2016-03-24 13:32:00 +01:00
|
|
|
#
|
2016-08-22 14:02:21 +02:00
|
|
|
# spec file for package tpm2.0-tools
|
2016-03-24 13:32:00 +01:00
|
|
|
#
|
2022-07-07 17:38:12 +02:00
|
|
|
# Copyright (c) 2022 SUSE LLC
|
2016-03-24 13:32:00 +01:00
|
|
|
#
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2019-08-26 09:43:27 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2016-03-24 13:32:00 +01:00
|
|
|
#
|
|
|
|
|
2016-08-22 14:02:21 +02:00
|
|
|
|
2022-07-07 17:38:12 +02:00
|
|
|
%define _lto_cflags %{nil}
|
2022-07-08 13:40:48 +02:00
|
|
|
%bcond_without test
|
2016-03-24 14:51:15 +01:00
|
|
|
Name: tpm2.0-tools
|
Accepting request 926512 from home:aplanas:branches:security
- Update to version 5.2:
+ tpm2_nvextend:
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_Extend command to the TPM.
+ tpm2_nvread:
* Added option --rphash=FILE to specify ile path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NVRead command to the TPM.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
+ tpm2_nvsetbits:
* Added option --rphash=FILE to specify file path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_SetBits command to the TPM.
+ tpm2_createprimary:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_create:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_print:
* Support outputing public key in various public key formats over
the default YAML output. Supports taking -u output from
tpm2_create and converting it to a PEM or DER file format.
+ tpm2_import:
* Add support for importing keys with sealed-data-blobs.
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
* Add support for specifying the hash algorithm with oaep.
+ tpm2_pcrread, tpm2_quote:
* Add option -F, --pcrs_format to specify PCR format selection for
the binary blob in the PCR output file. 'values' will output a
binary blob of the PCR values. 'serialized' will output a binary
blob of the PCR values in the form of serialized data structure
in little endian format.
+ tpm2_eventlog:
* Add support for decoding StartupLocality.
* Add support for printing the partition information.
* Add support for reading eventlogs longer than 64kb including
from /sys/kernel/security/tpm0/binary_bios-measurements.
+ tpm2_duplicate:
* Add option -L, --policy to specify an authorization policy to be
associated with the duplicated object.
* Added support for external key duplication without needing the
TCTI.
+ tools:
* Enhance error message on invalid passwords when sessions cannot
be used.
+ lib/tpm2_options:
* Add option to specify fake tcti which is required in cases where
sapi ctx is required to be initialized for retrieving command
parameters without invoking the tcti to talk to the TPM.
+ openssl:
* Dropped support for OpenSSL < 1.1.0
* Add support for OpenSSL 3.0.0
+ Support added to make the repository documentation and man pages
available live on readthedocs.
+ Bug-fixes:
* tpm2_import: Don't allow setting passwords for imported object
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
structure. Added appropriate logging to indicate using
tpm2_changeauth after import.
* lib/tpm2_util.c: The function to calculate pHash algorithm
returned error when input session is a password session and the
only session in the command.
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
ECC.
* tpm2_sign: Fix segfaults when tool does not find TPM resources
(TPM or RM).
* tpm2_makecredential: Fix an issue where reading input from stdin
could result in unsupported data size larger than the largest
digest size.
* tpm2_loadexternal: Fix an issue where restricted attribute could
not be set.
* lib/tpm2_nv_util.h: The NV index size is dependent on different
data sets read from the GetCapability structures because there
is a dependency on the NV operation type: Define vs Read vs
Write vs Extend. Fix a sane default in the case where
GetCapability fails or fails to report the specific property/
data set. This is especially true because some properties are
TPM implementation dependent.
* tpm2_createpolicy: Fix an issue where tool exited silently
without reporting an error if wrong pcr string is specified.
* lib/tpm2_alg_util: add error message on public init to prevent
tools from dying silently, add an error message.
* tpm2_import: fix an issue where an imported hmac object scheme
was NULL. While allowed, it was inconsistent with other tools
like tpm2_create which set the scheme as hmac->sha256 when
generating a keyedhash object.
- Drop patches already in upstream:
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
OBS-URL: https://build.opensuse.org/request/show/926512
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=84
2021-10-20 12:13:52 +02:00
|
|
|
Version: 5.2
|
2016-03-24 13:32:00 +01:00
|
|
|
Release: 0
|
2016-03-24 14:51:15 +01:00
|
|
|
Summary: Trusted Platform Module (TPM) 2.0 administration tools
|
2016-04-05 15:46:01 +02:00
|
|
|
License: BSD-3-Clause
|
2016-03-24 13:32:00 +01:00
|
|
|
Group: Productivity/Security
|
2020-10-22 14:14:07 +02:00
|
|
|
URL: https://github.com/tpm2-software/tpm2-tools/releases
|
2018-02-22 12:21:56 +01:00
|
|
|
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
|
2021-06-28 11:47:58 +02:00
|
|
|
Source1: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz.asc
|
|
|
|
# git show william-roberts-pub javier-martinez-pub joshua-lock-pub idesai-pub > tpm2-tools.keyring
|
|
|
|
Source2: tpm2-tools.keyring
|
2019-12-11 14:30:50 +01:00
|
|
|
Patch0: fix_bogus_warning.patch
|
2022-07-08 10:32:19 +02:00
|
|
|
# PATCH-FIX-UPSTREAM 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch -- based on PR#3041
|
|
|
|
Patch1: 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
|
2016-08-22 14:02:21 +02:00
|
|
|
BuildRequires: gcc-c++
|
2017-03-01 17:18:06 +01:00
|
|
|
BuildRequires: libcurl-devel
|
|
|
|
BuildRequires: libopenssl-devel
|
2016-03-24 13:32:00 +01:00
|
|
|
BuildRequires: libtool
|
2020-10-22 15:30:56 +02:00
|
|
|
BuildRequires: libuuid-devel
|
2021-12-06 13:27:09 +01:00
|
|
|
BuildRequires: pkgconfig
|
|
|
|
BuildRequires: tpm2-0-tss-devel
|
|
|
|
BuildRequires: tpm2.0-abrmd-devel
|
2021-06-28 11:47:58 +02:00
|
|
|
BuildRequires: pkgconfig(efivar)
|
2021-12-06 13:27:09 +01:00
|
|
|
Recommends: tpm2.0-abrmd
|
2021-06-28 11:47:58 +02:00
|
|
|
# Pandoc is used for generating the man pages, but since 3.0.4 prebuilt man
|
|
|
|
# pages are shipped with the distribution tarball and we don't need to generate
|
|
|
|
# them any more. Pandoc is only available on openSUSE (not 32-bit x86) and not
|
|
|
|
# in Ring 1 (no haskell), so can't be used as build dependency here.
|
|
|
|
%if 0
|
2018-03-07 16:44:46 +01:00
|
|
|
%if 0%{?is_opensuse}
|
2021-06-14 10:57:05 +02:00
|
|
|
%ifnarch %{ix86}
|
2018-02-22 12:21:56 +01:00
|
|
|
BuildRequires: pandoc
|
2018-03-07 15:45:11 +01:00
|
|
|
%endif
|
2021-06-14 10:57:05 +02:00
|
|
|
%endif
|
2021-06-28 11:47:58 +02:00
|
|
|
%endif
|
2021-12-06 13:27:09 +01:00
|
|
|
%if %{with test}
|
2021-07-08 11:07:44 +02:00
|
|
|
# requirements for unit test suite (configure --enable-unit)
|
2022-07-08 10:32:19 +02:00
|
|
|
BuildRequires: dbus-1-daemon
|
2021-07-08 11:07:44 +02:00
|
|
|
BuildRequires: expect
|
|
|
|
BuildRequires: ibmswtpm2
|
2022-07-08 10:32:19 +02:00
|
|
|
BuildRequires: iproute2
|
2021-07-08 11:07:44 +02:00
|
|
|
BuildRequires: libcmocka-devel
|
2021-12-06 13:27:09 +01:00
|
|
|
BuildRequires: python3-PyYAML
|
2021-07-08 11:07:44 +02:00
|
|
|
BuildRequires: tpm2.0-abrmd
|
2021-07-09 09:27:41 +02:00
|
|
|
# for xxd, which is also required by the tests
|
|
|
|
BuildRequires: vim
|
2021-12-06 13:27:09 +01:00
|
|
|
%endif
|
2016-03-24 13:32:00 +01:00
|
|
|
|
|
|
|
%description
|
|
|
|
Trusted Computing is a set of specifications published by the Trusted
|
|
|
|
Computing Group (TCG). The Trusted Platform Module (TPM) is the
|
2016-08-22 14:02:21 +02:00
|
|
|
hardware component for Trusted Computing. The tpm2.0-tools package
|
|
|
|
provides tools for enablement and configuration of the TPM 2.0 and
|
|
|
|
associated interfaces.
|
2016-03-24 13:32:00 +01:00
|
|
|
|
|
|
|
%prep
|
2021-06-28 11:47:58 +02:00
|
|
|
%autosetup -p1 -n tpm2-tools-%{version}
|
2016-03-24 17:56:34 +01:00
|
|
|
|
2016-03-24 13:32:00 +01:00
|
|
|
%build
|
2021-07-08 11:07:44 +02:00
|
|
|
# help configure find required executables for testing
|
|
|
|
export PATH=$PATH:/usr/sbin:/usr/libexec/ibmtss
|
2021-12-06 13:27:09 +01:00
|
|
|
%configure --disable-static \
|
|
|
|
%{?with_test: --enable-unit}
|
|
|
|
%make_build
|
2016-03-24 13:32:00 +01:00
|
|
|
|
|
|
|
%install
|
2021-12-06 13:27:09 +01:00
|
|
|
%make_install
|
2016-03-24 13:32:00 +01:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
|
|
|
|
|
|
%files
|
Accepting request 926512 from home:aplanas:branches:security
- Update to version 5.2:
+ tpm2_nvextend:
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_Extend command to the TPM.
+ tpm2_nvread:
* Added option --rphash=FILE to specify ile path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NVRead command to the TPM.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
+ tpm2_nvsetbits:
* Added option --rphash=FILE to specify file path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_SetBits command to the TPM.
+ tpm2_createprimary:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_create:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_print:
* Support outputing public key in various public key formats over
the default YAML output. Supports taking -u output from
tpm2_create and converting it to a PEM or DER file format.
+ tpm2_import:
* Add support for importing keys with sealed-data-blobs.
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
* Add support for specifying the hash algorithm with oaep.
+ tpm2_pcrread, tpm2_quote:
* Add option -F, --pcrs_format to specify PCR format selection for
the binary blob in the PCR output file. 'values' will output a
binary blob of the PCR values. 'serialized' will output a binary
blob of the PCR values in the form of serialized data structure
in little endian format.
+ tpm2_eventlog:
* Add support for decoding StartupLocality.
* Add support for printing the partition information.
* Add support for reading eventlogs longer than 64kb including
from /sys/kernel/security/tpm0/binary_bios-measurements.
+ tpm2_duplicate:
* Add option -L, --policy to specify an authorization policy to be
associated with the duplicated object.
* Added support for external key duplication without needing the
TCTI.
+ tools:
* Enhance error message on invalid passwords when sessions cannot
be used.
+ lib/tpm2_options:
* Add option to specify fake tcti which is required in cases where
sapi ctx is required to be initialized for retrieving command
parameters without invoking the tcti to talk to the TPM.
+ openssl:
* Dropped support for OpenSSL < 1.1.0
* Add support for OpenSSL 3.0.0
+ Support added to make the repository documentation and man pages
available live on readthedocs.
+ Bug-fixes:
* tpm2_import: Don't allow setting passwords for imported object
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
structure. Added appropriate logging to indicate using
tpm2_changeauth after import.
* lib/tpm2_util.c: The function to calculate pHash algorithm
returned error when input session is a password session and the
only session in the command.
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
ECC.
* tpm2_sign: Fix segfaults when tool does not find TPM resources
(TPM or RM).
* tpm2_makecredential: Fix an issue where reading input from stdin
could result in unsupported data size larger than the largest
digest size.
* tpm2_loadexternal: Fix an issue where restricted attribute could
not be set.
* lib/tpm2_nv_util.h: The NV index size is dependent on different
data sets read from the GetCapability structures because there
is a dependency on the NV operation type: Define vs Read vs
Write vs Extend. Fix a sane default in the case where
GetCapability fails or fails to report the specific property/
data set. This is especially true because some properties are
TPM implementation dependent.
* tpm2_createpolicy: Fix an issue where tool exited silently
without reporting an error if wrong pcr string is specified.
* lib/tpm2_alg_util: add error message on public init to prevent
tools from dying silently, add an error message.
* tpm2_import: fix an issue where an imported hmac object scheme
was NULL. While allowed, it was inconsistent with other tools
like tpm2_create which set the scheme as hmac->sha256 when
generating a keyedhash object.
- Drop patches already in upstream:
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
OBS-URL: https://build.opensuse.org/request/show/926512
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=84
2021-10-20 12:13:52 +02:00
|
|
|
%doc doc/README.md doc/CHANGELOG.md
|
2021-02-02 13:23:20 +01:00
|
|
|
%license doc/LICENSE
|
2021-12-06 13:27:09 +01:00
|
|
|
%{_bindir}/tpm2*
|
|
|
|
%{_bindir}/tss2*
|
2021-01-28 11:50:59 +01:00
|
|
|
%{_mandir}/man1/tpm2*
|
|
|
|
%{_mandir}/man1/tss2*
|
2019-12-11 14:30:50 +01:00
|
|
|
%dir %{_datadir}/bash-completion
|
|
|
|
%dir %{_datadir}/bash-completion/completions
|
|
|
|
%{_datadir}/bash-completion/completions/*
|
2016-03-24 13:32:00 +01:00
|
|
|
|
2021-12-06 13:27:09 +01:00
|
|
|
%if %{with test}
|
|
|
|
%check
|
2022-07-08 13:40:48 +02:00
|
|
|
# Do the tests sequentially to kill all tpm_server instances
|
|
|
|
# https://github.com/tpm2-software/tpm2-tools/issues/3042
|
|
|
|
%make_build -j1 check
|
2021-12-06 13:27:09 +01:00
|
|
|
%endif
|
2021-07-08 11:07:44 +02:00
|
|
|
|
2016-03-24 13:32:00 +01:00
|
|
|
%changelog
|