diff options
Diffstat (limited to 'app-crypt/tpm2-tools/files')
7 files changed, 253 insertions, 79 deletions
diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-4.3.0-Remove-WError.patch b/app-crypt/tpm2-tools/files/tpm2-tools-4.3.0-Remove-WError.patch deleted file mode 100644 index caa3fac23bf4..000000000000 --- a/app-crypt/tpm2-tools/files/tpm2-tools-4.3.0-Remove-WError.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 7b5c2196..d07d5433 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -210,7 +210,6 @@ AS_IF([test x"$enable_hardening" != x"no"], [ - - add_hardened_c_flag([-Wall]) - add_hardened_c_flag([-Wextra]) -- add_hardened_c_flag([-Werror]) - - add_hardened_c_flag([-Wformat]) - add_hardened_c_flag([-Wformat-security]) diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch deleted file mode 100644 index 25f3ef43fe3d..000000000000 --- a/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://bugs.gentoo.org/812047 - -From 0cea7f0f78f1a9e8dca789eb5f2ece052e026bed Mon Sep 17 00:00:00 2001 -From: Christopher Byrne <salah.coronya@gmail.com> -Date: Tue, 7 Sep 2021 20:22:27 -0500 -Subject: [PATCH] configure.ac: Fix automagic depency on libefivar - -Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> ---- - configure.ac | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f1c17116..bdb4abda 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -62,8 +62,12 @@ PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) - PKG_CHECK_MODULES([CURL], [libcurl]) - - # pretty print of devicepath if efivar library is present --PKG_CHECK_MODULES([EFIVAR], [efivar],,[true]) --AC_CHECK_HEADERS([efivar/efivar.h]) -+AC_ARG_WITH([efivar], AS_HELP_STRING([--without-efivar], [Build without efivar library (default: test)])) -+ -+AS_IF([test "x$with_efivar" != "xno"], [ -+ PKG_CHECK_MODULES([EFIVAR], [efivar]) -+ AC_CHECK_HEADERS([efivar/efivar.h]) -+]) - - # backwards compat with older pkg-config - # - pull in AC_DEFUN from pkg.m4 --- -2.32.0 - diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch deleted file mode 100644 index e1094647bdfd..000000000000 --- a/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 3d80fad66694ad14a58dd89204a25e9248c4ab0c Mon Sep 17 00:00:00 2001 -From: Jonas Witschel <git@diabonas.de> -Date: Wed, 29 Sep 2021 17:08:07 +0200 -Subject: [PATCH] testparms: fix condition for negative test - -Commit e858dec76686bb4c42e74e0984b433231e530f93 ("testparms: ensure curve not -supported before negative test") is supposed to ensure that the negative test -is run only if ecc521 is *not* supported, but instead it runs the negative test -if ecc521 is *available*. This worked anyway for libtpms < 0.9.0 because camellia -was not supported, but since libtpms 0.9.0 added support for this algorithm, the -test suite fails now with swtpm. - -Signed-off-by: Jonas Witschel <git@diabonas.de> ---- - test/integration/tests/testparms.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/integration/tests/testparms.sh b/test/integration/tests/testparms.sh -index 8c3548e5..a587a60a 100644 ---- a/test/integration/tests/testparms.sh -+++ b/test/integration/tests/testparms.sh -@@ -63,7 +63,7 @@ else - fi - - # Attempt to specify a suite that is not supported (error from TPM) --if tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then -+if ! tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then - if tpm2 testparms "ecc521:ecdsa:camellia" &>/dev/null; then - echo "tpm2 testparms succeeded while it shouldn't or TPM failed" - exit 1 --- -2.32.0 - diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch new file mode 100644 index 000000000000..7b6fc8821940 --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch @@ -0,0 +1,15 @@ +diff --git a/Makefile.am b/Makefile.am +index 627983ca..d32f109c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -659,10 +659,3 @@ else + endif + + check: prepare-check +- +-if !HAVE_PANDOC +-# If pandoc is not enabled, we want to complain that you need pandoc for make dist, +-# so hook the target and complain. +- @(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages") +- @exit 1 +-endif diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch new file mode 100644 index 000000000000..01ce4301d4e3 --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch @@ -0,0 +1,47 @@ +https://github.com/tpm2-software/tpm2-tools/pull/3339 + +From 9f244c3f74747b7f79c8c6813657b2f2f8a1c844 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sun, 21 Jan 2024 08:08:28 +0000 +Subject: [PATCH] configure.ac: fix bashisms + +configure scripts need to be runnable with a POSIX-compliant /bin/sh. + +On many (but not all!) systems, /bin/sh is provided by Bash, so errors +like this aren't spotted. Notably Debian defaults to /bin/sh provided +by dash which doesn't tolerate such bashisms as '=='. + +This retains compatibility with bash. + +Fixes configure warnings/errors like: +``` +checking for libcurl... yes +./configure: 15201: test: xauto: unexpected operator +./configure: 15286: test: xauto: unexpected operator +checking for efivar/efivar.h... yes +``` + +This fixes a build error later on too: +``` +/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: lib/libcommon.a(libcommon_a-tpm2_eventlog_yaml.o): in function `yaml_devicepath': +tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x2f): undefined reference to `efidp_format_device_path' +/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x61): undefined reference to `efidp_format_device_path' +``` + +Bug: https://bugs.gentoo.org/922592 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/configure.ac ++++ b/configure.ac +@@ -94,9 +94,9 @@ AC_ARG_WITH([efivar], + ) + + # use the true program to avoid failing hard +-AS_IF([test "x$with_efivar" == "xauto"], ++AS_IF([test "x$with_efivar" = "xauto"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h], , [true])], [true])], +- [test "x$with_efivar" == "xyes"], ++ [test "x$with_efivar" = "xyes"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + + diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch new file mode 100644 index 000000000000..f24cf50aff5c --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch @@ -0,0 +1,123 @@ +From 9cd74df24dbeee81b408e12ac10a98a088008d07 Mon Sep 17 00:00:00 2001 +From: Juergen Repp <juergen_repp@web.de> +Date: Mon, 20 Nov 2023 13:55:36 +0100 +Subject: [PATCH] test eventlog: fix check eventlog.sh if efivar.h exists + +If efivar.h exist a pretty print function for the DevicePath +is executed. Therefore two yaml test files are needed for +the bin test file uefiservices. +Fixes #3302. + +Signed-off-by: Juergen Repp <juergen_repp@web.de> +--- + Makefile.am | 13 ++++++ + configure.ac | 3 ++ + .../event-uefiservices.bin.yaml.pretty | 45 +++++++++++++++++++ + ...n.yaml => event-uefiservices.bin.yaml.raw} | 0 + 4 files changed, 61 insertions(+) + create mode 100644 test/integration/fixtures/event-uefiservices.bin.yaml.pretty + rename test/integration/fixtures/{event-uefiservices.bin.yaml => event-uefiservices.bin.yaml.raw} (100%) + +diff --git a/Makefile.am b/Makefile.am +index 413345cd..ef76dca8 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -352,6 +352,7 @@ TEST_EXTENSIONS = .sh + + check-hook: + rm -rf .lock_file ++ rm -f $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml + + EXTRA_DIST_IGNORE = \ + .gitignore \ +@@ -647,6 +648,18 @@ dist-hook: + for f in $(EXTRA_DIST_IGNORE); do \ + rm -rf `find $(distdir) -name $$f`; \ + done; ++ ++prepare-check: ++if HAVE_EFIVAR_H ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.pretty \ ++ $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml ++else ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.raw \ ++ $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml ++endif ++ ++check: prepare-check ++ + if !HAVE_PANDOC + # If pandoc is not enabled, we want to complain that you need pandoc for make dist, + # so hook the target and complain. +diff --git a/configure.ac b/configure.ac +index 362ae0aa..54224048 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -97,6 +97,9 @@ AS_IF([test "x$with_efivar" == "xauto"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + ++AC_CHECK_HEADERS([efivar/efivar.h],[efivar_h=yes ], [efivar = no ]) ++AM_CONDITIONAL([HAVE_EFIVAR_H], [test "$efivar_h" = yes]) ++ + # backwards compat with older pkg-config + # - pull in AC_DEFUN from pkg.m4 + m4_ifndef([PKG_CHECK_VAR], [ +diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml.pretty b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty +new file mode 100644 +index 00000000..f0819f70 +--- /dev/null ++++ b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty +@@ -0,0 +1,45 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "855685b4dbd4b67d50e0594571055054cfe2b1e9" ++ - AlgorithmId: sha256 ++ Digest: "dd8576b4ff346c19c56c3e4f97ce55c5afa646f9c669be0a7cdd05057a0ecdf3" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7dcf6018 ++ ImageLengthInMemory: 171464 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath1: 'PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Offset(0x12600,0x3c3ff)' ++pcrs: ++ sha1: ++ 2 : 0x5b5f4d5c31664f01670a98a5796a36473671befc ++ sha256: ++ 2 : 0x35fcf9d737c52c971f7c74058d36937dbd7824177fa0f1de3eba3934fcb83b9d +diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml b/test/integration/fixtures/event-uefiservices.bin.yaml.raw +similarity index 100% +rename from test/integration/fixtures/event-uefiservices.bin.yaml +rename to test/integration/fixtures/event-uefiservices.bin.yaml.raw +-- +2.41.0 + diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog.sh-Fix-accidental-deletions.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog.sh-Fix-accidental-deletions.patch new file mode 100644 index 000000000000..7274ee40827a --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog.sh-Fix-accidental-deletions.patch @@ -0,0 +1,68 @@ +From 4dec5295361d753c3466bc9e8b0ae3a3cc58dff5 Mon Sep 17 00:00:00 2001 +From: Juergen Repp <juergen_repp@web.de> +Date: Thu, 4 Apr 2024 09:42:51 +0200 +Subject: [PATCH] test eventlog.sh Fix accidental deletions. + +* Accidental deletions made in commit 196e3d439407e81040ced054a8ed302489348a9d + are undone. +* python3 is used as default instead of python. + +Signed-off-by: Juergen Repp <juergen_repp@web.de> +--- + test/integration/tests/eventlog.sh | 33 ++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/test/integration/tests/eventlog.sh b/test/integration/tests/eventlog.sh +index 9d5290f0..e7c13706 100755 +--- a/test/integration/tests/eventlog.sh ++++ b/test/integration/tests/eventlog.sh +@@ -3,7 +3,7 @@ + set -E + shopt -s expand_aliases + +-alias python=${PYTHON-python} ++alias python=${PYTHON-python3} + + yaml_validate() { + cmd=$1 +@@ -88,7 +88,36 @@ expect_pass() { + expect_fail + expect_fail foo + expect_fail foo bar +-expect_fail ${srcdir}/test/integration/fix ++expect_fail ${srcdir}/test/integration/fixtures/event-bad.bin ++ ++expect_pass ${srcdir}/test/integration/fixtures/specid-vendordata.bin ++expect_pass ${srcdir}/test/integration/fixtures/event.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefivar.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefiaction.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefiservices.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefi-sha1-log.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-bootorder.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-postcode.bin ++ ++# Make sure that --eventlog-version=2 works on complete TPM2 logs ++expect_pass ${srcdir}/test/integration/fixtures/event-arch-linux.bin --eventlog-version=2 ++expect_pass ${srcdir}/test/integration/fixtures/event-gce-ubuntu-2104-log.bin --eventlog-version=2 ++expect_pass ${srcdir}/test/integration/fixtures/event-sd-boot-fedora37.bin --eventlog-version=2 ++expect_pass ${srcdir}/test/integration/fixtures/event-moklisttrusted.bin --eventlog-version=2 ++ ++# Pick an event with leading whitespace and validate we have ++# preserved it correctly after parsing the YAML ++event=$(yaml_validate "print(y['events'][80]['Event']['String'])" < ${srcdir}/test/integration/fixtures/event-moklisttrusted.bin.yaml | tr -d '\0') ++expect=$(echo -e "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\t\tfwsetup\n\t}") ++if test "$event" != "$expect" ++then ++ echo "Got $event" ++ echo "Want $expect" ++ exit 1 ++fi ++ ++# Compare strings generated by tpm2_eventlog with binary data of the corresponding ++# events. + hex_file="${srcdir}/test/integration/fixtures/event-moklisttrusted-hex.yaml" + tool_file="${srcdir}/test/integration/fixtures/event-moklisttrusted.bin.yaml" + +-- +2.43.2 + |