From 477a4a3eadf8078cc2535d820a413e69a4c41483 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Wed, 3 Nov 2021 17:28:17 -0400 Subject: [PATCH] import swtpm-0.6.0-3.20210607gitea627b3.el9 --- .gitignore | 1 + .swtpm.metadata | 1 + ...uild-sys-carry-configure-time-CFLAGS.patch | 56 ++++ SPECS/swtpm.spec | 297 ++++++++++++++++++ 4 files changed, 355 insertions(+) create mode 100644 .gitignore create mode 100644 .swtpm.metadata create mode 100644 SOURCES/0001-build-sys-carry-configure-time-CFLAGS.patch create mode 100644 SPECS/swtpm.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c278a6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/swtpm-ea627b3.tar.gz diff --git a/.swtpm.metadata b/.swtpm.metadata new file mode 100644 index 0000000..d9f6657 --- /dev/null +++ b/.swtpm.metadata @@ -0,0 +1 @@ +12b1b68e25479473e9ab33102df40ba368d9b74c SOURCES/swtpm-ea627b3.tar.gz diff --git a/SOURCES/0001-build-sys-carry-configure-time-CFLAGS.patch b/SOURCES/0001-build-sys-carry-configure-time-CFLAGS.patch new file mode 100644 index 0000000..c536ab5 --- /dev/null +++ b/SOURCES/0001-build-sys-carry-configure-time-CFLAGS.patch @@ -0,0 +1,56 @@ +From 5887fddd54040701f05e524f014def12dcb788ac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Mon, 12 Jul 2021 21:36:50 +0400 +Subject: [PATCH] build-sys: carry configure-time CFLAGS +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported: https://github.com/stefanberger/swtpm/issues/483 +Signed-off-by: Marc-André Lureau +--- + samples/Makefile.am | 2 ++ + src/swtpm_setup/Makefile.am | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/samples/Makefile.am b/samples/Makefile.am +index dcbc9b6..d56da0f 100644 +--- a/samples/Makefile.am ++++ b/samples/Makefile.am +@@ -39,11 +39,13 @@ swtpm_localca_LDADD = \ + + swtpm_localca_LDFLAGS = \ + -L$(top_builddir)/src/utils -lswtpm_utils \ ++ $(AM_LDFLAGS) \ + $(HARDENING_LDFLAGS) \ + $(GLIB_LIBS) + + swtpm_localca_CFLAGS = \ + -I$(top_srcdir)/src/utils \ ++ $(AM_CFLAGS) \ + $(HARDENING_CFLAGS) \ + $(GLIB_CFLAGS) + +diff --git a/src/swtpm_setup/Makefile.am b/src/swtpm_setup/Makefile.am +index 045bdb1..1f5b880 100644 +--- a/src/swtpm_setup/Makefile.am ++++ b/src/swtpm_setup/Makefile.am +@@ -28,6 +28,7 @@ swtpm_setup_LDADD = \ + + swtpm_setup_LDFLAGS = \ + -L$(top_builddir)/src/utils -lswtpm_utils \ ++ $(AM_LDFLAGS) \ + $(HARDENING_LDFLAGS) \ + $(GLIB_LIBS) \ + $(JSON_GLIB_LIBS) \ +@@ -38,6 +39,7 @@ swtpm_setup_CFLAGS = \ + -I$(top_srcdir)/include \ + -I$(top_srcdir)/include/swtpm \ + -I$(top_srcdir)/src/utils \ ++ $(AM_CFLAGS) \ + $(HARDENING_CFLAGS) \ + $(GLIB_CFLAGS) \ + $(JSON_GLIB_CFLAGS) +-- +2.32.0.93.g670b81a890 + diff --git a/SPECS/swtpm.spec b/SPECS/swtpm.spec new file mode 100644 index 0000000..46b72bb --- /dev/null +++ b/SPECS/swtpm.spec @@ -0,0 +1,297 @@ +%bcond_without gnutls + +%global gitdate 20210607 +%global gitcommit ea627b3b5e847f9141fcf25de0c03004d35fb375 +%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7}) + +# Macros needed by SELinux +%global selinuxtype targeted +%global moduletype contrib +%global modulename swtpm + +Summary: TPM Emulator +Name: swtpm +Version: 0.6.0 +Release: 3.%{gitdate}git%{gitshortcommit}%{?dist} +License: BSD +Url: http://github.com/stefanberger/swtpm +Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz +Patch0001: 0001-build-sys-carry-configure-time-CFLAGS.patch + +BuildRequires: make +BuildRequires: git-core +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: libtool +BuildRequires: libtpms-devel >= 0.6.0 +BuildRequires: expect +BuildRequires: net-tools +BuildRequires: openssl-devel +BuildRequires: socat +BuildRequires: softhsm +BuildRequires: json-glib-devel +%if %{with gnutls} +BuildRequires: gnutls >= 3.4.0 +BuildRequires: gnutls-devel +BuildRequires: gnutls-utils +BuildRequires: libtasn1-devel +BuildRequires: libtasn1 +%endif +BuildRequires: selinux-policy-devel +BuildRequires: gcc +BuildRequires: libseccomp-devel +BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd + +Requires: %{name}-libs = %{version}-%{release} +Requires: libtpms >= 0.6.0 +%{?selinux_requires} + +%description +TPM emulator built on libtpms providing TPM functionality for QEMU VMs + +%package libs +Summary: Private libraries for swtpm TPM emulators +License: BSD + +%description libs +A private library with callback functions for libtpms based swtpm TPM emulator + +%package devel +Summary: Include files for the TPM emulator's CUSE interface for usage by clients +License: BSD +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +Include files for the TPM emulator's CUSE interface. + +%package tools +Summary: Tools for the TPM emulator +License: BSD +Requires: swtpm = %{version}-%{release} +Requires: bash gnutls-utils + +%description tools +Tools for the TPM emulator from the swtpm package + +%package tools-pkcs11 +Summary: Tools for creating a local CA based on a TPM pkcs11 device +License: BSD +Requires: swtpm-tools = %{version}-%{release} +Requires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd +Requires: expect gnutls-utils + +%description tools-pkcs11 +Tools for creating a local CA based on a pkcs11 device + +%prep +%autosetup -S git -n %{name}-%{gitcommit} -p1 + +%build + +NOCONFIGURE=1 ./autogen.sh +%configure \ +%if %{with gnutls} + --with-gnutls \ +%endif + --without-cuse + +%make_build CFLAGS="-Wno-error=deprecated-declarations -fPIE" + +%check +make %{?_smp_mflags} check VERBOSE=1 CFLAGS="-Wno-error=deprecated-declarations -fPIE" + +%install + +%make_install +rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so} + +%post +for pp in /usr/share/selinux/packages/swtpm.pp \ + /usr/share/selinux/packages/swtpm_svirt.pp; do + %selinux_modules_install -s %{selinuxtype} ${pp} +done +restorecon %{_bindir}/swtpm + +%postun +if [ $1 -eq 0 ]; then + for p in swtpm swtpm_svirt; do + %selinux_modules_uninstall -s %{selinuxtype} $p + done +fi + +%posttrans +%selinux_relabel_post -s %{selinuxtype} + +%ldconfig_post libs +%ldconfig_postun libs + +%files +%license LICENSE +%doc README +%{_bindir}/swtpm +%{_mandir}/man8/swtpm.8* +%{_datadir}/selinux/packages/swtpm.pp +%{_datadir}/selinux/packages/swtpm_svirt.pp + +%files libs +%license LICENSE +%doc README + +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/libswtpm_libtpms.so.0 +%{_libdir}/%{name}/libswtpm_libtpms.so.0.0.0 + +%files devel +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/*.h +%{_mandir}/man3/swtpm_ioctls.3* + +%files tools +%doc README +%{_bindir}/swtpm_bios +%if %{with gnutls} +%{_bindir}/swtpm_cert +%endif +%{_bindir}/swtpm_setup +%{_bindir}/swtpm_ioctl +%{_mandir}/man8/swtpm_bios.8* +%{_mandir}/man8/swtpm_cert.8* +%{_mandir}/man8/swtpm_ioctl.8* +%{_mandir}/man8/swtpm-localca.conf.8* +%{_mandir}/man8/swtpm-localca.options.8* +%{_mandir}/man8/swtpm-localca.8* +%{_mandir}/man8/swtpm_setup.8* +%{_mandir}/man8/swtpm_setup.conf.8* +%{_mandir}/man8/swtpm_setup.sh.8* +%config(noreplace) %{_sysconfdir}/swtpm_setup.conf +%config(noreplace) %{_sysconfdir}/swtpm-localca.options +%config(noreplace) %{_sysconfdir}/swtpm-localca.conf +%dir %{_datadir}/swtpm +%{_datadir}/swtpm/swtpm-localca +%{_datadir}/swtpm/swtpm-create-user-config-files +%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca + +%files tools-pkcs11 +%{_mandir}/man8/swtpm-create-tpmca.8* +%{_datadir}/swtpm/swtpm-create-tpmca + +%changelog +* Tue Aug 10 2021 Mohan Boddu - 0.6.0-3.20210607gitea627b3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jul 12 2021 Marc-André Lureau - 0.6.0-2.20210607gitea627b3 +- rebuilt with AM_* flags patch + +* Wed Jun 16 2021 Marc-André Lureau - 0.6.0-1.20210607gitea627b3 +- new version +- Fixes: rhbz#1972785 + +* Wed Jun 16 2021 Marc-André Lureau - 0.5.2-7.20201226gite59c0c1 +- Removed trouser dependency (used for vTPM 1.2, unsupported) +- Fixes: rhbz#1967919 + +* Wed Jun 16 2021 Mohan Boddu - 0.5.2-6.20201226gite59c0c1 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Tue May 18 2021 Marc-André Lureau - 0.5.2-5.20201226gite59c0c1 +- Add -Wno-error=deprecated-declarations to fix build with OpenSSL 3.0. +- Fixes: rhbz#1958033 + +* Tue Apr 20 2021 Marc-André Lureau - 0.5.2-4.20201226gite59c0c1 +- Remove unnecessary twisted dependency. +- Fixes: rhbz#1935825 + +* Fri Apr 16 2021 Mohan Boddu - 0.5.2-3.20201226gite59c0c1 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 0.5.2-2.20201226gite59c0c1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Dec 26 2020 Stefan Berger - 0.5.2-1.20201226gite59c0c1a +- Bugfixes for stable release + +* Mon Dec 07 2020 Jeff Law - 0.5.1-3.20201117git96f5a04c +- Avoid diagnostic from gcc-11 + +* Fri Nov 13 2020 Stefan Berger - 0.5.1-2.20201117git96f5a04c +- Another build of v0.5.1 after more fixes + +* Fri Nov 13 2020 Stefan Berger - 0.5.1-1.20201007git390f5bd4 +- Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407) + +* Wed Oct 7 2020 Stefan Berger - 0.5.0-1.20201007gitb931e109 +- Update to v0.5.0 release + +* Fri Aug 28 2020 Stefan Berger - 0.4.0-1.20200828git0c238a2 +- Update to v0.4.0 release + +* Thu Aug 27 2020 Stefan Berger - 0.3.4-2.20200711git80f0418 +- Disable pkcs11 related test case running into GnuTLS locking bug + +* Tue Aug 11 2020 Stefan Berger - 0.3.4-1.20200711git80f0418 +- Update to v0.3.4 release + +* Sat Aug 01 2020 Fedora Release Engineering - 0.3.0-3.20200218git74ae43b +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 0.3.0-2.20200218git74ae43b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Feb 24 2020 Marc-André Lureau - 0.3.0-1.20200218git74ae43b +- Update to v0.3.0 release + +* Fri Jan 31 2020 Fedora Release Engineering - 0.2.0-7.20191115git8dae4b3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Nov 15 2019 Stefan Berger - 0.2.0-6.20191018git8dae4b3 +- follow stable-0.2.0 branch with fix of GnuTLS API call to get subject key ID + +* Fri Oct 18 2019 Stefan Berger - 0.2.0-5.20191018git9227cf4 +- follow stable-0.2.0 branch with swtpm_cert OID bugfix for TPM 2 + +* Tue Aug 13 2019 Stefan Berger - 0.2.0-4.20190801git13536aa +- run 'restorecon' on swtpm in post to get SELinux label on first install + +* Thu Aug 01 2019 Stefan Berger - 0.2.0-3.20190801git13536aa +- follow stable-0.2.0 branch with some bug fixes + +* Sat Jul 27 2019 Fedora Release Engineering - 0.2.0-2.20190723gitf0b4137 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jul 23 2019 Stefan Berger - 0.2.0-1.20190723gitf0b4137 +- follow stable-0.2.0 branch with some bug fixes + +* Tue Jul 16 2019 Stefan Berger - 0.2.0-0.20190716git374b669 +- (tentative) v0.2.0 release of swtpm + +* Thu Apr 25 2019 Stefan Berger - 0.1.0-0.20190425gitca85606 +- pick up bug fixes + +* Mon Feb 04 2019 Stefan Berger - 0.1.0-0.20190204git2c25d13.1 +- v0.1.0 release of swtpm + +* Sun Feb 03 2019 Fedora Release Engineering - 0.1.0-0.20181212git8b9484a.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Dec 12 2018 Stefan Berger - 0.1.0-0.20181212git8b9484a +- Follow improvements in swtpm repo primarily related to fixes for 'ubsan' + +* Tue Nov 06 2018 Stefan Berger - 0.1.0-0.20181106git05d8160 +- Follow improvements in swtpm repo +- Remove ownership change of swtpm_setup.sh; have root own the file as required + +* Wed Oct 31 2018 Stefan Berger - 0.1.0-0.20181031gitc782a85 +- Follow improvements and fixes in swtpm + +* Tue Oct 02 2018 Stefan Berger - 0.1.0-0.20181002git0143c41 +- Fixes to SELinux policy +- Improvements on various other parts +* Tue Sep 25 2018 Stefan Berger - 0.1.0-0.20180924gitce13edf +- Initial Fedora build +* Mon Sep 17 2018 Stefan Berger - 0.1.0-0.20180918git67d7ea3 +- Created initial version of rpm spec files +- Version is now 0.1.0 +- Bugzilla for this spec: https://bugzilla.redhat.com/show_bug.cgi?id=1611829