Compare commits

...

No commits in common. "c10s" and "c8-beta" have entirely different histories.

11 changed files with 254 additions and 285 deletions

8
.gitignore vendored
View File

@ -1,7 +1 @@
/ibmtss713withman.tar
/ibmtss1027.tar.gz
/makeman.sh
/ibmtss1331.tar.gz
/ibmtss1.6.0.tar.gz
/ibmtss2.1.1.tar.gz
/ibmtss2.3.2.tar.gz
SOURCES/ibmtss1331.tar.gz

1
.tss2.metadata Normal file
View File

@ -0,0 +1 @@
39a13864ad42cafae27683fa52bc1d5d21dad39c SOURCES/ibmtss1331.tar.gz

View File

@ -0,0 +1,31 @@
From 8f232900d3b8f8af65a029f49c17ee53d3cca122 Mon Sep 17 00:00:00 2001
From: Jerry Snitselaar <jsnitsel@redhat.com>
Date: Thu, 6 Jun 2019 14:53:18 -0700
Subject: [PATCH] tss2: fix bounds check in IMA_Event_PcrExtend
pcrs is declared with IMPLEMENTATION_PCR elements,
so the index bounds check should be >= IMPLEMENTATION_PCR
since indexing at value IMPLEMENTATION_PCR would be off the
end of the array. This was flagged by coverity.
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
---
utils/imalib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/imalib.c b/utils/imalib.c
index 4957c1b..a841cd6 100644
--- a/utils/imalib.c
+++ b/utils/imalib.c
@@ -1306,7 +1306,7 @@ uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
/* validate PCR number */
if (rc == 0) {
- if (imaEvent->pcrIndex > IMPLEMENTATION_PCR) {
+ if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
printf("ERROR: IMA_Event_PcrExtend: PCR number %u out of range\n", imaEvent->pcrIndex);
rc = TSS_RC_BAD_PROPERTY;
}
--
2.21.0

33
SOURCES/flags-fixup.patch Normal file
View File

@ -0,0 +1,33 @@
diff -ur tss2-1234/utils/makefile-common tss2-1234-new/utils/makefile-common
--- tss2-1234/utils/makefile-common 2018-05-29 12:00:46.000000000 -0700
+++ tss2-1234-new/utils/makefile-common 2018-10-02 15:10:20.783078580 -0700
@@ -44,7 +44,7 @@
CCFLAGS += \
-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
-Wformat=2 -Wold-style-definition -Wno-self-assign \
- -ggdb -O0 -c
+ -ggdb -c
# to compile with optimizations on (warning will result)
# -O3 -c
diff -ur tss2-1234/utils/makefile.fedora tss2-1234-new/utils/makefile.fedora
--- tss2-1234/utils/makefile.fedora 2018-05-15 10:07:20.000000000 -0700
+++ tss2-1234-new/utils/makefile.fedora 2018-10-02 15:11:33.909083615 -0700
@@ -71,7 +71,7 @@
# compile - common flags for TSS library and applications
-CCFLAGS += -DTPM_POSIX
+CCFLAGS += -DTPM_POSIX -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""
# example of pointing to a locally built openssl 1.1
# CCFLAGS += -I/home/kgold/openssl-1.1.0c/include
@@ -119,7 +119,7 @@
LNLFLAGS += -shared -Wl,-z,now
# This is an alternative to using the bfd linker on Ubuntu
-# LNLLIBS += -lcrypto
+LNLLIBS += -lcrypto
# link - for applications, TSS path, TSS and OpenSSl libraries

View File

@ -0,0 +1,18 @@
diff -ur tss2-1234/utils/policymaker.c tss2-1234-new/utils/policymaker.c
--- tss2-1234/utils/policymaker.c 2018-10-18 12:16:59.742439220 -0700
+++ tss2-1234-new/utils/policymaker.c 2018-10-18 12:34:34.991755536 -0700
@@ -208,10 +208,10 @@
}
/* hash extend */
if ((rc == 0) && (prc != NULL)) {
- TSS_Hash_Generate(&digest,
- startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
- lineLength /2, lineBinary,
- 0, NULL);
+ rc = TSS_Hash_Generate(&digest,
+ startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
+ lineLength /2, lineBinary,
+ 0, NULL);
}
if ((rc == 0) && (prc != NULL)) {
if (verbose) TSS_PrintAll("intermediate policy digest",

170
SPECS/tss2.spec Normal file
View File

@ -0,0 +1,170 @@
#
# Spec file for IBM's TSS for the TPM 2.0
#
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
Name: tss2
Version: 1331
Release: 2%{?dist}
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
Group: Applications/System
License: BSD
URL: http://sourceforge.net/projects/ibmtpm20tss/
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
Patch4: flags-fixup.patch
# reported upstream https://sourceforge.net/p/ibmtpm20tss/mailman/message/36444738/
# and reported fixed, but not yet pushed to sourceforge.
Patch5: hash_generate.patch
# Submitted upstream
Patch6: 0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
BuildRequires: openssl-devel
BuildRequires: gcc
Requires: openssl
%description
TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for
TPM 2.0. It implements the functionality equivalent to the TCG TSS
working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with
a hopefully far simpler interface.
It comes with about 80 "TPM tools" that can be used for rapid prototyping,
education and debugging.
%package devel
Summary: Development libraries and headers for IBM's TSS 2.0
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
Development libraries and headers for IBM's TSS 2.0. You will need this in
order to build TSS 2.0 applications.
%define incname ibmtss
%prep
%autosetup -p1 -c %{name}-%{version}
%build
# nonstandard variable names are used in place of CFLAGS and LDFLAGS
pushd utils
CCFLAGS="%{optflags}" \
LNFLAGS="%{__global_ldflags}" \
make -f makefile.fedora %{?_smp_mflags}
popd
%install
# Prefix for namespacing
BIN_PREFIX=tss
mkdir -p %{buildroot}/%{_bindir}
mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}/%{_includedir}/%{incname}/
mkdir -p %{buildroot}/%{_mandir}/man1
pushd utils
# Pick out executables and copy with namespacing
for f in *; do
if [[ -x $f && -f $f && ! $f =~ .*\..* ]]; then
cp -p $f %{buildroot}/%{_bindir}/${BIN_PREFIX}$f
fi;
done
cp -p *.so.1.1 %{buildroot}/%{_libdir}
cp -p %{incname}/*.h %{buildroot}/%{_includedir}/%{incname}/
cp -p man/man1/tss*.1 %{buildroot}/%{_mandir}/man1/
popd
# Make symbolic links to the shared lib
pushd %{buildroot}/%{_libdir}
rm -f libibmtss.so.1
ln -sf libibmtss.so.1.1 libibmtss.so.1
rm -f libibmtss.so
ln -sf libibmtss.so.1 libibmtss.so
popd
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%license LICENSE
%{_bindir}/tss*
%{_libdir}/libibmtss.so.1
%{_libdir}/libibmtss.so.1.*
%attr(0644, root, root) %{_mandir}/man1/tss*.1*
%files devel
%{_includedir}/%{incname}
%{_libdir}/libibmtss.so
%doc ibmtss.doc
%changelog
* Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2
- Fix bounds check in IMA_Event_PcrExtend
resolves: rhbz#1669239
* Thu May 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-1
- Rebase to v1331
- Add initial CI gating support
resolves: rhbz#1669239
* Fri Oct 05 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-5
- Move header files to ibmtss directory.
- Check return value of TSS_Hash_Generate.
resolves: rhbz#1636245
* Tue Oct 02 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-4
- Fix compile and link flags
resolves: rhbz#1624182
* Thu Jul 19 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-3
- Clean up covscan issues.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1234-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 18 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-1
- Version bump.
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1027-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 19 2018 Merlin Mathesius <mmathesi@redhat.com> - 1027-1
- Version bump. Now supported for all architectures.
- Generate man pages since they are no longer included in source archive.
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Oct 05 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-7
- Removed defattr from the devel subpackage
* Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-6
- Added s390x arch as another "ExcludeArch"
* Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-5
- Replaced ExclusiveArch with ExcludeArch
* Mon Sep 19 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-4
- Used ExclusiveArch instead of BuildArch tag
- Removed attr from symlink in devel subpackage
- Added manpages and modified the Source0
- Added CCFLAGS and LNFLAGS to enforce hardening and optimization
* Wed Aug 17 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-3
- Modified supported arch to ppc64le
* Sat Aug 13 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-2
- Minor spec fixes
* Tue Aug 09 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-1
- Updated for initial submission
* Fri Mar 20 2015 George Wilson <gcwilson@us.ibm.com>
- Initial implementation

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1 +0,0 @@
SHA512 (ibmtss2.3.2.tar.gz) = cbc9d51f42a98c8063e09801742547226ca74c1e9cb4b2645b28bd7937192edb6a2ca24fc1f8c1eec73be3f400c48d005990ce6e78de2c10fc4907d8610062c1

View File

@ -1,46 +0,0 @@
#!/bin/bash
# get tpm simulator code
git clone https://git.code.sf.net/p/ibmswtpm2/tpm2 ibmswtpm2-tpm2
# unpackage and build the source
pushd ibmswtpm2-tpm2/src
# fixup for openssl 3
sed -i -e "s|OPENSSL_VERSION_NUMBER >= 0x10200000L|OPENSSL_VERSION_NUMBER > 0x30200020L|" TpmToOsslMath.h
sed -i -e "s|CCFLAGS = -Wall|CCFLAGS = -Wall -Wno-error=deprecated-declarations|" makefile
make
res="$?"
if [[ "$res" -ne 0 ]]; then
echo "make of ibmtpm failed"
popd
rm -rf ibmtpm ibmtpm$IBMTPM_VERSION.tar.gz
exit 1
fi
(./tpm_server)&
popd
sleep 10
export TPM_INTERFACE_TYPE=socsim
# use the tss2 tests from the sources
pushd ./source/utils
# fix python calls to use rhel name for python3
sed -i -e 's/^PREFIX=\.\//PREFIX=tss/g' reg.sh
# fix paths in rootcerts.txt
c=`pwd`
sed -i "s|/home/kgold/tss2/utils|${c}|" certificates/rootcerts.txt
# run the tests
TPM_TSS_NODEPRECATEDALGS=1 ./reg.sh -a
res="$?"
popd
# clean up
pkill tpm_server
rm -rf ibmtpm tss
exit $res

View File

@ -1,22 +0,0 @@
- hosts: localhost
roles:
- role: standard-test-source
tags:
- always
- role: standard-test-basic
tags:
- classic
required_packages:
- gcc
- make
- wget
- openssl
- openssl-devel
- sed
- tss2
- git
tests:
- ibm-tss2:
dir: .
run: ./runtest.sh
timeout: 30m

203
tss2.spec
View File

@ -1,203 +0,0 @@
#
# Spec file for IBM's TSS for the TPM 2.0
#
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
%global incname ibmtss
Name: tss2
# this is the release of the TSS library
Version: 2.3.2
# this is the release of the fedora package, goes back to 1 when version changes
Release: 3%{?dist}
Epoch: 1
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
License: BSD-3-Clause AND LicenseRef-TCGL
URL: http://sourceforge.net/projects/ibmtpm20tss/
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: gcc
BuildRequires: openssl-devel
Requires: openssl
%description
TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for
TPM 2.0. It implements the functionality equivalent to the TCG TSS
working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with
a hopefully far simpler interface.
It comes with about 120 "TPM tools" that can be used for rapid prototyping,
education and debugging.
%package devel
Summary: Development libraries and headers for IBM's TSS 2.0
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description devel
Development libraries and headers for IBM's TSS 2.0. You will need this in
order to build TSS 2.0 applications.
%prep
%autosetup -p1 -c %{name}-%{version}
%build
autoreconf -vi
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss
CCFLAGS="%{optflags}" \
LNFLAGS="%{__global_ldflags}" \
%{make_build}
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
%ldconfig_scriptlets
# files in the tss2 package
%files
%license LICENSE
# becomes /usr/bin/tss*, the command line utilities
%{_bindir}/tss*
# becomes /usr/lib64
%{_libdir}/libibmtss.so.2
%{_libdir}/libibmtss.so.2.*
%{_libdir}/libibmtssutils.so.2
%{_libdir}/libibmtssutils.so.2.*
%attr(0644, root, root) %{_mandir}/man1/tss*.1*
# files devel is the tss2-devel package
%files devel
# becomes /usr/include/ibmtss, the headers
%{_includedir}/%{incname}
# becomes /usr/lib64
%{_libdir}/libibmtss.so
%{_libdir}/libibmtssutils.so
%doc ibmtss.docx
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:2.3.2-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 11 2024 Štěpán Horáček <shoracek@redhat.com> - 1:2.3.2-2
- Version bump
- Resolves: RHEL-54174
* Thu Oct 3 2024 Štěpán Horáček <shoracek@redhat.com> - 1:2.3.2-1
- Update to 2.3.2
- Resolves: RHEL-54174
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:2.1.1-4
- Bump release for June 2024 mass rebuild
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Oct 6 2023 Ken Goldman <kgoldman@us.ibm.com> - 1:2.1.1-2
- Update license
* Fri Sep 29 2023 Ken Goldman <kgoldman@us.ibm.com> - 1:2.1.1-1
- Updates to release 2.1
* Mon Aug 21 2023 Jerry Snitselaar <jsnitsel@redhat.com> - 1:1.6.0-8
- migrated to SPDX license
- resolves: rhbz#2219549* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.6.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.6.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:1.6.0-3
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Feb 8 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 1.6.0-1
- Rebase to v1.6.0 release.
- Manpage cleanup.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1331-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1331-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Feb 14 2020 Tom Stellard <tstellar@redhat.com> - 1331-5
- Use make_build macro
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1331-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 17 2020 Jeff Law <law@redhat.com> - 1331-3
- Ensure tssprintcmd has the compilation compilation flags,
PIC in particular
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1331-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-1
- Rebase to version 1331
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-4
- Fix covscan issues
- Fix compile and linker flag issues
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1234-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1234-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 18 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-1
- Version bump.
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1027-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 19 2018 Merlin Mathesius <mmathesi@redhat.com> - 1027-1
- Version bump. Now supported for all architectures.
- Generate man pages since they are no longer included in source archive.
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Oct 05 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-7
- Removed defattr from the devel subpackage
* Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-6
- Added s390x arch as another "ExcludeArch"
* Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-5
- Replaced ExclusiveArch with ExcludeArch
* Mon Sep 19 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-4
- Used ExclusiveArch instead of BuildArch tag
- Removed attr from symlink in devel subpackage
- Added manpages and modified the Source0
- Added CCFLAGS and LNFLAGS to enforce hardening and optimization
* Wed Aug 17 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-3
- Modified supported arch to ppc64le
* Sat Aug 13 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-2
- Minor spec fixes
* Tue Aug 09 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-1
- Updated for initial submission
* Fri Mar 20 2015 George Wilson <gcwilson@us.ibm.com>
- Initial implementation