOi
+Fo/uEkZiwVGFQtNo7LxCXooXZfcpfKDK2AL9fto03Rl4DTB7CW5xqEK3ybECa89i
+8sed2wMQLMibwzbln2GGfOu/Lr6We3nd98FEitKKXeSuMraDp5m0r+JMLvx43d9J
+vGHVLJoEQ3JabUUctxOi5R2ZYYEalBRzuBwpDt1qWhGqwt0VAOKVrW3NMs3vJci5
+bFG2sVxiekTK26S2ozsr0Pivl6mAlZRDGVAoff1iiLWJAr10hmGV7etSsARR87Ag
+lSnGBCqwk1d9RzI1VigXIbR0ZdHotry2B4CjIQDm4y71JLJopc4hpjD5tDFz5PZ6
+bLCV4jVrBq5kjgABMcIY/MmMPQ+2oE2x2Manqbj2T18mHQYj7rKhJ94ZRlJxILE4
+C29jS025HtEsYc+FVO2qfCok5p0p6v4n1aBrkzr4S6/RGUwy19s=
+=9JcL
+-----END PGP SIGNATURE-----
--- a/tpm2-pkcs11-1.9.1.tar.gz
+++ b/tpm2-pkcs11-1.9.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce24aa5ec2471545576e892b6f64fd873a424371bbf9be4ca3a0e689ea11c9b7
+size 1412372
--- a/tpm2-pkcs11-1.9.1.tar.gz.asc
+++ b/tpm2-pkcs11-1.9.1.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABMIAB0WIQTZGoLbMQ6OB1GcKYqYd8JqPNNkCQUCZvIOdwAKCRCYd8JqPNNk
+CbEAAP0bYjn9tqF7VtnaqWC8uFcc1wlslvuX7kUb64+s3NW/ngD/Z6L89UC05nXd
+Rm4RQ52b1Z3+RaN3Dfryecm1d4ijrm4=
+=xmEs
+-----END PGP SIGNATURE-----
--- a/tpm2-pkcs11.changes
+++ b/tpm2-pkcs11.changes
@ -0,0 +1,167 @@
+-------------------------------------------------------------------
+Thu Dec 12 12:37:19 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Enable unit testing
+
+-------------------------------------------------------------------
+Wed Dec 11 16:38:18 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 1.9.1
+  + Fixed
+    * configure:
+      Change mistaken += to =.
+      use user supplied --prefix even when p11kit is detected.
+    * Remove warning about unable to find FAPI when it's is not-compiled in and not chosen as the beckend.
+    * Fix memory leaks in tpm_create_transient_primary_from_template.
+    * Fix NULL pointer dereference in db.c on uses of CKA_ALLOWED_MECHANISMS.
+    * Fix offset miscalculation in FAPI backend that was corrupting data.
+    * Support CKM_ECDH1_DERIVE via C_DeriveKey.
+    * Fix usages of tpm2-ptool for its wrapped tpm2_ptool in tests.
+    * Fix failing db upgrades on double conversion to int.
+    * Fix db lock file due to missing parenthesis and order of operations.
+    * documentation:
+      Fix use of objects where tokens was meant.
+  + Changed
+    * --enable-fapi to --with-fapi. Note this is not a major version bump as its internal to builders only. However --enable-fapi left in place for backwards compat.
+  + Add maintainer public key:
+    tpm2-pkcs11.keyring
+
+-------------------------------------------------------------------
+Thu May 18 15:29:46 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Merge subpackages lib and devel into the main one
+
+-------------------------------------------------------------------
+Thu Feb 16 15:21:43 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 1.9.0
+  + Fixed
+    * Fix autoconf invocation on a release tarball not being a git
+      repo for VERSION. VERSION file now generated and packaged as
+      part of the release tarball from the git version information.
+    * Fix TPM2_PKCS11_OWNER_AUTH not being used when a persistent SRK
+      is needed in the C_InitToken path.
+    * During an upgrade of the database to version 4, the config key
+      'persistent' is added instead of 'transient', causing KeyError
+      when using the upgraded database.
+    * Leave the original db on upgrade failure, a bug caused the
+      original db to be unlinked not the upgraded db.
+    * A bug prevented the use of CreateLoaded if the TPM supports the
+      command.
+    * A bug when creating keys through the PKCS11 interface (not
+      tpm2-ptool), the attributes for CKA_ALLOWED_MECHANISMS were
+      encoded as a hex string and not a sequence of ints within the
+      YAML. Correcting this will trigger a db upgrade to 8
+  + Added
+    * Env varibale PKCS11_SQL_LOCK to allow setting a lock directory,
+      eg for temprary directory so lock files do not persist across
+      reboots.
+
+-------------------------------------------------------------------
+Fri Jul  8 12:23:01 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 1.8.0
+  + Fixed
+    * Fix GetRandom Memory Leak
+    * Fix some spelling mistakes
+    * Fix unit test test_parser
+    * Fix importing of RSA private key through pkcs11 interface should
+      fail.
+    * Fix ECDSA signature length calculation.
+    * Fix memory leak of tokens.
+    * Fix suspicious sizeof usage in _str_padded_copy
+    * Fix encoding errors when importing a certificate into the pkcs11
+      store.
+    * Fix try/finally scope issues in tpm2_ptool.
+    * Fix, an OOB access in db upgrade path.
+    * Fix ECDSA length calculation that was causing issues with Mutual
+      TLS in Firefox and Chrome.
+  + Changed
+    * remove unused macro set_safe_rc
+  + Added
+    * Add support for OpenSSL 3. Note that calls through engine are no
+      longer supported on OpenSSL3.
+    * Add tpm2_ptool export commandlet for exporting token keys into
+      PEM and TPM blob format.
+- Add new dependencies to PyYAML, cryptography, pyasn1 and tpm2-pytss
+
+-------------------------------------------------------------------
+Sat Feb 26 14:12:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
+
+- Use hardlinks in %fdupes for python files
+
+-------------------------------------------------------------------
+Wed Oct 20 10:48:58 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
+
+- Add keyring & use source verification
+
+-------------------------------------------------------------------
+Wed Oct 20 09:58:09 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 1.7.0
+  + DB Schema Change from 5 to 7.
+    * Backup your DB before upgrading
+  + Fixed compilation issues with GCC11.
+  + Fixed errors on releases due to newer compilers from failing by
+    only adding -Werror for non-release builds.
+  + Fixed error message when the DB is too new in tpm2_ptool.
+  + Added support for tpm2_ptool import with ssh-keygen format
+    keys. Note: Requires cryptography >= 3.0.
+  + Changed default long level from error to warning.
+  + Added better error message for FAPI backend errors along with
+    docs/FAPI.md document.
+  + Changed tpm2_ptool make --algorithm optional.
+  + Fixed error message of wrong attribute name on expected attribute
+    check to be false.
+  + Added support for ECDSA 256, 384 and 512.
+  + Fixed a bug in the Python code DB upgrade path from 4 to 5 where
+    it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS.
+  + Added tpm2_ptool support for ECC key size 192.
+  + Added support passwordless login for tokens, ie not setting
+    CKF_LOGIN_REQUIRED.
+  + Fixed Running integration tests when Java version has the -ea,
+    like on Debian 11 and OpenJDK 17.
+  + Added support for HMAC keys using tpm2_ptool and the C_Sign and
+    C_Verify interfaces. The following interfaces in ptool have
+    support:
+    * addkey: previous working versions of tpm2-tools will support
+      this.
+    * link: previous working versions of tpm2-tools will support this.
+    * import: requires tpm2-tools 5.2+ for support.
+  + Fixed leaking of temp file descriptors in tpm2_ptool.
+  + Fixed wrong free in tpm code, should use Esys_Free.
+  + Fixed a space formatting issue in tpm2_ptool verify.
+  + Fixed leaked file descriptor in tpm2_ptool.
+  + Fixed a few suspicious sizeof usages in str_padded_copy
+  + Fixed a memory leak of the token list on a failure condition in
+    initialization.
+
+-------------------------------------------------------------------
+Sun Aug 22 11:04:39 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Use definite tense in %description.
+
+-------------------------------------------------------------------
+Sat Aug 21 13:32:30 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
+
+- Build and install python tools
+
+-------------------------------------------------------------------
+Fri Aug 20 17:59:05 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
+
+- Clean spec file
+- Use better source URL
+- Split library
+- Don't package .la files
+- Create store directory
+- Move devel library to devel subpackage
+
+-------------------------------------------------------------------
+Wed Sep  9 10:05:02 UTC 2020 - Alexander Evseev <aevseev@gmail.com> - 1.4.0
+
+- New upstream version - 1.4.0
+
+-------------------------------------------------------------------
+Mon Aug  3 14:19:30 UTC 2020 - Alexander Evseev <aevseev@gmail.com> - 1.3.1
+
+- First build. Version - 1.3.1
--- a/tpm2-pkcs11.keyring
+++ b/tpm2-pkcs11.keyring
@ -0,0 +1,68 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: Hostname: 
+Version: Hockeypuck ~unreleased
+
+xsFNBFik3GUBEADYDYbSXH3UTr9oCNCI3UxC1hiLH7cM+QIbMtWiwfAbT3G8wrTa
+NPj00qNvI4wQ/Xm3h0hB7kri7vP0FqIjIwsTdM6ZpFdVHHKW1m4P8fkOcxqmLN0g
+V36MN5fgoGWf2K94aS7ItoweRMcuHnwWawe6aAtbKSYVqhWhoB/3grgd0xhE61AS
+o8fJ7uRYNEAYVeOKlC2j+qKfoJbCa6yqZejFwOOzB6qxNRA7JYvckEf8yJ4+Y16m
+qPyZ1ErHzpql3+b5ha+g+9g8WzxAbSfGYZTwaQxyePNjXuq2tdEXf9XnESvoaoN4
+pQhiu/0BJEkXPxl1zso65g4Mn22xEELhUnwPDo5YdLlWEZ8xhELLvdJc3Z0nTR5A
+4/YaZvvzf7pOD1cwpB6IrRf8n9rOe1aDxh/A//zX9PpIOV25p5kqlE88Ya5VXrnA
+Ayfs19RZmK3+FuaI0ij79CRokG9BrI6TXT0pRTDIRu7GvAo2q13MELRvFddyRT2G
+mNjsHYcqEbraYTh3LHEiwfWp4ZgDtk8jj3iRabHQUHk9V8vSFzj+wp1E8HzO8Vp3
+BxMDIOG1VPdLi81DP+LbZI1h30ZG63ulqkKIhwx5/h2v4VCYPatVtGqVf37tLstj
+Wrs0DkBykuZrecp+AJ5ZJ+UVvR8ajO2ncAoOugNwoj9Wuvz0fVTiJIhuNQARAQAB
+zTxXaWxsaWFtIFJvYmVydHMgKEJpbGwgUm9iZXJ0cykgPHdpbGxpYW0uYy5yb2Jl
+cnRzQGludGVsLmNvbT7CwXgEEwECACIFAlik3GUCGwMGCwkIBwMCBhUIAgkKCwQW
+AgMBAh4BAheAAAoJEG3i6QeOH1DBibEQAL4EwEzegkc8NyHiW0mntwDoCv3tkUlG
+fprp/g7GWfrP+L+pN5yexg3Zm/CgVN/tTNCEr5XtP+sdds8xBF6ReJ8QPO7EiMiM
+asPXh8zlODrySXCGHmpa7IzuUC2wgD3Wq7WjniMvnBmqBdL0+8nqA6NFxOOklvK1
+ub7bqLrHKfUfciFOfYAi+C0Bh8kdZtMjfY9sqlJA3sVK2UxVXq9D+oHbL1o454N6
+VzV0rDtsK47GSSCXT75kulPdfOCopTgxPgNsK4VnXgMOL5JMURPJa3rBzmBRFed1
+ynrqwFdmYdMepsUgt/JS2I/23QChqp6AdVDjtGLKS71hox+vdE4S0DoRnMHwHkkt
+B6bqQci3RlUP+wcHHRCUXUubxMSlYJqhBdEOclo6N0X0LseLcdAMGda8ZnqbHlyg
+hPLmJrM3C5zTLjDb2YJXCy6RVNwqAnU3o33SZCnHqo/zUjEtR03Ztk1DzSeCjo5w
+zLac1VFq5S3QdgZUwmPhyeoigqOvHu6Z1s2eL8Aw7Hn8i6MWLz5sOXAtyC9NPwK/
+qbp1a+GQXzNW4rvKl7ZEFKrBKyj8AiRoVLSRKcqZtFT56ltXQjrwKjsWDTEOzjnm
+XCSM96xfay6asQH5fw+haC3RIErwyNV0uUDIVC0xDTZ6NgJEBkp8liwNeHE7eHoN
+8qWSZZO2syf7zsFNBFik3GUBEAC7V2o1kBsLFSKwmgsCuGfW0oBIQiaCcakT6D2X
+rKBjmzBvh/UIdXQwl9+vPKtWX3T/7g6UBvezV3uc2ZqrigGmFemoQI3sW7wFk0L9
+/QTUWCMfZtyrWgqyetmPYS+i2PnsEPinsgsEHWf3iu/ew1A7npZwINwMdOSOVw2u
+JqYyW2tZCErWKVe31ziYUpXA+HaRm9zoVr0F0sE2GYGWbMVYtqxN9TSYcIAHxB71
+Y31dcY77ln/1JAH4Yzqc063w/lNYogEbbQY7WNgcKdPP+aovpV7kS3TKwsdb9/xT
+pj67nnlvjLTMRoW3Ez0PcIDFhuube9uOQupYG4rC4grLeVLwL/ekVmn6TxRN1hG7
+6zYXWiwWi16uAO++eBNt127FwCOVZsPO0ye3/XpOpCdpUadguxF2gGt6xY0gtetj
+Vdv6S4kCdSx8NMrO2epS/1pgklxN9R/xl7Wu+JPUuVX4Jy0ycmw7TCWxdK2fuFy6
+6aLCXWWEjRSp06oeVJoVV2py+rYaoau7JG7Zgx1A3gYTm6MLFysfROaQgmfRozIH
+0boYh3IA1WWzk4I6ew129ynC5zGXg/+UCnKKwn8Tsh9neq9noRDAonWI7jOCipwF
+l51py82093M87zjz9o/qxnB8p00jByQ+MunUykaZrkQKHAsiyIF6cUIeQiy/AL7n
+wwSPQQARAQABwsFfBBgBAgAJBQJYpNxlAhsMAAoJEG3i6QeOH1DBtO8P/1D98sl3
+oz/0oSSz0u9nzgOh93UkLbXpjSR4U+g7Wl2ppxQyGSFeWwRwT5BT74EVP2IcrraX
+V9c7l+s8PYqnUdX2XAqGMv06523cCrNUU93kUUNjAo3FxGSn7i2kHIvMkDbUoeVk
+jyWKfIvyy2sKcVB9GQxfMrbnTR5/Z6fCyGHNqMFb9e9TUWclLzMIhvtkvLuKmf52
+TKKxKQt/wero5zb0fynOttIjuhmOP9CFTiYjdj7qSmQapW8VFdYjyzL+OOFk9gCL
+S3mIk1LdkfWah7trmMUTXdmiEibvARAQ3Yjr+Hz9yU1gzEJSPUUugNguqgS5kN+T
+3TdwUHAP9whVD2IvN/Mfn29bmFFVfzu3ftJIa1zJmOdZy7KWb6MWVhw3SJ65luPB
+qxKWRqFDOSpqzBm6bYQ/Oka49Jl7/dCImSm+7bCC7LDK9hXa3AIlDtWvG4iiL18T
+wUOrgXPysB/D/NQaRxT/vSPUOB4WrQzIKIf4vJdyuPdtOtIWm97KUw8r/jDqd4I3
+B62qknrrR+FPcz8ACM9fXkpbBEcjFV8EkoOae106Vxjo/lu5LVBbwiKviMMwoK5o
+YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb
+tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D
+=NFsd
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEZXIPkBMIKoZIzj0DAQcCAwRpzD1EvCQ2Z40cNGJOJJM4sPu6McIdhiMyRi4Y
+xd4bDgELQmowqB1joQiP+lx2JKFN394ogbWCu3U5CkqIhAztEBCaWxsIFJvYmVy
+dHMgKEJpbGxzIFBlcnNvbmFsIERldiBLZXkpIDxiaWxsLmMucm9iZXJ0c0BnbWFp
+bC5jb20+iJMEExMIADsWIQTZGoLbMQ6OB1GcKYqYd8JqPNNkCQUCZXIPkAIbAwUL
+CQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRCYd8JqPNNkCZ/+AP9MBDVNvT56
+CRY12hijKTbzCqK+ksnw0/67gdclyO3cAgEAh0ACFENuAGjD13wnrNfI0xnJo9Sd
+Fi1REGjLSaYY0C64VgRlcg+QEggqhkjOPQMBBwIDBApflMMr9qwBxTZGPnhP+a7U
+BtDzMJiTSqW7+VzHM5rgUZBnNaIdPqyM4uvIGARVeLPX6bEvIsZBS2b+QExsfBED
+AQgHiHgEGBMIACAWIQTZGoLbMQ6OB1GcKYqYd8JqPNNkCQUCZXIPkAIbDAAKCRCY
+d8JqPNNkCV+7AP9ANJCmwi0KVLA/QeAukoAT7doFw6g9lEG2gM+nN1a1wAEA+LRg
+7drDoAWRQQHI6uYKwFOtYMxrcrFe2UF5v/Soiis=
+=4SNI
+-----END PGP PUBLIC KEY BLOCK-----
--- a/tpm2-pkcs11.spec
+++ b/tpm2-pkcs11.spec
@ -0,0 +1,109 @@
+#
+# spec file for package tpm2-pkcs11
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define so_ver  0
+%define pythons python3
+Name:           tpm2-pkcs11
+Version:        1.9.1
+Release:        0
+Summary:        A PKCS#11 interface for TPM2 hardware
+License:        BSD-2-Clause
+Group:          Productivity/Security
+URL:            https://github.com/tpm2-software/tpm2-pkcs11
+Source0:        %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+Source2:        %{name}.keyring
+BuildRequires:  autoconf
+BuildRequires:  autoconf-archive >= 2017.03.21
+BuildRequires:  automake
+BuildRequires:  fdupes
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+BuildRequires:  python-rpm-generators
+BuildRequires:  python3-PyYAML
+BuildRequires:  python3-base
+BuildRequires:  python3-cryptography
+BuildRequires:  python3-pyasn1-modules
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-tpm2-pytss
+BuildRequires:  tpm2.0-tools
+BuildRequires:  pkgconfig(libcrypto) >= 1.0.2g
+BuildRequires:  pkgconfig(p11-kit-1)
+BuildRequires:  pkgconfig(sqlite3)
+BuildRequires:  pkgconfig(tss2-esys) >= 2.0
+BuildRequires:  pkgconfig(tss2-mu)
+BuildRequires:  pkgconfig(tss2-rc)
+BuildRequires:  pkgconfig(tss2-tctildr)
+BuildRequires:  pkgconfig(yaml-0.1)
+# Required for testing
+BuildRequires:  pkgconfig(cmocka)
+BuildRequires:  dbus-1-daemon
+# Merge both subpackages
+Provides:       libtpm2_pkcs11-0 = %{version}
+Obsoletes:      libtpm2_pkcs11-0 < %{version}
+Provides:       tpm2-pkcs11-devel = %{version}
+Obsoletes:      tpm2-pkcs11-devel < %{version}
+%{?python_enable_dependency_generator}
+
+%description
+tpm2-pkcs11 is a plugin shared library implementing the PKCS #11
+Cryptographic Token Interface (Cryptoki) C API atop of TPM2 devices.
+
+%dnl "make install" copies no .h files, a strong indicator that this project is
+%dnl an (SLPP-exempt) plugin rather than a "normal" shared library.
+
+%prep
+%autosetup
+
+%build
+autoreconf -fiv
+%configure --disable-static --enable-unit
+%make_build
+cd tools
+%python_build
+
+%install
+%make_install
+find %{buildroot} -type f -name "*.la" -delete -print
+mkdir -p %{buildroot}%{_sysconfdir}/tpm2_pkcs11
+cd tools
+%python_install
+%fdupes %{buildroot}
+
+%check
+%make_build check
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%license LICENSE
+%doc docs/*
+%dir %{_datadir}/p11-kit/modules
+%dir %{_datadir}/p11-kit
+%dir %{_libdir}/pkcs11
+%{_datadir}/p11-kit/modules/tpm2_pkcs11.module
+%{_sysconfdir}/tpm2_pkcs11
+%{_bindir}/tpm2_ptool
+%{python_sitelib}/tpm2_pkcs11
+%{python_sitelib}/*.egg-info
+%{_libdir}/pkcs11/libtpm2_pkcs11.so.%{so_ver}*
+%{_libdir}/pkcs11/libtpm2_pkcs11.so
+%{_libdir}/pkgconfig/tpm2-pkcs11.pc
+
+%changelog