Hello community, here is the log from the commit of package tpm2.0-abrmd for openSUSE:Factory checked in at 2018-07-06 10:41:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-abrmd (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-abrmd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-abrmd" Fri Jul 6 10:41:17 2018 rev:6 rq:620450 version:2.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-abrmd/tpm2.0-abrmd.changes 2018-02-26 23:24:24.131951966 +0100 +++ /work/SRC/openSUSE:Factory/.tpm2.0-abrmd.new/tpm2.0-abrmd.changes 2018-07-06 10:41:25.559295406 +0200 @@ -1,0 +2,64 @@ +Tue Jul 3 09:15:27 UTC 2018 - matthias.gerst...@suse.com + +- Trying to fix build on older distros that fail because of a missing or + broken autoconf valgrind detection macro. Removing autoreconf to hopefully + fix this. + +------------------------------------------------------------------- +Mon Jul 2 09:27:43 UTC 2018 - matthias.gerst...@suse.com + +- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device + library from tpm2-0-tss. See + https://github.com/tpm2-software/tpm2-abrmd/issues/486. + +------------------------------------------------------------------- +Fri Jun 29 11:43:08 UTC 2018 - matthias.gerst...@suse.com + +- update to major version 2.0.0: + - support_dbus_activation.diff: removed, is not contained upstream + - the tpm2 stack introduces an incompatible ABI to the previous version with + this update. There is no compatibility layer, libraries have new names +etc. + - upstream changelog: + ## 2.0.0 - 2018-06-22 + ### Added + - Integration test script and build support to execute integration tests + against a physical TPM2 device on the build platform. + - Implementation of dynamic TCTI initialization mechanism. + - configure option `--enable-integration` to enable integration tests. + The simulator executable must be on PATH. + - Support for version 2.0 of tpm2-tss libraries. + ### Changed + - 'max-transient-objects' command line option renamted to 'max-transients'. + - Added -Wextra for more strict checks at compile time. + - Install location of headers to $(includedir)/tss2. + ### Fixed + - Added missing checks for NULL parameters identified by the check-build. + - Bug in session continuation logic. + - Off by one error in HandleMap. + - Memory leak and uninitialized variable issues in unit tests. + ### Removed + - Command line option --fail-on-loaded-trans. + - udev rules for TPM device node. This now lives in the tpm2-tss repo. + - Remove legacy TCTI initialization functions. + - configure option `--with-simulatorbin`. + + ## 1.3.1 - 2018-03-18 + ### Fixed + - Distribute systemd preset template instead of the generated file. + + ## 1.3.0 - 2018-03-02 + ### Added + - New configure option (--test-hwtpm) to run integration tests against a + physical TPM2 device on the build platform. + - Install systemd service file to allow on-demand systemd unit activation. + ### Changed + - Converted some inappropriate uses of g_error to critical / warning instead. + - Removed use of gen_require from SELinux policy, use dbus_stub instead. + - udev rules now give tss group read / write access to the TPM device node. + - udev rules now give tss user and group read / write access to kernel RM + node. + ### Fixed + - Memory leak on an error path in the AccessBroker. + +------------------------------------------------------------------- Old: ---- support_dbus_activation.diff tpm2-abrmd-1.2.0.tar.gz New: ---- fix_dlopen.patch tpm2-abrmd-2.0.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-abrmd.spec ++++++ --- /var/tmp/diff_new_pack.Wp2JVY/_old 2018-07-06 10:41:26.403294402 +0200 +++ /var/tmp/diff_new_pack.Wp2JVY/_new 2018-07-06 10:41:26.403294402 +0200 @@ -17,13 +17,13 @@ Name: tpm2.0-abrmd -Version: 1.2.0 +Version: 2.0.0 Release: 0 Summary: Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips License: BSD-2-Clause Group: Productivity/Security -Url: https://github.com/01org/tpm2-abrmd -Source0: https://github.com/01org/tpm2-abrmd/releases/download/1.2.0/tpm2-abrmd-%{version}.tar.gz +Url: https://github.com/tpm2-software/tpm2-abrmd +Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/2.0.0/tpm2-abrmd-%{version}.tar.gz BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -32,10 +32,14 @@ BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(gio-unix-2.0) -BuildRequires: pkgconfig(sapi) +BuildRequires: pkgconfig(tss2-sys) Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build -Patch1: support_dbus_activation.diff +Patch0: fix_dlopen.patch +# the auto activation is not whitelisted for <= SLE12-SP3 +%if 0%{?sle_version} > 120300 || 0%{?is_opensuse} +%define install_dbus_files 1 +%endif %description The tpm2.0-abrmd package provides the TPM2 Access Broker & Resource Manager. @@ -46,35 +50,32 @@ Summary: Development headers the Access Broker & Resource Manager for TPM 2.0 chips Group: Development/Libraries/C and C++ Requires: glibc-devel -Requires: libtcti-tabrmd0 = %{version} +Requires: libtss2-tcti-tabrmd0 = %{version} Requires: tpm2.0-abrmd = %{version} %description devel This package provides the development files for the Access Broker & Resource Manager for coordinating access to TPM 2.0 chips. -%package -n libtcti-tabrmd0 +%package -n libtss2-tcti-tabrmd0 Summary: Client interface library for tpm2-abrmd Group: System/Libraries -%description -n libtcti-tabrmd0 +%description -n libtss2-tcti-tabrmd0 This library allows to interact with the tpm2-abrmd daemon. It is intended for -use with the SAPI library (libsapi) like any other TCTI. +use with the SAPI library (libtss2-sys) like any other TCTI. -%post -n libtcti-tabrmd0 -p /sbin/ldconfig -%postun -n libtcti-tabrmd0 -p /sbin/ldconfig +%post -n libtss2-tcti-tabrmd0 -p /sbin/ldconfig +%postun -n libtss2-tcti-tabrmd0 -p /sbin/ldconfig %prep %setup -q -n tpm2-abrmd-%{version} -# can't apply that at the moment, because a whitelisting in rpmlint is missing -# for the given service name -#%patch1 -p1 +%patch0 -p1 %build export CFLAGS="%optflags -fPIE" export LDFLAGS="-pie -fPIE" -autoreconf -%configure --disable-static --with-udevrulesdir=%{_udevrulesdir} --with-systemdsystemunitdir=%{_unitdir} +%configure --disable-static --with-systemdsystemunitdir=%{_unitdir} make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread # TODO: add the tss user again @@ -82,41 +83,20 @@ %make_install # don't package libtool files as is best practice find %{buildroot} -type f -name "*.la" -delete -print -# rename the rules file to have a numbered prefix as all others have, too -%define udev_rule_file 90-tpm.rules -mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file} ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rctpm2-abrmd # don't install the systemd preset, our presets are handled by # systemd-presets-* packages rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset +%if ! 0%{?install_dbus_files} +rm %{buildroot}/%{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf +rm %{buildroot}/%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service +%endif %pre -# the same user is employed by trousers (and was employed by the old -# resourcemgr shipped with the tpm2-0-tss package): -# -# trousers just needs those accounts for dropping privileges to. The service -# starts as root and uses set*id to drop to tss, after the tpm device has been -# opened. -# -# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned -# by the tss user. Therefore we also need to install a udev rule file. -# -# trousers was here first and created the user like this, also giving it a -# home in /var/lib/tpm. I don't think the home directory is used by any of -# both packages ATM. Trousers is keeping state there, but the directory is -# owned by root and files are opened before dropping privileges. The passwd -# entry seems not to be evaluated. -# -# so I guess we can share the account between the two packages for now. -%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss -%_bindir/getent passwd tss >/dev/null || \ - %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ - -d %{_localstatedir}/lib/tpm tss %service_add_pre tpm2-abrmd.service %post %service_add_post tpm2-abrmd.service -%_bindir/udevadm trigger -s tpm || : %postun %service_del_postun tpm2-abrmd.service @@ -127,25 +107,26 @@ %files %defattr(-,root,root) %doc *.md LICENSE -%{_udevrulesdir}/%{udev_rule_file} -%{_mandir}/man7/tcti-* +%{_mandir}/man7/tss2-* %{_mandir}/man8/tpm2-* %{_sbindir}/tpm2-abrmd %{_sbindir}/rctpm2-abrmd %{_unitdir}/tpm2-abrmd.service +%if 0%{?install_dbus_files} +# the auto activation is not whitelisted for <= SLE12-SP3 %config %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf -# see patch1 -#%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service +%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service +%endif %files devel %defattr(-,root,root) -%{_includedir}/tcti +%{_includedir}/tss2 %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc -%{_mandir}/man3/tss2_* +%{_mandir}/man3/Tss2* -%files -n libtcti-tabrmd0 +%files -n libtss2-tcti-tabrmd0 %defattr(-,root,root) -%{_libdir}/libtcti-tabrmd.so.* +%{_libdir}/libtss2-tcti-tabrmd.so.* %changelog ++++++ fix_dlopen.patch ++++++ Index: tpm2-abrmd-2.0.0/src/tcti-util.c =================================================================== --- tpm2-abrmd-2.0.0.orig/src/tcti-util.c +++ tpm2-abrmd-2.0.0/src/tcti-util.c @@ -53,7 +53,7 @@ tcti_util_discover_info (const char *fil if (*tcti_dl_handle == NULL) { size = snprintf (filename_xfrm, sizeof (filename_xfrm), - "libtss2-tcti-%s.so.0", + "%s.0", filename); if (size >= sizeof (filename_xfrm)) { g_critical ("TCTI name truncated in transform."); ++++++ tpm2-abrmd-1.2.0.tar.gz -> tpm2-abrmd-2.0.0.tar.gz ++++++ ++++ 21638 lines of diff (skipped)