rpms/swtpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix SHA-1 algorithm availability

Browse Source 
Resolves: https://issues.redhat.com/browse/RHEL-46788

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This commit is contained in:
Marc-André Lureau 2024-07-08 14:41:10 +04:00
parent 32e338fcbe
commit cd5cce02a8
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssl-swtpm.cnf Normal file
View File

@ -0,0 +1,4 @@
.include /etc/ssl/openssl.cnf
[evp_properties]
rh-allow-sha1-signatures = yes

12
swtpm-custom-openssl.patch Normal file
View File

@ -0,0 +1,12 @@
Binary files swtpm-0.9.0/.git/index and swtpm-0.9.0.new/.git/index differ
diff -rup swtpm-0.9.0/src/swtpm/main.c swtpm-0.9.0.new/src/swtpm/main.c
--- swtpm-0.9.0/src/swtpm/main.c 2024-07-08 09:34:00.488080859 +0100
+++ swtpm-0.9.0.new/src/swtpm/main.c 2024-07-08 09:33:40.057884795 +0100
@@ -70,6 +70,7 @@ int main(int argc, char **argv)
fprintf(stderr, "Missing TPM interface type.\n");
return 1;
}
+ setenv("OPENSSL_CONF", "/etc/ssl/openssl-swtpm.cnf", 1);
if (!strcmp(argv[1], "socket")) {
return swtpm_main(argc-1, &argv[1], argv[0], "socket");
#ifdef WITH_CHARDEV

15
swtpm.spec
View File

@ -8,11 +8,16 @@
Summary: TPM Emulator Summary: TPM Emulator
Name: swtpm Name: swtpm
Version: 0.8.0 Version: 0.8.0
Release: 1%{?dist} Release: 2%{?dist}
License: BSD License: BSD
Url: https://github.com/stefanberger/swtpm Url: https://github.com/stefanberger/swtpm
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Patch0001: 0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch Patch0001: 0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
# Prevent crypto policies disabling SHA-1.
# swtpm algorithm list is unconditional. Since it advertizes
# SHA-1, we MUST always provide a working SHA-1 impl
Source1: openssl-swtpm.cnf
Patch0002: swtpm-custom-openssl.patch
BuildRequires: make BuildRequires: make
BuildRequires: git-core BuildRequires: git-core
@ -103,6 +108,9 @@ make %{?_smp_mflags} check VERBOSE=1
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so} rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
rm $RPM_BUILD_ROOT%{_mandir}/man8/swtpm_cuse.8* rm $RPM_BUILD_ROOT%{_mandir}/man8/swtpm_cuse.8*
%__install -d %{buildroot}%{_sysconfdir}/ssl
cp %{SOURCE1} %{buildroot}/%{_sysconfdir}/ssl/
%post %post
for pp in /usr/share/selinux/packages/swtpm.pp \ for pp in /usr/share/selinux/packages/swtpm.pp \
/usr/share/selinux/packages/swtpm_svirt.pp; do /usr/share/selinux/packages/swtpm_svirt.pp; do
@ -130,6 +138,7 @@ fi
%{_mandir}/man8/swtpm.8* %{_mandir}/man8/swtpm.8*
%{_datadir}/selinux/packages/swtpm.pp %{_datadir}/selinux/packages/swtpm.pp
%{_datadir}/selinux/packages/swtpm_svirt.pp %{_datadir}/selinux/packages/swtpm_svirt.pp
%{_sysconfdir}/ssl/openssl-swtpm.cnf
%files libs %files libs
%license LICENSE %license LICENSE
@ -175,6 +184,10 @@ fi
%{_datadir}/swtpm/swtpm-create-tpmca %{_datadir}/swtpm/swtpm-create-tpmca
%changelog %changelog
* Mon Jul 08 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-2
- Fix SHA-1 algorithm availability
Resolves: RHEL-46788
* Tue Nov 22 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-1 * Tue Nov 22 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-1
- Update to v0.8.0 release - Update to v0.8.0 release
Resolves: rhbz#2092944 Resolves: rhbz#2092944