From 895b7f4defc20585788ef58986a1092d2361b49a11a56b8d03205bdebe69ae33 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Thu, 22 Feb 2018 11:37:19 +0000 Subject: [PATCH 1/3] - update to upstream version 1.2.0: - Limit maximum number of active sessions per connection with '--max-sessions'. - Flush all transient objects and sessions on daemon start with '--flush-all'. - Allow passing of sessions across connections with ContextSave / Load. - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. This fixes a memory leak in the TCTI library. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=15 --- fix_service_paths.diff | 42 ------------------------------------ support_dbus_activation.diff | 30 ++++++++++++++++++++++++++ tpm2-abrmd-1.1.1.tar.gz | 3 --- tpm2-abrmd-1.2.0.tar.gz | 3 +++ tpm2.0-abrmd.changes | 10 +++++++++ tpm2.0-abrmd.spec | 16 +++++++++----- 6 files changed, 54 insertions(+), 50 deletions(-) delete mode 100644 fix_service_paths.diff create mode 100644 support_dbus_activation.diff delete mode 100644 tpm2-abrmd-1.1.1.tar.gz create mode 100644 tpm2-abrmd-1.2.0.tar.gz diff --git a/fix_service_paths.diff b/fix_service_paths.diff deleted file mode 100644 index b42d44a..0000000 --- a/fix_service_paths.diff +++ /dev/null @@ -1,42 +0,0 @@ -Index: tpm2-abrmd-1.1.1/dist/tpm2-abrmd.service -=================================================================== ---- tpm2-abrmd-1.1.1.orig/dist/tpm2-abrmd.service -+++ /dev/null -@@ -1,16 +0,0 @@ --# copy this file into /etc/systemd/system --[Unit] --Description=TPM2 Access Broker and Resource Management Daemon -- --[Service] --Type=dbus --Restart=always --RestartSec=5 --EnvironmentFile=-/usr/local/etc/default/tpm2-abrmd --BusName=com.intel.tss2.Tabrmd --StandardOutput=syslog --ExecStart=/usr/local/sbin/tpm2-abrmd --User=tss -- --[Install] --WantedBy=multi-user.target -Index: tpm2-abrmd-1.1.1/dist/tpm2-abrmd.service.in -=================================================================== ---- /dev/null -+++ tpm2-abrmd-1.1.1/dist/tpm2-abrmd.service.in -@@ -0,0 +1,16 @@ -+# copy this file into /etc/systemd/system -+[Unit] -+Description=TPM2 Access Broker and Resource Management Daemon -+ -+[Service] -+Type=dbus -+Restart=always -+RestartSec=5 -+EnvironmentFile=-@sysconfdir@/default/tpm2-abrmd -+BusName=com.intel.tss2.Tabrmd -+StandardOutput=syslog -+ExecStart=@SBINDIR@/tpm2-abrmd -+User=tss -+ -+[Install] -+WantedBy=multi-user.target diff --git a/support_dbus_activation.diff b/support_dbus_activation.diff new file mode 100644 index 0000000..77df2c5 --- /dev/null +++ b/support_dbus_activation.diff @@ -0,0 +1,30 @@ +Index: tpm2-abrmd-1.2.0/Makefile.am +=================================================================== +--- tpm2-abrmd-1.2.0.orig/Makefile.am ++++ tpm2-abrmd-1.2.0/Makefile.am +@@ -125,6 +125,7 @@ EXTRA_DIST = \ + dist/tpm2-abrmd.preset \ + dist/tpm2-abrmd.service.in \ + dist/tpm-udev.rules \ ++ dist/com.intel.tss2.Tabrmd.service \ + scripts/int-log-compiler.sh \ + CHANGELOG.md \ + CONTRIBUTING.md \ +@@ -152,6 +153,8 @@ dbuspolicy_DATA = dist/tpm2-abrmd.conf + udevrules_DATA = dist/tpm-udev.rules + if HAVE_SYSTEMD + systemdsystemunit_DATA = dist/tpm2-abrmd.service ++dbusservicedir = $(datadir)/dbus-1/system-services ++dbusservice_DATA = dist/com.intel.tss2.Tabrmd.service + endif # HAVE_SYSTEMD + systemdpreset_DATA = dist/tpm2-abrmd.preset + +Index: tpm2-abrmd-1.2.0/dist/com.intel.tss2.Tabrmd.service +=================================================================== +--- /dev/null ++++ tpm2-abrmd-1.2.0/dist/com.intel.tss2.Tabrmd.service +@@ -0,0 +1,4 @@ ++[D-BUS Service] ++Name=com.intel.tss2.Tabrmd ++Exec=/bin/false ++SystemdService=tpm2-abrmd.service diff --git a/tpm2-abrmd-1.1.1.tar.gz b/tpm2-abrmd-1.1.1.tar.gz deleted file mode 100644 index 1dea43a..0000000 --- a/tpm2-abrmd-1.1.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3f5d1d3fa3077a0a187cd13b87bab3916e411fdbe37a0ceb170249017cccd52c -size 499802 diff --git a/tpm2-abrmd-1.2.0.tar.gz b/tpm2-abrmd-1.2.0.tar.gz new file mode 100644 index 0000000..e1c0aa4 --- /dev/null +++ b/tpm2-abrmd-1.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e20d2796c3097f9eec8410cec6a99d1532769d1cc138d6d9331c8ee1f0d305a4 +size 537312 diff --git a/tpm2.0-abrmd.changes b/tpm2.0-abrmd.changes index 4526bdc..33f9899 100644 --- a/tpm2.0-abrmd.changes +++ b/tpm2.0-abrmd.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com + +- update to upstream version 1.2.0: + - Limit maximum number of active sessions per connection with '--max-sessions'. + - Flush all transient objects and sessions on daemon start with '--flush-all'. + - Allow passing of sessions across connections with ContextSave / Load. + - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. + This fixes a memory leak in the TCTI library. + ------------------------------------------------------------------- Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com diff --git a/tpm2.0-abrmd.spec b/tpm2.0-abrmd.spec index b42ea12..18c11f7 100644 --- a/tpm2.0-abrmd.spec +++ b/tpm2.0-abrmd.spec @@ -1,7 +1,7 @@ # # spec file for package tpm2.0-abrmd # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: tpm2.0-abrmd -Version: 1.1.1 +Version: 1.2.0 Release: 0 Summary: Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips License: BSD-2-Clause Group: Productivity/Security Url: https://github.com/01org/tpm2-abrmd -Source0: https://github.com/01org/tpm2-abrmd/releases/download/1.1.1/tpm2-abrmd-%{version}.tar.gz +Source0: https://github.com/01org/tpm2-abrmd/releases/download/1.2.0/tpm2-abrmd-%{version}.tar.gz BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -35,7 +35,7 @@ BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(sapi) Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build -Patch0: fix_service_paths.diff +Patch1: support_dbus_activation.diff %description The tpm2.0-abrmd package provides the TPM2 Access Broker & Resource Manager. @@ -66,11 +66,14 @@ use with the SAPI library (libsapi) like any other TCTI. %prep %setup -q -n tpm2-abrmd-%{version} -%patch0 -p1 +# can't apply that at the moment, because a whitelisting in rpmlint is missing +# for the given service name +#%patch1 -p1 %build export CFLAGS="%optflags -fPIE" export LDFLAGS="-pie -fPIE" +autoreconf %configure --disable-static --with-udevrulesdir=%{_udevrulesdir} --with-systemdsystemunitdir=%{_unitdir} make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread @@ -113,6 +116,7 @@ rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset %post %service_add_post tpm2-abrmd.service +%_bindir/udevadm trigger -s tpm || : %postun %service_del_postun tpm2-abrmd.service @@ -130,6 +134,8 @@ rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset %{_sbindir}/rctpm2-abrmd %{_unitdir}/tpm2-abrmd.service %config %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf +# see patch1 +#%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service %files devel %defattr(-,root,root) From e91d8694b64e70362bc378846c7051e938ef738b1fd22ec070194781d898ea4a Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Thu, 22 Feb 2018 11:39:11 +0000 Subject: [PATCH 2/3] - correctly trigger udev to update /dev/tpm* permissions after package installation. (bnc#1078687) OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=16 --- tpm2.0-abrmd.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tpm2.0-abrmd.changes b/tpm2.0-abrmd.changes index 33f9899..17b1086 100644 --- a/tpm2.0-abrmd.changes +++ b/tpm2.0-abrmd.changes @@ -7,6 +7,8 @@ Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com - Allow passing of sessions across connections with ContextSave / Load. - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. This fixes a memory leak in the TCTI library. +- correctly trigger udev to update /dev/tpm* permissions after package + installation. (bnc#1078687) ------------------------------------------------------------------- Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com From e7db476738c96d539afa6b187f43a56f4f39669b882df82d41700e2bf96b58b7 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Thu, 22 Feb 2018 12:17:22 +0000 Subject: [PATCH 3/3] reference added but unused patch to satisfy factory checkers - prepared support_dbus_activation.diff patch which adds D-Bus activation, but can't use it yet due to rpmlint OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=17 --- tpm2.0-abrmd.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tpm2.0-abrmd.changes b/tpm2.0-abrmd.changes index 17b1086..4ab425a 100644 --- a/tpm2.0-abrmd.changes +++ b/tpm2.0-abrmd.changes @@ -9,6 +9,8 @@ Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com This fixes a memory leak in the TCTI library. - correctly trigger udev to update /dev/tpm* permissions after package installation. (bnc#1078687) +- prepared support_dbus_activation.diff patch which adds D-Bus activation, but + can't use it yet due to rpmlint ------------------------------------------------------------------- Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com