pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/sysutils/swtpm
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Dec 9 13:48:40 UTC 2024
Modified Files:
pkgsrc/sysutils/swtpm: Makefile PLIST distinfo
Added Files:
pkgsrc/sysutils/swtpm/patches: patch-tests_sed-inplace
Log Message:
sysutils/swtpm: Update to 0.10.0
Changelog:
version 0.10.0:
- swtpm:
- Requires libtpms v0.10.0
- Display tpmstate-opt-lock as a new capability
- Add support for lock option parameter to tpmstate option
- nvstore_linear: Add support for file-backend locking
- Remove broken logic to check for neither dir nor file backend
- Use ptm_cap_n to build PTM_GET_CAPABILITY response
- Define a structure to return PTM_GET_CAPABILITY result
- Implement --print-info to run TPMLIB_GetInfo with flags
- Support --profile fd=<fd> to read profile from file descriptor
- Support --profile file=<filename> to read profile from file
- Ignore remove-disabled parameter on non-'custom' profile
- Check for good entropy source in chroot environment
- Implement a check for HMAC+sha1 for testing future restriction
- Implement function to check whether a crypto algorithm is disabled
- Print cmdarg-print-profiles as part of capabilities
- Check whether SHA1 signature support is disabled in profile
- Use TPMLIB_WasManufactured to check whether profile was applied
- Determine whether OpenSSL needs to be configured (FIPs, SHA1 signature)
- Add support for --print-profiles option
- Print profile names as part of capabilities JSON
- Display new capability to allow setting a profile
- Add support for --profile option to set a profile on TPM 2
- swtpm_setup:
- Comment flags for storage primary key and deprecate --create-spk
- Implement --print-profiles to display all profile
- Add profile entries to swtpm_setup.conf written by swtpm_setup
- Add support for --profile-name option
- Accept profiles with name starting with 'custom:'
- Support default profile from file in swtpm_setup.conf
- Support --profile-file-fd to read profile from file descriptor
- Support --profile-file <file> to read profile from file
- Always log the active profile
- Implement --profile-remove-fips-disabled option
- Read default profile from swtpm_setup.conf
- Print profile names as part of capabilities JSON
- Add support for --profile parameter
- Get default rsa keysize from setup_setup.conf if not given
- swtpm_ioctl:
- Use ptm_cap_n for non-CUSE PTM_GET_CAPABILITY response
- selinux:
- Change write to append for appending to log
- Add rule for logging to svirt_image_t labeled files from swtpm_t
- tests:
- Update IBMTSS2 test suite to v2.4.0
- Test activation of PCR banks when not all are available
- Enable SWTPM_TEST_PROFILE for running test_tpm2_ibmtss2 with profile
- Add a check for OPENSSL_ENABLE_SHA1_SIGNATURES in log file
- Consolidate custom profile test cases and check for StateFormatLevel
- Convert test_samples_create_tpmca to run installed
- Mention test_tpm2_libtpms_versions_profiles requiring env. variables
- allow running ibmtss2 tests against installed version
- Derive support for CUSE from SWTPM_EXE help screen
- Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for IBMTSS2 test
- Extend test case testing across libtpms versions
- Add test case for testing profiles across libtpms versions
- Test the --profile option of swtpm_setup and swtpm
- teach them to run installed
- add installed-runner.sh
- install tests on the system
- lookup system binaries if INSTALLED is set
- build-sys:
- enable 64-bit file API on 32-bit systems
- Add -Wshadow to the CFLAGS
- Require that libtpms v0.10 is available for TPMLIB_SetProfile
- debian:
- Add rule to allow usage of /var/tmp directory (QEMU)
- Add rules for reading profiles from distro and local dirs
- Allow non-owner file write access in /var/lib/libvirt/swtpm/
- Add sys_admin capability to apparmor profile
version 0.9.0:
Note: The SElinux policy for swtpm was completely redone. For systems
with an SELinux policy the same policy (>= 40.17) as used in
Fedora >= 40 is required due to changes in labels related to libvirt
that made the re-development of the SELinux policy necessary.
- swtpm:
- Use umask() to create/truncated state file rather than fchmod()
- Use fchmod to set mode bits provided by user
- Replace mkstemp with g_mkstemp_full (Coverity)
- fix typo in help message
- cuse: Fix Coverity complaints regarding locks
- Fix double free in error path
- Close fd after main loop
- Restore logging to stderr on log open failure
- swtpm_setup:
- Fail --pcr-banks without --tpm2
- Fail --decryption or --allow-signing without --tpm2
- Initialized @argv in get_swtpm_capabilities()
- Flush spk after persisting to create room for another key
- Refactor duplicate code into swtpm_tpm2_write_cert_nvram
- Move persisting of certificate into tpm2_persist_certificate
- Pass key_type to function creating filename for key
- Add scheme parameter before curveid to createprimary_ecc
- Rename is_ek to preserve for future extension
- Mask-out EK and plaform certificate flags and set cert_flags
- Move common code into new function read_certificate_file()
- Exit with '0' upon --version rather than '1'
- Close file descriptors passed to swtpm process on parent side
- Make stdout unbuffered
- Use medium duration on TSC_PhysicalPresence to avoid timeouts
- Add poll() after write() and before read() to detect errors
- swtpm_localca:
- Add support for up to 20 bytes serial numbers
- Introduce --key as more generic alias for --ek
- Add missing NULL option to end of array
- Make stdout unbuffered
- swtpm_cert:
- Add support for serial numbers up to 20 bytes long
- swtpm_ioctl:
- Separate return code from flags
- Repeatedly call PTM_GET_INFO for long responses
- selinux:
- Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install)
- New SELinux policy that requires Fedora 40 or later
- tests:
- Fixed occurrences of stray '\' before '-'
- Rearrange order of test cases to run some also as 'root'
- Add tests for command line options and combinations of options
- Add softhsm_setup to shellcheck'ed files and fix issues
- Add missing 'exit 1' on unexpected file size on --reconfigure
- Add test cases for swtpm_cert with max serial number
- Fix spelling mistakes
- reformat regexs for easier readability and extension
- ibmtss2: Add patch to disable x509 test with older libtpms
- Upgrade to ibmtss2 v2.0.1
- Fixed several issues detected by shellcheck
- build-sys:
- Add support for --disable-tests to disable tests
- Display GMP_LIBS and GMP_CFLAGS
- Only display warning if pkg-config for gmp fails
- Add gmp library and devel package as dependency
- use PKG_CHECK_MODULES to check libtpms version
- rpm:
- Add gmp library and devel package as dependency
- Split off SELinux files to build an selinux package
- debian:
- Sync AppArmor profile with what is used by Ubuntu
- Add gmp library and devel package as dependency
- Allow apparmor access to qemu session bus swtpm files
version 0.8.0:
- swtpm:
- Implement release-lock-outgoing parameter for --migration option
- Introduce --migration option and 'incoming' parameter
- Implement terminate parameter for ctrl channel loss
- Add a chroot option
- Introduce disable-auto-shutdown flag for --flags option
- If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
- Add some more recent syscalls to seccomp profile
- Disable OpenSSL FIPS mode to avoid libtpms failures
- Avoid locking directory multiple times
- Remove support for pre-v0.1 state files without header
- Use uint64_t in tlv_data_append() to avoid integer overflows
- Use uint64_t to avoid integer wrap-around when adding a uint32_t
- Do not chdir(/) when using --daemon
- Check header size indicator against expected size (CVE-2022-23645)
- Fixes for gcc 12.2.1 -fanalyzer
- build-sys:
- Fix configure script to support _FORTIFY_SOURCE=3
- Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- Test for available issuercert before creating CA
- swtpm_setup:
- Configure swtpm to log to stdout/err if needed (glib >=2.74)
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- Patch IBM TSS2 test suite for OpenSSL 3.x
- build-sys:
- Add probing for -fstack-protector
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/sysutils/swtpm/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/sysutils/swtpm/PLIST \
pkgsrc/sysutils/swtpm/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/swtpm/patches/patch-tests_sed-inplace
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/sysutils/swtpm/Makefile
diff -u pkgsrc/sysutils/swtpm/Makefile:1.11 pkgsrc/sysutils/swtpm/Makefile:1.12
--- pkgsrc/sysutils/swtpm/Makefile:1.11 Thu Nov 14 22:21:47 2024
+++ pkgsrc/sysutils/swtpm/Makefile Mon Dec 9 13:48:39 2024
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2024/11/14 22:21:47 wiz Exp $
+# $NetBSD: Makefile,v 1.12 2024/12/09 13:48:39 ryoon Exp $
GITHUB_PROJECT= swtpm
GITHUB_TAG= v${PKGVERSION_NOREV}
-DISTNAME= swtpm-0.7.0
-PKGREVISION= 9
+DISTNAME= swtpm-0.10.0
CATEGORIES= sysutils
MASTER_SITES= ${MASTER_SITE_GITHUB:=stefanberger/}
@@ -29,7 +28,7 @@ USE_LANGUAGES+= c
BUILDLINK_TRANSFORM+= rm:-Werror
USE_LIBTOOL= yes
-USE_TOOLS= automake bash gawk gmake pkg-config
+USE_TOOLS= automake bash gawk gmake gsed pkg-config
GNU_CONFIGURE= yes
CONFIGURE_SCRIPT= autogen.sh
CONFIGURE_ARGS+= --without-cuse
@@ -37,8 +36,10 @@ CONFIGURE_ARGS+= --with-tss-user=${REAL_
CONFIGURE_ARGS+= --with-tss-group=${REAL_ROOT_GROUP}
# Avoid `error: stack protector not protecting local variables: variable length buffer [-Werror=stack-protector]` errors
CONFIGURE_ARGS+= --disable-hardening
+CONFIGURE_ARGS+= --disable-tests
REPLACE_BASH+= samples/*
+REPLACE_BASH+= tests/*
EGDIR= ${PREFIX}/share/examples/swtpm
CONF_FILES+= ${EGDIR}/swtpm-localca.conf \
@@ -51,6 +52,10 @@ CONF_FILES+= ${EGDIR}/swtpm_setup.conf \
OWN_DIRS_PERMS+= ${VARBASE}/lib/swtpm-localca \
${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0755
+post-install:
+ # Do not install tests.
+ ${RM} -rf ${DESTDIR}${PREFIX}/libexec
+
.include "../../security/gnutls/buildlink3.mk"
.include "../../security/libtasn1/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
Index: pkgsrc/sysutils/swtpm/PLIST
diff -u pkgsrc/sysutils/swtpm/PLIST:1.1 pkgsrc/sysutils/swtpm/PLIST:1.2
--- pkgsrc/sysutils/swtpm/PLIST:1.1 Sat Feb 5 03:13:12 2022
+++ pkgsrc/sysutils/swtpm/PLIST Mon Dec 9 13:48:39 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2022/02/05 03:13:12 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.2 2024/12/09 13:48:39 ryoon Exp $
bin/swtpm
bin/swtpm_bios
bin/swtpm_cert
@@ -8,17 +8,17 @@ bin/swtpm_setup
include/swtpm/tpm_ioctl.h
lib/swtpm/libswtpm_libtpms.la
man/man3/swtpm_ioctls.3
+man/man5/swtpm-localca.conf.5
+man/man5/swtpm-localca.options.5
+man/man5/swtpm_setup.conf.5
man/man8/swtpm-create-tpmca.8
man/man8/swtpm-localca.8
-man/man8/swtpm-localca.conf.8
-man/man8/swtpm-localca.options.8
man/man8/swtpm.8
man/man8/swtpm_bios.8
man/man8/swtpm_cert.8
man/man8/swtpm_ioctl.8
man/man8/swtpm_localca.8
man/man8/swtpm_setup.8
-man/man8/swtpm_setup.conf.8
share/examples/swtpm/swtpm-localca.conf
share/examples/swtpm/swtpm-localca.options
share/examples/swtpm/swtpm_setup.conf
Index: pkgsrc/sysutils/swtpm/distinfo
diff -u pkgsrc/sysutils/swtpm/distinfo:1.1 pkgsrc/sysutils/swtpm/distinfo:1.2
--- pkgsrc/sysutils/swtpm/distinfo:1.1 Sat Feb 5 03:13:12 2022
+++ pkgsrc/sysutils/swtpm/distinfo Mon Dec 9 13:48:40 2024
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.1 2022/02/05 03:13:12 ryoon Exp $
+$NetBSD: distinfo,v 1.2 2024/12/09 13:48:40 ryoon Exp $
-BLAKE2s (swtpm-0.7.0.tar.gz) = 7de143702ab83692b0e9baf6046fdd47d9fe783102ae391c746616fd78ddc207
-SHA512 (swtpm-0.7.0.tar.gz) = 32096309bf710e51d7565f013db32627423682fb2bfa9358976126102a0bf07401146bae9346af389c932c038f3d03217739375cef01a2ff10b01c7bd004b55e
-Size (swtpm-0.7.0.tar.gz) = 353641 bytes
+BLAKE2s (swtpm-0.10.0.tar.gz) = 4e78603298ccfdd77ca821c3c4d81100f771b1f15f93f82d6727c9e9d58720ac
+SHA512 (swtpm-0.10.0.tar.gz) = 6f1848b0514799417582c1a5bedf9b7110e3627ab14f02ea193ad76ce8a188eba596494f410405c5f7226e2daf7d9ee889983a2265285839e72de12e6368180d
+Size (swtpm-0.10.0.tar.gz) = 414698 bytes
SHA1 (patch-configure.ac) = 00a5e52528150a356926a07b816268304456047c
SHA1 (patch-samples_Makefile.am) = 4c2559decb43286f431dfabcec703e65f1a3ace2
+SHA1 (patch-tests_sed-inplace) = 85242ad8cc799238888942cd6e0305d6c58f68c7
Added files:
Index: pkgsrc/sysutils/swtpm/patches/patch-tests_sed-inplace
diff -u /dev/null pkgsrc/sysutils/swtpm/patches/patch-tests_sed-inplace:1.1
--- /dev/null Mon Dec 9 13:48:40 2024
+++ pkgsrc/sysutils/swtpm/patches/patch-tests_sed-inplace Mon Dec 9 13:48:40 2024
@@ -0,0 +1,12 @@
+$NetBSD: patch-tests_sed-inplace,v 1.1 2024/12/09 13:48:40 ryoon Exp $
+
+--- tests/sed-inplace.orig 2024-12-04 15:21:18.719762588 +0000
++++ tests/sed-inplace
+@@ -1,6 +1,6 @@
+ #!/usr/bin/env bash
+
+-if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then
++if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-|BSD) ]]; then
+ sed -i "$1" "$2"
+ else
+ sed -i '' "$1" "$2"
Home |
Main Index |
Thread Index |
Old Index