From 61b6a0fb04c4dabdf6bbd5ae918acbf6716b34d1 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 15 Nov 2022 01:55:37 -0500 Subject: [PATCH] import tpm2-tools-5.2-1.el9 --- .gitignore | 1 + .tpm2-tools.metadata | 1 + ...arms-fix-condition-for-negative-test.patch | 34 +++ ...build-Use-hardcoded-version-variable.patch | 32 ++ SOURCES/test-fixup.patch | 12 + SPECS/tpm2-tools.spec | 286 ++++++++++++++++++ 6 files changed, 366 insertions(+) create mode 100644 .gitignore create mode 100644 .tpm2-tools.metadata create mode 100644 SOURCES/0001-testparms-fix-condition-for-negative-test.patch create mode 100644 SOURCES/0019-build-Use-hardcoded-version-variable.patch create mode 100644 SOURCES/test-fixup.patch create mode 100644 SPECS/tpm2-tools.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d7a7eba --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tpm2-tools-5.2.tar.gz diff --git a/.tpm2-tools.metadata b/.tpm2-tools.metadata new file mode 100644 index 0000000..bddb705 --- /dev/null +++ b/.tpm2-tools.metadata @@ -0,0 +1 @@ +00dc3b052d3b4ea44aeda95a9b3a6809ee471358 SOURCES/tpm2-tools-5.2.tar.gz diff --git a/SOURCES/0001-testparms-fix-condition-for-negative-test.patch b/SOURCES/0001-testparms-fix-condition-for-negative-test.patch new file mode 100644 index 0000000..a1da9f8 --- /dev/null +++ b/SOURCES/0001-testparms-fix-condition-for-negative-test.patch @@ -0,0 +1,34 @@ +From 0789bf264a108c4718875a050d00b1fdee4478b7 Mon Sep 17 00:00:00 2001 +From: Jonas Witschel +Date: Wed, 29 Sep 2021 17:08:07 +0200 +Subject: [PATCH] testparms: fix condition for negative test +Content-type: text/plain + +Commit e858dec76686bb4c42e74e0984b433231e530f93 ("testparms: ensure curve not +supported before negative test") is supposed to ensure that the negative test +is run only if ecc521 is *not* supported, but instead it runs the negative test +if ecc521 is *available*. This worked anyway for libtpms < 0.9.0 because camellia +was not supported, but since libtpms 0.9.0 added support for this algorithm, the +test suite fails now with swtpm. + +Signed-off-by: Jonas Witschel +--- + test/integration/tests/testparms.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/integration/tests/testparms.sh b/test/integration/tests/testparms.sh +index 8c3548e58f39..a587a60a34cf 100644 +--- a/test/integration/tests/testparms.sh ++++ b/test/integration/tests/testparms.sh +@@ -63,7 +63,7 @@ else + fi + + # Attempt to specify a suite that is not supported (error from TPM) +-if tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then ++if ! tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then + if tpm2 testparms "ecc521:ecdsa:camellia" &>/dev/null; then + echo "tpm2 testparms succeeded while it shouldn't or TPM failed" + exit 1 +-- +2.35.3 + diff --git a/SOURCES/0019-build-Use-hardcoded-version-variable.patch b/SOURCES/0019-build-Use-hardcoded-version-variable.patch new file mode 100644 index 0000000..85c0976 --- /dev/null +++ b/SOURCES/0019-build-Use-hardcoded-version-variable.patch @@ -0,0 +1,32 @@ +From 395651f059ceb21d56c44cddda05e055caa0fd19 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?= + +Date: Mon, 18 Oct 2021 19:04:54 +0200 +Subject: [PATCH] build: Use hardcoded version variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit the version was generated from git tag/commit hash. +This caused problems with having empty version variable while building +outside of git. Fix this by hardcoding the variable. + +Signed-off-by: Štěpán Horáček +--- + configure.ac | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 9561fa86..2bf3a790 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,5 +1,4 @@ +-AC_INIT([tpm2-tools], +- [m4_esyscmd_s([git describe --tags --always --dirty])]) ++AC_INIT([tpm2-tools], [5.2]) + AC_CONFIG_MACRO_DIR([m4]) + + AX_IS_RELEASE([dash-version]) +-- +2.31.1 + diff --git a/SOURCES/test-fixup.patch b/SOURCES/test-fixup.patch new file mode 100644 index 0000000..9610d4c --- /dev/null +++ b/SOURCES/test-fixup.patch @@ -0,0 +1,12 @@ +diff -ur tpm2-tools-5.2/test/integration/helpers.sh tpm2-tools-5.2-new/test/integration/helpers.sh +--- tpm2-tools-5.2/test/integration/helpers.sh 2021-08-23 09:47:20.000000000 -0700 ++++ tpm2-tools-5.2-new/test/integration/helpers.sh 2022-05-31 16:06:07.939025537 -0700 +@@ -409,7 +409,7 @@ + echo "Starting tpm2-abrmd" + # Start tpm2-abrmd + start_abrmd || exit 1 +- run_startup=false ++ # run_startup=false + else + echo "not starting abrmd" + fi diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec new file mode 100644 index 0000000..c9ff216 --- /dev/null +++ b/SPECS/tpm2-tools.spec @@ -0,0 +1,286 @@ +#global candidate rc2 + +Name: tpm2-tools +Version: 5.2 +Release: 1%{?candidate:.%{candidate}}%{?dist} +Summary: A bunch of TPM testing toolS build upon tpm2-tss + +License: BSD +URL: https://github.com/tpm2-software/tpm2-tools +Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz +Patch0: 0019-build-Use-hardcoded-version-variable.patch +Patch1: test-fixup.patch +Patch2: 0001-testparms-fix-condition-for-negative-test.patch + +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: libtool +BuildRequires: autoconf-archive +BuildRequires: pkgconfig(cmocka) +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(openssl) +# tpm2-tss-devel provides tss2-mu/sys/esys package config +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: pkgconfig(tss2-sys) +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(uuid) + +# tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required +Requires: tpm2-tss%{?_isa} >= 2.3.1 + +%description +tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss. + +%prep +%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}} + +%build +autoreconf -i +# LTO exposes a latent uninitialized variable "value" in the function # "nt". +# This has been reported to the maintainer (Yunying), but they have not +# responded and I am not comfortable enough with the code to know if a trivial +# initialization to zero is appropriate/safe. So LTO is disabled for now. +%define _lto_cflags %{nil} +%configure --prefix=/usr --disable-static --disable-silent-rules CFLAGS="%{optflags} -Wno-error=deprecated-declarations" +%make_build + +%install +%make_install + +%files +%license doc/LICENSE +%doc doc/README.md doc/CHANGELOG.md +%{_bindir}/tpm2 +%{_bindir}/tpm2_* +%{_bindir}/tss2 +%{_bindir}/tss2_* +%{_datadir}/bash-completion/completions/tpm2* +%{_datadir}/bash-completion/completions/tss2* +%{_mandir}/man1/tpm2_*.1.gz +%{_mandir}/man1/tpm2.1.gz +%{_mandir}/man1/tss2_*.1.gz + +%changelog +* Tue May 31 2022 Jerry Snitselaar - 5.2-1 +- Rebase to 5.2 release. +Resolves: rhbz#2090748 + +* Mon Oct 25 2021 Štěpán Horáček - 5.0-10 +- Fix the version not being reported + Resolves: rhbz#2015941 + +* Fri Oct 1 2021 Štěpán Horáček - 5.0-9 +- Fix a segfault on ppc64le and add support for OpenSSL 3 + Resolves: rhbz#1989617 + +* Tue Aug 10 2021 Mohan Boddu - 5.0-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jun 28 2021 Jerry Snitselaar - 5.0-7 +- Fix for CVE-2021-3565 +Resolves: rhbz#1965982 + +* Wed Jun 16 2021 Mohan Boddu - 5.0-6 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Mon May 24 2021 Jerry Snitselaar - 5.0-5 +- Remove pandoc dependency. Related: rhbz#1943528 + +* Wed May 19 2021 Jerry Snitselaar - 5.0-4 +- Work around for openssl 3.0 update. Related: rhbz#1958029 + +* Fri Apr 16 2021 Mohan Boddu - 5.0-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Nov 23 2020 Peter Robinson - 5.0-1 +- Update tp tpm2-tools 5.0 + +* Sat Aug 29 2020 Peter Robinson - 4.3.0-1 +- Update to 4.3.0 + +* Mon Aug 10 2020 Peter Robinson - 4.2.1-4 +- Rebuild for tpm2-tss 3.0 + +* Wed Jul 29 2020 Fedora Release Engineering - 4.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Jeff Law - 4.2.1-2 +- Disable LTO due to latent uninitialized variable exposed by LTO + +* Wed May 27 2020 Peter Robinson - 4.2.1-1 +- Update to 4.2.1 + +* Tue Apr 14 2020 Peter Robinson - 4.2-1 +- Update to 4.2 + +* Fri Jan 31 2020 Fedora Release Engineering - 4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Nov 28 2019 Yunying Sun - 4.1-1 +- Update to 4.1 release + +* Tue Oct 29 2019 Yunying Sun - 4.0.1-1 +- Update to 4.0.1 release + +* Tue Sep 10 2019 Peter Robinson 4.0-1 +- Update to 4.0 + +* Fri Sep 6 2019 Javier Martinez Canillas 4.0-0.4-rc2 +- Use a release tarball instead of a source code tarball + +* Fri Sep 6 2019 Peter Robinson 4.0-0.3-rc2 +- Update to 4.0 RC2 + +* Tue Aug 27 2019 Peter Robinson 4.0-0.2-rc1 +- Update to 4.0 RC1 + +* Tue Aug 20 2019 Peter Robinson 4.0-0.1-rc0 +- Update to 4.0 RC0 + +* Thu Aug 1 2019 Peter Robinson 3.2.0-3 +- Fix for crash for max PCRs available + +* Sat Jul 27 2019 Fedora Release Engineering - 3.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jun 21 2019 Yunying Sun - 3.2.0-1 +- Update to 3.2.0 release +- Removed patches since all have been included in 3.2.0 release + +* Fri May 10 2019 Javier Martinez Canillas - 3.1.4-2 +- Allow tpm2_makecredential to run without a TPM (jetwhiz) +- Add tpm2_pcrreset and tpm2_checkquote tools (jetwhiz) + +* Fri Mar 15 2019 Yunying Sun - 3.1.4-1 +- Update to 3.1.4 release +- Removed the 4 patches since all have been included in 3.1.4 release + +* Sun Feb 03 2019 Fedora Release Engineering - 3.1.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 7 2019 Javier Martinez Canillas - 3.1.3-3 +- Fix broken -T option when passing additional arguments + +* Mon Jan 7 2019 Javier Martinez Canillas - 3.1.3-2 +- Fix broken -T option and a couple of minor fixes +- Add pandoc BuildRequires + +* Wed Nov 7 2018 Yunying Sun - 3.1.3-1 +- Update to 3.1.3 release + +* Wed Sep 12 2018 Javier Martinez Canillas - 3.1.2-1 +- Update to 3.1.2 release +- Restore TCTI configuration environment for tools +- Restore tpm2_getcap tool properties output + Resolves: rhbz#1625647 + +* Sat Jul 14 2018 Javier Martinez Canillas - 3.1.1-3 +- Revert backward incompatible change that removes default object attributes + +* Sat Jul 14 2018 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jul 12 2018 Yunying Sun - 3.1.1-1 +- Update to 3.1.1 release + +* Thu Jul 5 2018 Yunying Sun - 3.1.0-1 +- Update Requires version of tpm2-tss to 2.0.0 +- Remove BuildRequires for tcti-abrmd since it is optional +- Remove BuildRequires for tcti-{device,mssim} as it is now dynamically loaded +- Update to 3.1.0 release + +* Mon Apr 30 2018 Javier Martinez Canillas - 3.0.4-1 +- Update URLs to point to the new project location +- Update to 3.0.4 release + +* Wed Feb 21 2018 Javier Martinez Canillas - 3.0.3-3 +- Remove ExclusiveArch: x86_64 directive + +* Fri Feb 09 2018 Fedora Release Engineering - 3.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 16 2018 Javier Martinez Canillas - 3.0.3-1 +- Update to 3.0.3 release + +* Mon Dec 18 2017 Javier Martinez Canillas - 3.0.2-1 +- Update to 3.0.2 release + +* Tue Dec 12 2017 Javier Martinez Canillas - 3.0.1-1 +- Update to 3.0.1 release (RHBZ#1512743) +- Download the generated tarball provided instead of the source code tarball + +* Fri Dec 08 2017 Javier Martinez Canillas - 3.0-1 +- Update to 3.0 release + +* Wed Nov 29 2017 Javier Martinez Canillas - 3.0-0.1.rc1 +- Update to 3.0 release candidate 1 +- Update URLs to point to the new project location +- Make the package to obsolete version 2.1.1 + +* Wed Nov 01 2017 Javier Martinez Canillas - 2.1.1-1 +- Rename remaining tpm2.0-tools prefixes to tpm2-tools +- Remove global pkg_prefix since now the upstream repo and package names match +- Remove downstream patches since now these are in the latest upstream release +- Update to 2.1.1 release (RHBZ#1504438) + +* Thu Oct 19 2017 Jerry Snitselaar - 2.1.0-7 +- Clean up potential memleak (RHBZ#1503959) + +* Thu Oct 05 2017 Javier Martinez Canillas - 2.1.0-6 +- Add tpm2-abrmd-devel BuildRequires so tools have abrmd support (RHBZ#1498909) + +* Fri Aug 18 2017 Javier Martinez Canillas - 2.1.0-5 +- Remove unneeded source tarballs (RHBZ#1482830) + +* Tue Aug 15 2017 Sun Yunying - 2.1.0-4 +- Add patch to fix build error when openssl-devel is installed(RHBZ#1481236) + +* Thu Aug 03 2017 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Sun Yunying - 2.1.0-2 +- Add patch to fix gcc7 complaining about implicit-fallthrough cases + +* Fri Jul 28 2017 Sun Yunying - 2.1.0-1 +- Update to latest upstream release 2.1.0 + +* Fri Jul 28 2017 Sun Yunying - 1.1.0-9 +- Update Requires dependency so that tpm2-tss update won't break tpm2-tools + +* Thu Jul 27 2017 Fedora Release Engineering - 1.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed May 10 2017 Sun Yunying - 1.1.0-7 +- Only update release version to make fedpkg build works for f26 + +* Wed Mar 1 2017 Sun Yunying - 1.1.0-6 +- Update tpm2-tss version to 1.0-3 to fix broken dependency on f26 + +* Sat Feb 11 2017 Fedora Release Engineering - 1.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 20 2017 Sun Yunying - 1.1.0-4 +- Dependency check failed for Requires again, here to fix this +- Update release version and changelog + +* Thu Jan 19 2017 Sun Yunying - 1.1.0-3 +- Change spec file permission to 644 to avoid rpmlint complain +- Update Requires to fix dependency check error reported in Bodhi +- Remove tpm2-tss-devel version in BuildRequires comment +- Update release version and changelog + +* Wed Dec 21 2016 Sun Yunying - 1.1.0-2 +- Remove pkg_version to avoid dupliate use of version +- Remove redundant BuildRequires for autoconf/automake/pkgconfig +- Add comments for BuildRequires of sapi/tcti-device/tcti-socket +- Use ExclusiveArch instead of ExcludeArch +- Requires tpm2-tss version updated to 1.0-2 +- Updated release version and changelog + +* Fri Dec 2 2016 Sun Yunying - 1.1.0-1 +- Initial version of the package