Update to v0.3.4 release

2020-08-17 13:43:02 -04:00 · 2020-08-17 13:43:02 -04:00 · 2b7cbc9809
commit 2b7cbc9809
parent ac941adb9f
5 changed files with 13 additions and 161 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,4 @@
 /swtpm-8dae4b3.tar.gz
 /swtpm-0.3.0.tar.gz
 /swtpm-74ae43b.tar.gz
 /swtpm-80f0418.tar.gz
--- a/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch
+++ b/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch
@ -1,56 +0,0 @@
 From f5bd8ba14f5165bc5b7cd3b20a7ba07f6acbfffe Mon Sep 17 00:00:00 2001
 From: Stefan Berger <stefanb@linux.ibm.com>
 Date: Fri, 31 Jul 2020 10:47:27 -0400
 Subject: [PATCH] tests: Modify sample key to be 2048 bit rather than only 2033
 bit
 The generated sample keys started with 00010203, thus leaving the upper
 15 bits of the key as '0', which in turn causes gnutls to think that the
 key is only 2033 bit long, thus rejecting certificate verification once
 the min-verification-profile is set to 'medium' in gnutls's config file
 in /etc/crypto-policies/back-ends/gnutls.config.
 We now create sample keys starting with 800102, which sets the highest bit.
 This fixes test errors on Fedora Rawhide due to the change in the
 min-verification-profile setting in gnutls.config.
 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 ---
 tests/test_tpm2_samples_swtpm_localca        | 4 ++--
 tests/test_tpm2_samples_swtpm_localca_pkcs11 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/tests/test_tpm2_samples_swtpm_localca b/tests/test_tpm2_samples_swtpm_localca
 index 3611b9d2..11ad10ba 100755
 --- a/tests/test_tpm2_samples_swtpm_localca
 +++ b/tests/test_tpm2_samples_swtpm_localca
@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
 workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX")
 -ek=""
 -for ((i = 0; i < 256; i++)); do
 +ek="80" # 2048 bit key must have highest bit set
 +for ((i = 1; i < 256; i++)); do
   ek="${ek}$(printf "%02x" $i)"
 done
 diff --git a/tests/test_tpm2_samples_swtpm_localca_pkcs11 b/tests/test_tpm2_samples_swtpm_localca_pkcs11
 index 5d0d1d45..372a6391 100755
 --- a/tests/test_tpm2_samples_swtpm_localca_pkcs11
 +++ b/tests/test_tpm2_samples_swtpm_localca_pkcs11
@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
 workdir=$(mktemp -d)
 -ek=""
 -for ((i = 0; i < 256; i++)); do
 +ek="80" # 2048 bit key must have highest bit set
 +for ((i = 1; i < 256; i++)); do
   ek="${ek}$(printf "%02x" $i)"
 done
 -- 
 2.25.4
--- a/0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
+++ b/0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
@ -1,96 +0,0 @@
 From e6d81c0281900c8222022d66272254f97919cf4b Mon Sep 17 00:00:00 2001
 From: Stefan Berger <stefanb@linux.vnet.ibm.com>
 Date: Tue, 25 Feb 2020 21:34:21 -0500
 Subject: [PATCH] tests: Skip test 4 of derived keys in case an allowed error
 is encounterd
 libtpms may not support TDES, so we have to skip test case 4 in
 case we encounter an allowed error message.
 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 ---
 tests/_test_tpm2_derived_keys | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)
 diff --git a/tests/_test_tpm2_derived_keys b/tests/_test_tpm2_derived_keys
 index 773da39..87b9940 100755
 --- a/tests/_test_tpm2_derived_keys
 +++ b/tests/_test_tpm2_derived_keys
@@ -51,12 +51,14 @@ fi
 # @param2: whether to send TPM2_Startup
 # @param3: command to send
 # @param4: expected return value
 +# @param5: allowed failure return value to skip test
 function tx_cmd()
 {
 	local reset="$1"
 	local startup="$2"
 	local cmd="$3"
 	local exp="$4"
 +	local allowed_error="$5"
 	local RES tmp
@@ -82,7 +84,9 @@ function tx_cmd()
 	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
 	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} ${cmd})
 -	if [ "$RES" != "$exp" ]; then
 +	if [ "$RES" == "$allowed_error" ]; then
 +		echo "Skip: Encountered allowed error response ($allowed_error)"
 +	elif [ "$RES" != "$exp" ]; then
 		echo "Error: Did not get expected return from creating key"
 		echo "expected: $exp"
 		echo "received: $RES"
@@ -93,6 +97,10 @@ function tx_cmd()
 	return 0
 }
 +# Older versions of libtpms do not support TDES
 +# So we may skip the test in case we hit this error
 +error_unsupt_algo=' 80 01 00 00 00 0a 00 00 02 d6'
 +
 # Create a primary RSA key and expect a predictable return value
 # tsscreateprimary -hi e -v
 # -> creates key with handle 0x80 00 00 00
@@ -245,12 +253,12 @@ test5_exp2+=' 00 00 01 00 00'
 case "$(uname -p)" in
 ppc64le|x86_64)
 	echo "[Assuming ${SWTPM_EXE} is 64bit]"
 -	tx_cmd 1 0 "$test1_cmd" "$test1_exp" || exit 1 && echo "Test 1: OK"
 -	tx_cmd 1 1 "$test2_cmd" "$test2_exp" || exit 1 && echo "Test 2: OK"
 -	tx_cmd 1 1 "$test3_cmd" "$test3_exp" || exit 1 && echo "Test 3: OK"
 -	tx_cmd 1 1 "$test4_cmd" "$test4_exp" || exit 1 && echo "Test 4: OK"
 -	tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" || exit 1
 -	tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" || exit 1 && echo "Test 5: OK"
 +	tx_cmd 1 0 "$test1_cmd" "$test1_exp" "" || exit 1 && echo "Test 1: OK"
 +	tx_cmd 1 1 "$test2_cmd" "$test2_exp" "" || exit 1 && echo "Test 2: OK"
 +	tx_cmd 1 1 "$test3_cmd" "$test3_exp" "" || exit 1 && echo "Test 3: OK"
 +	tx_cmd 1 1 "$test4_cmd" "$test4_exp" "$error_unsupt_algo" || exit 1 && echo "Test 4: OK"
 +	tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" "" || exit 1
 +	tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" "" || exit 1 && echo "Test 5: OK"
 	;;
 *)
 	echo "This test currently only works with 64bit TPMs"
@@ -301,12 +309,12 @@ test4_exp=' 80 02 00 00 00 71 00 00 00 00 80 00 00 00 00 00 00 5a 00 00 00 32 00
 test5_exp1=' 80 02 00 00 01 12 00 00 00 00 80 00 00 00 00 00 00 fb 00 32 00 08 00 0b 00 03 04 72 00 00 00 0a 00 0b 00 22 00 20 60 5c 90 40 d5 ef 80 59 70 f4 90 3e 43 7a ce 49 1e 06 06 f0 e9 79 39 e4 a0 a1 8b d5 12 ca 86 9a 00 37 00 00 00 00 00 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 01 00 10 00 04 40 00 00 0b 00 04 40 00 00 0b 00 00 00 20 28 d0 26 fa fd 74 91 06 74 3e 27 c4 28 05 51 58 5e 5d 17 66 8e b5 21 83 5e d6 01 27 ef fc 05 d4 80 21 40 00 00 0b 00 40 5a 84 8d d0 73 da 49 f6 76 84 6e d1 56 13 39 4d 4b 67 0a 68 97 71 c9 a4 92 a6 aa 6d 30 4b 19 6c 69 fc a7 d5 b9 5c 8f 5a af 0c f6 72 b9 85 c5 d4 0a 09 f8 f7 16 4d 11 bc 5d ec cc 48 02 15 ce 79 00 22 00 0b 04 13 09 39 42 b3 86 80 67 68 2a d7 27 e3 c7 44 1d 1c b6 65 23 c3 ee f0 b8 b8 b5 ff ee 49 1d 4b 00 00 01 00 00'
 test5_exp2=' 80 02 00 00 00 95 00 00 00 00 80 00 00 01 00 00 00 7e 00 00 00 56 00 23 00 0b 00 02 04 52 00 00 00 10 00 10 00 10 00 10 00 20 af 9f be fc c8 95 21 71 04 2d 7d db 3f 42 aa 54 cc 2f a0 cf 55 82 78 f4 3f 01 88 27 46 53 2c 88 00 20 dc ad 67 2f d1 ea 89 01 f5 27 1f 58 3f a5 da 52 85 50 98 d5 06 81 10 13 86 12 d7 23 55 12 ea 0c 00 22 00 0b 72 c2 60 3f c8 bb 79 ea 92 86 7e a3 df 57 8d 15 e3 f1 10 a2 f9 1c a6 80 41 c3 cf e1 fa 43 83 2f 00 00 01 00 00'
 -tx_cmd 1 0 "$test1_cmd" "$test1_exp" || exit 1 && echo "Test 1: OK"
 -tx_cmd 1 1 "$test2_cmd" "$test2_exp" || exit 1 && echo "Test 2: OK"
 -tx_cmd 1 1 "$test3_cmd" "$test3_exp" || exit 1 && echo "Test 3: OK"
 -tx_cmd 1 1 "$test4_cmd" "$test4_exp" || exit 1 && echo "Test 4: OK"
 -tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" || exit 1
 -tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" || exit 1 && echo "Test 5: OK"
 +tx_cmd 1 0 "$test1_cmd" "$test1_exp" "" || exit 1 && echo "Test 1: OK"
 +tx_cmd 1 1 "$test2_cmd" "$test2_exp" "" || exit 1 && echo "Test 2: OK"
 +tx_cmd 1 1 "$test3_cmd" "$test3_exp" "" || exit 1 && echo "Test 3: OK"
 +tx_cmd 1 1 "$test4_cmd" "$test4_exp" "" || exit 1 && echo "Test 4: OK"
 +tx_cmd 1 1 "$test5_cmd1" "$test5_exp1" "" || exit 1
 +tx_cmd 0 0 "$test5_cmd2" "$test5_exp2" "" || exit 1 && echo "Test 5: OK"
 run_swtpm_ioctl ${SWTPM_INTERFACE} -s
 if [ $? -ne 0 ]; then
 -- 
 2.25.0.rc2.1.g09a9a1a997
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (swtpm-74ae43b.tar.gz) = 59be7ab2406105ba808b1dc3656bff1c5f533dccca6acb0bb618b6dea2851d0c5c19527487748ff8d3503ea395f1ec8f07a3766f2ac6fff204b964c111c6e311
+SHA512 (swtpm-80f0418.tar.gz) = 7190800f04adf970c0579186af07e705aadb36c2305dfae4b2b300b97db3e6c920c41001449154d9bc5dd71bd635b3d6236d47a517caaa9352a3c04aed55b93c
--- a/swtpm.spec
+++ b/swtpm.spec
@ -1,7 +1,7 @@
 %bcond_without gnutls
-%global gitdate     20200218
+%global gitdate     20200811
-%global gitcommit   74ae43bd8e4fca809d1cbc398efcb2f7f968b59f
+%global gitcommit   80f04180f200829053c38818ae83721b21c747e8
 %global gitshortcommit  %(c=%{gitcommit}; echo ${c:0:7})
 # Macros needed by SELinux
@ -11,15 +11,12 @@
 Summary: TPM Emulator
 Name:           swtpm
-Version:        0.3.0
+Version:        0.3.4
-Release:        4.%{gitdate}git%{gitshortcommit}%{?dist}
+Release:        1.%{gitdate}git%{gitshortcommit}%{?dist}
 License:        BSD
 Url:            http://github.com/stefanberger/swtpm
 Source0:        %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
 Patch0001:      0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
 Patch0002:      0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch
 BuildRequires:  git-core
 BuildRequires:  automake
 BuildRequires:  autoconf
@ -93,7 +90,7 @@ NOCONFIGURE=1 ./autogen.sh
 %make_build
 %check
-make %{?_smp_mflags} check VERBOSE=1
+make -O check V=1 VERBOSE=1
 %install
@ -169,6 +166,12 @@ fi
 %attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca
 %changelog
 * Tue Aug 11 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-1.20200711git80f0418
 - Update to v0.3.4 release
 * Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.3-1.20200731git823f821
 - Update to v0.3.3 release + patch fixing certificate chain verification error
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3.20200218git74ae43b
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
`@ -1 +1 @@`
	`SHA512 (swtpm-74ae43b.tar.gz) = 59be7ab2406105ba808b1dc3656bff1c5f533dccca6acb0bb618b6dea2851d0c5c19527487748ff8d3503ea395f1ec8f07a3766f2ac6fff204b964c111c6e311`	`SHA512 (swtpm-80f0418.tar.gz) = 7190800f04adf970c0579186af07e705aadb36c2305dfae4b2b300b97db3e6c920c41001449154d9bc5dd71bd635b3d6236d47a517caaa9352a3c04aed55b93c`