From 5c1a7157c029c3e7569cd3c2a5c123992588ef28b1fda18e6b40118f2e0bae0b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 3 Aug 2017 08:12:52 +0000 Subject: [PATCH] Accepting request 514157 from home:mgerstner:branches:security this submission is coupled with sr#514156 and an update for tpm2.0-tools which I will submit right after. - no longer install the udev rule, it's now part of the new tpm2.0-abrmd package. - fixed a warning regarding a missing dependency of the devel package to the main package - correctly package library symlinks only in the devel package, the library itself only in the library package. Was mixed up before. - removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227. - Updated to upstream version 1.1.0 - With this version the resourcemgr daemon is dropped from this package. It is replaced by a completely new implementation found in a new package tpm2.0-abrmd. this package will only consist of the libraries any more. - Changed - tpmclient, disabled all tests that rely on the old resourcemgr. - Fixed - Fixed definition of PCR_LAST AND TRANSIENT_LAST macros. - Removed - tpmtest - resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd OBS-URL: https://build.opensuse.org/request/show/514157 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=47 --- 1.0.tar.gz | 3 -- 1.1.0.tar.gz | 3 ++ tpm2-0-tss-configure.patch | 13 -------- tpm2-0-tss.changes | 32 ++++++++++++++++++ tpm2-0-tss.spec | 66 +++++++------------------------------- 5 files changed, 46 insertions(+), 71 deletions(-) delete mode 100644 1.0.tar.gz create mode 100644 1.1.0.tar.gz delete mode 100644 tpm2-0-tss-configure.patch diff --git a/1.0.tar.gz b/1.0.tar.gz deleted file mode 100644 index 76d40ce..0000000 --- a/1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5697cfe7f4fd44d6ae1ec03cddb6b44d5cf5cd13e134c7238049551d1615488 -size 3790493 diff --git a/1.1.0.tar.gz b/1.1.0.tar.gz new file mode 100644 index 0000000..9dca1a0 --- /dev/null +++ b/1.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9825e1f8a5db12b4209f74df367c2df488e9973035b8917180bfcfcc5fd8b53f +size 3723605 diff --git a/tpm2-0-tss-configure.patch b/tpm2-0-tss-configure.patch deleted file mode 100644 index 04b8fb5..0000000 --- a/tpm2-0-tss-configure.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: TPM2.0-TSS-1.0/configure.ac -=================================================================== ---- TPM2.0-TSS-1.0.orig/configure.ac -+++ TPM2.0-TSS-1.0/configure.ac -@@ -7,7 +7,7 @@ AC_CONFIG_MACRO_DIR([m4]) - AC_PROG_CC - AC_PROG_CXX - LT_INIT() --AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])]) -+AX_PTHREAD([], []) - AM_INIT_AUTOMAKE([foreign - subdir-objects]) - AC_CONFIG_FILES([Makefile]) diff --git a/tpm2-0-tss.changes b/tpm2-0-tss.changes index 6ae4cd3..2e8a1d3 100644 --- a/tpm2-0-tss.changes +++ b/tpm2-0-tss.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Thu Jul 20 13:51:38 UTC 2017 - matthias.gerstner@suse.com + +- no longer install the udev rule, it's now part of the new tpm2.0-abrmd + package. +- fixed a warning regarding a missing dependency of the devel package to the + main package +- correctly package library symlinks only in the devel package, the library + itself only in the library package. Was mixed up before. + +------------------------------------------------------------------- +Wed Jul 19 14:10:02 UTC 2017 - matthias.gerstner@suse.com + +- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring + autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227. + +------------------------------------------------------------------- +Wed Jul 19 11:13:43 UTC 2017 - matthias.gerstner@suse.com + +- Updated to upstream version 1.1.0 + - With this version the resourcemgr daemon is dropped from this package. It + is replaced by a completely new implementation found in a new package + tpm2.0-abrmd. this package will only consist of the libraries any more. + + - Changed + - tpmclient, disabled all tests that rely on the old resourcemgr. + - Fixed + - Fixed definition of PCR_LAST AND TRANSIENT_LAST macros. + - Removed + - tpmtest + - resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd + ------------------------------------------------------------------- Sat May 27 05:07:22 UTC 2017 - bwiedemann@suse.com diff --git a/tpm2-0-tss.spec b/tpm2-0-tss.spec index 9003237..f39366e 100644 --- a/tpm2-0-tss.spec +++ b/tpm2-0-tss.spec @@ -17,15 +17,14 @@ Name: tpm2-0-tss -Version: 1.0 +Version: 1.1.0 Release: 0 -Summary: Intel's TCG Software Stack access library for TPM 2.0 chips +Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips License: BSD-2-Clause Group: Productivity/Security Url: https://github.com/01org/TPM2.0-TSS Source0: https://github.com/01org/TPM2.0-TSS/archive/%{version}.tar.gz Source2: baselibs.conf -Patch0: tpm2-0-tss-configure.patch # PATCH-FIX-UPSTREAM bmwiedemann https://github.com/01org/TPM2.0-TSS/pull/419 Patch1: reproducible.patch BuildRequires: autoconf-archive @@ -33,15 +32,14 @@ BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkg-config -BuildRequires: systemd-rpm-macros Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This -implementation is developed by INTEL. Note that the current resource manager -implementation is considered deprecated (a prototype, probably buggy and -insecure) by its developers. +implementation is developed by INTEL. This package contains the libraries, +see the tpm2.0-abrmd package for the resource manager daemon, tpm2.0-tools for +utilities. %package devel Summary: Development headers for the Intel TSS library for TPM 2.0 chips @@ -50,6 +48,7 @@ Requires: glibc-devel Requires: libsapi0 = %{version} Requires: libtcti-device0 = %{version} Requires: libtcti-socket0 = %{version} +Requires: tpm2-0-tss = %{version} %description devel This package provides the development files for the libsapi library @@ -57,8 +56,8 @@ for accessing TPM 2.0 chips. %package -n libsapi0 Summary: TPM2 System API library -Group: System/Libraries # Non-SLPP package name from earlier +Group: System/Libraries Obsoletes: libtss2 < %version-%release Provides: libtss2 = %version-%release @@ -84,7 +83,6 @@ TPM over a socket. %prep %setup -q -n TPM2.0-TSS-%{version} -%patch0 -p1 %patch1 -p1 %build @@ -95,11 +93,6 @@ make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread %install %make_install find %{buildroot} -type f -name "*.la" -delete -print -install -D -m 0644 contrib/resourcemgr.service %{buildroot}/%{_unitdir}/resourcemgr.service -sed -e 's#usr/local/sbin/#usr/sbin/#;' -i %{buildroot}/%{_unitdir}/resourcemgr.service -ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr -%define udev_rule_file 90-tpm.rules -install -D -m 0644 contrib/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file} %post -n libsapi0 -p /sbin/ldconfig %postun -n libsapi0 -p /sbin/ldconfig @@ -108,65 +101,28 @@ install -D -m 0644 contrib/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_ru %post -n libtcti-socket0 -p /sbin/ldconfig %postun -n libtcti-socket0 -p /sbin/ldconfig -%pre -# the same user is employed by trousers: -# -# trousers just needs those accounts for dropping privileges to. The service -# starts as root and uses set*id to drop to tss, after the tpm device has been -# opened. -# -# resourcemgr has no set*id handling and thus requires /dev/tpm to be owned -# by the tss user. Therefore we also need to install a udev rule file. -# -# trousers was here first and created the user like this, also giving it a -# home in /var/lib/tpm. I don't think the home directory is used by any of -# both packages ATM. Trousers is keeping state there, but the directory is -# owned by root and files are opened before dropping privileges. The passwd -# entry seems not to be evaluated. -# -# so I guess we can share the account between the two packages for now. -%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss -%_bindir/getent passwd tss >/dev/null || \ - %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ - -d %{_localstatedir}/lib/tpm tss -%service_add_pre resourcemgr.service - -%post -%service_add_post resourcemgr.service - -%postun -%service_del_postun resourcemgr.service - -%preun -%service_del_preun resourcemgr.service - %files %defattr(-,root,root) %doc *.md LICENSE -%{_sbindir}/resourcemgr -/%{_unitdir}/resourcemgr.service -%{_sbindir}/rcresourcemgr -%{_udevrulesdir}/%{udev_rule_file} %files devel %defattr(-,root,root) %{_includedir}/tcti %{_includedir}/sapi %{_libdir}/*.so +%{_libdir}/*.so.0 %{_libdir}/pkgconfig/*.pc -##only available in static form -#%%{_libdir}/libtddl.a %files -n libsapi0 %defattr(-,root,root) -%{_libdir}/libsapi.so.* +%{_libdir}/libsapi.so.0.0.0 %files -n libtcti-device0 %defattr(-,root,root) -%{_libdir}/libtcti-device.so.* +%{_libdir}/libtcti-device.so.0.0.0 %files -n libtcti-socket0 %defattr(-,root,root) -%{_libdir}/libtcti-socket.so.* +%{_libdir}/libtcti-socket.so.0.0.0 %changelog