Accepting request 514157 from home:mgerstner:branches:security

this submission is coupled with sr#514156 and an update for tpm2.0-tools which
I will submit right after.


- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
  package.
- fixed a warning regarding a missing dependency of the devel package to the
  main package
- correctly package library symlinks only in the devel package, the library
  itself only in the library package. Was mixed up before.

- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
  autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.

- Updated to upstream version 1.1.0
  - With this version the resourcemgr daemon is dropped from this package. It
    is replaced by a completely new implementation found in a new package
    tpm2.0-abrmd. this package will only consist of the libraries any more.
  - Changed
    - tpmclient, disabled all tests that rely on the old resourcemgr.
  - Fixed
    - Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
  - Removed
    - tpmtest
    - resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd

OBS-URL: https://build.opensuse.org/request/show/514157
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=47

1.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b5697cfe7f4fd44d6ae1ec03cddb6b44d5cf5cd13e134c7238049551d1615488
-size 3790493

1.1.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9825e1f8a5db12b4209f74df367c2df488e9973035b8917180bfcfcc5fd8b53f
+size 3723605

tpm2-0-tss-configure.patch

@@ -1,13 +0,0 @@
-Index: TPM2.0-TSS-1.0/configure.ac
-===================================================================
---- TPM2.0-TSS-1.0.orig/configure.ac
-+++ TPM2.0-TSS-1.0/configure.ac
-@@ -7,7 +7,7 @@ AC_CONFIG_MACRO_DIR([m4])
- AC_PROG_CC
- AC_PROG_CXX
- LT_INIT()
--AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])])
-+AX_PTHREAD([], [])
- AM_INIT_AUTOMAKE([foreign
-                   subdir-objects])
- AC_CONFIG_FILES([Makefile])

tpm2-0-tss.changes

@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Thu Jul 20 13:51:38 UTC 2017 - matthias.gerstner@suse.com
+
+- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
+  package.
+- fixed a warning regarding a missing dependency of the devel package to the
+  main package
+- correctly package library symlinks only in the devel package, the library
+  itself only in the library package. Was mixed up before.
+
+-------------------------------------------------------------------
+Wed Jul 19 14:10:02 UTC 2017 - matthias.gerstner@suse.com
+
+- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
+  autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
+
+-------------------------------------------------------------------
+Wed Jul 19 11:13:43 UTC 2017 - matthias.gerstner@suse.com
+
+- Updated to upstream version 1.1.0
+  - With this version the resourcemgr daemon is dropped from this package. It
+    is replaced by a completely new implementation found in a new package
+    tpm2.0-abrmd. this package will only consist of the libraries any more.
+
+  - Changed
+    - tpmclient, disabled all tests that rely on the old resourcemgr.
+  - Fixed
+    - Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
+  - Removed
+    - tpmtest
+    - resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
+
 -------------------------------------------------------------------
 Sat May 27 05:07:22 UTC 2017 - bwiedemann@suse.com
 

tpm2-0-tss.spec

@@ -17,15 +17,14 @@
 
 
 Name:           tpm2-0-tss
-Version:        1.0
+Version:        1.1.0
 Release:        0
-Summary:        Intel's TCG Software Stack access library for TPM 2.0 chips
+Summary:        Intel's TCG Software Stack access libraries for TPM 2.0 chips
 License:        BSD-2-Clause
 Group:          Productivity/Security
 Url:            https://github.com/01org/TPM2.0-TSS
 Source0:        https://github.com/01org/TPM2.0-TSS/archive/%{version}.tar.gz
 Source2:        baselibs.conf
-Patch0:         tpm2-0-tss-configure.patch
 # PATCH-FIX-UPSTREAM bmwiedemann https://github.com/01org/TPM2.0-TSS/pull/419
 Patch1:         reproducible.patch
 BuildRequires:  autoconf-archive
@@ -33,15 +32,14 @@ BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkg-config
-BuildRequires:  systemd-rpm-macros
 Requires(pre):  pwdutils
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This
-implementation is developed by INTEL. Note that the current resource manager
+implementation is developed by INTEL. This package contains the libraries,
-implementation is considered deprecated (a prototype, probably buggy and
+see the tpm2.0-abrmd package for the resource manager daemon, tpm2.0-tools for
-insecure) by its developers.
+utilities.
 
 %package devel
 Summary:        Development headers for the Intel TSS library for TPM 2.0 chips
@@ -50,6 +48,7 @@ Requires:       glibc-devel
 Requires:       libsapi0 = %{version}
 Requires:       libtcti-device0 = %{version}
 Requires:       libtcti-socket0 = %{version}
+Requires:       tpm2-0-tss = %{version}
 
 %description devel
 This package provides the development files for the libsapi library
@@ -57,8 +56,8 @@ for accessing TPM 2.0 chips.
 
 %package -n libsapi0
 Summary:        TPM2 System API library
-Group:          System/Libraries
 # Non-SLPP package name from earlier
+Group:          System/Libraries
 Obsoletes:      libtss2 < %version-%release
 Provides:       libtss2 = %version-%release
 
@@ -84,7 +83,6 @@ TPM over a socket.
 
 %prep
 %setup -q -n TPM2.0-TSS-%{version}
-%patch0 -p1
 %patch1 -p1
 
 %build
@@ -95,11 +93,6 @@ make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread
 %install
 %make_install
 find %{buildroot} -type f -name "*.la" -delete -print
-install -D -m 0644 contrib/resourcemgr.service %{buildroot}/%{_unitdir}/resourcemgr.service
-sed -e 's#usr/local/sbin/#usr/sbin/#;' -i %{buildroot}/%{_unitdir}/resourcemgr.service
-ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr
-%define udev_rule_file 90-tpm.rules
-install -D -m 0644 contrib/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
 
 %post -n libsapi0 -p /sbin/ldconfig
 %postun -n libsapi0 -p /sbin/ldconfig
@@ -108,65 +101,28 @@ install -D -m 0644 contrib/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_ru
 %post -n libtcti-socket0 -p /sbin/ldconfig
 %postun -n libtcti-socket0 -p /sbin/ldconfig
 
-%pre
-# the same user is employed by trousers:
-#
-# trousers just needs those accounts for dropping privileges to. The service
-# starts as root and uses set*id to drop to tss, after the tpm device has been
-# opened.
-#
-# resourcemgr has no set*id handling and thus requires /dev/tpm to be owned
-# by the tss user. Therefore we also need to install a udev rule file.
-#
-# trousers was here first and created the user like this, also giving it a
-# home in /var/lib/tpm. I don't think the home directory is used by any of
-# both packages ATM. Trousers is keeping state there, but the directory is
-# owned by root and files are opened before dropping privileges. The passwd
-# entry seems not to be evaluated.
-#
-# so I guess we can share the account between the two packages for now.
-%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss
-%_bindir/getent passwd tss >/dev/null || \
-	%{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \
-	-d %{_localstatedir}/lib/tpm tss
-%service_add_pre resourcemgr.service
-
-%post
-%service_add_post resourcemgr.service
-
-%postun
-%service_del_postun resourcemgr.service
-
-%preun
-%service_del_preun resourcemgr.service
-
 %files
 %defattr(-,root,root)
 %doc *.md LICENSE
-%{_sbindir}/resourcemgr
-/%{_unitdir}/resourcemgr.service
-%{_sbindir}/rcresourcemgr
-%{_udevrulesdir}/%{udev_rule_file}
 
 %files devel
 %defattr(-,root,root)
 %{_includedir}/tcti
 %{_includedir}/sapi
 %{_libdir}/*.so
+%{_libdir}/*.so.0
 %{_libdir}/pkgconfig/*.pc
-##only available in static form
-#%%{_libdir}/libtddl.a
 
 %files -n libsapi0
 %defattr(-,root,root)
-%{_libdir}/libsapi.so.*
+%{_libdir}/libsapi.so.0.0.0
 
 %files -n libtcti-device0
 %defattr(-,root,root)
-%{_libdir}/libtcti-device.so.*
+%{_libdir}/libtcti-device.so.0.0.0
 
 %files -n libtcti-socket0
 %defattr(-,root,root)
-%{_libdir}/libtcti-socket.so.*
+%{_libdir}/libtcti-socket.so.0.0.0
 
 %changelog