7 files changed, 110 insertions, 61 deletions

diff --git a/app-crypt/swtpm/Manifest b/app-crypt/swtpm/Manifest
index d968d2271484..39622bc498e0 100644
--- a/app-crypt/swtpm/Manifest
+++ b/app-crypt/swtpm/Manifest
@@ -1,2 +1,2 @@
-DIST swtpm-0.6.1.tar.gz 326488 BLAKE2B 46c53cbd4195cfc1d45ef5e56b1f78c59dcb9f859349e161f07d9933ce720ec3511343cf29236119d08162410355fc50cb5d15745c84db78d860b006812c169f SHA512 a44e36820ad61e84d62b330f3adf0c463c98438056d74c5ba30916d956e722633e0198ae87be8352a0ab909ae5a4bbc3826410d2166186c43bba067f533fec85
-DIST swtpm-0.7.0.tar.gz 353641 BLAKE2B a9169affdfd09cec887667e21d4db72b7d4b489bf3ecf5e43da9ae2d59ef3f15b94627ce22ed1f6fca69f46da40293ba1ef3d129fab7de3ca32c4b12ffc51544 SHA512 32096309bf710e51d7565f013db32627423682fb2bfa9358976126102a0bf07401146bae9346af389c932c038f3d03217739375cef01a2ff10b01c7bd004b55e
+DIST swtpm-0.8.1.tar.gz 364169 BLAKE2B 4b364ed581ea97d78c5c6248870503b1612d7d164b05b76c1f02644aade6fd09f204396f0a2d0db4e0ecec2792dc512f7c4393c44bf7ce447a3a7fbb8754594f SHA512 07276519b0e20c9c4167ce78e789d2072eb90172ed9bcba2a11eef46ee03a77860f7a2218f4dc013a2ddb8471079e3cbe43f8ab02174bd704a78aea8eee3d2fc
+DIST swtpm-0.8.2.tar.gz 364432 BLAKE2B 1ffa6feed88a67a2eeea1fca1c034f6513347173d59ae0c0654696faa1e791529e7fa044c478e5fb7e016117ce5f3151b875014d85eac528e4b6d92d5cf9017b SHA512 3b63116b1ed56087e05b0b697462720a10fe384ea2b8ec7115b549df8f557f6a9cf4de8e7d65b8061a1c85e54e015e0249bfbb613d35c1b64453a98d23ce334f
diff --git a/app-crypt/swtpm/files/swtpm-0.5.0-disable-test-dependencies.patch b/app-crypt/swtpm/files/swtpm-0.5.0-disable-test-dependencies.patch
deleted file mode 100644
index 3880385256e3..000000000000
--- a/app-crypt/swtpm/files/swtpm-0.5.0-disable-test-dependencies.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index d035653..0728a2e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -325,21 +325,11 @@ fi
- AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
- AC_SUBST([GNUTLS_LIBS])
- 
--AC_PATH_PROG([EXPECT], expect)
--if test "x$EXPECT" = "x"; then
--	AC_MSG_ERROR([expect is required: expect package])
--fi
--
- AC_PATH_PROG([GAWK], gawk)
- if test "x$GAWK" = "x"; then
- 	AC_MSG_ERROR([gawk is required: gawk package])
- fi
- 
--AC_PATH_PROG([SOCAT], socat)
--if test "x$SOCAT" = "x"; then
--	AC_MSG_ERROR([socat is required: socat package])
--fi
--
- AC_PATH_PROG([BASE64], base64)
- if test "x$BASE64" = "x"; then
- 	AC_MSG_ERROR([base64 is required: base64 package])
diff --git a/app-crypt/swtpm/files/swtpm-0.7.2-Conditionalize-test-dependencies.patch b/app-crypt/swtpm/files/swtpm-0.7.2-Conditionalize-test-dependencies.patch
new file mode 100644
index 000000000000..b17e1c2470fc
--- /dev/null
+++ b/app-crypt/swtpm/files/swtpm-0.7.2-Conditionalize-test-dependencies.patch
@@ -0,0 +1,42 @@
+configure.ac: Conditionalize test dependencies
+
+Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
+--- a/configure.ac
++++ b/configure.ac
+@@ -369,20 +369,25 @@ else
+ fi
+ AC_SUBST([DEFAULT_PCR_BANKS])
+ 
+-AC_PATH_PROG([EXPECT], expect)
+-if test "x$EXPECT" = "x"; then
+-	AC_MSG_ERROR([expect is required: expect package])
+-fi
++AC_ARG_ENABLE([test],
++	[AS_HELP_STRING([--enable-test],
++			[enable tests (default is yes)])],
++	[enable_test=$enableval],
++	[enable_test=yes])
++
++AS_IF([test "x$enable_test" != xno],
++	[AC_PATH_PROG([EXPECT], expect)
++	AS_IF([test "x$EXPECT" = "x"],
++		AC_MSG_ERROR([expect is required: expect package]))
++	AC_PATH_PROG([SOCAT], socat)
++	AS_IF([test "x$SOCAT" = "x"],
++		AC_MSG_ERROR([socat is required: socat package]))])
+ 
+ AC_PATH_PROG([GAWK], gawk)
+ if test "x$GAWK" = "x"; then
+ 	AC_MSG_ERROR([gawk is required: gawk package])
+ fi
+ 
+-AC_PATH_PROG([SOCAT], socat)
+-if test "x$SOCAT" = "x"; then
+-	AC_MSG_ERROR([socat is required: socat package])
+-fi
+ 
+ AC_PATH_PROG([BASE64], base64)
+ if test "x$BASE64" = "x"; then
+-- 
+2.34.1
+
diff --git a/app-crypt/swtpm/files/swtpm-0.8.2-slibtool.patch b/app-crypt/swtpm/files/swtpm-0.8.2-slibtool.patch
new file mode 100644
index 000000000000..abf0d3dbe29c
--- /dev/null
+++ b/app-crypt/swtpm/files/swtpm-0.8.2-slibtool.patch
@@ -0,0 +1,24 @@
+diff --git a/src/swtpm_localca/Makefile.am b/src/swtpm_localca/Makefile.am
+index 74532a8..41b61ec 100644
+--- a/src/swtpm_localca/Makefile.am
++++ b/src/swtpm_localca/Makefile.am
+@@ -30,7 +30,6 @@ swtpm_localca_LDADD = \
+ 	$(top_builddir)/src/utils/libswtpm_utils.la
+ 
+ swtpm_localca_LDFLAGS = \
+-	-L$(top_builddir)/src/utils -lswtpm_utils \
+ 	$(MY_LDFLAGS) \
+ 	$(GLIB_LIBS) \
+ 	$(GMP_LIBS) \
+diff --git a/src/swtpm_setup/Makefile.am b/src/swtpm_setup/Makefile.am
+index c0f916b..61188c9 100644
+--- a/src/swtpm_setup/Makefile.am
++++ b/src/swtpm_setup/Makefile.am
+@@ -32,7 +32,6 @@ swtpm_setup_LDADD = \
+ 	$(top_builddir)/src/utils/libswtpm_utils.la
+ 
+ swtpm_setup_LDFLAGS = \
+-	-L$(top_builddir)/src/utils -lswtpm_utils \
+ 	$(MY_LDFLAGS) \
+ 	$(HARDENING_LDFLAGS) \
+ 	$(GLIB_LIBS) \
diff --git a/app-crypt/swtpm/metadata.xml b/app-crypt/swtpm/metadata.xml
index bee5347560d1..3187cf4dce7f 100644
--- a/app-crypt/swtpm/metadata.xml
+++ b/app-crypt/swtpm/metadata.xml
@@ -14,6 +14,9 @@
 		<name>Gentoo Virtualization Project</name>
 	</maintainer>
 	<use>
-		<flag name="fuse">Support sys-fs/fuse based /dev/tpm interface</flag>
+		<flag name="fuse">Support <pkg>sys-fs/fuse</pkg> based /dev/tpm interface</flag>
 	</use>
+	<upstream>
+		<remote-id type="github">stefanberger/swtpm</remote-id>
+	</upstream>
 </pkgmetadata>
diff --git a/app-crypt/swtpm/swtpm-0.7.0.ebuild b/app-crypt/swtpm/swtpm-0.8.1-r2.ebuild
index f4adc4ae102f..650e54402d13 100644
--- a/app-crypt/swtpm/swtpm-0.7.0.ebuild
+++ b/app-crypt/swtpm/swtpm-0.8.1-r2.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 
-PYTHON_COMPAT=( python3_{8,9,10} )
+PYTHON_COMPAT=( python3_{10..12} )
 
-inherit autotools python-single-r1
+inherit autotools python-any-r1
 
 DESCRIPTION="Libtpms-based TPM emulator"
 HOMEPAGE="https://github.com/stefanberger/swtpm"
@@ -13,41 +13,43 @@ SRC_URI="https://github.com/stefanberger/swtpm/archive/v${PV}.tar.gz -> ${P}.tar
 
 LICENSE="BSD"
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
-IUSE="fuse +gnutls seccomp test"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ppc64 ~riscv x86"
+IUSE="fuse seccomp test"
 RESTRICT="!test? ( test )"
 
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+# net-libs/gnutls[pkcs11,tools] is required otherwsie it not possible to
+# provision new vTPMs. swtpm_cert spawns certttool, and upstream expects
+# pkcs11 in gnutls: https://github.com/stefanberger/swtpm/issues/477.
 
 RDEPEND="fuse? (
 		dev-libs/glib:2
 		sys-fs/fuse:0
 	)
-	gnutls? (
-		dev-libs/libtasn1:=
-		>=net-libs/gnutls-3.1.0:=[tools,pkcs11]
-	)
 	seccomp? ( sys-libs/libseccomp )
 	acct-group/tss
 	acct-user/tss
 	dev-libs/openssl:0=
 	dev-libs/json-glib
 	dev-libs/libtpms
-	${PYTHON_DEPS}"
+	dev-libs/libtasn1:=
+	net-libs/gnutls[pkcs11,tools]
+"
 
 DEPEND="${RDEPEND}
-	test? (
+	test?	(
 		net-misc/socat
 		dev-tcltk/expect
-	)"
+		)"
+
+BDEPEND="${PYTHON_DEPS}"
 
 PATCHES=(
 	"${FILESDIR}/${PN}-0.6.0-fix-localca-path.patch"
 	"${FILESDIR}/${PN}-0.5.0-build-sys-Remove-WError.patch"
+	"${FILESDIR}/${PN}-0.7.2-Conditionalize-test-dependencies.patch"
 )
 
 src_prepare() {
-	use test || eapply "${FILESDIR}/${PN}-0.5.0-disable-test-dependencies.patch"
 	default
 	eautoreconf
 }
@@ -55,10 +57,11 @@ src_prepare() {
 src_configure() {
 	econf \
 		--with-openssl \
+		--with-gnutls \
 		--without-selinux \
 		$(use_with fuse cuse) \
-		$(use_with gnutls) \
-		$(use_with seccomp)
+		$(use_with seccomp) \
+		$(use_enable test)
 }
 
 src_install() {
diff --git a/app-crypt/swtpm/swtpm-0.6.1.ebuild b/app-crypt/swtpm/swtpm-0.8.2.ebuild
index edfcad7512ff..1740dd4e204e 100644
--- a/app-crypt/swtpm/swtpm-0.6.1.ebuild
+++ b/app-crypt/swtpm/swtpm-0.8.2.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 
-PYTHON_COMPAT=( python3_{7,8,9} )
+PYTHON_COMPAT=( python3_{10..12} )
 
-inherit autotools python-single-r1
+inherit autotools python-any-r1
 
 DESCRIPTION="Libtpms-based TPM emulator"
 HOMEPAGE="https://github.com/stefanberger/swtpm"
@@ -13,41 +13,43 @@ SRC_URI="https://github.com/stefanberger/swtpm/archive/v${PV}.tar.gz -> ${P}.tar
 
 LICENSE="BSD"
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
-IUSE="fuse +gnutls seccomp test"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+IUSE="fuse seccomp test"
 RESTRICT="!test? ( test )"
 
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+# net-libs/gnutls[pkcs11,tools] is required otherwsie it not possible to
+# provision new vTPMs. swtpm_cert spawns certttool, and upstream expects
+# pkcs11 in gnutls: https://github.com/stefanberger/swtpm/issues/477.
 
 RDEPEND="fuse? (
 		dev-libs/glib:2
 		sys-fs/fuse:0
 	)
-	gnutls? (
-		dev-libs/libtasn1:=
-		>=net-libs/gnutls-3.1.0:=[tools,pkcs11]
-	)
 	seccomp? ( sys-libs/libseccomp )
 	acct-group/tss
 	acct-user/tss
 	dev-libs/openssl:0=
 	dev-libs/json-glib
 	dev-libs/libtpms
-	${PYTHON_DEPS}"
+	dev-libs/libtasn1:=
+	net-libs/gnutls[pkcs11,tools]
+"
 
 DEPEND="${RDEPEND}
-	test? (
+	test?	(
 		net-misc/socat
 		dev-tcltk/expect
-	)"
+		)"
+
+BDEPEND="${PYTHON_DEPS}"
 
 PATCHES=(
 	"${FILESDIR}/${PN}-0.6.0-fix-localca-path.patch"
 	"${FILESDIR}/${PN}-0.5.0-build-sys-Remove-WError.patch"
+	"${FILESDIR}/${PN}-0.8.2-slibtool.patch"
 )
 
 src_prepare() {
-	use test || eapply "${FILESDIR}/${PN}-0.5.0-disable-test-dependencies.patch"
 	default
 	eautoreconf
 }
@@ -55,10 +57,11 @@ src_prepare() {
 src_configure() {
 	econf \
 		--with-openssl \
+		--with-gnutls \
 		--without-selinux \
 		$(use_with fuse cuse) \
-		$(use_with gnutls) \
-		$(use_with seccomp)
+		$(use_with seccomp) \
+		$(use_enable test tests)
 }
 
 src_install() {