From 91266b648ebf7043c1d0eb768187c5323f2f879a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 25 Oct 2024 19:42:40 +0300 Subject: [PATCH] import tpm2-openssl-1.2.0-3.el10 --- .gitignore | 2 + .tpm2-openssl.metadata | 2 + ...-tests-workaround-for-tpm2-tools-bug.patch | 30 +++++ SOURCES/run-with-simulator | 126 ++++++++++++++++++ SOURCES/tpm2-openssl-1.2.0.tar.gz.asc | 14 ++ SPECS/tpm2-openssl.spec | 77 +++++++++++ 6 files changed, 251 insertions(+) create mode 100644 .gitignore create mode 100644 .tpm2-openssl.metadata create mode 100644 SOURCES/0001-tests-workaround-for-tpm2-tools-bug.patch create mode 100755 SOURCES/run-with-simulator create mode 100644 SOURCES/tpm2-openssl-1.2.0.tar.gz.asc create mode 100644 SPECS/tpm2-openssl.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..66c402d --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg +SOURCES/tpm2-openssl-1.2.0.tar.gz diff --git a/.tpm2-openssl.metadata b/.tpm2-openssl.metadata new file mode 100644 index 0000000..1753da0 --- /dev/null +++ b/.tpm2-openssl.metadata @@ -0,0 +1,2 @@ +2889ee35b9af9a8929dfef8b2f527134d751f987 SOURCES/gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg +ad92fd969b9cfc1edffd1e7345900b7be5ef7375 SOURCES/tpm2-openssl-1.2.0.tar.gz diff --git a/SOURCES/0001-tests-workaround-for-tpm2-tools-bug.patch b/SOURCES/0001-tests-workaround-for-tpm2-tools-bug.patch new file mode 100644 index 0000000..6f91028 --- /dev/null +++ b/SOURCES/0001-tests-workaround-for-tpm2-tools-bug.patch @@ -0,0 +1,30 @@ +From d46a3ae2d3f06852388eb8439a9c06d97a8d3ca2 Mon Sep 17 00:00:00 2001 +From: Adrian Freihofer +Date: Wed, 27 Mar 2024 08:27:37 +0100 +Subject: [PATCH] tests: workaround for tpm2-tools bug + +The test fails because of a bug in the tpm2-tools: +https://github.com/tpm2-software/tpm2-tools/pull/3374 +--- + test/ec_createak_x509_index.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/test/ec_createak_x509_index.sh b/test/ec_createak_x509_index.sh +index 4323475..7476c23 100755 +--- a/test/ec_createak_x509_index.sh ++++ b/test/ec_createak_x509_index.sh +@@ -2,6 +2,11 @@ + # SPDX-License-Identifier: BSD-3-Clause + set -eufx + ++# Temporary workaround for https://github.com/tpm2-software/tpm2-tools/pull/3374 ++if uname -m | grep s390; then ++ exit 77 ++fi ++ + # create EK + tpm2_createek -G ecc -c ek_rsa.ctx + +-- +2.44.0 + diff --git a/SOURCES/run-with-simulator b/SOURCES/run-with-simulator new file mode 100755 index 0000000..e29b591 --- /dev/null +++ b/SOURCES/run-with-simulator @@ -0,0 +1,126 @@ +#!/bin/bash +# SPDX-License-Identifier: BSD-3-Clause + +SIM_PORT_DATA=2321 +SIM_PORT_CMD=$((SIM_PORT_DATA+1)) + +# Run from top dir of this repository +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +TOP_DIR="$(realpath "$SCRIPT_DIR/..")" +cd "$TOP_DIR" || { echo "Error: cd to cd $TOP_DIR failed"; exit 1; } + + +verify_simulator_is_running() { + local pid_tpm=$1 + + sleep 1 + ss -lntp4 2> /dev/null | grep "${pid_tpm}" | grep -q "${SIM_PORT_DATA}" + ret_data=$? + ss -lntp4 2> /dev/null | grep "${pid_tpm}" | grep -q "${SIM_PORT_CMD}" + ret_cmd=$? + if [ $ret_data -eq 0 ] && [ $ret_cmd -eq 0 ]; then + echo "Simulator with PID ${pid_tpm} bound to port ${SIM_PORT_DATA} and ${SIM_PORT_CMD} successfully." + return 0 + else + echo "Error: Port conflict? Cleaning up PID: ${pid_tpm}" + return 1 + fi +} + +build_tpm2_simulator_ibm() ( + test -d ibmtpm && return + echo "---> compiling IBM tpm simulator" + mkdir ibmtpm + curl -Ls https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1682.tar.gz | tar xz -C ibmtpm + cd ibmtpm/src && make +) + +start_tpm2_simulator_ibm () { + build_tpm2_simulator_ibm || return 1 + + echo "---> starting IBM tpm simulator" + ibmtpm/src/tpm_server & + pid_tpm=$! + verify_simulator_is_running $pid_tpm +} + +start_tpm2_simulator_swtpm () { + echo "---> starting swtpm simulator" + swtpm socket --tpm2 \ + --server port=$SIM_PORT_DATA \ + --ctrl type=tcp,port=$SIM_PORT_CMD \ + --flags not-need-init \ + --tpmstate dir="$PWD" \ + --seccomp action=none & + pid_tpm=$! + verify_simulator_is_running $pid_tpm +} + +start_dbusd () { + echo "---> starting dbus daemon" + dbus-daemon --session --print-address > /tmp/bus-socket-path.txt & + sleep 1 + DBUS_SESSION_BUS_ADDRESS="$(tail -n1 /tmp/bus-socket-path.txt)" + export DBUS_SESSION_BUS_ADDRESS +} + +start_tpm2_abrmd() { + local tabrmd_tcti=$1 + + echo "---> starting abrmd" + local tabrmd_name="com.intel.tss2.Tabrmd${SIM_PORT_DATA}" + tpm2-abrmd --session --dbus-name="${tabrmd_name}" --tcti "${tabrmd_tcti}:host=localhost,port=${SIM_PORT_DATA}" & + TCTI_ADDRESS="tabrmd:bus_name=${tabrmd_name},bus_type=session" + TPM2TOOLS_TCTI="$TCTI_ADDRESS" + TPM2OPENSSL_TCTI="$TCTI_ADDRESS" + export TPM2TOOLS_TCTI + export TPM2OPENSSL_TCTI + sleep 1 + busctl --address="${DBUS_SESSION_BUS_ADDRESS}" list | grep "$tabrmd_name" +} + +start_tpm2_sim_env() { + local sim_type=$1 + + start_dbusd + + if [ "$sim_type" = "swtpm" ]; then + start_tpm2_simulator_swtpm || return 1 + start_tpm2_abrmd swtpm || return 1 + elif [ "$sim_type" = "ibm" ]; then + start_tpm2_simulator_ibm || return 1 + start_tpm2_abrmd mssim || return 1 + else + echo "invalid tpm simulator typ" + return 1 + fi +} + +make_check () { + echo "Running make check" + openssl version + tpm2_getcap properties-fixed | head -n 20 + make check +} + +function cleanup() +{ + pkill -P $$ +} +trap cleanup EXIT + +build_tpm2_openssl() { + ./bootstrap + ./configure CC=gcc --enable-op-digest --enable-op-cipher + make +} + +SIM_TYPE=${1:-swtpm} +SKIP_BUILD=${2:-build} +if [ "$SKIP_BUILD" = "skip-build" ]; then + echo "Skipping the build" +else + build_tpm2_openssl || { echo "Compiling tpm2-openssl failed"; exit 1; } +fi +start_tpm2_sim_env "${SIM_TYPE}" || { echo "Starting tpm2 simulator failed ($SIM_TYPE)"; exit 1; } +make_check || { echo "tpm2-openssl make check failed"; exit 1; } diff --git a/SOURCES/tpm2-openssl-1.2.0.tar.gz.asc b/SOURCES/tpm2-openssl-1.2.0.tar.gz.asc new file mode 100644 index 0000000..db1ba12 --- /dev/null +++ b/SOURCES/tpm2-openssl-1.2.0.tar.gz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCAAdFiEEtyAf6AMbB68R9UI8YynPy2vm/XYFAmUqV6AACgkQYynPy2vm +/XaVMwv/Ytg3IjyniOdu4s3ct3E+Mj6ahw5KedqlOh4tSFFkHqRvwsVYDjBOeByM +i1F0FsngJWh4gSrUTeUrpsFYwL6NUKV8TDHQoO1bJUfwZSFQCPRBatk8XM3eGVlo +x3J1VTn59DHlqhaAtGtCuq18Dk9PfBYSgveuPPQHc3AybRKHu+7BVdmNqt8l17oG +k9yXFxspKI0WW/arnR0lBJ2iIblaNSqdUfThPHYnjqjX6nJckW9uwPTozwqNMJUV +L1xTaqw5ymh3AiVFbNcHFqyWS5TPV6PCfzXLVFMVlXCdSWt4n1KT/fN8EsAVN9VS +Om8kOzhyqdxpXqHwfjycfpj1jr1LLzJzvAd6ZP8bgULLxO61GZuljtP0hkMNpk1J +BjwzdW0W+NYWjlulZ6WRFDr/X+ejlJfyNxdJ8o/iPAezv45xmPwC66x62VJCEGkH +lMakTYlavwbpbjmSqFi3LDCQ/pYn4IIljaq2y1KzBu2hrIZ2yl1YU28atNLl+lpr +SOV/3zvk +=GGPd +-----END PGP SIGNATURE----- diff --git a/SPECS/tpm2-openssl.spec b/SPECS/tpm2-openssl.spec new file mode 100644 index 0000000..b43cec2 --- /dev/null +++ b/SPECS/tpm2-openssl.spec @@ -0,0 +1,77 @@ +Name:tpm2-openssl +Version: 1.2.0 +Release: 3%{?candidate:.%{candidate}}%{?dist} +Summary: Provider for integration of TPM 2.0 to OpenSSL 3.0 + +License: BSD-3-Clause +URL: https://github.com/tpm2-software/tpm2-openssl +Source0: https://github.com/tpm2-software/%{name}/%{?candidate:archive/refs/tags}%{!?candidate:releases/download}/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz +Source1: https://github.com/tpm2-software/%{name}/%{?candidate:archive/refs/tags}%{!?candidate:releases/download}/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz.asc +Source2: gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg +# Will be included in Source0 after https://github.com/tpm2-software/tpm2-openssl/pull/100 +Source3: run-with-simulator +Patch0: 0001-tests-workaround-for-tpm2-tools-bug.patch + +BuildRequires: gnupg2 +BuildRequires: gcc +BuildRequires: make +BuildRequires: pkg-config +BuildRequires: autoconf automake libtool autoconf-archive +BuildRequires: tpm2-tss-devel +BuildRequires: openssl-devel >= 3.0.0 + +# Test dependencies +BuildRequires: dbus-daemon +BuildRequires: iproute +BuildRequires: openssl +BuildRequires: procps-ng +BuildRequires: swtpm +BuildRequires: tpm2-abrmd tpm2-abrmd-selinux +BuildRequires: tpm2-tools + +Requires: tpm2-abrmd + +%description +Makes the TPM 2.0 accessible via the standard OpenSSL API and command line +tools, adding TPM support to (almost) any OpenSSL 3.0-based application. + +%prep +gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} +%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}} + +%build +%if "%{?candidate:true}" == "true" + sed -e '/^git.*$/d' -i bootstrap + echo "%{version}%{?candidate:-%{candidate}}" > VERSION + ./bootstrap +%endif +%configure +%{make_build} + +%check +cp %{_sourcedir}/run-with-simulator %{_builddir}/%{name}-%{version}%{?candidate:-%{candidate}}/test/ +./test/run-with-simulator swtpm skip-build + +%install +%make_install + +%files +%doc docs +%license LICENSE +%{_libdir}/ossl-modules/tpm2.so + +%changelog +* Mon Jun 24 2024 Troy Dawson - 1.2.0-3 +- Bump release for June 2024 mass rebuild + +* Sat Mar 23 2024 Adrian Freihofer 1.2.0-2 +- tito: use release tagger (adrian.freihofer@gmail.com) +- Revert "Automatic commit of package [tpm2-openssl] release [1.2.1-1]." + (adrian.freihofer@gmail.com) +- Automatic commit of package [tpm2-openssl] release [1.2.1-1]. + (adrian.freihofer@gmail.com) +- run-with-simulator: backport from upstream (adrian.freihofer@gmail.com) + +* Fri Mar 22 2024 Adrian Freihofer 1.2.0-1 +- new package built with tito +