Update to 0.8.0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This commit is contained in:
parent
f641bfd229
commit
32e338fcbe
1
.gitignore
vendored
1
.gitignore
vendored
@ -21,3 +21,4 @@
|
||||
/swtpm-e59c0c1.tar.gz
|
||||
/swtpm-ea627b3.tar.gz
|
||||
/swtpm-b79fd91.tar.gz
|
||||
/swtpm-0.8.0.tar.gz
|
||||
|
@ -1,54 +0,0 @@
|
||||
From 9f740868fc36761de27df3935513bdebf8852d19 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Date: Wed, 16 Feb 2022 11:17:47 -0500
|
||||
Subject: [PATCH] swtpm: Check header size indicator against expected size (CID
|
||||
375869)
|
||||
|
||||
This fix addresses Coverity issue CID 375869.
|
||||
|
||||
Check the header size indicated in the header of the state against the
|
||||
expected size and return an error code in case the header size indicator
|
||||
is different. There was only one header size so far since blobheader was
|
||||
introduced, so we don't need to deal with different sizes.
|
||||
|
||||
Without this fix a specially craft header could have cause out-of-bounds
|
||||
accesses on the byte array containing the swtpm's state.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/swtpm/swtpm_nvstore.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/swtpm/swtpm_nvstore.c b/src/swtpm/swtpm_nvstore.c
|
||||
index 437088370e11..144d8975ec54 100644
|
||||
--- a/src/swtpm/swtpm_nvstore.c
|
||||
+++ b/src/swtpm/swtpm_nvstore.c
|
||||
@@ -1075,6 +1075,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
|
||||
uint8_t *hdrversion, bool quiet)
|
||||
{
|
||||
blobheader *bh = (blobheader *)data;
|
||||
+ uint16_t hdrsize;
|
||||
|
||||
if (length < sizeof(bh)) {
|
||||
if (!quiet)
|
||||
@@ -1100,8 +1101,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
|
||||
return TPM_BAD_VERSION;
|
||||
}
|
||||
|
||||
+ hdrsize = ntohs(bh->hdrsize);
|
||||
+ if (hdrsize != sizeof(blobheader)) {
|
||||
+ logprintf(STDERR_FILENO,
|
||||
+ "bad header size: %u != %zu\n",
|
||||
+ hdrsize, sizeof(blobheader));
|
||||
+ return TPM_BAD_DATASIZE;
|
||||
+ }
|
||||
+
|
||||
*hdrversion = bh->version;
|
||||
- *dataoffset = ntohs(bh->hdrsize);
|
||||
+ *dataoffset = hdrsize;
|
||||
*hdrflags = ntohs(bh->flags);
|
||||
|
||||
return TPM_SUCCESS;
|
||||
--
|
||||
2.34.1.428.gdcc0cd074f0c
|
||||
|
@ -1,279 +0,0 @@
|
||||
From a39c3792ba5677f25fea903b9f1a43740a5f2c0c Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Date: Wed, 8 Jun 2022 09:19:07 -0400
|
||||
Subject: [PATCH] swtpm: Disable OpenSSL FIPS mode to avoid libtpms failures
|
||||
|
||||
While libtpms does not provide any means to disable FIPS-disabled crypto
|
||||
algorithms from being used, work around the issue by simply disabling the
|
||||
FIPS mode of OpenSSL if it is enabled. If it cannot be disabled, exit
|
||||
swtpm with a failure message that it cannot be disabled. If FIPS mode
|
||||
was successfully disabled, print out a message as well.
|
||||
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2090219
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
configure.ac | 9 ++++
|
||||
src/swtpm/Makefile.am | 2 +
|
||||
src/swtpm/cuse_tpm.c | 5 ++
|
||||
src/swtpm/fips.c | 100 ++++++++++++++++++++++++++++++++++++++
|
||||
src/swtpm/fips.h | 43 ++++++++++++++++
|
||||
src/swtpm/swtpm.c | 3 ++
|
||||
src/swtpm/swtpm_chardev.c | 3 ++
|
||||
src/swtpm/utils.h | 2 +
|
||||
8 files changed, 167 insertions(+)
|
||||
create mode 100644 src/swtpm/fips.c
|
||||
create mode 100644 src/swtpm/fips.h
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index ad3054e..30288c7 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -156,6 +156,15 @@ openssl)
|
||||
AC_MSG_RESULT([Building with openssl crypto library])
|
||||
LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto)
|
||||
AC_SUBST([LIBCRYPTO_LIBS])
|
||||
+ AC_CHECK_HEADERS([openssl/fips.h],
|
||||
+ [AC_DEFINE_UNQUOTED([HAVE_OPENSSL_FIPS_H], 1,
|
||||
+ [whether openssl/fips.h is available])]
|
||||
+ )
|
||||
+ AC_CHECK_LIB(crypto,
|
||||
+ [FIPS_mode_set],
|
||||
+ [AC_DEFINE_UNQUOTED([HAVE_OPENSSL_FIPS_MODE_SET_API], 1,
|
||||
+ [whether FIPS_mode_set API is available])]
|
||||
+ )
|
||||
;;
|
||||
esac
|
||||
|
||||
diff --git a/src/swtpm/Makefile.am b/src/swtpm/Makefile.am
|
||||
index 5454a6f..2a65950 100644
|
||||
--- a/src/swtpm/Makefile.am
|
||||
+++ b/src/swtpm/Makefile.am
|
||||
@@ -11,6 +11,7 @@ noinst_HEADERS = \
|
||||
capabilities.h \
|
||||
common.h \
|
||||
ctrlchannel.h \
|
||||
+ fips.h \
|
||||
key.h \
|
||||
locality.h \
|
||||
logging.h \
|
||||
@@ -40,6 +41,7 @@ libswtpm_libtpms_la_SOURCES = \
|
||||
capabilities.c \
|
||||
common.c \
|
||||
ctrlchannel.c \
|
||||
+ fips.c \
|
||||
key.c \
|
||||
logging.c \
|
||||
mainloop.c \
|
||||
diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c
|
||||
index 9dbc00d..3026e26 100644
|
||||
--- a/src/swtpm/cuse_tpm.c
|
||||
+++ b/src/swtpm/cuse_tpm.c
|
||||
@@ -1695,6 +1695,11 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
|
||||
goto exit;
|
||||
}
|
||||
|
||||
+ if (disable_fips_mode() < 0) {
|
||||
+ ret = -1;
|
||||
+ goto exit;
|
||||
+ }
|
||||
+
|
||||
if (tpmlib_register_callbacks(&cbs) != TPM_SUCCESS) {
|
||||
ret = -1;
|
||||
goto exit;
|
||||
diff --git a/src/swtpm/fips.c b/src/swtpm/fips.c
|
||||
new file mode 100644
|
||||
index 0000000..eeb2a0c
|
||||
--- /dev/null
|
||||
+++ b/src/swtpm/fips.c
|
||||
@@ -0,0 +1,100 @@
|
||||
+/*
|
||||
+ * fips.c -- FIPS mode related functions
|
||||
+ *
|
||||
+ * (c) Copyright IBM Corporation 2022.
|
||||
+ *
|
||||
+ * Author: Stefan Berger <stefanb@us.ibm.com>
|
||||
+ *
|
||||
+ * All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions are
|
||||
+ * met:
|
||||
+ *
|
||||
+ * Redistributions of source code must retain the above copyright notice,
|
||||
+ * this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in the
|
||||
+ * documentation and/or other materials provided with the distribution.
|
||||
+ *
|
||||
+ * Neither the names of the IBM Corporation nor the names of its
|
||||
+ * contributors may be used to endorse or promote products derived from
|
||||
+ * this software without specific prior written permission.
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ */
|
||||
+
|
||||
+#include "config.h"
|
||||
+
|
||||
+#include "fips.h"
|
||||
+#include "logging.h"
|
||||
+
|
||||
+#if defined(HAVE_OPENSSL_FIPS_H)
|
||||
+# include <openssl/fips.h>
|
||||
+#elif defined(HAVE_OPENSSL_FIPS_MODE_SET_API)
|
||||
+/* Cygwin has no fips.h but API exists */
|
||||
+extern int FIPS_mode(void);
|
||||
+extern int FIPS_mode_set(int);
|
||||
+#endif
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+# include <openssl/evp.h>
|
||||
+#endif
|
||||
+
|
||||
+#include <openssl/err.h>
|
||||
+
|
||||
+/*
|
||||
+ * disable_fips_mode: If possible, disable FIPS mode to avoid libtpms failures
|
||||
+ *
|
||||
+ * While libtpms does not provide a solution to disable deactivated algorithms
|
||||
+ * avoid libtpms failures due to FIPS mode enablement by disabling FIPS mode.
|
||||
+ *
|
||||
+ * Returns < 0 on error, 0 otherwise.
|
||||
+ */
|
||||
+#if defined(HAVE_OPENSSL_FIPS_H) || defined(HAVE_OPENSSL_FIPS_MODE_SET_API)
|
||||
+int disable_fips_mode(void)
|
||||
+{
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+ int mode = EVP_default_properties_is_fips_enabled(NULL);
|
||||
+#else
|
||||
+ int mode = FIPS_mode();
|
||||
+#endif
|
||||
+ int ret = 0;
|
||||
+
|
||||
+ if (mode != 0) {
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+ int rc = EVP_default_properties_enable_fips(NULL, 0);
|
||||
+#else
|
||||
+ int rc = FIPS_mode_set(0);
|
||||
+#endif
|
||||
+ if (rc == 1) {
|
||||
+ logprintf(STDOUT_FILENO,
|
||||
+ "Warning: Disabled OpenSSL FIPS mode\n");
|
||||
+ } else {
|
||||
+ unsigned long err = ERR_get_error();
|
||||
+ logprintf(STDERR_FILENO,
|
||||
+ "Failed to disable OpenSSL FIPS mode: %s\n",
|
||||
+ ERR_error_string(err, NULL));
|
||||
+ ret = -1;
|
||||
+ }
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+#else
|
||||
+/* OpenBSD & DragonFlyBSD case */
|
||||
+int disable_fips_mode(void)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
||||
diff --git a/src/swtpm/fips.h b/src/swtpm/fips.h
|
||||
new file mode 100644
|
||||
index 0000000..14d4e9f
|
||||
--- /dev/null
|
||||
+++ b/src/swtpm/fips.h
|
||||
@@ -0,0 +1,43 @@
|
||||
+/*
|
||||
+ * fips.h -- FIPS mode related functions
|
||||
+ *
|
||||
+ * (c) Copyright IBM Corporation 2015.
|
||||
+ *
|
||||
+ * Author: Stefan Berger <stefanb@us.ibm.com>
|
||||
+ *
|
||||
+ * All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions are
|
||||
+ * met:
|
||||
+ *
|
||||
+ * Redistributions of source code must retain the above copyright notice,
|
||||
+ * this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in the
|
||||
+ * documentation and/or other materials provided with the distribution.
|
||||
+ *
|
||||
+ * Neither the names of the IBM Corporation nor the names of its
|
||||
+ * contributors may be used to endorse or promote products derived from
|
||||
+ * this software without specific prior written permission.
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ */
|
||||
+
|
||||
+#ifndef _SWTPM_UTILS_H_
|
||||
+#define _SWTPM_UTILS_H_
|
||||
+
|
||||
+int disable_fips_mode(void);
|
||||
+
|
||||
+#endif /* _SWTPM_UTILS_H_ */
|
||||
diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c
|
||||
index 722a743..e618c56 100644
|
||||
--- a/src/swtpm/swtpm.c
|
||||
+++ b/src/swtpm/swtpm.c
|
||||
@@ -521,6 +521,9 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
|
||||
daemonize_finish();
|
||||
}
|
||||
|
||||
+ if (disable_fips_mode() < 0)
|
||||
+ goto error_seccomp_profile;
|
||||
+
|
||||
rc = mainLoop(&mlp, notify_fd[0]);
|
||||
|
||||
error_seccomp_profile:
|
||||
diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c
|
||||
index 9710927..ab6d8fd 100644
|
||||
--- a/src/swtpm/swtpm_chardev.c
|
||||
+++ b/src/swtpm/swtpm_chardev.c
|
||||
@@ -573,6 +573,9 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
|
||||
daemonize_finish();
|
||||
}
|
||||
|
||||
+ if (disable_fips_mode() < 0)
|
||||
+ goto error_seccomp_profile;
|
||||
+
|
||||
rc = mainLoop(&mlp, notify_fd[0]);
|
||||
|
||||
error_seccomp_profile:
|
||||
diff --git a/src/swtpm/utils.h b/src/swtpm/utils.h
|
||||
index 7502442..b8acd89 100644
|
||||
--- a/src/swtpm/utils.h
|
||||
+++ b/src/swtpm/utils.h
|
||||
@@ -71,4 +71,6 @@ ssize_t writev_full(int fd, const struct iovec *iov, int iovcnt);
|
||||
|
||||
ssize_t read_eintr(int fd, void *buffer, size_t buflen);
|
||||
|
||||
+int disable_fips_mode(void);
|
||||
+
|
||||
#endif /* _SWTPM_UTILS_H_ */
|
||||
--
|
||||
2.36.1
|
||||
|
37
0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
Normal file
37
0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 95cd8db3dc822d8f741b90d560e50f44841f9d29 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Tue, 22 Nov 2022 11:24:57 +0400
|
||||
Subject: [PATCH] swtpm_setup: fix -Werror=maybe-uninitialized
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
/usr/include/glib-2.0/glib/glib-autocleanups.h:30:3: error: ‘argv’ may be used uninitialized [-Werror=maybe-uninitialized]
|
||||
30 | g_free (*pp);
|
||||
| ^~~~~~~~~~~~
|
||||
swtpm_setup.c: In function ‘get_swtpm_capabilities.constprop.0’:
|
||||
swtpm_setup.c:940:24: note: ‘argv’ was declared here
|
||||
940 | g_autofree gchar **argv;
|
||||
| ^~~~
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
---
|
||||
src/swtpm_setup/swtpm_setup.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
|
||||
index 1b528c8..3570235 100644
|
||||
--- a/src/swtpm_setup/swtpm_setup.c
|
||||
+++ b/src/swtpm_setup/swtpm_setup.c
|
||||
@@ -937,7 +937,7 @@ static int get_swtpm_capabilities(gchar **swtpm_prg_l, gboolean is_tpm2,
|
||||
gchar *my_argv[] = { "--print-capabilities", is_tpm2 ? "--tpm2" : NULL, NULL };
|
||||
g_autofree gchar *logop = NULL;
|
||||
g_autoptr(GError) error = NULL;
|
||||
- g_autofree gchar **argv;
|
||||
+ g_autofree gchar **argv = NULL;
|
||||
int exit_status = 0;
|
||||
gboolean success;
|
||||
int ret = 1;
|
||||
--
|
||||
2.38.1
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (swtpm-b79fd91.tar.gz) = bb17a2dc7542261618ea7572301d447820ad762478cb5b38b11cf49e46a6c81620861ba5d1f150c966fe19aed828da40431ce9544775bfd048152c2957bc178e
|
||||
SHA512 (swtpm-0.8.0.tar.gz) = 7f70c19f732404061be6168c96c0dd3ec91ed8b50dddcafcb50d810062ce0e83ad85360191f97db5db9dc034e01d91cebe3912449d896d2cde68fe060a0adb09
|
||||
|
49
swtpm.spec
49
swtpm.spec
@ -1,9 +1,5 @@
|
||||
%bcond_without gnutls
|
||||
|
||||
%global gitdate 20211109
|
||||
%global gitcommit b79fd91c4b4a74c9c5027b517c5036952c5525db
|
||||
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7})
|
||||
|
||||
# Macros needed by SELinux
|
||||
%global selinuxtype targeted
|
||||
%global moduletype contrib
|
||||
@ -11,26 +7,26 @@
|
||||
|
||||
Summary: TPM Emulator
|
||||
Name: swtpm
|
||||
Version: 0.7.0
|
||||
Release: 3.%{gitdate}git%{gitshortcommit}%{?dist}
|
||||
Version: 0.8.0
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Url: http://github.com/stefanberger/swtpm
|
||||
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
|
||||
Patch0001: 0001-swtpm-Check-header-size-indicator-against-expected-s.patch
|
||||
Patch0002: 0001-swtpm-Disable-OpenSSL-FIPS-mode-to-avoid-libtpms-fai.patch
|
||||
Url: https://github.com/stefanberger/swtpm
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch0001: 0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: make
|
||||
BuildRequires: git-core
|
||||
BuildRequires: automake
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libtpms-devel >= 0.6.0
|
||||
BuildRequires: glib2-devel
|
||||
BuildRequires: json-glib-devel
|
||||
BuildRequires: expect
|
||||
BuildRequires: net-tools
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: socat
|
||||
BuildRequires: softhsm
|
||||
BuildRequires: json-glib-devel
|
||||
%if %{with gnutls}
|
||||
BuildRequires: gnutls >= 3.4.0
|
||||
BuildRequires: gnutls-devel
|
||||
@ -42,7 +38,6 @@ BuildRequires: selinux-policy-devel
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libseccomp-devel
|
||||
BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
||||
BuildRequires: python3-devel
|
||||
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: libtpms >= 0.6.0
|
||||
@ -75,18 +70,18 @@ Requires: bash gnutls-utils
|
||||
%description tools
|
||||
Tools for the TPM emulator from the swtpm package
|
||||
|
||||
%package tools-pkcs11
|
||||
Summary: Tools for creating a local CA based on a TPM pkcs11 device
|
||||
License: BSD
|
||||
Requires: swtpm-tools = %{version}-%{release}
|
||||
Requires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
||||
Requires: expect gnutls-utils
|
||||
%package tools-pkcs11
|
||||
Summary: Tools for creating a local CA based on a pkcs11 device
|
||||
License: BSD
|
||||
Requires: swtpm-tools = %{version}-%{release}
|
||||
Requires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
||||
Requires: expect gnutls-utils
|
||||
|
||||
%description tools-pkcs11
|
||||
Tools for creating a local CA based on a pkcs11 device
|
||||
|
||||
%prep
|
||||
%autosetup -S git -n %{name}-%{gitcommit} -p1
|
||||
%autosetup -S git -p1
|
||||
|
||||
%build
|
||||
|
||||
@ -95,8 +90,7 @@ NOCONFIGURE=1 ./autogen.sh
|
||||
%if %{with gnutls}
|
||||
--with-gnutls \
|
||||
%endif
|
||||
--without-cuse \
|
||||
--without-tpm1
|
||||
--without-cuse
|
||||
|
||||
%make_build
|
||||
|
||||
@ -107,6 +101,7 @@ make %{?_smp_mflags} check VERBOSE=1
|
||||
|
||||
%make_install
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man8/swtpm_cuse.8*
|
||||
|
||||
%post
|
||||
for pp in /usr/share/selinux/packages/swtpm.pp \
|
||||
@ -161,12 +156,12 @@ fi
|
||||
%{_mandir}/man8/swtpm_bios.8*
|
||||
%{_mandir}/man8/swtpm_cert.8*
|
||||
%{_mandir}/man8/swtpm_ioctl.8*
|
||||
%{_mandir}/man8/swtpm-localca.conf.8*
|
||||
%{_mandir}/man8/swtpm-localca.options.8*
|
||||
%{_mandir}/man5/swtpm-localca.conf.5*
|
||||
%{_mandir}/man5/swtpm-localca.options.5*
|
||||
%{_mandir}/man8/swtpm-localca.8*
|
||||
%{_mandir}/man8/swtpm_localca.8*
|
||||
%{_mandir}/man8/swtpm_setup.8*
|
||||
%{_mandir}/man8/swtpm_setup.conf.8*
|
||||
%{_mandir}/man5/swtpm_setup.conf.5*
|
||||
%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
|
||||
%config(noreplace) %{_sysconfdir}/swtpm-localca.options
|
||||
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
|
||||
@ -180,6 +175,10 @@ fi
|
||||
%{_datadir}/swtpm/swtpm-create-tpmca
|
||||
|
||||
%changelog
|
||||
* Tue Nov 22 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-1
|
||||
- Update to v0.8.0 release
|
||||
Resolves: rhbz#2092944
|
||||
|
||||
* Fri Jun 17 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-3.20211109gitb79fd91
|
||||
- Disable OpenSSL FIPS mode to avoid libtpms failures
|
||||
Resolves: rhbz#2090219
|
||||
|
Loading…
Reference in New Issue
Block a user