commit: 18779e114fbfcb80dc83b228b0581dd75f855a7f Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> AuthorDate: Tue Sep 11 14:02:39 2018 +0000 Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> CommitDate: Tue Sep 11 15:03:35 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18779e11
app-crypt/tpm-emulator: massive cleanup Kernel module is optional now, no need to enforce it. Fix libdir issue. Support MTM emulator. Properly enable/disable openssl. Properly build kernel module. Rewrite of init.d scripts. Probably more. Closes: https://bugs.gentoo.org/show_bug.cgi?id=640734 Bug: https://bugs.gentoo.org/show_bug.cgi?id=540384 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../files/tpm-emulator-0.7.4-build.patch | 69 ++++++++++++ .../files/tpm-emulator-0.7.4-cmake.patch | 120 +++++++++++++++++++++ app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 | 1 + app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 | 46 ++++++++ app-crypt/tpm-emulator/metadata.xml | 3 + .../tpm-emulator/tpm-emulator-0.7.4-r2.ebuild | 85 +++++++++++++++ 6 files changed, 324 insertions(+) diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch index 7a299a15fbf..ada748f7129 100644 --- a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch +++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-build.patch @@ -29,3 +29,72 @@ index c362b56..4c49f54 100644 debug("TPM_ChangeAuthAsymFinish(): newAuthLink value does not match."); return TPM_FAIL; } +From 035af1df2b18afd695150c6f9e426133b775c0a1 Mon Sep 17 00:00:00 2001 +From: Florian Larysch <f...@n621.de> +Date: Tue, 24 Oct 2017 19:33:00 +0200 +Subject: [PATCH] tpm_command_handler: fix switch fallthrough +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Compiling with a recent GCC fails as follows: + + tpm-emulator/tpm/tpm_cmd_handler.c: In function ‘tpm_setup_rsp_auth’: + tpm-emulator/tpm/tpm_cmd_handler.c:3332:7: error: this statement may fall through [-Werror=implicit-fallthrough=] + tpm_hmac_final(&hmac, rsp->auth2->auth); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + tpm-emulator/tpm/tpm_cmd_handler.c:3333:5: note: here + case TPM_TAG_RSP_AUTH1_COMMAND: + +Looking at the code, this does indeed seem unintentional. Add a break +state in the appropriate place. +--- + tpm/tpm_cmd_handler.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c +index 288d1ce..5aea4e7 100644 +--- a/tpm/tpm_cmd_handler.c ++++ b/tpm/tpm_cmd_handler.c +@@ -3330,6 +3330,7 @@ static void tpm_setup_rsp_auth(TPM_COMMAND_CODE ordinal, TPM_RESPONSE *rsp) + sizeof(rsp->auth2->nonceOdd.nonce)); + tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1); + tpm_hmac_final(&hmac, rsp->auth2->auth); ++ break; + case TPM_TAG_RSP_AUTH1_COMMAND: + tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret)); + tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest)); +-- +2.16.4 + +From 0f4579e913aeb3a893631a3caee420a0e9803683 Mon Sep 17 00:00:00 2001 +From: Peter Huewe <peterhu...@gmx.de> +Date: Mon, 26 Jun 2017 00:25:43 +0200 +Subject: [PATCH] Workaround wrong fallthrough case by returning TPM_FAIL + +The spec says that the number of verified PCRs should be returned - which it currently does not and breaks compilation with gcc7 +See #26 +Since this code is probably unused anyway, we now simply return TPM_FAIL until someone comes up with a solution. + +Spec: +https://www.trustedcomputinggroup.org/wp-content/uploads/Revision_7.02-_29April2010-tcg-mobile-trusted-module-1.0.pdf +--- + mtm/mtm_capability.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/mtm/mtm_capability.c b/mtm/mtm_capability.c +index a09b116..4046de5 100644 +--- a/mtm/mtm_capability.c ++++ b/mtm/mtm_capability.c +@@ -87,6 +87,8 @@ static TPM_RESULT cap_mtm_permanent_data(UINT32 subCapSize, BYTE *subCap, + tpm_free(*resp); + return TPM_FAIL; + } ++ error("[TPM_CAP_MTM_PERMANENT_DATA] SubCap 2 not Implemented"); ++ return TPM_FAIL; // TODO not implemented. + + case 3: + return return_UINT32(respSize, resp, +-- +2.16.4 + diff --git a/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch new file mode 100644 index 00000000000..7fd775139b2 --- /dev/null +++ b/app-crypt/tpm-emulator/files/tpm-emulator-0.7.4-cmake.patch @@ -0,0 +1,120 @@ + +Pull request: +https://github.com/PeterHuewe/tpm-emulator/pull/37 + + +From 694b7c24ac09e0ec1e54ab71eb9c82a8d4f41d33 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.bar...@gmail.com> +Date: Tue, 11 Sep 2018 14:08:49 +0300 +Subject: [PATCH 1/3] build: use GNUInstallDirs to allow override install + directories + +Signed-off-by: Alon Bar-Lev <alon.bar...@gmail.com> +--- + CMakeLists.txt | 1 + + tddl/CMakeLists.txt | 6 +++--- + tpmd/unix/CMakeLists.txt | 2 +- + 3 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f362298..d047ce3 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -6,6 +6,7 @@ + project(TPM_Emulator C) + + cmake_minimum_required(VERSION 2.4) ++include(GNUInstallDirs) + set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS true) + if(COMMAND cmake_policy) + cmake_policy(SET CMP0003 NEW) +diff --git a/tddl/CMakeLists.txt b/tddl/CMakeLists.txt +index 0be3281..6cc63b3 100644 +--- a/tddl/CMakeLists.txt ++++ b/tddl/CMakeLists.txt +@@ -15,9 +15,9 @@ elseif(WIN32) + set_target_properties(tddl PROPERTIES PREFIX "") + endif() + +-install(TARGETS tddl DESTINATION lib) +-install(TARGETS tddl_static DESTINATION lib) +-install(FILES "tddl.h" DESTINATION include) ++install(TARGETS tddl DESTINATION ${CMAKE_INSTALL_LIBDIR}) ++install(TARGETS tddl_static DESTINATION ${CMAKE_INSTALL_LIBDIR}) ++install(FILES "tddl.h" DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) + + include_directories(${CMAKE_CURRENT_SOURCE_DIR}) + add_executable(test_tddl test_tddl.c) +diff --git a/tpmd/unix/CMakeLists.txt b/tpmd/unix/CMakeLists.txt +index 40c436b..c5c394a 100644 +--- a/tpmd/unix/CMakeLists.txt ++++ b/tpmd/unix/CMakeLists.txt +@@ -13,5 +13,5 @@ target_link_libraries(tpmd mtm tpm tpm_crypto) + else() + target_link_libraries(tpmd tpm tpm_crypto) + endif() +-install(TARGETS tpmd RUNTIME DESTINATION bin) ++install(TARGETS tpmd RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + +-- +2.16.4 + +From 89bf733368dda265040cf44ff8be69a15ab66712 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.bar...@gmail.com> +Date: Tue, 11 Sep 2018 16:36:12 +0300 +Subject: [PATCH 2/3] build: do not build mtm unless enabled + +Signed-off-by: Alon Bar-Lev <alon.bar...@gmail.com> +--- + CMakeLists.txt | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index d047ce3..b8b68a3 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -67,7 +67,9 @@ include_directories(${CMAKE_BINARY_DIR}) + + # add internal libraries + add_subdirectory(tpm) +-add_subdirectory(mtm) ++if(MTM_EMULATOR) ++ add_subdirectory(mtm) ++endif() + add_subdirectory(crypto) + + # add TDDL +-- +2.16.4 + +From 24bbf683de0b0b24f0ec81d093c03e1f6a9570f2 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.bar...@gmail.com> +Date: Tue, 11 Sep 2018 14:20:19 +0300 +Subject: [PATCH 3/3] build: support BUILD_DEV to disable device build + +Signed-off-by: Alon Bar-Lev <alon.bar...@gmail.com> +--- + CMakeLists.txt | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index b8b68a3..9ae6562 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -76,7 +76,12 @@ add_subdirectory(crypto) + add_subdirectory(tddl) + + # add kernel modules +-add_subdirectory(tpmd_dev) ++if(NOT DEFINED BUILD_DEV) ++ set(BUILD_DEV ON) ++endif() ++if(BUILD_DEV) ++ add_subdirectory(tpmd_dev) ++endif() + + # add executables + add_subdirectory(tpmd) +-- +2.16.4 + diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 new file mode 100644 index 00000000000..985fa4e774c --- /dev/null +++ b/app-crypt/tpm-emulator/files/tpm-emulator.confd-r2 @@ -0,0 +1 @@ +STARTUP_MODE="save" diff --git a/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 new file mode 100644 index 00000000000..abfbef900d0 --- /dev/null +++ b/app-crypt/tpm-emulator/files/tpm-emulator.initd-r2 @@ -0,0 +1,46 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later + +STARTUP_MODE="${STARTUP_MODE:-save}"; + +extra_started_commands="clear save deactivated" +description="TPM emulator" +command="/usr/bin/tpmd" +my_command_args="-f" +command_background=1 +command_user="tss:tss" +pidfile="/var/run/${RC_SVCNAME}.pid" + +depend() { + use logger + after coldplug +} + +start_pre() { + checkpath -d -m 0775 -o tss /var/run/tpm + service_set_value STARTUP_MODE "${STARTUP_MODE}" +} + +start() { + command_args="${my_command_args} $(service_get_value STARTUP_MODE)" + default_start +} + +_doit() { + service_set_value STARTUP_MODE "$1" + stop + start +} + +clear() { + _doit clear +} + +save() { + _doit save +} + +deactivated() { + _doit deactivated +} diff --git a/app-crypt/tpm-emulator/metadata.xml b/app-crypt/tpm-emulator/metadata.xml index e3da9602970..401103a0692 100644 --- a/app-crypt/tpm-emulator/metadata.xml +++ b/app-crypt/tpm-emulator/metadata.xml @@ -8,4 +8,7 @@ <upstream> <remote-id type="sourceforge">tpm-emulator</remote-id> </upstream> + <use> + <flag name="mtm-emulator">Build the MTM emulator</flag> + </use> </pkgmetadata> diff --git a/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild new file mode 100644 index 00000000000..9c7003c115f --- /dev/null +++ b/app-crypt/tpm-emulator/tpm-emulator-0.7.4-r2.ebuild @@ -0,0 +1,85 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +MODULES_OPTIONAL_USE="modules" +inherit flag-o-matic user linux-mod cmake-utils udev + +MY_P=${P/-/_} +DESCRIPTION="Emulator driver for tpm" +HOMEPAGE="https://sourceforge.net/projects/tpm-emulator.berlios/"; +SRC_URI="mirror://sourceforge/tpm-emulator/${MY_P}.tar.gz" +LICENSE="GPL-2" + +SLOT="0" +KEYWORDS="~amd64 ~x86" + +IUSE="libressl mtm-emulator ssl" +RDEPEND="ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + )" +DEPEND="${RDEPEND} + !ssl? ( dev-libs/gmp )" + +S=${WORKDIR}/${P/-/_} + +PATCHES=( + "${FILESDIR}/${P}-build.patch" + "${FILESDIR}/${P}-cmake.patch" +) + +pkg_setup() { + enewgroup tss + enewuser tss -1 -1 /var/lib/tpm tss + if use modules; then + CONFIG_CHECK="MODULES" + MODULE_NAMES="tpmd_dev(extra:tpmd_dev/linux:)" + BUILD_TARGETS="all tpmd_dev.rules" + BUILD_PARAMS="KERNEL_BUILD=${KERNEL_DIR}" + linux-mod_pkg_setup + fi +} + +src_configure() { + local mycmakeargs=( + -DUSE_OPENSSL=$(usex ssl ON OFF) + -DMTM_EMULATOR=$(usex mtm-emulator ON OFF) + -DBUILD_DEV=OFF + ) + cmake-utils_src_configure + + use modules && ln -s "${BUILD_DIR}/config.h" tpmd_dev/linux +} + +src_compile() { + cmake-utils_src_compile + use modules && linux-mod_src_compile +} + +src_install() { + cmake-utils_src_install + if use modules; then + linux-mod_src_install + udev_newrules "tpmd_dev/linux/tpmd_dev.rules" 60-tpmd_dev.rules + fi + + newinitd "${FILESDIR}/${PN}.initd-r2" "${PN}" + newconfd "${FILESDIR}/${PN}.confd-r2" "${PN}" + + keepdir /var/log/tpm + fowners tss:tss /var/log/tpm +} + +pkg_postinst() { + if use modules; then + linux-mod_pkg_postinst + + ewarn "" + ewarn "The new init.d script does not load the tpmd_dev any more as it is optional." + ewarn "If you use the tpmd_dev, please load it explicitly in /etc/conf.d/modules" + ewarn "" + fi + + einfo "tpmd socket is located at /var/run/tpm/tpmd_socket:0" +}
