swtpm/swtpm.spec

399 lines
14 KiB
RPMSpec
Raw Permalink Normal View History

%bcond_without gnutls
# Macros needed by SELinux
%global selinuxtype targeted
%global moduletype contrib
%global modulename swtpm
Summary: TPM Emulator
Name: swtpm
Version: 0.9.0
Release: 4%{?dist}
License: BSD-3-Clause
Url: https://github.com/stefanberger/swtpm
Source0: https://github.com/stefanberger/swtpm/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: openssl-swtpm.cnf
# Prevent crypto policies disabling SHA-1.
# swtpm algorithm list is unconditional. Since it advertizes
# SHA-1, we MUST always provide a working SHA-1 impl
Patch0002: swtpm-custom-openssl.patch
Patch0003: selinux.patch
BuildRequires: make
BuildRequires: git-core
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: libtpms-devel >= 0.6.0
BuildRequires: expect
BuildRequires: net-tools
BuildRequires: openssl-devel
BuildRequires: socat
2024-01-28 23:06:37 +00:00
BuildRequires: tpm2-tss
2019-02-04 16:25:47 +00:00
BuildRequires: softhsm
2021-06-07 10:32:33 +00:00
BuildRequires: json-glib-devel
%if %{with gnutls}
2021-06-07 10:32:33 +00:00
BuildRequires: gnutls >= 3.4.0
BuildRequires: gnutls-devel
BuildRequires: gnutls-utils
BuildRequires: libtasn1-devel
BuildRequires: libtasn1
%endif
BuildRequires: selinux-policy-devel
BuildRequires: gcc
2019-07-16 13:47:24 +00:00
BuildRequires: libseccomp-devel
2020-10-07 21:06:35 +00:00
BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
BuildRequires: python3-devel
BuildRequires: gmp-devel
Requires: %{name}-libs = %{version}-%{release}
Requires: libtpms >= 0.6.0
Requires: (%{name}-selinux if selinux-policy-targeted)
%description
TPM emulator built on libtpms providing TPM functionality for QEMU VMs
%package libs
Summary: Private libraries for swtpm TPM emulators
License: BSD-3-Clause
%description libs
A private library with callback functions for libtpms based swtpm TPM emulator
%package devel
Summary: Include files for the TPM emulator's CUSE interface for usage by clients
License: BSD-3-Clause
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel
Include files for the TPM emulator's CUSE interface.
%package tools
Summary: Tools for the TPM emulator
License: BSD-3-Clause
Requires: swtpm = %{version}-%{release}
2024-01-28 23:06:37 +00:00
# tpm2-tss for tss account
Requires: tpm2-tss bash gnutls-utils
%description tools
Tools for the TPM emulator from the swtpm package
2020-10-07 21:06:35 +00:00
%package tools-pkcs11
Summary: Tools for creating a local CA based on a TPM pkcs11 device
License: BSD-3-Clause
2020-10-07 21:06:35 +00:00
Requires: swtpm-tools = %{version}-%{release}
Requires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
2024-01-28 23:06:37 +00:00
Requires: expect gnutls-utils
2020-10-07 21:06:35 +00:00
%description tools-pkcs11
Tools for creating a local CA based on a pkcs11 device
%package selinux
Summary: SELinux security policy for swtpm
Requires(post): swtpm = %{version}-%{release}
BuildArch: noarch
%if ! 0%{?flatpak}
%{?selinux_requires}
%endif
%description selinux
SELinux security policy for swtpm.
%prep
%autosetup -S git -n %{name}-%{version} -p1
%build
NOCONFIGURE=1 ./autogen.sh
%configure \
%if %{with gnutls}
--with-gnutls \
%endif
--without-cuse
%make_build
%check
make %{?_smp_mflags} check VERBOSE=1
%install
%make_install
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
%__install -d %{buildroot}%{_sysconfdir}/ssl
cp %{SOURCE1} %{buildroot}/%{_sysconfdir}/ssl/
%post selinux
for pp in /usr/share/selinux/packages/swtpm.pp \
/usr/share/selinux/packages/swtpm_svirt.pp \
/usr/share/selinux/packages/swtpm_libvirt.pp; do
%selinux_modules_install -s %{selinuxtype} ${pp}
done
restorecon %{_bindir}/swtpm
%postun selinux
if [ $1 -eq 0 ]; then
for p in swtpm_libvirt swtpm swtpm_svirt; do
%selinux_modules_uninstall -s %{selinuxtype} $p
done
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%ldconfig_post libs
%ldconfig_postun libs
%files
%license LICENSE
%doc README
%{_bindir}/swtpm
%{_mandir}/man8/swtpm.8*
%files selinux
%{_datadir}/selinux/packages/swtpm.pp
%{_datadir}/selinux/packages/swtpm_libvirt.pp
%{_datadir}/selinux/packages/swtpm_svirt.pp
%{_sysconfdir}/ssl/openssl-swtpm.cnf
%files libs
%license LICENSE
%doc README
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libswtpm_libtpms.so.0
%{_libdir}/%{name}/libswtpm_libtpms.so.0.0.0
%files devel
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%{_mandir}/man3/swtpm_ioctls.3*
%files tools
%doc README
%{_bindir}/swtpm_bios
%if %{with gnutls}
%{_bindir}/swtpm_cert
%endif
%{_bindir}/swtpm_setup
%{_bindir}/swtpm_ioctl
2021-11-09 17:02:25 +00:00
%{_bindir}/swtpm_localca
%{_mandir}/man5/swtpm-localca.conf.5*
%{_mandir}/man5/swtpm-localca.options.5*
%{_mandir}/man5/swtpm_setup.conf.5*
%{_mandir}/man8/swtpm_bios.8*
%{_mandir}/man8/swtpm_cert.8*
%{_mandir}/man8/swtpm_ioctl.8*
%{_mandir}/man8/swtpm-localca.8*
2021-11-09 17:02:25 +00:00
%{_mandir}/man8/swtpm_localca.8*
%{_mandir}/man8/swtpm_setup.8*
%exclude %{_mandir}/man8/swtpm_cuse.8.gz
%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
%config(noreplace) %{_sysconfdir}/swtpm-localca.options
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
%dir %{_datadir}/swtpm
%{_datadir}/swtpm/swtpm-localca
2020-08-28 22:58:48 +00:00
%{_datadir}/swtpm/swtpm-create-user-config-files
%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca
2020-10-07 21:06:35 +00:00
%files tools-pkcs11
%{_mandir}/man8/swtpm-create-tpmca.8*
%{_datadir}/swtpm/swtpm-create-tpmca
%changelog
* Mon Nov 04 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-4
- Add extra SELinux policies.
Related: RHEL-53967
- Fix FTBFS, add gmp-devel
Resolves: RHEL-65460
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.0-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Wed Jul 17 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-2
- Add extra SELinux policies.
Resolves: RHEL-47273
* Tue Jul 09 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-1
- Update to v0.9.0 release
Resolves: RHEL-42590
- Fix SHA-1 algorithm availability
Resolves: RHEL-46754
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.8.1-6
- Bump release for June 2024 mass rebuild
2024-01-28 23:06:37 +00:00
* Sun Jan 28 2024 Peter Robinson <pbrobinson@fedoraproject.org> - 0.8.1-5
- Use tpm2-tss to provide tss account
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 16 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-3
- Build for i686 again since dependency issue resolved
* Tue Aug 15 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-2
- Don't build tools-pkcs11 for i686 since python-tpm2-pytss is not built for it
- Set license to BSD-3-Clause for all packages
2023-08-15 17:30:54 +00:00
* Tue Aug 15 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-1
- Update to v0.8.1 release
* Sat Jul 22 2023 Adam Williamson <awilliam@redhat.com> - 0.8.0-7
- Make swtpm-selinux Requires(post) swtpm (#2223276)
2023-07-21 19:44:01 +00:00
* Thu Jul 20 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-6
- Added a 'Requires' on swtpm for swtpm-selinux package
* Wed Jul 19 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-4
- Split off SELinux policy into swtpm-selinux
2023-05-15 15:50:22 +00:00
* Mon May 15 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 0.8.0-4
- Remove trousers dependency from RHEL builds
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
2022-11-10 19:32:19 +00:00
* Thu Nov 10 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-2
- Adding patch needed on Rawhide build servers only
2022-11-10 18:29:50 +00:00
* Thu Nov 10 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-1
- Update to v0.8.0 release
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.3-2.20220427gitf2268ee
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
2022-04-27 18:07:51 +00:00
* Wed Apr 27 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-1.20220427gitf2268ee
- Update to v0.7.3 release
2022-03-07 18:23:00 +00:00
* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-1.20220307git21c90c1
- Update to v0.7.2 release
2022-02-18 13:41:16 +00:00
* Fri Feb 18 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-1.20220218git92a7035
- Update to v0.7.1 release
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-2.20211109gitb79fd91
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
2021-11-09 17:02:25 +00:00
* Tue Nov 09 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-1.20211109gitb79fd91
- Update to v0.7.0 release
2021-09-21 15:23:42 +00:00
* Tue Sep 21 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-1.20210921git98187d2
- Update to v0.6.1 release
* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210916gita0ca7c3
- Build upcoming v0.6.1 that has patch to build with OpenSSL 3.0.0
* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com.> - 0.6.0-5.20210607gitea627b3
- Applied patch with -Wno-deprecated-declarations for build with OpenSSL 3.0.0
2021-09-14 17:15:59 +00:00
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.6.0-4.20210607gitea627b3
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-3.20210607gitea627b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jul 13 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 0.6.0-2.20210706gitea627b
- Add an explicit BuildRequires for python3-devel
2021-06-07 10:32:33 +00:00
* Mon Jun 07 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-1.20210706gitea627b
- Update to v0.6.0 release
2021-06-04 19:16:06 +00:00
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.5.2-4.20201226gite59c0c1
- Rebuilt for Python 3.10
* Wed Apr 07 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.5.2-3.20201226gite59c0c1
- Remove unnecessary python3-twisted dependency
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-2.20201226gite59c0c1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
2020-12-26 20:30:42 +00:00
* Sat Dec 26 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.2-1.20201226gite59c0c1a
- Bugfixes for stable release
2020-12-08 04:58:29 +00:00
* Mon Dec 07 2020 Jeff Law <law@redhat.com> - 0.5.1-3.20201117git96f5a04c
- Avoid diagnostic from gcc-11
2020-12-26 20:30:42 +00:00
* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.1-2.20201117git96f5a04c
- Another build of v0.5.1 after more fixes
* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.1-1.20201007git390f5bd4
- Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407)
* Wed Oct 7 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.0-1.20201007gitb931e109
2020-10-07 21:06:35 +00:00
- Update to v0.5.0 release
2020-08-28 22:58:48 +00:00
* Fri Aug 28 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.4.0-1.20200828git0c238a2
- Update to v0.4.0 release
* Thu Aug 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-2.20200711git80f0418
- Disable pkcs11 related test case running into GnuTLS locking bug
2020-08-17 17:43:02 +00:00
* Tue Aug 11 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-1.20200711git80f0418
- Update to v0.3.4 release
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3.20200218git74ae43b
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-2.20200218git74ae43b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 24 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.3.0-1.20200218git74ae43b
- Update to v0.3.0 release
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-7.20191115git8dae4b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Nov 15 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-6.20191018git8dae4b3
- follow stable-0.2.0 branch with fix of GnuTLS API call to get subject key ID
* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-5.20191018git9227cf4
- follow stable-0.2.0 branch with swtpm_cert OID bugfix for TPM 2
* Tue Aug 13 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-4.20190801git13536aa
- run 'restorecon' on swtpm in post to get SELinux label on first install
* Thu Aug 01 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-3.20190801git13536aa
- follow stable-0.2.0 branch with some bug fixes
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-2.20190723gitf0b4137
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-1.20190723gitf0b4137
- follow stable-0.2.0 branch with some bug fixes
2019-07-16 13:47:24 +00:00
* Tue Jul 16 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-0.20190716git374b669
- (tentative) v0.2.0 release of swtpm
2019-04-26 12:28:58 +00:00
* Thu Apr 25 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20190425gitca85606
- pick up bug fixes
2019-02-04 16:25:47 +00:00
* Mon Feb 04 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20190204git2c25d13.1
- v0.1.0 release of swtpm
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.0-0.20181212git8b9484a.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Dec 12 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181212git8b9484a
- Follow improvements in swtpm repo primarily related to fixes for 'ubsan'
* Tue Nov 06 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181106git05d8160
- Follow improvements in swtpm repo
- Remove ownership change of swtpm_setup.sh; have root own the file as required
2018-10-31 19:34:29 +00:00
* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181031gitc782a85
- Follow improvements and fixes in swtpm
* Tue Oct 02 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20181002git0143c41
- Fixes to SELinux policy
- Improvements on various other parts
* Tue Sep 25 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20180924gitce13edf
- Initial Fedora build
* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20180918git67d7ea3
- Created initial version of rpm spec files
- Version is now 0.1.0
- Bugzilla for this spec: https://bugzilla.redhat.com/show_bug.cgi?id=1611829