commit
91266b648e
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg
|
||||||
|
SOURCES/tpm2-openssl-1.2.0.tar.gz
|
@ -0,0 +1,2 @@
|
|||||||
|
2889ee35b9af9a8929dfef8b2f527134d751f987 SOURCES/gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg
|
||||||
|
ad92fd969b9cfc1edffd1e7345900b7be5ef7375 SOURCES/tpm2-openssl-1.2.0.tar.gz
|
@ -0,0 +1,30 @@
|
|||||||
|
From d46a3ae2d3f06852388eb8439a9c06d97a8d3ca2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adrian Freihofer <adrian.freihofer@gmail.com>
|
||||||
|
Date: Wed, 27 Mar 2024 08:27:37 +0100
|
||||||
|
Subject: [PATCH] tests: workaround for tpm2-tools bug
|
||||||
|
|
||||||
|
The test fails because of a bug in the tpm2-tools:
|
||||||
|
https://github.com/tpm2-software/tpm2-tools/pull/3374
|
||||||
|
---
|
||||||
|
test/ec_createak_x509_index.sh | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/test/ec_createak_x509_index.sh b/test/ec_createak_x509_index.sh
|
||||||
|
index 4323475..7476c23 100755
|
||||||
|
--- a/test/ec_createak_x509_index.sh
|
||||||
|
+++ b/test/ec_createak_x509_index.sh
|
||||||
|
@@ -2,6 +2,11 @@
|
||||||
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
set -eufx
|
||||||
|
|
||||||
|
+# Temporary workaround for https://github.com/tpm2-software/tpm2-tools/pull/3374
|
||||||
|
+if uname -m | grep s390; then
|
||||||
|
+ exit 77
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
# create EK
|
||||||
|
tpm2_createek -G ecc -c ek_rsa.ctx
|
||||||
|
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
@ -0,0 +1,126 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
|
||||||
|
SIM_PORT_DATA=2321
|
||||||
|
SIM_PORT_CMD=$((SIM_PORT_DATA+1))
|
||||||
|
|
||||||
|
# Run from top dir of this repository
|
||||||
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||||
|
TOP_DIR="$(realpath "$SCRIPT_DIR/..")"
|
||||||
|
cd "$TOP_DIR" || { echo "Error: cd to cd $TOP_DIR failed"; exit 1; }
|
||||||
|
|
||||||
|
|
||||||
|
verify_simulator_is_running() {
|
||||||
|
local pid_tpm=$1
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
ss -lntp4 2> /dev/null | grep "${pid_tpm}" | grep -q "${SIM_PORT_DATA}"
|
||||||
|
ret_data=$?
|
||||||
|
ss -lntp4 2> /dev/null | grep "${pid_tpm}" | grep -q "${SIM_PORT_CMD}"
|
||||||
|
ret_cmd=$?
|
||||||
|
if [ $ret_data -eq 0 ] && [ $ret_cmd -eq 0 ]; then
|
||||||
|
echo "Simulator with PID ${pid_tpm} bound to port ${SIM_PORT_DATA} and ${SIM_PORT_CMD} successfully."
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
echo "Error: Port conflict? Cleaning up PID: ${pid_tpm}"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
build_tpm2_simulator_ibm() (
|
||||||
|
test -d ibmtpm && return
|
||||||
|
echo "---> compiling IBM tpm simulator"
|
||||||
|
mkdir ibmtpm
|
||||||
|
curl -Ls https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1682.tar.gz | tar xz -C ibmtpm
|
||||||
|
cd ibmtpm/src && make
|
||||||
|
)
|
||||||
|
|
||||||
|
start_tpm2_simulator_ibm () {
|
||||||
|
build_tpm2_simulator_ibm || return 1
|
||||||
|
|
||||||
|
echo "---> starting IBM tpm simulator"
|
||||||
|
ibmtpm/src/tpm_server &
|
||||||
|
pid_tpm=$!
|
||||||
|
verify_simulator_is_running $pid_tpm
|
||||||
|
}
|
||||||
|
|
||||||
|
start_tpm2_simulator_swtpm () {
|
||||||
|
echo "---> starting swtpm simulator"
|
||||||
|
swtpm socket --tpm2 \
|
||||||
|
--server port=$SIM_PORT_DATA \
|
||||||
|
--ctrl type=tcp,port=$SIM_PORT_CMD \
|
||||||
|
--flags not-need-init \
|
||||||
|
--tpmstate dir="$PWD" \
|
||||||
|
--seccomp action=none &
|
||||||
|
pid_tpm=$!
|
||||||
|
verify_simulator_is_running $pid_tpm
|
||||||
|
}
|
||||||
|
|
||||||
|
start_dbusd () {
|
||||||
|
echo "---> starting dbus daemon"
|
||||||
|
dbus-daemon --session --print-address > /tmp/bus-socket-path.txt &
|
||||||
|
sleep 1
|
||||||
|
DBUS_SESSION_BUS_ADDRESS="$(tail -n1 /tmp/bus-socket-path.txt)"
|
||||||
|
export DBUS_SESSION_BUS_ADDRESS
|
||||||
|
}
|
||||||
|
|
||||||
|
start_tpm2_abrmd() {
|
||||||
|
local tabrmd_tcti=$1
|
||||||
|
|
||||||
|
echo "---> starting abrmd"
|
||||||
|
local tabrmd_name="com.intel.tss2.Tabrmd${SIM_PORT_DATA}"
|
||||||
|
tpm2-abrmd --session --dbus-name="${tabrmd_name}" --tcti "${tabrmd_tcti}:host=localhost,port=${SIM_PORT_DATA}" &
|
||||||
|
TCTI_ADDRESS="tabrmd:bus_name=${tabrmd_name},bus_type=session"
|
||||||
|
TPM2TOOLS_TCTI="$TCTI_ADDRESS"
|
||||||
|
TPM2OPENSSL_TCTI="$TCTI_ADDRESS"
|
||||||
|
export TPM2TOOLS_TCTI
|
||||||
|
export TPM2OPENSSL_TCTI
|
||||||
|
sleep 1
|
||||||
|
busctl --address="${DBUS_SESSION_BUS_ADDRESS}" list | grep "$tabrmd_name"
|
||||||
|
}
|
||||||
|
|
||||||
|
start_tpm2_sim_env() {
|
||||||
|
local sim_type=$1
|
||||||
|
|
||||||
|
start_dbusd
|
||||||
|
|
||||||
|
if [ "$sim_type" = "swtpm" ]; then
|
||||||
|
start_tpm2_simulator_swtpm || return 1
|
||||||
|
start_tpm2_abrmd swtpm || return 1
|
||||||
|
elif [ "$sim_type" = "ibm" ]; then
|
||||||
|
start_tpm2_simulator_ibm || return 1
|
||||||
|
start_tpm2_abrmd mssim || return 1
|
||||||
|
else
|
||||||
|
echo "invalid tpm simulator typ"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
make_check () {
|
||||||
|
echo "Running make check"
|
||||||
|
openssl version
|
||||||
|
tpm2_getcap properties-fixed | head -n 20
|
||||||
|
make check
|
||||||
|
}
|
||||||
|
|
||||||
|
function cleanup()
|
||||||
|
{
|
||||||
|
pkill -P $$
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
build_tpm2_openssl() {
|
||||||
|
./bootstrap
|
||||||
|
./configure CC=gcc --enable-op-digest --enable-op-cipher
|
||||||
|
make
|
||||||
|
}
|
||||||
|
|
||||||
|
SIM_TYPE=${1:-swtpm}
|
||||||
|
SKIP_BUILD=${2:-build}
|
||||||
|
if [ "$SKIP_BUILD" = "skip-build" ]; then
|
||||||
|
echo "Skipping the build"
|
||||||
|
else
|
||||||
|
build_tpm2_openssl || { echo "Compiling tpm2-openssl failed"; exit 1; }
|
||||||
|
fi
|
||||||
|
start_tpm2_sim_env "${SIM_TYPE}" || { echo "Starting tpm2 simulator failed ($SIM_TYPE)"; exit 1; }
|
||||||
|
make_check || { echo "tpm2-openssl make check failed"; exit 1; }
|
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQGzBAABCAAdFiEEtyAf6AMbB68R9UI8YynPy2vm/XYFAmUqV6AACgkQYynPy2vm
|
||||||
|
/XaVMwv/Ytg3IjyniOdu4s3ct3E+Mj6ahw5KedqlOh4tSFFkHqRvwsVYDjBOeByM
|
||||||
|
i1F0FsngJWh4gSrUTeUrpsFYwL6NUKV8TDHQoO1bJUfwZSFQCPRBatk8XM3eGVlo
|
||||||
|
x3J1VTn59DHlqhaAtGtCuq18Dk9PfBYSgveuPPQHc3AybRKHu+7BVdmNqt8l17oG
|
||||||
|
k9yXFxspKI0WW/arnR0lBJ2iIblaNSqdUfThPHYnjqjX6nJckW9uwPTozwqNMJUV
|
||||||
|
L1xTaqw5ymh3AiVFbNcHFqyWS5TPV6PCfzXLVFMVlXCdSWt4n1KT/fN8EsAVN9VS
|
||||||
|
Om8kOzhyqdxpXqHwfjycfpj1jr1LLzJzvAd6ZP8bgULLxO61GZuljtP0hkMNpk1J
|
||||||
|
BjwzdW0W+NYWjlulZ6WRFDr/X+ejlJfyNxdJ8o/iPAezv45xmPwC66x62VJCEGkH
|
||||||
|
lMakTYlavwbpbjmSqFi3LDCQ/pYn4IIljaq2y1KzBu2hrIZ2yl1YU28atNLl+lpr
|
||||||
|
SOV/3zvk
|
||||||
|
=GGPd
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -0,0 +1,77 @@
|
|||||||
|
Name:tpm2-openssl
|
||||||
|
Version: 1.2.0
|
||||||
|
Release: 3%{?candidate:.%{candidate}}%{?dist}
|
||||||
|
Summary: Provider for integration of TPM 2.0 to OpenSSL 3.0
|
||||||
|
|
||||||
|
License: BSD-3-Clause
|
||||||
|
URL: https://github.com/tpm2-software/tpm2-openssl
|
||||||
|
Source0: https://github.com/tpm2-software/%{name}/%{?candidate:archive/refs/tags}%{!?candidate:releases/download}/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz
|
||||||
|
Source1: https://github.com/tpm2-software/%{name}/%{?candidate:archive/refs/tags}%{!?candidate:releases/download}/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz.asc
|
||||||
|
Source2: gpgkey-B7201FE8031B07AF11F5423C6329CFCB6BE6FD76.gpg
|
||||||
|
# Will be included in Source0 after https://github.com/tpm2-software/tpm2-openssl/pull/100
|
||||||
|
Source3: run-with-simulator
|
||||||
|
Patch0: 0001-tests-workaround-for-tpm2-tools-bug.patch
|
||||||
|
|
||||||
|
BuildRequires: gnupg2
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: make
|
||||||
|
BuildRequires: pkg-config
|
||||||
|
BuildRequires: autoconf automake libtool autoconf-archive
|
||||||
|
BuildRequires: tpm2-tss-devel
|
||||||
|
BuildRequires: openssl-devel >= 3.0.0
|
||||||
|
|
||||||
|
# Test dependencies
|
||||||
|
BuildRequires: dbus-daemon
|
||||||
|
BuildRequires: iproute
|
||||||
|
BuildRequires: openssl
|
||||||
|
BuildRequires: procps-ng
|
||||||
|
BuildRequires: swtpm
|
||||||
|
BuildRequires: tpm2-abrmd tpm2-abrmd-selinux
|
||||||
|
BuildRequires: tpm2-tools
|
||||||
|
|
||||||
|
Requires: tpm2-abrmd
|
||||||
|
|
||||||
|
%description
|
||||||
|
Makes the TPM 2.0 accessible via the standard OpenSSL API and command line
|
||||||
|
tools, adding TPM support to (almost) any OpenSSL 3.0-based application.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||||
|
%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}}
|
||||||
|
|
||||||
|
%build
|
||||||
|
%if "%{?candidate:true}" == "true"
|
||||||
|
sed -e '/^git.*$/d' -i bootstrap
|
||||||
|
echo "%{version}%{?candidate:-%{candidate}}" > VERSION
|
||||||
|
./bootstrap
|
||||||
|
%endif
|
||||||
|
%configure
|
||||||
|
%{make_build}
|
||||||
|
|
||||||
|
%check
|
||||||
|
cp %{_sourcedir}/run-with-simulator %{_builddir}/%{name}-%{version}%{?candidate:-%{candidate}}/test/
|
||||||
|
./test/run-with-simulator swtpm skip-build
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc docs
|
||||||
|
%license LICENSE
|
||||||
|
%{_libdir}/ossl-modules/tpm2.so
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.2.0-3
|
||||||
|
- Bump release for June 2024 mass rebuild
|
||||||
|
|
||||||
|
* Sat Mar 23 2024 Adrian Freihofer <adrian.freihofer@gmail.com> 1.2.0-2
|
||||||
|
- tito: use release tagger (adrian.freihofer@gmail.com)
|
||||||
|
- Revert "Automatic commit of package [tpm2-openssl] release [1.2.1-1]."
|
||||||
|
(adrian.freihofer@gmail.com)
|
||||||
|
- Automatic commit of package [tpm2-openssl] release [1.2.1-1].
|
||||||
|
(adrian.freihofer@gmail.com)
|
||||||
|
- run-with-simulator: backport from upstream (adrian.freihofer@gmail.com)
|
||||||
|
|
||||||
|
* Fri Mar 22 2024 Adrian Freihofer <adrian.freihofer@gmail.com> 1.2.0-1
|
||||||
|
- new package built with tito
|
||||||
|
|
Loading…
Reference in new issue