Public bug reported: ## FFE ## Packaging changes only from Debian. Following https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/2142535 we have done more package structure cleanups that will benefit Resolute too.
The main change is migrating the tpm-udev binary package from src:tpm- udev. This was a separate source package for historic reasons that are no longer relevant, and it now makes it harder to manage for no reason, as it can be seen in https://bugs.launchpad.net/ubuntu/+source/tpm- udev/+bug/2142534 that needed to be synchronized as an upload. The added advantage is that other config files, that are currently shipped in a library package (ibtss2-fapi1t64) making things a bit awkward, are now moved to tpm-udev, so that the latter ships all config files needed for TPM usage (udev rules, sysusers.d, tmpfiles.d, units,etc ), and the library packages just ship libraries. The old src:tpm-udev can then be retired. Given the Ubuntu delta has been merged, this can be synced from Unstable with no changes. Debdiff between Resolute and Unstable: diff -Nru tpm2-tss-4.1.3/debian/changelog tpm2-tss-4.1.3/debian/changelog --- tpm2-tss-4.1.3/debian/changelog 2026-02-25 05:52:20.000000000 +0000 +++ tpm2-tss-4.1.3/debian/changelog 2026-02-25 15:12:45.000000000 +0000 @@ -1,3 +1,12 @@ +tpm2-tss (4.1.3-6) unstable; urgency=medium + + * Import tpm-udev binary package from standalone source package + * Move config files (sysusers/tmpfiles/etc) from libtss2-fapi1t64 to + tpm-udev + * tpm-udev: ensure udev rules are reloaded after sysusers.d has ran + + -- Luca Boccassi <[email protected]> Wed, 25 Feb 2026 15:12:45 +0000 + tpm2-tss (4.1.3-5) unstable; urgency=medium [ Luca Boccassi ] diff -Nru tpm2-tss-4.1.3/debian/control tpm2-tss-4.1.3/debian/control --- tpm2-tss-4.1.3/debian/control 2026-02-25 05:52:15.000000000 +0000 +++ tpm2-tss-4.1.3/debian/control 2026-02-25 15:12:45.000000000 +0000 @@ -42,7 +42,7 @@ libtss2-tcti-device0t64, libtss2-tcti-mssim0t64, libtss2-tcti-swtpm0t64, - tpm-udev, + tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same @@ -64,7 +64,7 @@ Package: libtss2-fapi1t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-fapi1 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-fapi1 @@ -84,7 +84,7 @@ Package: libtss2-mu-4.0.1-0t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-mu-4.0.1-0 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), @@ -107,7 +107,7 @@ Package: libtss2-rc0t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-rc0 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-rc0 @@ -127,7 +127,7 @@ Package: libtss2-sys1t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-sys1 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-sys1 @@ -147,7 +147,7 @@ Package: libtss2-tcti-cmd0t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-cmd0 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-cmd0 @@ -167,7 +167,7 @@ Package: libtss2-tcti-device0t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-device0 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-device0 @@ -187,7 +187,7 @@ Package: libtss2-tcti-mssim0t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-mssim0 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-mssim0 @@ -207,7 +207,7 @@ Package: libtss2-tcti-swtpm0t64 Provides: ${t64:Provides} Architecture: any -Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends} +Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-swtpm0 (<< ${source:Version}) Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-swtpm0 @@ -378,7 +378,7 @@ libtss2-tcti-mssim0t64, libtss2-tcti-spi-helper0t64, libtss2-tcti-swtpm0t64, - tpm-udev, + tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same @@ -458,6 +458,17 @@ facilitate installing all libraries at once, independently of the changing SONAMEs. +Package: tpm-udev +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends} +Breaks: libtss2-fapi1t64 (<< 4.1.3-6) +Replaces: libtss2-fapi1t64 (<< 4.1.3-6) +Enhances: udev +Description: TPM2 Software stack library - udev rules for TPM modules + This package provides udev rules for the TPM modules. Both TPM1 or TPM2 need + this package to be installed to provide proper permissions of the TPM. + Package: libtss2-doc Architecture: all Section: doc diff -Nru tpm2-tss-4.1.3/debian/copyright tpm2-tss-4.1.3/debian/copyright --- tpm2-tss-4.1.3/debian/copyright 2026-02-16 20:28:32.000000000 +0000 +++ tpm2-tss-4.1.3/debian/copyright 2026-02-25 15:12:45.000000000 +0000 @@ -14,7 +14,9 @@ License: GPL-3 Files: debian/patches/* + debian/tpm-udev* Copyright: Intel Corporation and individual contributors + 2019 Ying-Chun Liu (PaulLiu) <[email protected]> License: BSD-2-clause Files: debian/patches/0001_disable_fapi_io_test.patch diff -Nru tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install --- tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install 2026-02-16 20:28:32.000000000 +0000 +++ tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install 2026-02-25 15:12:45.000000000 +0000 @@ -1,5 +1 @@ -etc/tmpfiles.d/tpm2-tss-fapi.conf usr/lib/tmpfiles.d/ -etc/sysusers.d/tpm2-tss.conf usr/lib/sysusers.d/ -etc/tpm2-tss/fapi-config.json -etc/tpm2-tss/fapi-profiles/P_*.json usr/lib/*/libtss2-fapi.so.* diff -Nru tpm2-tss-4.1.3/debian/rules tpm2-tss-4.1.3/debian/rules --- tpm2-tss-4.1.3/debian/rules 2026-02-25 05:52:15.000000000 +0000 +++ tpm2-tss-4.1.3/debian/rules 2026-02-25 15:12:45.000000000 +0000 @@ -43,3 +43,7 @@ # automatically at build time. tsslibs=$$(grep -E 'libtss2-*' ./debian/files | grep -v -e 'dbgsym' -e 'libtss2-dev' -e 'libtss2-meta' -e 'libtss2-doc' | tr '_' ' ' | awk '{ print $$1,"(=",$$2 ")" }' | paste -sd ',' - | sed -e 's/,/, /g'); \ dh_gencontrol -p libtss2-dev -p tpm2-tss -- -V"libtss2:All=$${tsslibs}" + +override_dh_installsystemd: + dh_installsystemd -X tpm-udev.path --no-start --no-stop-on-upgrade + dh_installsystemd -X tpm-udev.service diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.install tpm2-tss-4.1.3/debian/tpm-udev.install --- tpm2-tss-4.1.3/debian/tpm-udev.install 1970-01-01 01:00:00.000000000 +0100 +++ tpm2-tss-4.1.3/debian/tpm-udev.install 2026-02-25 15:12:45.000000000 +0000 @@ -0,0 +1,4 @@ +etc/tmpfiles.d/tpm2-tss-fapi.conf usr/lib/tmpfiles.d/ +etc/sysusers.d/tpm2-tss.conf usr/lib/sysusers.d/ +etc/tpm2-tss/fapi-config.json +etc/tpm2-tss/fapi-profiles/P_*.json diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.path tpm2-tss-4.1.3/debian/tpm-udev.path --- tpm2-tss-4.1.3/debian/tpm-udev.path 1970-01-01 01:00:00.000000000 +0100 +++ tpm2-tss-4.1.3/debian/tpm-udev.path 2026-02-25 15:12:45.000000000 +0000 @@ -0,0 +1,9 @@ +[Unit] +ConditionVirtualization=container +Description=Handle dynamically added tpm devices + +[Path] +PathChanged=/dev + +[Install] +WantedBy=paths.target diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.postinst tpm2-tss-4.1.3/debian/tpm-udev.postinst --- tpm2-tss-4.1.3/debian/tpm-udev.postinst 1970-01-01 01:00:00.000000000 +0100 +++ tpm2-tss-4.1.3/debian/tpm-udev.postinst 2026-02-25 15:12:45.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +case "$1" in + configure) + # ask udev to check for new udev rules (and fix device permissions) + if udevadm --version > /dev/null; then + udevadm control --reload-rules ||: + udevadm trigger --sysname-match="tpm[0-9]*" ||: + udevadm trigger --action=add --subsystem-match=tpm ||: + udevadm trigger --action=add --subsystem-match=tpmrm ||: + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.service tpm2-tss-4.1.3/debian/tpm-udev.service --- tpm2-tss-4.1.3/debian/tpm-udev.service 1970-01-01 01:00:00.000000000 +0100 +++ tpm2-tss-4.1.3/debian/tpm-udev.service 2026-02-25 15:12:45.000000000 +0000 @@ -0,0 +1,5 @@ +[Unit] +Description=Handle dynamically added tpm devices + +[Service] +ExecStart=systemd-tmpfiles --create tpm-udev.conf diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles --- tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles 1970-01-01 01:00:00.000000000 +0100 +++ tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles 2026-02-25 15:12:45.000000000 +0000 @@ -0,0 +1,4 @@ +# Handle tpm mode and owers in containers +z /dev/tpm[0-9]* 0660 tss root +z /dev/tpmrm[0-9]* 0660 tss tss +d /var/lib/tpm 0755 tss tss diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.udev tpm2-tss-4.1.3/debian/tpm-udev.udev --- tpm2-tss-4.1.3/debian/tpm-udev.udev 1970-01-01 01:00:00.000000000 +0100 +++ tpm2-tss-4.1.3/debian/tpm-udev.udev 2026-02-25 15:12:45.000000000 +0000 @@ -0,0 +1,4 @@ +# tpm devices can only be accessed by the tss user but the tss +# group members can access tpmrm devices +KERNEL=="tpm[0-9]*", TAG+="systemd", MODE="0660", OWNER="tss" +KERNEL=="tpmrm[0-9]*", TAG+="systemd", MODE="0660", OWNER="tss", GROUP="tss" ** Affects: tpm2-tss (Ubuntu) Importance: Undecided Status: New ** Affects: tpm2-tss (Ubuntu Resolute) Importance: Undecided Status: New ** Also affects: tpm2-tss (Ubuntu Resolute) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2143669 Title: [FFE] Please merge 4.1.3-6 into resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/2143669/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
