recipes-tpm: use this for common tpm recipes

a bit of re-org Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2023-04-26 09:56:38 -0400
committer: Armin Kuster <akuster808@gmail.com> 2023-05-06 07:54:09 -0400
commit: 617f0af2dc7867979f75dc537e3ebeb2f937efc8 (patch)
tree: 9d4c4fee9059b8c3f757cc4918f37ebe4555962b /meta-tpm/recipes-tpm/swtpm
parent: 250b67fc6f9b1ab8eff52ee8227564b4c9cc5772 (diff)
download: meta-security-617f0af2dc7867979f75dc537e3ebeb2f937efc8.tar.gz
4 files changed, 196 insertions, 0 deletions
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
new file mode 100644
index 0000000..3d16431
--- /dev/null
+++ b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
@@ -0,0 +1,31 @@
+From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster@mvista.com>
+Date: Tue, 14 Mar 2017 22:59:36 -0700
+Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl
+ error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp]
+ #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/swtpm/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c
+index f16cab6..7da8606 100644
+--- a/src/swtpm/logging.c
+++ b/src/swtpm/logging.c
+@@ -45,7 +45,7 @@
+ #include <errno.h>
+ #include <string.h>
+ #include <sys/types.h>
+-#include <sys/fcntl.h>
+#include <fcntl.h>
+ #include <sys/stat.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+-- 
+2.11.0
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
new file mode 100644
index 0000000..60958f7
--- /dev/null
+++ b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -0,0 +1,66 @@
+From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@gmail.com>
+Date: Thu, 13 Oct 2016 02:03:56 -0700
+Subject: [PATCH 1/4] swtpm: add new package
+Upstream-Status: Inappropriate [OE config]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Rebased to current tip.
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+---
+ configure.ac | 34 ++++++++++------------------------
+ 1 file changed, 10 insertions(+), 24 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index abf5be1..85ed6ac 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
+ dnl We have to make sure libtpms is using the same crypto library
+ dnl to avoid problems
+ AC_MSG_CHECKING([the crypto library libtpms is using])
+-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
+-       sed -n '/SEARCH_DIR/p' | \
+-       sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \
+-       sed 's|=/|/|g')
+-for dir in $dirs $LIBRARY_PATH; do
+-  if test -r $dir/libtpms.so; then
+-    if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+-      libtpms_cryptolib="openssl"
+-      break
+-    fi
+-    if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+-      libtpms_cryptolib="freebl"
+-      break
+-    fi
+dir="$SEARCH_DIR"
+if test -r $dir/libtpms.so; then
+  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+    libtpms_cryptolib="openssl"
+    break
+   fi
+-  case $host_os in
+-  cygwin|openbsd*)
+-    if test -r $dir/libtpms.a; then
+-      if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then
+-        libtpms_cryptolib="openssl"
+-      fi
+-    fi
+-    ;;
+-  esac
+-done
+  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+    libtpms_cryptolib="freebl"
+    break
+  fi
+fi
+ 
+ if test -z "$libtpms_cryptolib"; then
+   AC_MSG_ERROR([Could not determine libtpms crypto library.])
+-- 
+2.11.0
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
new file mode 100644
index 0000000..bb93374
--- /dev/null
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -0,0 +1,49 @@
+SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
+LICENSE = "MIT"
+DEPENDS = "swtpm-native"
+inherit native
+# The whole point of the recipe is to make files available
+# for use after the build is done, so don't clean up...
+RM_WORK_EXCLUDE += "${PN}"
+do_create_wrapper () {
+    # Wrap (almost) all swtpm binaries. Some get special wrappers and some
+    # are not needed.
+    for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
+        exe=`basename $i`
+        case $exe in
+            swtpm_setup)
+                cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
+#! /bin/sh
+#
+# Wrapper around swtpm_setup which adds parameters required to
+# run the setup as non-root directly from the native sysroot.
+PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
+export PATH
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+EOF
+                ;;
+            *)
+                cat >${WORKDIR}/${exe}_oe.sh <<EOF
+#! /bin/sh
+#
+# Wrapper around $exe which makes it easier to invoke
+# the right binary.
+PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
+export PATH
+exec ${exe} "\$@"
+EOF
+                ;;
+        esac
+    done
+    chmod a+rx ${WORKDIR}/*.sh
+}
+addtask do_create_wrapper before do_build after do_prepare_recipe_sysroot
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
new file mode 100644
index 0000000..55d83f9
--- /dev/null
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
@@ -0,0 +1,50 @@
+SUMMARY = "SWTPM - Software TPM Emulator"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
+SECTION = "apps"
+# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
+DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
+SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
+           "
+PE = "1"
+S = "${WORKDIR}/git"
+PARALLEL_MAKE = ""
+inherit autotools pkgconfig perlnative
+TSS_USER="tss"
+TSS_GROUP="tss"
+PACKAGECONFIG ?= "openssl gnutls"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools"
+PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
+PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
+PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
+EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system ${TSS_USER}"
+USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir  \
+    --no-create-home  --shell /bin/false ${BPN}"
+PACKAGE_BEFORE_PN = "${PN}-cuse"
+FILES:${PN}-cuse = "${bindir}/swtpm_cuse"
+INSANE_SKIP:${PN}   += "dev-so"
+RDEPENDS:${PN} = "libtpm"
+BBCLASSEXTEND = "native nativesdk"
author	Armin Kuster <akuster808@gmail.com>	2023-04-26 09:56:38 -0400
committer	Armin Kuster <akuster808@gmail.com>	2023-05-06 07:54:09 -0400
commit	617f0af2dc7867979f75dc537e3ebeb2f937efc8 (patch)
tree	9d4c4fee9059b8c3f757cc4918f37ebe4555962b /meta-tpm/recipes-tpm/swtpm
parent	250b67fc6f9b1ab8eff52ee8227564b4c9cc5772 (diff)
download	meta-security-617f0af2dc7867979f75dc537e3ebeb2f937efc8.tar.gz

diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch new file mode 100644 index 0000000..3d16431 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
@@ -0,0 +1,31 @@
	1	From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001
	2	From: Armin Kuster <akuster@mvista.com>
	3	Date: Tue, 14 Mar 2017 22:59:36 -0700
	4	Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl
	5
	6	error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp]
	7	#warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.
	8
	9	Upstream-Status: Pending
	10	Signed-off-by: Armin Kuster <akuster@mvista.com>
	11
	12	---
	13	src/swtpm/logging.c \| 2 +-
	14	1 file changed, 1 insertion(+), 1 deletion(-)
	15
	16	diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c
	17	index f16cab6..7da8606 100644
	18	--- a/src/swtpm/logging.c
	19	+++ b/src/swtpm/logging.c
	20	@@ -45,7 +45,7 @@
	21	#include <errno.h>
	22	#include <string.h>
	23	#include <sys/types.h>
	24	-#include <sys/fcntl.h>
	25	+#include <fcntl.h>
	26	#include <sys/stat.h>
	27	#include <stdio.h>
	28	#include <stdlib.h>
	29	--
	30	2.11.0
	31


diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch new file mode 100644 index 0000000..60958f7 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -0,0 +1,66 @@
	1	From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001
	2	From: Armin Kuster <akuster808@gmail.com>
	3	Date: Thu, 13 Oct 2016 02:03:56 -0700
	4	Subject: [PATCH 1/4] swtpm: add new package
	5
	6	Upstream-Status: Inappropriate [OE config]
	7
	8	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	9
	10	Rebased to current tip.
	11
	12	Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
	13
	14	---
	15	configure.ac \| 34 ++++++++++------------------------
	16	1 file changed, 10 insertions(+), 24 deletions(-)
	17
	18	diff --git a/configure.ac b/configure.ac
	19	index abf5be1..85ed6ac 100644
	20	--- a/configure.ac
	21	+++ b/configure.ac
	22	@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
	23	dnl We have to make sure libtpms is using the same crypto library
	24	dnl to avoid problems
	25	AC_MSG_CHECKING([the crypto library libtpms is using])
	26	-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null \| \
	27	- sed -n '/SEARCH_DIR/p' \| \
	28	- sed 's/SEARCH_DIR("\(@<:@^"@:>@\)"); /\1 /g' \| \
	29	- sed 's\|=/\|/\|g')
	30	-for dir in $dirs $LIBRARY_PATH; do
	31	- if test -r $dir/libtpms.so; then
	32	- if test -n "`ldd $dir/libtpms.so \| grep libcrypto.so`"; then
	33	- libtpms_cryptolib="openssl"
	34	- break
	35	- fi
	36	- if test -n "`ldd $dir/libtpms.so \| grep libnss3.so`"; then
	37	- libtpms_cryptolib="freebl"
	38	- break
	39	- fi
	40	+dir="$SEARCH_DIR"
	41	+if test -r $dir/libtpms.so; then
	42	+ if test -n "`ldd $dir/libtpms.so \| grep libcrypto.so`"; then
	43	+ libtpms_cryptolib="openssl"
	44	+ break
	45	fi
	46	- case $host_os in
	47	- cygwin\|openbsd*)
	48	- if test -r $dir/libtpms.a; then
	49	- if test -n "$(nm $dir/libtpms.a \| grep "U AES_encrypt")"; then
	50	- libtpms_cryptolib="openssl"
	51	- fi
	52	- fi
	53	- ;;
	54	- esac
	55	-done
	56	+ if test -n "`ldd $dir/libtpms.so \| grep libnss3.so`"; then
	57	+ libtpms_cryptolib="freebl"
	58	+ break
	59	+ fi
	60	+fi
	61
	62	if test -z "$libtpms_cryptolib"; then
	63	AC_MSG_ERROR([Could not determine libtpms crypto library.])
	64	--
	65	2.11.0
	66


diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb new file mode 100644 index 0000000..bb93374 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -0,0 +1,49 @@
	1	SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
	2	LICENSE = "MIT"
	3	DEPENDS = "swtpm-native"
	4
	5	inherit native
	6
	7	# The whole point of the recipe is to make files available
	8	# for use after the build is done, so don't clean up...
	9	RM_WORK_EXCLUDE += "${PN}"
	10
	11	do_create_wrapper () {
	12	# Wrap (almost) all swtpm binaries. Some get special wrappers and some
	13	# are not needed.
	14	for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
	15	exe=`basename $i`
	16	case $exe in
	17	swtpm_setup)
	18	cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
	19	#! /bin/sh
	20	#
	21	# Wrapper around swtpm_setup which adds parameters required to
	22	# run the setup as non-root directly from the native sysroot.
	23
	24	PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
	25	export PATH
	26
	27	exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
	28	EOF
	29	;;
	30	*)
	31	cat >${WORKDIR}/${exe}_oe.sh <<EOF
	32	#! /bin/sh
	33	#
	34	# Wrapper around $exe which makes it easier to invoke
	35	# the right binary.
	36
	37	PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
	38	export PATH
	39
	40	exec ${exe} "\$@"
	41	EOF
	42	;;
	43	esac
	44	done
	45
	46	chmod a+rx ${WORKDIR}/*.sh
	47	}
	48
	49	addtask do_create_wrapper before do_build after do_prepare_recipe_sysroot


diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb new file mode 100644 index 0000000..55d83f9 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
@@ -0,0 +1,50 @@
	1	SUMMARY = "SWTPM - Software TPM Emulator"
	2	LICENSE = "BSD-3-Clause"
	3	LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
	4	SECTION = "apps"
	5
	6	# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
	7	DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
	8
	9	SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53"
	10	SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
	11	"
	12	PE = "1"
	13
	14	S = "${WORKDIR}/git"
	15
	16	PARALLEL_MAKE = ""
	17	inherit autotools pkgconfig perlnative
	18
	19	TSS_USER="tss"
	20	TSS_GROUP="tss"
	21
	22	PACKAGECONFIG ?= "openssl gnutls"
	23	PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
	24	PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
	25	PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
	26	PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
	27	# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
	28	# used by swtpm-create-tpmca (the last two is provided by gnutls)
	29	# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
	30	PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools"
	31	PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
	32	PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
	33	PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
	34
	35	EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
	36
	37	USERADD_PACKAGES = "${PN}"
	38	GROUPADD_PARAM:${PN} = "--system ${TSS_USER}"
	39	USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \
	40	--no-create-home --shell /bin/false ${BPN}"
	41
	42
	43	PACKAGE_BEFORE_PN = "${PN}-cuse"
	44	FILES:${PN}-cuse = "${bindir}/swtpm_cuse"
	45
	46	INSANE_SKIP:${PN} += "dev-so"
	47
	48	RDEPENDS:${PN} = "libtpm"
	49
	50	BBCLASSEXTEND = "native nativesdk"