commit swtpm for openSUSE:Factory

Thu, 19 Aug 2021 04:06:58 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package swtpm for openSUSE:Factory checked 
in at 2021-08-19 13:06:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/swtpm (Old)
 and      /work/SRC/openSUSE:Factory/.swtpm.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "swtpm"

Thu Aug 19 13:06:39 2021 rev:6 rq:912783 version:0.6.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/swtpm/swtpm.changes      2021-05-21 
21:49:40.554318005 +0200
+++ /work/SRC/openSUSE:Factory/.swtpm.new.1899/swtpm.changes    2021-08-19 
13:06:44.679975636 +0200
@@ -1,0 +2,13 @@
+Sat Aug  7 15:02:40 UTC 2021 - Callum Farmer <[email protected]>
+
+- Update to version 0.6.0:
+  - Addressed potential symlink attack issue (CVE-2020-28407)
+  - Rewritten in 'C'; needs json-glib
+  - Use timeouts for communicating with swtpm (Unix socket)
+  - Fix --print-capabilities for 'swtpm chardev'
+  - Various cleanups and fixes (coverity)
+- Enable selinux support
+- Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream
+- Fix rpmlint errors
+
+-------------------------------------------------------------------

Old:
----
  swtpm-rename_deprecated_libtasn1_types.patch
  v0.5.2.tar.gz

New:
----
  swtpm-0.6.0.tar.gz
  swtpm-rpmlintrc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ swtpm.spec ++++++
--- /var/tmp/diff_new_pack.8cY4cc/_old  2021-08-19 13:06:45.231974874 +0200
+++ /var/tmp/diff_new_pack.8cY4cc/_new  2021-08-19 13:06:45.235974868 +0200
@@ -18,16 +18,20 @@
 
 # Scripts in this package are python3
 %define skip_python2 1
-
+# SELinux
+%define selinuxtype targeted
+%define modulename1 swtpm
+%define modulename2 swtpm_svirt
+%define modulename3 swtpmcuse
 Name:           swtpm
-Version:        0.5.2
+Version:        0.6.0
 Release:        0
 Summary:        Software TPM emulator
 License:        BSD-3-Clause
 Group:          System/Base
 URL:            https://github.com/stefanberger/swtpm
-Source:         
https://github.com/stefanberger/swtpm/archive/v%{version}.tar.gz
-Patch0:         swtpm-rename_deprecated_libtasn1_types.patch
+Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+Source100:      swtpm-rpmlintrc
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  expect
@@ -41,13 +45,18 @@
 BuildRequires:  libtasn1-devel
 BuildRequires:  libtool
 BuildRequires:  libtpms-devel
+BuildRequires:  pkgconfig
 BuildRequires:  python3-cryptography
+BuildRequires:  selinux-policy-devel
+BuildRequires:  selinux-policy-targeted
 BuildRequires:  socat
+BuildRequires:  pkgconfig(json-glib-1.0)
+BuildRequires:  pkgconfig(systemd)
 Requires:       iproute2
 Requires:       python3-cryptography
 Requires:       trousers
-Requires:       user(tss)
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+Requires:       (%{name}-selinux if selinux-policy-base)
+Requires(pre):  user(tss)
 
 %description
 The SWTPM package provides TPM emulators with different front-end interfaces
@@ -67,60 +76,79 @@
 %description    devel
 The development files for SWTPM
 
-%prep
-%setup -q -n %{name}-%{version}
-%patch0 -p1
+%package        selinux
+Summary:        SELinux module for the Software TPM emulator
+Group:          System/Management
+Requires:       %{name} = %{version}
+BuildArch:      noarch
+%{selinux_requires}
 
-%build
+%description    selinux
+This package provides the SELinux module for the Software TPM emulator.
 
-# Fix rpmlint env-script-interpreter error
-sed -i -e "s|^#!/usr/bin/env |#!/usr/bin/|" \
-  %_builddir/%buildsubdir/src/swtpm_setup/swtpm_setup.in \
-  %_builddir/%buildsubdir/src/swtpm_setup/py_swtpm_setup/swtpm_setup.py \
-  %_builddir/%buildsubdir/samples/swtpm-create-tpmca \
-  %_builddir/%buildsubdir/samples/swtpm-create-user-config-files.in \
-  %_builddir/%buildsubdir/samples/swtpm-localca.in \
-  %_builddir/%buildsubdir/samples/py_swtpm_localca/swtpm_localca.py
+%prep
+%autosetup
 
-./autogen.sh
+%build
+mkdir m4
+autoreconf -fiv
+# configure looks for semodule on PATH
+export PATH="$PATH:%{_sbindir}"
 %configure --with-openssl --disable-static \
-     --with-tss-user=root --with-tss-group=tss
-make %{?_smp_mflags}
+     --with-tss-user=root --with-tss-group=tss \
+     --with-selinux
+%make_build
 
 %install
 %make_install
-
+find %{buildroot} -type f -name "*.la" -delete -print
+mkdir %{buildroot}%{_datadir}/selinux/packages/targeted
+mv %{buildroot}%{_datadir}/selinux/packages/*.pp 
%{buildroot}%{_datadir}/selinux/packages/targeted
 mkdir -p %{buildroot}%{_localstatedir}/lib/swtpm-localca
+sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i 
%{buildroot}%{_datadir}/swtpm/swtpm-create-tpmca
+sed -e 's|#!/usr/bin/env |#!/usr/bin/|g' -i 
%{buildroot}%{_datadir}/swtpm/swtpm-create-user-config-files
 
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} -p 200 
%{_datadir}/selinux/packages/targeted/%{modulename1}.pp
+%selinux_modules_install -s %{selinuxtype} -p 200 
%{_datadir}/selinux/packages/targeted/%{modulename2}.pp
+%selinux_modules_install -s %{selinuxtype} -p 200 
%{_datadir}/selinux/packages/targeted/%{modulename3}.pp
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename1}
+    %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename2}
+    %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename3}
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
+
 %files
-%defattr(-,root,root)
 %doc CHANGES README TODO
 %license LICENSE
 %{_bindir}/swtpm*
 %config %{_sysconfdir}/swtpm*
-%dir %{_datadir}/swtpm
-%{_datadir}/swtpm/*
+%{_datadir}/swtpm
 %dir %{_libdir}/swtpm
 %{_libdir}/swtpm/*.so.*
-%{_mandir}/man8/swtpm*
-%dir %{python_sitelib}/py_swtpm_localca
-%dir %{python_sitelib}/py_swtpm_setup
-%pycache_only %{python_sitelib}/py_swtpm_localca/__pycache__
-%pycache_only %{python_sitelib}/py_swtpm_setup/__pycache__
-%{python_sitelib}/py_swtpm_localca/*.py
-%{python_sitelib}/py_swtpm_setup/*.py
-%{python_sitelib}/swtpm_localca*
-%{python_sitelib}/swtpm_setup*
+%{_mandir}/man8/swtpm*%{?ext_man}
 %dir %attr(0750,tss,root) %{_localstatedir}/lib/swtpm-localca
 
 %files devel
 %{_libdir}/swtpm/*.so
-%{_libdir}/swtpm/*.la
-%dir %{_includedir}/swtpm/
-%{_includedir}/swtpm/*
-%{_mandir}/man3/swtpm*
+%{_includedir}/swtpm
+%{_mandir}/man3/swtpm*%{?ext_man}
+
+%files selinux
+%{_datadir}/selinux/packages/targeted/*.pp
+%ghost %verify(not md5 size mtime) 
%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename1}
+%ghost %verify(not md5 size mtime) 
%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename2}
+%ghost %verify(not md5 size mtime) 
%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename3}
 
 %changelog

++++++ swtpm-rpmlintrc ++++++
# This is the correct location
addFilter(r'arch-dependent-file-in-usr-share .* /usr/share/swtpm/swtpm-localca')

Reply via email to