diff options
4 files changed, 188 insertions, 0 deletions
diff --git a/app-crypt/swtpm/Manifest b/app-crypt/swtpm/Manifest index ebc321991daf..c4ace87338a9 100644 --- a/app-crypt/swtpm/Manifest +++ b/app-crypt/swtpm/Manifest @@ -1 +1,2 @@ DIST swtpm-0.3.1.tar.gz 308576 BLAKE2B 96c44654b92d453d91594aed6fdd4cb56853973c1215bfb131e750d38a3ed1e64e3283647e54ad9ad84747406f53d7ac4f221fc5b319d7fa80bab758fed04062 SHA512 4b3e58048336ee82a87d17905a7d0dc5fbe13160ebb8f072b91410e782dae7fafc72e572a2f6aa2b1d9f4377074c01afd30505b9e71d92b8d7066365811d3e3f +DIST swtpm-0.3.2.tar.gz 308843 BLAKE2B 501c600e36a437fc99f662f1c217169cab15b0d4ec4a4551a29dd83541c9718e182c7eb13a43e541da453fc28c48232354b617525e32d9721e697744eaa5a17a SHA512 5da668cd8091f0db70bec52cd8d26bacf7b18e4c27c83c1cba25e59c69bb2ba7a1d011d9bf4bafa44e1a49065538445eb56683806be6f1875cba383f8edb6a4f diff --git a/app-crypt/swtpm/files/swtpm-build-sys-Explicitly-link-libswtpm_libtpms-with-lcry.patch b/app-crypt/swtpm/files/swtpm-build-sys-Explicitly-link-libswtpm_libtpms-with-lcry.patch new file mode 100644 index 000000000000..d4ad9cda0c2d --- /dev/null +++ b/app-crypt/swtpm/files/swtpm-build-sys-Explicitly-link-libswtpm_libtpms-with-lcry.patch @@ -0,0 +1,49 @@ +From d9bc718871810d18c70ba9d4e9ee23071bd6db36 Mon Sep 17 00:00:00 2001 +From: Stefan Berger <stefanb@linux.vnet.ibm.com> +Date: Tue, 21 Jul 2020 18:39:07 -0400 +Subject: [PATCH 2/2] build-sys: Explicitly link libswtpm_libtpms with -lcrypto + (Gentoo) + +This patch fixes the following linker issue reported for Gentoo in +issue #280. + +ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to EVP_sha512 +ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to PKCS5_PBKDF2_HMAC +ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to SHA512 + +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> +--- + configure.ac | 2 ++ + src/swtpm/Makefile.am | 3 ++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 56d3f09..7aaa201 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -150,6 +150,8 @@ openssl) + AC_CHECK_HEADERS([openssl/aes.h],[], + AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?)) + AC_MSG_RESULT([Building with openssl crypto library]) ++ LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto) ++ AC_SUBST([LIBCRYPTO_LIBS]) + ;; + esac + +diff --git a/src/swtpm/Makefile.am b/src/swtpm/Makefile.am +index dd2a63a..b5f15e3 100644 +--- a/src/swtpm/Makefile.am ++++ b/src/swtpm/Makefile.am +@@ -69,7 +69,8 @@ libswtpm_libtpms_la_LIBADD = \ + $(LIBTPMS_LIBS) \ + $(GLIB_LIBS) \ + $(LIBRT_LIBS) \ +- $(LIBSECCOMP_LIBS) ++ $(LIBSECCOMP_LIBS) \ ++ $(LIBCRYPTO_LIBS) + + bin_PROGRAMS = swtpm + if WITH_CUSE +-- +2.26.2 + diff --git a/app-crypt/swtpm/files/swtpm-build-sys-Use-AC_COMPILE_IFELSE-to-check-for-unused-.patch b/app-crypt/swtpm/files/swtpm-build-sys-Use-AC_COMPILE_IFELSE-to-check-for-unused-.patch new file mode 100644 index 000000000000..582199708057 --- /dev/null +++ b/app-crypt/swtpm/files/swtpm-build-sys-Use-AC_COMPILE_IFELSE-to-check-for-unused-.patch @@ -0,0 +1,56 @@ +From b6d16129a525f572ef37d20ba1cd70d59ca4f079 Mon Sep 17 00:00:00 2001 +From: Stefan Berger <stefanb@linux.vnet.ibm.com> +Date: Tue, 21 Jul 2020 17:38:10 -0400 +Subject: [PATCH 1/2] build-sys: Use AC_COMPILE_IFELSE to check for unused + linker flags (clang) + +This patch fixes a clang issue report in issue #280. + +clang does not use ld, so we cannot grep for support of certain linker +flags but have to test-compile. + +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> +--- + configure.ac | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/configure.ac b/configure.ac +index b4d4258..56d3f09 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -357,13 +357,25 @@ if test "x$enable_hardening" != "xno"; then + if test -z "$TMP1" && test -n "$TPM2"; then + HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 " + fi +- dnl Check ld for 'relro' and 'now' +- if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then +- HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,relro " +- fi +- if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then +- HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,now " +- fi ++ dnl Check linker for 'relro' and 'now' ++ save_CFLAGS="$CFLAGS" ++ CFLAGS="-Wl,-z,relro -Werror" ++ AC_MSG_CHECKING([whether linker supports -Wl,-z,relro]) ++ AC_COMPILE_IFELSE( ++ [AC_LANG_SOURCE([[int main() { return 0; }]])], ++ [HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,relro" ++ AC_MSG_RESULT(yes)], ++ [AC_MSG_RESULT(no)] ++ ) ++ CFLAGS="-Wl,-z,now -Werror" ++ AC_MSG_CHECKING([whether linker supports -Wl,-z,now]) ++ AC_COMPILE_IFELSE( ++ [AC_LANG_SOURCE([[int main() { return 0; }]])], ++ [HARDENING_CFLAGS="$HARDENING_CFLAGS -Wl,-z,now" ++ AC_MSG_RESULT(yes)], ++ [AC_MSG_RESULT(no)] ++ ) ++ CFLAGS="$save_CFLAGS" + AC_SUBST([HARDENING_CFLAGS]) + fi + +-- +2.26.2 + diff --git a/app-crypt/swtpm/swtpm-0.3.2.ebuild b/app-crypt/swtpm/swtpm-0.3.2.ebuild new file mode 100644 index 000000000000..00ff234d61a6 --- /dev/null +++ b/app-crypt/swtpm/swtpm-0.3.2.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6,7,8} ) + +inherit autotools python-any-r1 + +DESCRIPTION="Libtpms-based TPM emulator" +HOMEPAGE="https://github.com/stefanberger/swtpm" +SRC_URI="https://github.com/stefanberger/swtpm/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64" +IUSE="fuse gnutls libressl seccomp test" + +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + fuse? ( + dev-libs/glib:2 + sys-fs/fuse:0 + ) + gnutls? ( + dev-libs/libtasn1:= + >=net-libs/gnutls-3.1.0[tools] + ) + !libressl? ( + dev-libs/openssl:0= + dev-libs/libtpms[-libressl] + ) + libressl? ( + dev-libs/libressl:0= + dev-libs/libtpms[libressl] + ) + seccomp? ( sys-libs/libseccomp ) +" + +DEPEND="${COMMON_DEPEND} + test? ( + net-misc/socat + ${PYTHON_DEPS} + ) +" + +RDEPEND="${COMMON_DEPEND} + acct-group/tss + acct-user/tss + app-crypt/tpm-tools + app-crypt/trousers + dev-tcltk/expect" + +PATCHES=( + "${FILESDIR}/${PN}-fix-localca-path.patch" + "${FILESDIR}/${PN}-build-sys-Explicitly-link-libswtpm_libtpms-with-lcry.patch" + "${FILESDIR}/${PN}-build-sys-Use-AC_COMPILE_IFELSE-to-check-for-unused-.patch" + ) + +src_prepare() { + use test || eapply "${FILESDIR}/${PN}-disable-test-dependencies.patch" + default + eautoreconf +} + +src_configure() { + econf \ + --disable-static \ + --with-openssl \ + --without-selinux \ + $(use_with fuse cuse) \ + $(use_with gnutls) \ + $(use_with seccomp) +} + +src_install() { + default + fowners tss:tss /var/lib/swtpm-localca + keepdir /var/lib/swtpm-localca + find "${D}" -name '*.la' -delete || die +} |