diff options
Diffstat (limited to 'app-crypt/tpm2-tss/files')
8 files changed, 153 insertions, 135 deletions
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch deleted file mode 100644 index b66b6e79c143..000000000000 --- a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 183289f7..c791896c 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -689,24 +689,6 @@ endif #FAPI - EXTRA_DIST += dist/tpm-udev.rules - - install-dirs: --if HOSTOS_LINUX --if SYSD_SYSUSERS -- @echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf" -- @systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group" --else -- @echo "call make_tss_user_and_group" -- @$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group" --endif --if SYSD_TMPFILES -- @echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf" -- @systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions" --else -- @echo "(call make_fapi_dirs) && (call set_fapi_permissions)" -- @-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions" --endif -- @echo "call check_fapi_dirs" -- @$(call check_fapi_dirs) --endif - - install-data-hook: install-dirs - -if [ ! -z "$(udevrulesprefix)" ]; then \ diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-Dont-run-systemd-sysusers-in-Makefile.patch deleted file mode 100644 index 90b12801226b..000000000000 --- a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-Dont-run-systemd-sysusers-in-Makefile.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index ce19aac3..22a8c075 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -498,10 +498,9 @@ fapi-config.json: dist/fapi-config.json.in - -e 's|[@]userstatedir@|$(userstatedir)|g' \ - < "$<" > "$@" - --sysusers_DATA = dist/sysusers.d/tpm2-tss.conf - tmpfiles_DATA = tpm2-tss-fapi.conf - --EXTRA_DIST += dist/sysusers.d/tpm2-tss.conf dist/tmpfiles.d/tpm2-tss-fapi.conf.in -+EXTRA_DIST += dist/tmpfiles.d/tpm2-tss-fapi.conf.in - CLEANFILES += tpm2-tss-fapi.conf - - # We have to do this ourselves, in order to get absolute paths -@@ -726,13 +725,6 @@ EXTRA_DIST += dist/tpm-udev.rules - - install-dirs: - if HOSTOS_LINUX --if SYSD_SYSUSERS -- @echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf" -- @systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group" --else -- @echo "call make_tss_user_and_group" -- @$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group" --endif - if SYSD_TMPFILES - @echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf" - @systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions" -diff --git a/configure.ac b/configure.ac -index 6482944f..44c0e383 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -483,22 +483,9 @@ AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_cer - [AC_MSG_WARN([Running integration tests without EK certificate verification, use --enable-self-generated-certificate for full test coverage])]) - - # Check for systemd helper tools used by make install --AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes) --AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") - AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) - AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") - --# Check all tools used by make install --AS_IF([test "$HOSTOS" = "Linux"], -- [ AC_CHECK_PROG(useradd, useradd, yes) -- AC_CHECK_PROG(groupadd, groupadd, yes) -- AC_CHECK_PROG(adduser, adduser, yes) -- AC_CHECK_PROG(addgroup, addgroup, yes) -- AS_IF([test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" ], -- [AC_MSG_ERROR([addgroup or groupadd are needed.])]) -- AS_IF([test "x$adduser" != "xyes" && test "x$useradd" != "xyes" ], -- [AC_MSG_ERROR([adduser or useradd are needed.])])]) -- - AC_SUBST([PATH]) - - dnl --------- Doxy Gen ----------------------- diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-slibtool.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-slibtool.patch deleted file mode 100644 index b7d5e5c7d96d..000000000000 --- a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-slibtool.patch +++ /dev/null @@ -1,49 +0,0 @@ -Bug: https://bugs.gentoo.org/858674 -Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2391 -Upstream-Commit: https://github.com/tpm2-software/tpm2-tss/commit/5e626ab72283017cf4cb2dc4b101d16a58a6c470 - -From f61fd726c064e909b7576f233f0ad0e885e1752e Mon Sep 17 00:00:00 2001 -From: orbea <orbea@riseup.net> -Date: Thu, 14 Jul 2022 09:22:49 -0700 -Subject: [PATCH] build: Remove erroneous comma - -When building tpm2-tss with slibtool instead of GNU libtool the build -will fail during 'make check'. This happens because there is an extra -erroneous comma which is then passed to gcc causing it to fail to find a -non-existent file. With GNU libtool it appears that the comma is -silently removed while slibtool does not do this. - -rdlibtool --tag=CC --mode=link gcc -I./src -I./include/tss2 -I./test/fuzz/tcti -std=c99 -Wall -Wextra -Wformat-security -Werror -fstack-protector-all -fpic -fPIC -Wno-missing-braces -Wstrict-overflow=5 -DINTERNALBUILD=1 -I./include -I./src/tss2-mu -I./src/tss2-sys -I./src/tss2-esys -I./src/tss2-fapi -I./test/data -Wno-unused-parameter -Wno-missing-field-initializers -DTOP_SOURCEDIR="." -DTOP_SOURCEDIR="." -g -Wl,--wrap=read -Wl,--wrap=write, -Wl,--wrap=poll -Wl,--wrap=open -o test/unit/tcti-device test/unit/tcti_device-tcti-device.o src/tss2-tcti/test_unit_tcti_device-tcti-common.o src/tss2-tcti/test_unit_tcti_device-tcti-device.o -lcmocka src/tss2-mu/libtss2-mu.la libutil.la - -rdlibtool: lconf: {.name="libtool"}. -rdlibtool: fdcwd: {.fdcwd=AT_FDCWD, .realpath="/tmp/tpm2-tss"}. -rdlibtool: lconf: fstatat(AT_FDCWD,".",...) = 0 {.st_dev = 45, .st_ino = 15835}. -rdlibtool: lconf: openat(AT_FDCWD,"libtool",O_RDONLY,0) = 3. -rdlibtool: lconf: found "/tmp/tpm2-tss/libtool". -rdlibtool: link: gcc test/unit/tcti_device-tcti-device.o src/tss2-tcti/test_unit_tcti_device-tcti-common.o src/tss2-tcti/test_unit_tcti_device-tcti-device.o .libs/libutil.a -I./src -I./include/tss2 -I./test/fuzz/tcti -std=c99 -Wall -Wextra -Wformat-security -Werror -fstack-protector-all -fpic -fPIC -Wno-missing-braces -Wstrict-overflow=5 -DINTERNALBUILD=1 -I./include -I./src/tss2-mu -I./src/tss2-sys -I./src/tss2-esys -I./src/tss2-fapi -I./test/data -Wno-unused-parameter -Wno-missing-field-initializers -DTOP_SOURCEDIR="." -DTOP_SOURCEDIR="." -g -Wl,--wrap=read -Wl,--wrap=write, -Wl,--wrap=poll -Wl,--wrap=open -lcmocka -Lsrc/tss2-mu/.libs -ltss2-mu -L.libs -o test/unit/.libs/tcti-device -/usr/lib/gcc/x86_64-pc-linux-gnu/11.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find : No such file or directory -collect2: error: ld returned 1 exit status -rdlibtool: exec error upon slbt_exec_link_create_executable(), line 1745: (see child process error messages). -rdlibtool: < returned to > slbt_exec_link(), line 2155. -make[1]: *** [Makefile:14899: test/unit/tcti-device] Error 2 -make[1]: Leaving directory '/tmp/tpm2-tss' -make: *** [Makefile:29619: check-am] Error 2 - -Signed-off-by: orbea <orbea@riseup.net> ---- - Makefile-test.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile-test.am b/Makefile-test.am -index bb933e956..533dfb38a 100644 ---- a/Makefile-test.am -+++ b/Makefile-test.am -@@ -413,7 +413,7 @@ if UNIT - if ENABLE_TCTI_DEVICE - test_unit_tcti_device_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) - test_unit_tcti_device_LDADD = $(CMOCKA_LIBS) $(libtss2_mu) $(libutil) --test_unit_tcti_device_LDFLAGS = -Wl,--wrap=read -Wl,--wrap=write, -Wl,--wrap=poll \ -+test_unit_tcti_device_LDFLAGS = -Wl,--wrap=read -Wl,--wrap=write -Wl,--wrap=poll \ - -Wl,--wrap=open - test_unit_tcti_device_SOURCES = test/unit/tcti-device.c \ - src/tss2-tcti/tcti-common.c \ diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch new file mode 100644 index 000000000000..ca51ab7f9382 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch @@ -0,0 +1,26 @@ +diff --git a/Makefile.am b/Makefile.am +index 2c81cfa9..2673995c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -767,13 +767,11 @@ define set_tss_permissions + endef + + define make_fapi_dirs +- ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \ + ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) + endef + + define set_fapi_permissions + if test -z "${DESTDIR}"; then \ e +- ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \ + ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \ + fi + endef +@@ -784,7 +782,6 @@ endef + + define check_fapi_dirs + if test -z "${DESTDIR}"; then \ +- ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \ + ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \ + fi; + endef diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch new file mode 100644 index 000000000000..83f123ffdc52 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch @@ -0,0 +1,27 @@ +From 0632885d08917092ffc8d98febd158745a74465a Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 4 Aug 2023 16:07:52 +0200 +Subject: [PATCH] Do not consider failures to write files in /sys hard errors + +systemd-tmpfiles can run in containers, chroots, ... where writing to /sys will fail, so let's suffix these lines with "-" to avoid considering these cases hard errors. + +Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> +--- + dist/tmpfiles.d/tpm2-tss-fapi.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +index 7ea3c652..51ff78e5 100644 +--- a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in ++++ b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +@@ -3,5 +3,5 @@ d @localstatedir@/lib/tpm2-tss/system/keystore 2775 tss tss - + a+ @localstatedir@/lib/tpm2-tss/system/keystore - - - - default:group:tss:rwx + d @runstatedir@/tpm2-tss/eventlog 2775 tss tss - - + a+ @runstatedir@/tpm2-tss/eventlog - - - - default:group:tss:rwx +-z /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - +-z /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - ++z- /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - ++z- /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - +-- +2.43.0 + diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch new file mode 100644 index 000000000000..d93fcf9ef2d6 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch @@ -0,0 +1,50 @@ +From 75f53cf7eab591870ce735203995d01d2f577187 Mon Sep 17 00:00:00 2001 +From: Christopher Byrne <salah.coronya@gmail.com> +Date: Tue, 13 Jun 2023 21:40:56 -0500 +Subject: [PATCH] configure.ac: Make sysusers and tmpfiles optional + +Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> +--- + Makefile.am | 6 +++++- + configure.ac | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 2c81cfa9..98965fa7 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -563,10 +563,14 @@ fapi-config.json: dist/fapi-config.json.in + -e 's|[@]sysmeasurements@|$(sysmeasurements)|g' \ + < "$<" > "$@" + ++if SYSD_SYSUSERS + sysusers_DATA = dist/sysusers.d/tpm2-tss.conf +-tmpfiles_DATA = tpm2-tss-fapi.conf ++endif + ++if SYSD_TMPFILES ++tmpfiles_DATA = tpm2-tss-fapi.conf + CLEANFILES += tpm2-tss-fapi.conf ++endif + + # We have to do this ourselves, in order to get absolute paths + tpm2-tss-fapi.conf: dist/tmpfiles.d/tpm2-tss-fapi.conf.in +diff --git a/configure.ac b/configure.ac +index b6550278..2d478147 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -550,9 +550,9 @@ AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_cer + + # Check for systemd helper tools used by make install + AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes) +-AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") ++AM_CONDITIONAL([SYSD_SYSUSERS], [test "x$systemd_sysusers" = "xyes" && test "x$sysusersdir" != "xno"]) + AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) +-AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") ++AM_CONDITIONAL([SYSD_TMPFILES], [test "x$systemd_tmpfiles" = "xyes" && test "x$tmpfilesdir" != "xno"]) + + # Check all tools used by make install + AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], +-- +2.39.3 + diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Dont-install-files-into-run.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Dont-install-files-into-run.patch new file mode 100644 index 000000000000..022cd6145c18 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Dont-install-files-into-run.patch @@ -0,0 +1,26 @@ +diff --git a/Makefile.am b/Makefile.am +index 07b7a2bf..e478fc77 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -770,13 +770,11 @@ define set_tss_permissions + endef + + define make_fapi_dirs +- ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \ + ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) + endef + + define set_fapi_permissions + if test -z "${DESTDIR}"; then \ +- ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \ + ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \ + fi + endef +@@ -787,7 +785,6 @@ endef + + define check_fapi_dirs + if test -z "${DESTDIR}"; then \ +- ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \ + ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \ + fi; + endef diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Hide-write-all-function.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Hide-write-all-function.patch new file mode 100644 index 000000000000..bd682df53bac --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Hide-write-all-function.patch @@ -0,0 +1,24 @@ +diff --git a/src/util/io.c b/src/util/io.c +index c6446826..50c0fd6c 100644 +--- a/src/util/io.c ++++ b/src/util/io.c +@@ -81,6 +81,7 @@ read_all ( + return recvd_total; + } + ++__attribute__ ((visibility("hidden"))) + ssize_t + write_all ( + SOCKET fd, +diff --git a/src/util/io.h b/src/util/io.h +index 25dd5c45..fec391d8 100644 +--- a/src/util/io.h ++++ b/src/util/io.h +@@ -70,6 +70,7 @@ read_all ( + * are detected. This is currently limited to interrupted system calls and + * short writes. + */ ++__attribute__ ((visibility("hidden"))) + ssize_t + write_all ( + SOCKET fd, |