Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
|
@ -1 +1 @@
|
|||
SOURCES/tpm2-abrmd-2.3.3.tar.gz
|
||||
/tpm2-abrmd-*.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
fb6e3565ea65813e30dee0b50b9c20b36973182f SOURCES/tpm2-abrmd-2.3.3.tar.gz
|
||||
ea9f83ccbbe8201519c0282f7237c175d9faac78 tpm2-abrmd-2.4.0.tar.gz
|
||||
|
|
|
@ -1,211 +0,0 @@
|
|||
From ff90674fd801dd369231a20c47ebef0d08402e9e Mon Sep 17 00:00:00 2001
|
||||
From: William Roberts <william.c.roberts@intel.com>
|
||||
Date: Tue, 12 Jan 2021 14:12:48 -0600
|
||||
Subject: [PATCH 1/6] tabrmd-options: fix memory leak
|
||||
|
||||
The tabrmd_options_t structure is initialized with static char *
|
||||
strings. These strings can be replaced by g_option_context_parse().
|
||||
However, g_option_context_parse() replaces the string with allocated
|
||||
memory and thus needs a call to g_free. Either one would need to keep
|
||||
track if glib allocated the string and conditionally free it, or just
|
||||
set all the strings to glib allocated strings. This patch takes the
|
||||
approach of always allocating the option strings.
|
||||
|
||||
Fixes leaks like:
|
||||
==2677142==ERROR: LeakSanitizer: detected memory leaks
|
||||
|
||||
Direct leak of 9 byte(s) in 1 object(s) allocated from:
|
||||
#8 0x7fbd1acd5da1 in g_option_context_parse (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5eda1)
|
||||
#9 0x4cc438 in parse_opts /home/wcrobert/workspace/tpm2-abrmd/src/tabrmd-options.c:103:10
|
||||
#10 0x4c7ffe in main /home/wcrobert/workspace/tpm2-abrmd/src/tabrmd.c:41:10
|
||||
#11 0x7fbd1a8770b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
|
||||
#12 0x42004d in _start (/home/wcrobert/workspace/tpm2-abrmd/src/tpm2-abrmd+0x42004d)
|
||||
|
||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
||||
---
|
||||
src/tabrmd-init.c | 2 ++
|
||||
src/tabrmd-options.c | 53 +++++++++++++++++++++++++++++++++++++++-----
|
||||
src/tabrmd-options.h | 11 +++++----
|
||||
src/tabrmd.c | 4 +++-
|
||||
4 files changed, 59 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/tabrmd-init.c b/src/tabrmd-init.c
|
||||
index 2ad7539..58e0103 100644
|
||||
--- a/src/tabrmd-init.c
|
||||
+++ b/src/tabrmd-init.c
|
||||
@@ -99,6 +99,8 @@ gmain_data_cleanup (gmain_data_t *data)
|
||||
if (data->loop != NULL) {
|
||||
main_loop_quit (data->loop);
|
||||
}
|
||||
+
|
||||
+ tabrmd_options_free(&data->options);
|
||||
}
|
||||
/*
|
||||
* This function initializes and configures all of the long-lived objects
|
||||
diff --git a/src/tabrmd-options.c b/src/tabrmd-options.c
|
||||
index 0dd7b87..22f249c 100644
|
||||
--- a/src/tabrmd-options.c
|
||||
+++ b/src/tabrmd-options.c
|
||||
@@ -16,6 +16,12 @@
|
||||
#define G_OPTION_FLAG_NONE 0
|
||||
#endif
|
||||
|
||||
+#define SET_STR_IF_NULL(var, value) \
|
||||
+ do { \
|
||||
+ var = var == NULL ? g_strdup(value) : var; \
|
||||
+ g_assert(var); \
|
||||
+ } while(0)
|
||||
+
|
||||
/*
|
||||
* This is a GOptionArgFunc callback invoked from the GOption processor from
|
||||
* the parse_opts function below. It will be called when the daemon is
|
||||
@@ -36,6 +42,22 @@ show_version (const gchar *option_name,
|
||||
g_print ("tpm2-abrmd version %s\n", VERSION);
|
||||
exit (0);
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ * Frees internal memory associated with a tabrmd_options_t struct.
|
||||
+ * @param opts
|
||||
+ * The options to free, note it doesn't free opts itself.
|
||||
+ */
|
||||
+void
|
||||
+tabrmd_options_free(tabrmd_options_t *opts)
|
||||
+{
|
||||
+ g_assert(opts);
|
||||
+
|
||||
+ g_clear_pointer(&opts->dbus_name, g_free);
|
||||
+ g_clear_pointer(&opts->prng_seed_file, g_free);
|
||||
+ g_clear_pointer(&opts->tcti_conf, g_free);
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* This function parses the parameter argument vector and populates the
|
||||
* parameter 'options' structure with data needed to configure the tabrmd.
|
||||
@@ -51,7 +73,7 @@ parse_opts (gint argc,
|
||||
gchar *argv[],
|
||||
tabrmd_options_t *options)
|
||||
{
|
||||
- gchar *logger_name = "stdout";
|
||||
+ gchar *logger_name = NULL;
|
||||
GOptionContext *ctx;
|
||||
GError *err = NULL;
|
||||
gboolean session_bus = FALSE;
|
||||
@@ -105,33 +127,52 @@ parse_opts (gint argc,
|
||||
return FALSE;
|
||||
}
|
||||
g_option_context_free (ctx);
|
||||
+
|
||||
+ /*
|
||||
+ * Set unset STRING options to defaults, we do this so we can free allocated
|
||||
+ * string options with gfree, having a mix of const and allocated ptr's
|
||||
+ * causes leaks
|
||||
+ */
|
||||
+ SET_STR_IF_NULL(options->dbus_name, TABRMD_DBUS_NAME_DEFAULT);
|
||||
+ SET_STR_IF_NULL(options->prng_seed_file, TABRMD_ENTROPY_SRC_DEFAULT);
|
||||
+ SET_STR_IF_NULL(options->tcti_conf, TABRMD_TCTI_CONF_DEFAULT);
|
||||
+ SET_STR_IF_NULL(logger_name, "stdout");
|
||||
+
|
||||
/* select the bus type, default to G_BUS_TYPE_SESSION */
|
||||
options->bus = session_bus ? G_BUS_TYPE_SESSION : G_BUS_TYPE_SYSTEM;
|
||||
- if (set_logger (logger_name) == -1) {
|
||||
+ gint ret = set_logger (logger_name);
|
||||
+ if (ret == -1) {
|
||||
g_critical ("Unknown logger: %s, try --help\n", logger_name);
|
||||
- return FALSE;
|
||||
+ g_free(logger_name);
|
||||
+ goto error;
|
||||
}
|
||||
+ g_free(logger_name);
|
||||
+
|
||||
if (options->max_connections < 1 ||
|
||||
options->max_connections > TABRMD_CONNECTION_MAX)
|
||||
{
|
||||
g_critical ("maximum number of connections must be between 1 "
|
||||
"and %d", TABRMD_CONNECTION_MAX);
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
if (options->max_sessions < 1 ||
|
||||
options->max_sessions > TABRMD_SESSIONS_MAX_DEFAULT)
|
||||
{
|
||||
g_critical ("max-sessions must be between 1 and %d",
|
||||
TABRMD_SESSIONS_MAX_DEFAULT);
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
if (options->max_transients < 1 ||
|
||||
options->max_transients > TABRMD_TRANSIENT_MAX)
|
||||
{
|
||||
g_critical ("max-trans-obj parameter must be between 1 and %d",
|
||||
TABRMD_TRANSIENT_MAX);
|
||||
- return FALSE;
|
||||
+ goto error;
|
||||
}
|
||||
g_warning ("tcti_conf after: \"%s\"", options->tcti_conf);
|
||||
return TRUE;
|
||||
+
|
||||
+error:
|
||||
+ tabrmd_options_free(options);
|
||||
+ return FALSE;
|
||||
}
|
||||
diff --git a/src/tabrmd-options.h b/src/tabrmd-options.h
|
||||
index 4994920..d6bcfe9 100644
|
||||
--- a/src/tabrmd-options.h
|
||||
+++ b/src/tabrmd-options.h
|
||||
@@ -15,10 +15,10 @@
|
||||
.max_connections = TABRMD_CONNECTIONS_MAX_DEFAULT, \
|
||||
.max_transients = TABRMD_TRANSIENT_MAX_DEFAULT, \
|
||||
.max_sessions = TABRMD_SESSIONS_MAX_DEFAULT, \
|
||||
- .dbus_name = TABRMD_DBUS_NAME_DEFAULT, \
|
||||
- .prng_seed_file = TABRMD_ENTROPY_SRC_DEFAULT, \
|
||||
+ .dbus_name = NULL, \
|
||||
+ .prng_seed_file = NULL, \
|
||||
.allow_root = FALSE, \
|
||||
- .tcti_conf = TABRMD_TCTI_CONF_DEFAULT, \
|
||||
+ .tcti_conf = NULL, \
|
||||
}
|
||||
|
||||
typedef struct tabrmd_options {
|
||||
@@ -28,7 +28,7 @@ typedef struct tabrmd_options {
|
||||
guint max_transients;
|
||||
guint max_sessions;
|
||||
gchar *dbus_name;
|
||||
- const gchar *prng_seed_file;
|
||||
+ gchar *prng_seed_file;
|
||||
gboolean allow_root;
|
||||
gchar *tcti_conf;
|
||||
} tabrmd_options_t;
|
||||
@@ -38,4 +38,7 @@ parse_opts (gint argc,
|
||||
gchar *argv[],
|
||||
tabrmd_options_t *options);
|
||||
|
||||
+void
|
||||
+tabrmd_options_free(tabrmd_options_t *opts);
|
||||
+
|
||||
#endif /* TABRMD_OPTIONS_H */
|
||||
diff --git a/src/tabrmd.c b/src/tabrmd.c
|
||||
index 7c93e90..e015de3 100644
|
||||
--- a/src/tabrmd.c
|
||||
+++ b/src/tabrmd.c
|
||||
@@ -43,7 +43,8 @@ main (int argc, char *argv[])
|
||||
}
|
||||
if (geteuid() == 0 && ! gmain_data.options.allow_root) {
|
||||
g_print ("Refusing to run as root. Pass --allow-root if you know what you are doing.\n");
|
||||
- return 1;
|
||||
+ ret = 1;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
g_mutex_init (&gmain_data.init_mutex);
|
||||
@@ -63,6 +64,7 @@ main (int argc, char *argv[])
|
||||
if (ret == 0 && gmain_data.ipc_disconnected) {
|
||||
ret = EX_IOERR;
|
||||
}
|
||||
+out:
|
||||
gmain_data_cleanup (&gmain_data);
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
From ec7116d0e4de535a90c1dc5edabe821f04a0f8e0 Mon Sep 17 00:00:00 2001
|
||||
From: William Roberts <william.c.roberts@intel.com>
|
||||
Date: Wed, 13 Jan 2021 12:21:47 -0600
|
||||
Subject: [PATCH 2/6] resource-manager: rm ref count inc of handle_entry
|
||||
|
||||
Per:
|
||||
- https://developer.gnome.org/gobject/stable/gobject-memory.html
|
||||
|
||||
g_object_new sets the ref count to 1, so their is no need to bump it
|
||||
again, we already have ownership.
|
||||
|
||||
Fixes leaks like:
|
||||
Direct leak of 10480 byte(s) in 2 object(s) allocated from:
|
||||
#0 0x7f1aa88aabc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
|
||||
#1 0x7f1aa848acd8 in g_malloc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57cd8)
|
||||
#2 0x7f1aa84a32c5 in g_slice_alloc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x702c5)
|
||||
#3 0x7f1aa84a38ed in g_slice_alloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x708ed)
|
||||
#4 0x7f1aa85970cf in g_type_create_instance (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x3b0cf)
|
||||
#5 0x7f1aa857634c (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x1a34c)
|
||||
#6 0x7f1aa8578377 in g_object_new_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x1c377)
|
||||
#7 0x7f1aa85786cc in g_object_new (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x1c6cc)
|
||||
#8 0x561e13d667d3 in handle_map_entry_new src/handle-map-entry.c:138
|
||||
#9 0x561e13d540d3 in create_context_mapping_transient src/resource-manager.c:1160
|
||||
#10 0x561e13d547b1 in resource_manager_create_context_mapping src/resource-manager.c:1261
|
||||
#11 0x561e13d54ec8 in resource_manager_process_tpm2_command src/resource-manager.c:1359
|
||||
#12 0x561e13d55365 in resource_manager_thread src/resource-manager.c:1424
|
||||
#13 0x7f1aa8384608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
||||
#14 0x7f1aa82ab292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
||||
|
||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
||||
---
|
||||
src/resource-manager.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/resource-manager.c b/src/resource-manager.c
|
||||
index 904f683..050436f 100644
|
||||
--- a/src/resource-manager.c
|
||||
+++ b/src/resource-manager.c
|
||||
@@ -1167,7 +1167,6 @@ create_context_mapping_transient (ResourceManager *resmgr,
|
||||
handle_map_insert (handle_map, vhandle, handle_entry);
|
||||
g_object_unref (handle_map);
|
||||
tpm2_response_set_handle (response, vhandle);
|
||||
- g_object_ref (handle_entry);
|
||||
}
|
||||
/*
|
||||
* This function after a Tpm2Command is sent to the TPM and:
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
From 62ae28635ada2a74b526244e8ea69cef74c6c022 Mon Sep 17 00:00:00 2001
|
||||
From: William Roberts <william.c.roberts@intel.com>
|
||||
Date: Wed, 13 Jan 2021 13:52:06 -0600
|
||||
Subject: [PATCH 3/6] tabrmd-init.c: fix leaks on main to thread tpm2 instance
|
||||
|
||||
Theirs a case where the Tpm2 object coming in from main to the thread
|
||||
fails setup and the cleanup function doesn't unref it. Move it to the
|
||||
main cleanup routine and use g_clear_object to be *clear* on whom owns
|
||||
the reference.
|
||||
|
||||
Fixes leaks like:
|
||||
Indirect leak of 4176 byte(s) in 1 object(s) allocated from:
|
||||
#0 0x7f652e71cdc6 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
|
||||
#1 0x7f652e25ad30 in g_malloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57d30)
|
||||
#2 0x555ebb1a1c5f in sapi_context_init src/tpm2.c:162
|
||||
#3 0x555ebb1a2fa8 in tpm2_new src/tpm2.c:438
|
||||
#4 0x555ebb19d665 in init_thread_func src/tabrmd-init.c:178
|
||||
#5 0x555ebb19bede in init_thread_func_tpm2_init_fail test/tabrmd-init_unit.c:199
|
||||
#6 0x7f652e6074e0 (/usr/lib/x86_64-linux-gnu/libcmocka.so.0+0x54e0)
|
||||
|
||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
||||
---
|
||||
src/tabrmd-init.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tabrmd-init.c b/src/tabrmd-init.c
|
||||
index 58e0103..866c852 100644
|
||||
--- a/src/tabrmd-init.c
|
||||
+++ b/src/tabrmd-init.c
|
||||
@@ -99,6 +99,9 @@ gmain_data_cleanup (gmain_data_t *data)
|
||||
if (data->loop != NULL) {
|
||||
main_loop_quit (data->loop);
|
||||
}
|
||||
+ if (data->tpm2) {
|
||||
+ g_clear_object (&data->tpm2);
|
||||
+ }
|
||||
|
||||
tabrmd_options_free(&data->options);
|
||||
}
|
||||
@@ -208,7 +211,7 @@ init_thread_func (gpointer user_data)
|
||||
g_clear_object (&session_list);
|
||||
data->response_sink = response_sink_new ();
|
||||
g_object_unref (command_attrs);
|
||||
- g_object_unref (data->tpm2);
|
||||
+ g_clear_object (&data->tpm2);
|
||||
/*
|
||||
* Wire up the TPM command processing pipeline. TPM command buffers
|
||||
* flow from the CommandSource, to the Tab then finally back to the
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
From 545287019c1b9689c92900330be058b5ab9cf5d6 Mon Sep 17 00:00:00 2001
|
||||
From: William Roberts <william.c.roberts@intel.com>
|
||||
Date: Wed, 13 Jan 2021 15:11:42 -0600
|
||||
Subject: [PATCH 4/6] init_thread_func: fix deadlock
|
||||
|
||||
The caller locks the mutex and never releases on the error path, only
|
||||
the success path.
|
||||
|
||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
||||
---
|
||||
src/tabrmd-init.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/tabrmd-init.c b/src/tabrmd-init.c
|
||||
index 866c852..ea71155 100644
|
||||
--- a/src/tabrmd-init.c
|
||||
+++ b/src/tabrmd-init.c
|
||||
@@ -249,6 +249,7 @@ init_thread_func (gpointer user_data)
|
||||
return GINT_TO_POINTER (0);
|
||||
|
||||
err_out:
|
||||
+ g_mutex_unlock (&data->init_mutex);
|
||||
g_debug ("%s: calling gmain_data_cleanup", __func__);
|
||||
gmain_data_cleanup (data);
|
||||
return GINT_TO_POINTER (ret);
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
From a97e07d5a5947f5749e4ea25d0f538eeee8997bb Mon Sep 17 00:00:00 2001
|
||||
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
Date: Mon, 23 Nov 2020 11:45:31 -0700
|
||||
Subject: [PATCH 5/6] ResourceManager: Avoid double free in resource-manager.c
|
||||
|
||||
Clean up potential double free found by coverity in
|
||||
resource_manager_load_session_from_handle. If flush_session has been
|
||||
called, don't call session_list_remove which is already called in
|
||||
flush_session.
|
||||
|
||||
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
---
|
||||
src/resource-manager.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/resource-manager.c b/src/resource-manager.c
|
||||
index 050436f..556184b 100644
|
||||
--- a/src/resource-manager.c
|
||||
+++ b/src/resource-manager.c
|
||||
@@ -239,6 +239,7 @@ resource_manager_load_session_from_handle (ResourceManager *resmgr,
|
||||
rc = tpm2_response_get_code (response);
|
||||
if (rc != TSS2_RC_SUCCESS) {
|
||||
flush_session (resmgr, session_entry);
|
||||
+ goto out;
|
||||
}
|
||||
}
|
||||
if (will_flush) {
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
From a645f8c656b47568072351f4bfa58960016fbbac Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Iooss <nicolas.iooss@ledger.fr>
|
||||
Date: Mon, 27 Sep 2021 16:46:42 +0200
|
||||
Subject: [PATCH 6/6] tcti: initialize GError to NULL
|
||||
|
||||
When an error happens in `tcti_tabrmd_read`, Glib reports:
|
||||
|
||||
(process:905338): GLib-WARNING **: 06:59:08.971: GError set over the
|
||||
top of a previous GError or uninitialized memory.
|
||||
This indicates a bug in someone's code. You must ensure an error is
|
||||
NULL before it's set.
|
||||
The overwriting error message was: Error receiving data: Connection
|
||||
reset by peer
|
||||
|
||||
This warning was reported on
|
||||
https://github.com/tpm2-software/tpm2-pkcs11/issues/705
|
||||
|
||||
Fix the warning by initializing `error` correctly.
|
||||
|
||||
Signed-off-by: Nicolas Iooss <nicolas.iooss@ledger.fr>
|
||||
---
|
||||
src/tcti-tabrmd.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tcti-tabrmd.c b/src/tcti-tabrmd.c
|
||||
index d96709e..d0ab74d 100644
|
||||
--- a/src/tcti-tabrmd.c
|
||||
+++ b/src/tcti-tabrmd.c
|
||||
@@ -187,7 +187,7 @@ tcti_tabrmd_read (TSS2_TCTI_TABRMD_CONTEXT *ctx,
|
||||
size_t size,
|
||||
int32_t timeout)
|
||||
{
|
||||
- GError *error;
|
||||
+ GError *error = NULL;
|
||||
ssize_t num_read;
|
||||
int ret;
|
||||
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
|
@ -0,0 +1 @@
|
|||
SHA512 (tpm2-abrmd-2.4.0.tar.gz) = c2ef05ca2db5a33d3067052779aa4c2485a63bd357d5fd90ef9d4644530b37aa28b906064eed3b15729131697a2a9d6b9cc3f05bea04810fd6601e405af48110
|
|
@ -0,0 +1,85 @@
|
|||
#!/bin/bash
|
||||
|
||||
# get tpm simulator code
|
||||
IBMTPM_VERSION=1661
|
||||
wget --no-check-certificate https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm$IBMTPM_VERSION.tar.gz
|
||||
|
||||
res="$?"
|
||||
|
||||
if [[ "$res" -ne 0 ]]; then
|
||||
echo "wget failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# unpackage and build the source
|
||||
mkdir ibmtpm
|
||||
pushd ibmtpm
|
||||
tar xf ../ibmtpm$IBMTPM_VERSION.tar.gz
|
||||
pushd src
|
||||
# fixup for openssl 3
|
||||
sed -i -e "s|OPENSSL_VERSION_NUMBER >= 0x10200000L|OPENSSL_VERSION_NUMBER > 0x30000070L|" TpmToOsslMath.h
|
||||
sed -i -e "s|CCFLAGS = -Wall|CCFLAGS = -Wall -Wno-error=deprecated-declarations|" makefile
|
||||
make
|
||||
|
||||
res="$?"
|
||||
|
||||
if [[ "$res" -ne 0 ]]; then
|
||||
echo "make of ibmtpm failed"
|
||||
popd
|
||||
popd
|
||||
rm -rf ibmtpm ibmtpm$IBMTPM_VERSION.tar.gz
|
||||
exit 1
|
||||
fi
|
||||
popd
|
||||
popd
|
||||
|
||||
# get tpm2-tools tests
|
||||
TPM2_TOOLS_VERSION=5.0
|
||||
git clone https://github.com/01org/tpm2-tools.git
|
||||
pushd tpm2-tools
|
||||
git checkout -b test $TPM2_TOOLS_VERSION
|
||||
pushd test/integration
|
||||
sed -i -e 's/python/python3/g' helpers.sh
|
||||
pushd tests
|
||||
sed -i -e 's/python/python3/g' *.sh
|
||||
# some tests aren't executable currently. Needs to be fixed upstream.
|
||||
chmod +x *.sh
|
||||
popd
|
||||
popd
|
||||
popd
|
||||
|
||||
TPM2_ABRMD=tpm2-abrmd
|
||||
TPM2_SIM=tpm_server
|
||||
TPM2_TOOLS_TEST_FIXTURES=`pwd`/tpm2-tools/test/integration/fixtures
|
||||
PATH=`pwd`/ibmtpm/src/:.:$PATH
|
||||
export TPM2_ABRMD TPM2_SIM TPM2_TOOLS_TEST_FIXTURES PATH
|
||||
|
||||
pushd tpm2-tools/test/integration
|
||||
for t in `ls tests/*.sh`
|
||||
do
|
||||
f=`basename $t`
|
||||
test=${f%%.*}
|
||||
/usr/share/automake-1.16/test-driver --test-name $test --log-file $test.log --trs-file $test.trs $t
|
||||
done
|
||||
all=`grep ":test-result:" *.trs | wc -l`;
|
||||
pass=`grep ":test-result: PASS" *.trs | wc -l`;
|
||||
fail=`grep ":test-result: FAIL" *.trs | wc -l`;
|
||||
skip=`grep ":test-result: SKIP" *.trs | wc -l`;
|
||||
xfail=`grep ":test-result: XFAIL" *.trs | wc -l`;
|
||||
xpass=`grep ":test-result: XPASS" *.trs | wc -l`;
|
||||
error=`grep ":test-result: ERROR" *.trs | wc -l`;
|
||||
if [[ $(($fail + $xpass + $error)) -eq 0 ]]; then
|
||||
success=0
|
||||
else
|
||||
success=1
|
||||
fi;
|
||||
popd
|
||||
|
||||
echo PASSED: $pass
|
||||
echo FAILED: $fail
|
||||
echo SKIPPED: $skip
|
||||
echo XFAIL: $xfail
|
||||
echo XPASS: $xpass
|
||||
echo ERROR: $error
|
||||
|
||||
exit $success
|
|
@ -0,0 +1,28 @@
|
|||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-basic
|
||||
tags:
|
||||
- classic
|
||||
required_packages:
|
||||
- gcc
|
||||
- make
|
||||
- automake
|
||||
- wget
|
||||
- openssl
|
||||
- openssl-devel
|
||||
- sed
|
||||
- tpm2-tss
|
||||
- tpm2-tss-devel
|
||||
- tpm2-tools
|
||||
- tpm2-abrmd
|
||||
- tpm2-abrmd-selinux
|
||||
- python3
|
||||
- git
|
||||
- vim-common
|
||||
- perl-Digest-SHA
|
||||
- dbus-daemon
|
||||
tests:
|
||||
- intel-tpm2:
|
||||
dir: .
|
||||
run: dbus-run-session ./runtest.sh
|
||||
timeout: 60m
|
|
@ -1,8 +1,8 @@
|
|||
%global selinuxtype targeted
|
||||
|
||||
Name: tpm2-abrmd
|
||||
Version: 2.3.3
|
||||
Release: 3%{?dist}
|
||||
Version: 2.4.0
|
||||
Release: 4%{?dist}
|
||||
Summary: A system daemon implementing TPM2 Access Broker and Resource Manager
|
||||
|
||||
License: BSD
|
||||
|
@ -10,6 +10,7 @@ URL: https://github.com/tpm2-software/tpm2-abrmd
|
|||
Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||
|
||||
%{?systemd_requires}
|
||||
BuildRequires: make
|
||||
BuildRequires: systemd
|
||||
BuildRequires: libtool
|
||||
BuildRequires: autoconf-archive
|
||||
|
@ -19,22 +20,27 @@ BuildRequires: pkgconfig(gio-unix-2.0)
|
|||
BuildRequires: pkgconfig(tss2-mu)
|
||||
BuildRequires: pkgconfig(tss2-sys)
|
||||
# tpm2-abrmd depends on tpm2-tss-devel for tss2-mu/sys libs
|
||||
BuildRequires: tpm2-tss-devel >= 2.3.1-2%{?dist}
|
||||
|
||||
Patch0: 0001-tabrmd-options-fix-memory-leak.patch
|
||||
Patch1: 0002-resource-manager-rm-ref-count-inc-of-handle_entry.patch
|
||||
Patch2: 0003-tabrmd-init.c-fix-leaks-on-main-to-thread-tpm2-insta.patch
|
||||
Patch3: 0004-init_thread_func-fix-deadlock.patch
|
||||
Patch4: 0005-ResourceManager-Avoid-double-free-in-resource-manage.patch
|
||||
Patch5: 0006-tcti-initialize-GError-to-NULL.patch
|
||||
BuildRequires: tpm2-tss-devel >= 2.4.0
|
||||
|
||||
# tpm2-abrmd depends on the package that contains its SELinux policy module
|
||||
Requires: (%{name}-selinux >= 2.0.0-1%{?dist} if selinux-policy-%{selinuxtype})
|
||||
Requires: tpm2-tss >= 2.4.0
|
||||
|
||||
%description
|
||||
tpm2-abrmd is a system daemon implementing the TPM2 access broker (TAB) and
|
||||
Resource Manager (RM) spec from the TCG.
|
||||
|
||||
%package devel
|
||||
Summary: Headers, static libraries and package config files of tpm2-abrmd
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
# tpm2-abrmd-devel depends on tpm2-tss-devel for tss2-mu/sys libs
|
||||
Requires: tpm2-tss-devel%{?_isa} >= 2.4.0
|
||||
|
||||
%description devel
|
||||
This package contains headers, static libraries and package config files
|
||||
required to build applications that use tpm2-abrmd.
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{name}-%{version}
|
||||
|
||||
|
@ -47,83 +53,113 @@ Resource Manager (RM) spec from the TCG.
|
|||
%install
|
||||
%make_install
|
||||
find %{buildroot}%{_libdir} -type f -name \*.la -delete
|
||||
rm -f %{buildroot}/%{_presetdir}/tpm2-abrmd.preset
|
||||
|
||||
%pre
|
||||
getent group tss >/dev/null || groupadd -g 59 -r tss
|
||||
getent passwd tss >/dev/null || \
|
||||
useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \
|
||||
-c "Account used by the tpm2-abrmd package to sandbox the tpm2-abrmd daemon" tss
|
||||
exit 0
|
||||
|
||||
%files
|
||||
%doc README.md CHANGELOG.md
|
||||
%license LICENSE
|
||||
%{_libdir}/libtss2-tcti-tabrmd.so.*
|
||||
%{_sbindir}/tpm2-abrmd
|
||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf
|
||||
%{_datarootdir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
|
||||
%{_unitdir}/tpm2-abrmd.service
|
||||
%{_presetdir}/tpm2-abrmd.preset
|
||||
%{_mandir}/man3/Tss2_Tcti_Tabrmd_Init.3.gz
|
||||
%{_mandir}/man7/tss2-tcti-tabrmd.7.gz
|
||||
%{_mandir}/man8/tpm2-abrmd.8.gz
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Headers, static libraries and package config files of tpm2-abrmd
|
||||
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||
# tpm2-abrmd-devel depends on tpm2-tss-devel for tss2-mu/sys libs
|
||||
Requires: tpm2-tss-devel%{?_isa} >= 2.0.0-1%{?dist}
|
||||
|
||||
%description devel
|
||||
This package contains headers, static libraries and package config files
|
||||
required to build applications that use tpm2-abrmd.
|
||||
|
||||
%files devel
|
||||
%{_includedir}/tss2/tss2-tcti-tabrmd.h
|
||||
%{_libdir}/libtss2-tcti-tabrmd.so
|
||||
%{_libdir}/pkgconfig/tss2-tcti-tabrmd.pc
|
||||
|
||||
# on package installation
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
%systemd_post tpm2-abrmd.service
|
||||
|
||||
%preun
|
||||
%systemd_preun tpm2-abrmd.service
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
%systemd_postun tpm2-abrmd.service
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.md CHANGELOG.md
|
||||
%{_libdir}/libtss2-tcti-tabrmd.so.*
|
||||
%{_sbindir}/tpm2-abrmd
|
||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf
|
||||
%{_datarootdir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
|
||||
%{_unitdir}/tpm2-abrmd.service
|
||||
%{_mandir}/man3/Tss2_Tcti_Tabrmd_Init.3*
|
||||
%{_mandir}/man7/tss2-tcti-tabrmd.7*
|
||||
%{_mandir}/man8/tpm2-abrmd.8*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/tss2/tss2-tcti-tabrmd.h
|
||||
%{_libdir}/libtss2-tcti-tabrmd.so
|
||||
%{_libdir}/pkgconfig/tss2-tcti-tabrmd.pc
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Aug 11 2022 Štěpán Horáček <shoracek@redhat.com> - 2.3.3-3
|
||||
- Fix memory leaks and double free
|
||||
resolves: rhbz#2041912
|
||||
* Tue Oct 3 2023 Štěpán Horáček <shoracek@redhat.com> - 2.4.0-4
|
||||
- Remove user-creation code that is already handled by a requirement.
|
||||
Resolves: RHEL-8814
|
||||
|
||||
* Mon Nov 23 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.3-2
|
||||
- Update tpm2-tss-devel BuildRequires
|
||||
resolves: rhbz#1855177
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed Nov 11 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.3-1
|
||||
- Rebase to 2.3.3 release.
|
||||
resolves: rhbz#1855177
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.1-3
|
||||
- Update CI gating to use test.
|
||||
resolves: rhbz#1682416
|
||||
* Tue Feb 09 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 2.4.0-1
|
||||
- Update to 2.4.0
|
||||
|
||||
* Tue May 14 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.1-2
|
||||
- Add initial CI gating.
|
||||
resolves: rhbz#1682416
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Apr 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.1-1
|
||||
- Rebase to release 2.1.1
|
||||
resolves: rhbz#1664499
|
||||
* Sat Aug 29 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.3.3-1
|
||||
- Update to 2.3.3
|
||||
|
||||
* Wed Feb 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 2.0.0-3
|
||||
- Fix tpm2-abrmd-selinux Requires
|
||||
resolves: rhbz#1642000
|
||||
* Wed Aug 05 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.3.2-3
|
||||
- Rebuild for tpm2-tss 3.0.0
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sat Jul 04 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.3.2-1
|
||||
- Update to 2.3.2 release
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Tue Jan 14 2020 Sun Yunying <yunying.sun@intel.com> - 2.3.1-1
|
||||
- Update to 2.3.1 release
|
||||
|
||||
* Mon Nov 18 2019 Sun Yunying <yunying.sun@intel.com> - 2.3.0-1
|
||||
- Update to 2.3.0 release
|
||||
- Update dependency to tpm2-tss-devel version
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu Jul 18 2019 Sun Yunying <yunying.sun@intel.com> - 2.2.0-1
|
||||
- Update to 2.2.0 release
|
||||
- Update .gitignore to exclude source tar ball no matter versions
|
||||
|
||||
* Mon Mar 11 2019 Sun Yunying <yunying.sun@intel.com> - 2.1.1-1
|
||||
- Update to 2.1.1 release
|
||||
|
||||
* Wed Mar 06 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.1.0-3
|
||||
- Remove obsolete scriptlets
|
||||
|
||||
* Mon Feb 11 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.0-2
|
||||
- Fix tpm2-abrmd-selinux requires
|
||||
|
||||
* Mon Feb 11 2019 Sun Yunying <yunying.sun@intel.com> - 2.1.0-1
|
||||
- Update to 2.1.0 release
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jan 4 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.0.3-2
|
||||
- Remove tpm2-abrmd preset file
|
||||
Resolves: rhbz#1663124
|
||||
|
||||
* Wed Nov 7 2018 Sun Yunying <yunying.sun@intel.com> - 2.0.3-1
|
||||
- Update to 2.0.3 release
|
||||
- Remove gdbus related patch and autoreconf scriptlet as it's included in 2.0.3
|
||||
|
||||
* Tue Oct 16 2018 Sun Yunying <yunying.sun@intel.com> - 2.0.2-1
|
||||
- Update to 2.0.2 release
|
||||
- Add patch to fix configure error, also add autoreconf to update configure
|
||||
|
||||
* Tue Aug 14 2018 Sun Yunying <yunying.sun@intel.com> - 2.0.1-1
|
||||
- Update to 2.0.1 release
|
||||
- Remove the tcti SONAME patch since it's already included in 2.0.1
|
||||
- Update dependency of tpm2-abrmd-selinux to fixed version instead dynamic one
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
Loading…
Reference in New Issue