Initial import of tpm2-openssl
This commit is contained in:
		
							parent
							
								
									322fee9962
								
							
						
					
					
						commit
						3e34ee3b91
					
				
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -0,0 +1,2 @@ | ||||
| /gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg | ||||
| /tpm2-openssl-1.2.0.tar.gz | ||||
							
								
								
									
										30
									
								
								0001-tests-workaround-for-tpm2-tools-bug.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								0001-tests-workaround-for-tpm2-tools-bug.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | ||||
| From d46a3ae2d3f06852388eb8439a9c06d97a8d3ca2 Mon Sep 17 00:00:00 2001 | ||||
| From: Adrian Freihofer <adrian.freihofer@gmail.com> | ||||
| Date: Wed, 27 Mar 2024 08:27:37 +0100 | ||||
| Subject: [PATCH] tests: workaround for tpm2-tools bug | ||||
| 
 | ||||
| The test fails because of a bug in the tpm2-tools: | ||||
| https://github.com/tpm2-software/tpm2-tools/pull/3374 | ||||
| ---
 | ||||
|  test/ec_createak_x509_index.sh | 5 +++++ | ||||
|  1 file changed, 5 insertions(+) | ||||
| 
 | ||||
| diff --git a/test/ec_createak_x509_index.sh b/test/ec_createak_x509_index.sh
 | ||||
| index 4323475..7476c23 100755
 | ||||
| --- a/test/ec_createak_x509_index.sh
 | ||||
| +++ b/test/ec_createak_x509_index.sh
 | ||||
| @@ -2,6 +2,11 @@
 | ||||
|  # SPDX-License-Identifier: BSD-3-Clause | ||||
|  set -eufx | ||||
|   | ||||
| +# Temporary workaround for https://github.com/tpm2-software/tpm2-tools/pull/3374
 | ||||
| +if uname -m | grep s390; then
 | ||||
| +    exit 77
 | ||||
| +fi
 | ||||
| +
 | ||||
|  # create EK | ||||
|  tpm2_createek -G ecc -c ek_rsa.ctx | ||||
|   | ||||
| -- 
 | ||||
| 2.44.0 | ||||
| 
 | ||||
							
								
								
									
										126
									
								
								run-with-simulator
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										126
									
								
								run-with-simulator
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,126 @@ | ||||
| #!/bin/bash | ||||
| # SPDX-License-Identifier: BSD-3-Clause | ||||
| 
 | ||||
| SIM_PORT_DATA=2321 | ||||
| SIM_PORT_CMD=$((SIM_PORT_DATA+1)) | ||||
| 
 | ||||
| # Run from top dir of this repository | ||||
| SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) | ||||
| TOP_DIR="$(realpath "$SCRIPT_DIR/..")" | ||||
| cd "$TOP_DIR" || { echo "Error: cd to cd $TOP_DIR failed"; exit 1; } | ||||
| 
 | ||||
| 
 | ||||
| verify_simulator_is_running() { | ||||
|     local pid_tpm=$1 | ||||
| 
 | ||||
|     sleep 1 | ||||
|     ss -lntp4 2> /dev/null | grep "${pid_tpm}" | grep -q "${SIM_PORT_DATA}" | ||||
|     ret_data=$? | ||||
|     ss -lntp4 2> /dev/null | grep "${pid_tpm}" | grep -q "${SIM_PORT_CMD}" | ||||
|     ret_cmd=$? | ||||
|     if [ $ret_data -eq 0 ] && [ $ret_cmd -eq 0 ]; then | ||||
|         echo "Simulator with PID ${pid_tpm} bound to port ${SIM_PORT_DATA} and ${SIM_PORT_CMD} successfully." | ||||
|         return 0 | ||||
|     else | ||||
|         echo "Error: Port conflict? Cleaning up PID: ${pid_tpm}" | ||||
|         return 1 | ||||
|     fi | ||||
| } | ||||
| 
 | ||||
| build_tpm2_simulator_ibm() ( | ||||
|     test -d ibmtpm && return | ||||
|     echo "---> compiling IBM tpm simulator" | ||||
|     mkdir ibmtpm | ||||
|     curl -Ls https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1682.tar.gz | tar xz -C ibmtpm | ||||
|     cd ibmtpm/src && make | ||||
| ) | ||||
| 
 | ||||
| start_tpm2_simulator_ibm () { | ||||
|     build_tpm2_simulator_ibm || return 1 | ||||
| 
 | ||||
|     echo "---> starting IBM tpm simulator" | ||||
|     ibmtpm/src/tpm_server & | ||||
|     pid_tpm=$! | ||||
|     verify_simulator_is_running $pid_tpm | ||||
| } | ||||
| 
 | ||||
| start_tpm2_simulator_swtpm () { | ||||
|     echo "---> starting swtpm simulator" | ||||
|     swtpm socket --tpm2 \ | ||||
|         --server port=$SIM_PORT_DATA \ | ||||
|         --ctrl type=tcp,port=$SIM_PORT_CMD \ | ||||
|         --flags not-need-init \ | ||||
|         --tpmstate dir="$PWD" \ | ||||
|         --seccomp action=none & | ||||
|     pid_tpm=$! | ||||
|     verify_simulator_is_running $pid_tpm | ||||
| } | ||||
| 
 | ||||
| start_dbusd () { | ||||
|     echo "---> starting dbus daemon" | ||||
|     dbus-daemon --session --print-address > /tmp/bus-socket-path.txt & | ||||
|     sleep 1 | ||||
|     DBUS_SESSION_BUS_ADDRESS="$(tail -n1 /tmp/bus-socket-path.txt)" | ||||
|     export DBUS_SESSION_BUS_ADDRESS | ||||
| } | ||||
| 
 | ||||
| start_tpm2_abrmd() { | ||||
|     local tabrmd_tcti=$1 | ||||
| 
 | ||||
|     echo "---> starting abrmd" | ||||
|     local tabrmd_name="com.intel.tss2.Tabrmd${SIM_PORT_DATA}" | ||||
|     tpm2-abrmd --session --dbus-name="${tabrmd_name}" --tcti "${tabrmd_tcti}:host=localhost,port=${SIM_PORT_DATA}" & | ||||
|     TCTI_ADDRESS="tabrmd:bus_name=${tabrmd_name},bus_type=session" | ||||
|     TPM2TOOLS_TCTI="$TCTI_ADDRESS" | ||||
|     TPM2OPENSSL_TCTI="$TCTI_ADDRESS" | ||||
|     export TPM2TOOLS_TCTI | ||||
|     export TPM2OPENSSL_TCTI | ||||
|     sleep 1 | ||||
|     busctl --address="${DBUS_SESSION_BUS_ADDRESS}" list | grep "$tabrmd_name" | ||||
| } | ||||
| 
 | ||||
| start_tpm2_sim_env() { | ||||
|     local sim_type=$1 | ||||
| 
 | ||||
|     start_dbusd | ||||
| 
 | ||||
|     if [ "$sim_type" = "swtpm" ]; then | ||||
|         start_tpm2_simulator_swtpm || return 1 | ||||
|         start_tpm2_abrmd swtpm || return 1 | ||||
|     elif [ "$sim_type" = "ibm" ]; then | ||||
|         start_tpm2_simulator_ibm || return 1 | ||||
|         start_tpm2_abrmd mssim || return 1 | ||||
|     else | ||||
|         echo "invalid tpm simulator typ" | ||||
|         return 1 | ||||
|     fi | ||||
| } | ||||
| 
 | ||||
| make_check () { | ||||
|     echo "Running make check" | ||||
|     openssl version | ||||
|     tpm2_getcap properties-fixed | head -n 20 | ||||
|     make check | ||||
| } | ||||
| 
 | ||||
| function cleanup() | ||||
| { | ||||
|     pkill -P $$ | ||||
| } | ||||
| trap cleanup EXIT | ||||
| 
 | ||||
| build_tpm2_openssl() { | ||||
|     ./bootstrap | ||||
|     ./configure CC=gcc --enable-op-digest --enable-op-cipher | ||||
|     make | ||||
| } | ||||
| 
 | ||||
| SIM_TYPE=${1:-swtpm} | ||||
| SKIP_BUILD=${2:-build} | ||||
| if [ "$SKIP_BUILD" = "skip-build" ]; then | ||||
|     echo "Skipping the build" | ||||
| else | ||||
|     build_tpm2_openssl || { echo "Compiling tpm2-openssl failed"; exit 1; } | ||||
| fi | ||||
| start_tpm2_sim_env "${SIM_TYPE}" || { echo "Starting tpm2 simulator failed ($SIM_TYPE)"; exit 1; } | ||||
| make_check || { echo "tpm2-openssl make check failed"; exit 1; } | ||||
							
								
								
									
										2
									
								
								sources
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								sources
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | ||||
| SHA512 (gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg) = e892f6a520ac200a200cc97f4e863fa08b23dbc503246bcbcc43fb6935af3aff5cc8032a3bd8171bbff01afa4cbeea883cf8ea1631fc7f7608c5e45e262e54b6 | ||||
| SHA512 (tpm2-openssl-1.2.0.tar.gz) = 4a12c83a0687768cd972a8d7e544f4bba2debcd24d7da2d2ee9adb097d1565bb1d69d1c448edff05f040b95700847293a8e33bfe92f43e536d13bc734ded1e1d | ||||
							
								
								
									
										14
									
								
								tpm2-openssl-1.2.0.tar.gz.asc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								tpm2-openssl-1.2.0.tar.gz.asc
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,14 @@ | ||||
| -----BEGIN PGP SIGNATURE----- | ||||
| 
 | ||||
| iQGzBAABCAAdFiEEtyAf6AMbB68R9UI8YynPy2vm/XYFAmUqV6AACgkQYynPy2vm | ||||
| /XaVMwv/Ytg3IjyniOdu4s3ct3E+Mj6ahw5KedqlOh4tSFFkHqRvwsVYDjBOeByM | ||||
| i1F0FsngJWh4gSrUTeUrpsFYwL6NUKV8TDHQoO1bJUfwZSFQCPRBatk8XM3eGVlo | ||||
| x3J1VTn59DHlqhaAtGtCuq18Dk9PfBYSgveuPPQHc3AybRKHu+7BVdmNqt8l17oG | ||||
| k9yXFxspKI0WW/arnR0lBJ2iIblaNSqdUfThPHYnjqjX6nJckW9uwPTozwqNMJUV | ||||
| L1xTaqw5ymh3AiVFbNcHFqyWS5TPV6PCfzXLVFMVlXCdSWt4n1KT/fN8EsAVN9VS | ||||
| Om8kOzhyqdxpXqHwfjycfpj1jr1LLzJzvAd6ZP8bgULLxO61GZuljtP0hkMNpk1J | ||||
| BjwzdW0W+NYWjlulZ6WRFDr/X+ejlJfyNxdJ8o/iPAezv45xmPwC66x62VJCEGkH | ||||
| lMakTYlavwbpbjmSqFi3LDCQ/pYn4IIljaq2y1KzBu2hrIZ2yl1YU28atNLl+lpr | ||||
| SOV/3zvk | ||||
| =GGPd | ||||
| -----END PGP SIGNATURE----- | ||||
							
								
								
									
										74
									
								
								tpm2-openssl.spec
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										74
									
								
								tpm2-openssl.spec
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,74 @@ | ||||
| Name:tpm2-openssl | ||||
| Version: 1.2.0 | ||||
| Release: 2%{?candidate:.%{candidate}}%{?dist} | ||||
| Summary: Provider for integration of TPM 2.0 to OpenSSL 3.0 | ||||
| 
 | ||||
| License: BSD-3-Clause | ||||
| URL: https://github.com/tpm2-software/tpm2-openssl | ||||
| Source0: https://github.com/tpm2-software/%{name}/%{?candidate:archive/refs/tags}%{!?candidate:releases/download}/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz | ||||
| Source1: https://github.com/tpm2-software/%{name}/%{?candidate:archive/refs/tags}%{!?candidate:releases/download}/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz.asc | ||||
| Source2: gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg | ||||
| # Will be included in Source0 after https://github.com/tpm2-software/tpm2-openssl/pull/100 | ||||
| Source3: run-with-simulator | ||||
| Patch0: 0001-tests-workaround-for-tpm2-tools-bug.patch | ||||
| 
 | ||||
| BuildRequires: gnupg2 | ||||
| BuildRequires: gcc | ||||
| BuildRequires: make | ||||
| BuildRequires: pkg-config | ||||
| BuildRequires: autoconf automake libtool autoconf-archive | ||||
| BuildRequires: tpm2-tss-devel | ||||
| BuildRequires: openssl-devel >= 3.0.0 | ||||
| 
 | ||||
| # Test dependencies | ||||
| BuildRequires: dbus-daemon | ||||
| BuildRequires: iproute | ||||
| BuildRequires: openssl | ||||
| BuildRequires: procps-ng | ||||
| BuildRequires: swtpm | ||||
| BuildRequires: tpm2-abrmd tpm2-abrmd-selinux | ||||
| BuildRequires: tpm2-tools | ||||
| 
 | ||||
| Requires: tpm2-abrmd | ||||
| 
 | ||||
| %description | ||||
| Makes the TPM 2.0 accessible via the standard OpenSSL API and command line | ||||
| tools, adding TPM support to (almost) any OpenSSL 3.0-based application. | ||||
| 
 | ||||
| %prep | ||||
| gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} | ||||
| %autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}} | ||||
| 
 | ||||
| %build | ||||
| %if "%{?candidate:true}" == "true" | ||||
|   sed -e '/^git.*$/d' -i bootstrap | ||||
|   echo "%{version}%{?candidate:-%{candidate}}" > VERSION | ||||
|   ./bootstrap | ||||
| %endif | ||||
| %configure | ||||
| %{make_build} | ||||
| 
 | ||||
| %check | ||||
| cp %{_sourcedir}/run-with-simulator %{_builddir}/%{name}-%{version}%{?candidate:-%{candidate}}/test/ | ||||
| ./test/run-with-simulator swtpm skip-build | ||||
| 
 | ||||
| %install | ||||
| %make_install | ||||
| 
 | ||||
| %files | ||||
| %doc docs | ||||
| %license LICENSE | ||||
| %{_libdir}/ossl-modules/tpm2.so | ||||
| 
 | ||||
| %changelog | ||||
| * Sat Mar 23 2024 Adrian Freihofer <adrian.freihofer@gmail.com> 1.2.0-2 | ||||
| - tito: use release tagger (adrian.freihofer@gmail.com) | ||||
| - Revert "Automatic commit of package [tpm2-openssl] release [1.2.1-1]." | ||||
|   (adrian.freihofer@gmail.com) | ||||
| - Automatic commit of package [tpm2-openssl] release [1.2.1-1]. | ||||
|   (adrian.freihofer@gmail.com) | ||||
| - run-with-simulator: backport from upstream (adrian.freihofer@gmail.com) | ||||
| 
 | ||||
| * Fri Mar 22 2024 Adrian Freihofer <adrian.freihofer@gmail.com> 1.2.0-1 | ||||
| - new package built with tito | ||||
| 
 | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user