diff options
author | Armin Kuster <akuster808@gmail.com> | 2023-04-26 09:56:38 -0400 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-05-06 07:54:09 -0400 |
commit | 617f0af2dc7867979f75dc537e3ebeb2f937efc8 (patch) | |
tree | 9d4c4fee9059b8c3f757cc4918f37ebe4555962b /meta-tpm/recipes-tpm/swtpm | |
parent | 250b67fc6f9b1ab8eff52ee8227564b4c9cc5772 (diff) | |
download | meta-security-617f0af2dc7867979f75dc537e3ebeb2f937efc8.tar.gz |
recipes-tpm: use this for common tpm recipes
a bit of re-org
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-tpm/recipes-tpm/swtpm')
-rw-r--r-- | meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch | 31 | ||||
-rw-r--r-- | meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch | 66 | ||||
-rw-r--r-- | meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb | 49 | ||||
-rw-r--r-- | meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb | 50 |
4 files changed, 196 insertions, 0 deletions
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch new file mode 100644 index 0000000..3d16431 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001 | ||
2 | From: Armin Kuster <akuster@mvista.com> | ||
3 | Date: Tue, 14 Mar 2017 22:59:36 -0700 | ||
4 | Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl | ||
5 | |||
6 | error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp] | ||
7 | #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl. | ||
8 | |||
9 | Upstream-Status: Pending | ||
10 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
11 | |||
12 | --- | ||
13 | src/swtpm/logging.c | 2 +- | ||
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c | ||
17 | index f16cab6..7da8606 100644 | ||
18 | --- a/src/swtpm/logging.c | ||
19 | +++ b/src/swtpm/logging.c | ||
20 | @@ -45,7 +45,7 @@ | ||
21 | #include <errno.h> | ||
22 | #include <string.h> | ||
23 | #include <sys/types.h> | ||
24 | -#include <sys/fcntl.h> | ||
25 | +#include <fcntl.h> | ||
26 | #include <sys/stat.h> | ||
27 | #include <stdio.h> | ||
28 | #include <stdlib.h> | ||
29 | -- | ||
30 | 2.11.0 | ||
31 | |||
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch new file mode 100644 index 0000000..60958f7 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001 | ||
2 | From: Armin Kuster <akuster808@gmail.com> | ||
3 | Date: Thu, 13 Oct 2016 02:03:56 -0700 | ||
4 | Subject: [PATCH 1/4] swtpm: add new package | ||
5 | |||
6 | Upstream-Status: Inappropriate [OE config] | ||
7 | |||
8 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
9 | |||
10 | Rebased to current tip. | ||
11 | |||
12 | Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> | ||
13 | |||
14 | --- | ||
15 | configure.ac | 34 ++++++++++------------------------ | ||
16 | 1 file changed, 10 insertions(+), 24 deletions(-) | ||
17 | |||
18 | diff --git a/configure.ac b/configure.ac | ||
19 | index abf5be1..85ed6ac 100644 | ||
20 | --- a/configure.ac | ||
21 | +++ b/configure.ac | ||
22 | @@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security" | ||
23 | dnl We have to make sure libtpms is using the same crypto library | ||
24 | dnl to avoid problems | ||
25 | AC_MSG_CHECKING([the crypto library libtpms is using]) | ||
26 | -dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \ | ||
27 | - sed -n '/SEARCH_DIR/p' | \ | ||
28 | - sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \ | ||
29 | - sed 's|=/|/|g') | ||
30 | -for dir in $dirs $LIBRARY_PATH; do | ||
31 | - if test -r $dir/libtpms.so; then | ||
32 | - if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then | ||
33 | - libtpms_cryptolib="openssl" | ||
34 | - break | ||
35 | - fi | ||
36 | - if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then | ||
37 | - libtpms_cryptolib="freebl" | ||
38 | - break | ||
39 | - fi | ||
40 | +dir="$SEARCH_DIR" | ||
41 | +if test -r $dir/libtpms.so; then | ||
42 | + if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then | ||
43 | + libtpms_cryptolib="openssl" | ||
44 | + break | ||
45 | fi | ||
46 | - case $host_os in | ||
47 | - cygwin|openbsd*) | ||
48 | - if test -r $dir/libtpms.a; then | ||
49 | - if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then | ||
50 | - libtpms_cryptolib="openssl" | ||
51 | - fi | ||
52 | - fi | ||
53 | - ;; | ||
54 | - esac | ||
55 | -done | ||
56 | + if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then | ||
57 | + libtpms_cryptolib="freebl" | ||
58 | + break | ||
59 | + fi | ||
60 | +fi | ||
61 | |||
62 | if test -z "$libtpms_cryptolib"; then | ||
63 | AC_MSG_ERROR([Could not determine libtpms crypto library.]) | ||
64 | -- | ||
65 | 2.11.0 | ||
66 | |||
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb new file mode 100644 index 0000000..bb93374 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb | |||
@@ -0,0 +1,49 @@ | |||
1 | SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" | ||
2 | LICENSE = "MIT" | ||
3 | DEPENDS = "swtpm-native" | ||
4 | |||
5 | inherit native | ||
6 | |||
7 | # The whole point of the recipe is to make files available | ||
8 | # for use after the build is done, so don't clean up... | ||
9 | RM_WORK_EXCLUDE += "${PN}" | ||
10 | |||
11 | do_create_wrapper () { | ||
12 | # Wrap (almost) all swtpm binaries. Some get special wrappers and some | ||
13 | # are not needed. | ||
14 | for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do | ||
15 | exe=`basename $i` | ||
16 | case $exe in | ||
17 | swtpm_setup) | ||
18 | cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF | ||
19 | #! /bin/sh | ||
20 | # | ||
21 | # Wrapper around swtpm_setup which adds parameters required to | ||
22 | # run the setup as non-root directly from the native sysroot. | ||
23 | |||
24 | PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" | ||
25 | export PATH | ||
26 | |||
27 | exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" | ||
28 | EOF | ||
29 | ;; | ||
30 | *) | ||
31 | cat >${WORKDIR}/${exe}_oe.sh <<EOF | ||
32 | #! /bin/sh | ||
33 | # | ||
34 | # Wrapper around $exe which makes it easier to invoke | ||
35 | # the right binary. | ||
36 | |||
37 | PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" | ||
38 | export PATH | ||
39 | |||
40 | exec ${exe} "\$@" | ||
41 | EOF | ||
42 | ;; | ||
43 | esac | ||
44 | done | ||
45 | |||
46 | chmod a+rx ${WORKDIR}/*.sh | ||
47 | } | ||
48 | |||
49 | addtask do_create_wrapper before do_build after do_prepare_recipe_sysroot | ||
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb new file mode 100644 index 0000000..55d83f9 --- /dev/null +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb | |||
@@ -0,0 +1,50 @@ | |||
1 | SUMMARY = "SWTPM - Software TPM Emulator" | ||
2 | LICENSE = "BSD-3-Clause" | ||
3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" | ||
4 | SECTION = "apps" | ||
5 | |||
6 | # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests | ||
7 | DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" | ||
8 | |||
9 | SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53" | ||
10 | SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \ | ||
11 | " | ||
12 | PE = "1" | ||
13 | |||
14 | S = "${WORKDIR}/git" | ||
15 | |||
16 | PARALLEL_MAKE = "" | ||
17 | inherit autotools pkgconfig perlnative | ||
18 | |||
19 | TSS_USER="tss" | ||
20 | TSS_GROUP="tss" | ||
21 | |||
22 | PACKAGECONFIG ?= "openssl gnutls" | ||
23 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" | ||
24 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}" | ||
25 | PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" | ||
26 | PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" | ||
27 | # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is | ||
28 | # used by swtpm-create-tpmca (the last two is provided by gnutls) | ||
29 | # gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert | ||
30 | PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools" | ||
31 | PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" | ||
32 | PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" | ||
33 | PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" | ||
34 | |||
35 | EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" | ||
36 | |||
37 | USERADD_PACKAGES = "${PN}" | ||
38 | GROUPADD_PARAM:${PN} = "--system ${TSS_USER}" | ||
39 | USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \ | ||
40 | --no-create-home --shell /bin/false ${BPN}" | ||
41 | |||
42 | |||
43 | PACKAGE_BEFORE_PN = "${PN}-cuse" | ||
44 | FILES:${PN}-cuse = "${bindir}/swtpm_cuse" | ||
45 | |||
46 | INSANE_SKIP:${PN} += "dev-so" | ||
47 | |||
48 | RDEPENDS:${PN} = "libtpm" | ||
49 | |||
50 | BBCLASSEXTEND = "native nativesdk" | ||