OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=19

2018-06-29 14:14:44 +00:00 · 2018-06-29 14:14:44 +00:00 · 5fe02cf67b
commit 5fe02cf67b
parent e7db476738
5 changed files with 68 additions and 79 deletions
--- a/support_dbus_activation.diff
+++ b/support_dbus_activation.diff
@ -1,30 +0,0 @@
 Index: tpm2-abrmd-1.2.0/Makefile.am
 ===================================================================
 --- tpm2-abrmd-1.2.0.orig/Makefile.am
 +++ tpm2-abrmd-1.2.0/Makefile.am
@@ -125,6 +125,7 @@ EXTRA_DIST = \
     dist/tpm2-abrmd.preset \
     dist/tpm2-abrmd.service.in \
     dist/tpm-udev.rules \
 +    dist/com.intel.tss2.Tabrmd.service \
     scripts/int-log-compiler.sh \
     CHANGELOG.md \
     CONTRIBUTING.md \
@@ -152,6 +153,8 @@ dbuspolicy_DATA  = dist/tpm2-abrmd.conf
 udevrules_DATA   = dist/tpm-udev.rules
 if HAVE_SYSTEMD
 systemdsystemunit_DATA = dist/tpm2-abrmd.service
 +dbusservicedir = $(datadir)/dbus-1/system-services
 +dbusservice_DATA = dist/com.intel.tss2.Tabrmd.service
 endif # HAVE_SYSTEMD
 systemdpreset_DATA = dist/tpm2-abrmd.preset
 Index: tpm2-abrmd-1.2.0/dist/com.intel.tss2.Tabrmd.service
 ===================================================================
 --- /dev/null
 +++ tpm2-abrmd-1.2.0/dist/com.intel.tss2.Tabrmd.service
@@ -0,0 +1,4 @@
 +[D-BUS Service]
 +Name=com.intel.tss2.Tabrmd
 +Exec=/bin/false
 +SystemdService=tpm2-abrmd.service
--- a/tpm2-abrmd-1.2.0.tar.gz
+++ b/tpm2-abrmd-1.2.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e20d2796c3097f9eec8410cec6a99d1532769d1cc138d6d9331c8ee1f0d305a4
 size 537312
--- a/tpm2-abrmd-2.0.0.tar.gz
+++ b/tpm2-abrmd-2.0.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:adbb0a5410016e0ffa76dc968223720bfaa45266ef9cac65a76df5bd668e129f
 size 554820
--- a/tpm2.0-abrmd.changes
+++ b/tpm2.0-abrmd.changes
@ -1,3 +1,53 @@
 -------------------------------------------------------------------
 Fri Jun 29 11:43:08 UTC 2018 - matthias.gerstner@suse.com
 - update to major version 2.0.0:
  - support_dbus_activation.diff: removed, is not contained upstream
  - the tpm2 stack introduces an incompatible ABI to the previous version with
    this update. There is no compatibility layer, libraries have new names
 etc.
  - upstream changelog:
    ## 2.0.0 - 2018-06-22
    ### Added
    - Integration test script and build support to execute integration tests
    against a physical TPM2 device on the build platform.
    - Implementation of dynamic TCTI initialization mechanism.
    - configure option `--enable-integration` to enable integration tests.
    The simulator executable must be on PATH.
    - Support for version 2.0 of tpm2-tss libraries.
    ### Changed
    - 'max-transient-objects' command line option renamted to 'max-transients'.
    - Added -Wextra for more strict checks at compile time.
    - Install location of headers to $(includedir)/tss2.
    ### Fixed
    - Added missing checks for NULL parameters identified by the check-build.
    - Bug in session continuation logic.
    - Off by one error in HandleMap.
    - Memory leak and uninitialized variable issues in unit tests.
    ### Removed
    - Command line option --fail-on-loaded-trans.
    - udev rules for TPM device node. This now lives in the tpm2-tss repo.
    - Remove legacy TCTI initialization functions.
    - configure option `--with-simulatorbin`.
    ## 1.3.1 - 2018-03-18
    ### Fixed
    - Distribute systemd preset template instead of the generated file.
    ## 1.3.0 - 2018-03-02
    ### Added
    - New configure option (--test-hwtpm) to run integration tests against a
    physical TPM2 device on the build platform.
    - Install systemd service file to allow on-demand systemd unit activation.
    ### Changed
    - Converted some inappropriate uses of g_error to critical / warning instead.
    - Removed use of gen_require from SELinux policy, use dbus_stub instead.
    - udev rules now give tss group read / write access to the TPM device node.
    - udev rules now give tss user and group read / write access to kernel RM
    node.
    ### Fixed
    - Memory leak on an error path in the AccessBroker.
 -------------------------------------------------------------------
 Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com
--- a/tpm2.0-abrmd.spec
+++ b/tpm2.0-abrmd.spec
@ -17,7 +17,7 @@
 Name:           tpm2.0-abrmd
-Version:        1.2.0
+Version:        2.0.0
 Release:        0
 Summary:        Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips
 License:        BSD-2-Clause
@ -32,10 +32,9 @@ BuildRequires:  pkg-config
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(gio-unix-2.0)
-BuildRequires:  pkgconfig(sapi)
+BuildRequires:  pkgconfig(tss2-sys)
 Requires(pre):  pwdutils
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch1:         support_dbus_activation.diff
 %description
 The tpm2.0-abrmd package provides the TPM2 Access Broker & Resource Manager.
@ -46,35 +45,32 @@ Intel's TPM 2.0 software stack.
 Summary:        Development headers the Access Broker & Resource Manager for TPM 2.0 chips
 Group:          Development/Libraries/C and C++
 Requires:       glibc-devel
-Requires:       libtcti-tabrmd0 = %{version}
+Requires:       libtss2-tcti-tabrmd0 = %{version}
 Requires:       tpm2.0-abrmd = %{version}
 %description devel
 This package provides the development files for the Access Broker & Resource
 Manager for coordinating access to TPM 2.0 chips.
-%package -n libtcti-tabrmd0
+%package -n libtss2-tcti-tabrmd0
 Summary:        Client interface library for tpm2-abrmd
 Group:          System/Libraries
-%description -n libtcti-tabrmd0
+%description -n libtss2-tcti-tabrmd0
 This library allows to interact with the tpm2-abrmd daemon. It is intended for
-use with the SAPI library (libsapi) like any other TCTI.
+use with the SAPI library (libtss2-sys) like any other TCTI.
-%post -n libtcti-tabrmd0 -p /sbin/ldconfig
+%post -n libtss2-tcti-tabrmd0 -p /sbin/ldconfig
-%postun -n libtcti-tabrmd0 -p /sbin/ldconfig
+%postun -n libtss2-tcti-tabrmd0 -p /sbin/ldconfig
 %prep
 %setup -q -n tpm2-abrmd-%{version}
 # can't apply that at the moment, because a whitelisting in rpmlint is missing
 # for the given service name
 #%patch1 -p1
 %build
 export CFLAGS="%optflags -fPIE"
 export LDFLAGS="-pie -fPIE"
 autoreconf
-%configure --disable-static --with-udevrulesdir=%{_udevrulesdir} --with-systemdsystemunitdir=%{_unitdir}
+%configure --disable-static --with-systemdsystemunitdir=%{_unitdir}
 make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread
 # TODO: add the tss user again
@ -82,41 +78,16 @@ make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread
 %make_install
 # don't package libtool files as is best practice
 find %{buildroot} -type f -name "*.la" -delete -print
 # rename the rules file to have a numbered prefix as all others have, too
 %define udev_rule_file 90-tpm.rules
 mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
 ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rctpm2-abrmd
 # don't install the systemd preset, our presets are handled by
 # systemd-presets-* packages
 rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset
 %pre
 # the same user is employed by trousers (and was employed by the old
 # resourcemgr shipped with the tpm2-0-tss package):
 #
 # trousers just needs those accounts for dropping privileges to. The service
 # starts as root and uses set*id to drop to tss, after the tpm device has been
 # opened.
 #
 # tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
 # by the tss user. Therefore we also need to install a udev rule file.
 #
 # trousers was here first and created the user like this, also giving it a
 # home in /var/lib/tpm. I don't think the home directory is used by any of
 # both packages ATM. Trousers is keeping state there, but the directory is
 # owned by root and files are opened before dropping privileges. The passwd
 # entry seems not to be evaluated.
 #
 # so I guess we can share the account between the two packages for now.
 %_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss
 %_bindir/getent passwd tss >/dev/null || \
 	%{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \
 	-d %{_localstatedir}/lib/tpm tss
 %service_add_pre tpm2-abrmd.service
 %post
 %service_add_post tpm2-abrmd.service
 %_bindir/udevadm trigger -s tpm || :
 %postun
 %service_del_postun tpm2-abrmd.service
@ -127,25 +98,23 @@ rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset
 %files
 %defattr(-,root,root)
 %doc *.md LICENSE
-%{_udevrulesdir}/%{udev_rule_file}
+%{_mandir}/man7/tss2-*
 %{_mandir}/man7/tcti-*
 %{_mandir}/man8/tpm2-*
 %{_sbindir}/tpm2-abrmd
 %{_sbindir}/rctpm2-abrmd
 %{_unitdir}/tpm2-abrmd.service
 %config %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf
-# see patch1
+%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
 #%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
 %files devel
 %defattr(-,root,root)
-%{_includedir}/tcti
+%{_includedir}/tss2
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
-%{_mandir}/man3/tss2_*
+%{_mandir}/man3/Tss2*
-%files -n libtcti-tabrmd0
+%files -n libtss2-tcti-tabrmd0
 %defattr(-,root,root)
-%{_libdir}/libtcti-tabrmd.so.*
+%{_libdir}/libtss2-tcti-tabrmd.so.*
 %changelog