From: "Quentin Retornaz" <gentoo@retornaz.com>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/proj/libressl:master commit in: app-crypt/tpm2-tss/, app-crypt/tpm2-tss/files/
Date: Tue, 5 Jul 2022 21:19:29 +0000 (UTC) [thread overview]
Message-ID: <1657055925.0df6c8964f4fe0fff2aac033e5f1622be55a4cfe.quentin@gentoo> (raw)
commit: 0df6c8964f4fe0fff2aac033e5f1622be55a4cfe
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Jul 5 07:01:35 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Tue Jul 5 21:18:45 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=0df6c896
app-crypt/tpm2-tss: Add package
Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
app-crypt/tpm2-tss/Manifest | 1 +
...1.0-Dont-run-systemd-sysusers-in-Makefile.patch | 29 ++++++
.../tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch | 84 +++++++++++++++++
app-crypt/tpm2-tss/metadata.xml | 20 +++++
app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild | 100 +++++++++++++++++++++
5 files changed, 234 insertions(+)
diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest
new file mode 100644
index 0000000..fbe1511
--- /dev/null
+++ b/app-crypt/tpm2-tss/Manifest
@@ -0,0 +1 @@
+DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch
new file mode 100644
index 0000000..b66b6e7
--- /dev/null
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch
@@ -0,0 +1,29 @@
+diff --git a/Makefile.am b/Makefile.am
+index 183289f7..c791896c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -689,24 +689,6 @@ endif #FAPI
+ EXTRA_DIST += dist/tpm-udev.rules
+
+ install-dirs:
+-if HOSTOS_LINUX
+-if SYSD_SYSUSERS
+- @echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf"
+- @systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group"
+-else
+- @echo "call make_tss_user_and_group"
+- @$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group"
+-endif
+-if SYSD_TMPFILES
+- @echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf"
+- @systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions"
+-else
+- @echo "(call make_fapi_dirs) && (call set_fapi_permissions)"
+- @-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions"
+-endif
+- @echo "call check_fapi_dirs"
+- @$(call check_fapi_dirs)
+-endif
+
+ install-data-hook: install-dirs
+ -if [ ! -z "$(udevrulesprefix)" ]; then \
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
new file mode 100644
index 0000000..211424c
--- /dev/null
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
@@ -0,0 +1,84 @@
+Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
+
+From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Mon, 4 Jul 2022 23:55:18 -0700
+Subject: [PATCH] Support LibreSSL
+
+This works with LibreSSL 3.5.x.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++---
+ src/tss2-fapi/fapi_crypto.c | 4 ++--
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
+index 89d312f70..961d7707f 100644
+--- a/src/tss2-esys/esys_crypto_ossl.c
++++ b/src/tss2-esys/esys_crypto_ossl.c
+@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,
+ "Error EVP_MD_CTX_create", cleanup);
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10101000L
++#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER)
+ if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
+ #else
+ /* this is preferred, but available since OpenSSL 1.1.1 only */
+@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(
+ int rc;
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ const RAND_METHOD *rand_save = RAND_get_rand_method();
++#ifdef LIBRESSL_VERSION_NUMBER
++ RAND_set_rand_method(RAND_SSLeay());
++#else
+ RAND_set_rand_method(RAND_OpenSSL());
++#endif
+ #else
+ OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
+ if (!libctx)
+@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+ RSA *rsa_key = NULL;
+ const EVP_MD * hashAlg = NULL;
+ const RAND_METHOD *rand_save = RAND_get_rand_method();
+-
++#ifdef LIBRESSL_VERSION_NUMBER
++ RAND_set_rand_method(RAND_SSLeay());
++#else
+ RAND_set_rand_method(RAND_OpenSSL());
++#endif
+ #else
+ OSSL_LIB_CTX *libctx = NULL;
+ EVP_MD * hashAlg = NULL;
+@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
+ curveId = NID_secp521r1;
+ key_size = 66;
+ break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ case TPM2_ECC_SM2_P256:
+ curveId = NID_sm2;
+ key_size = 32;
+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
+index 2fe37c0c4..c1563237a 100644
+--- a/src/tss2-fapi/fapi_crypto.c
++++ b/src/tss2-fapi/fapi_crypto.c
+@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey)
+ case TPM2_ECC_NIST_P521:
+ curveId = NID_secp521r1;
+ break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ case TPM2_ECC_SM2_P256:
+ curveId = NID_sm2;
+ break;
+@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(
+ case NID_secp521r1:
+ tpmCurveId = TPM2_ECC_NIST_P521;
+ break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ case NID_sm2:
+ tpmCurveId = TPM2_ECC_SM2_P256;
+ break;
diff --git a/app-crypt/tpm2-tss/metadata.xml b/app-crypt/tpm2-tss/metadata.xml
new file mode 100644
index 0000000..0a726fa
--- /dev/null
+++ b/app-crypt/tpm2-tss/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person" proxied="yes">
+ <email>salah.coronya@gmail.com</email>
+ <name>Christopher Byrne</name>
+ </maintainer>
+ <maintainer type="project" proxied="proxy">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="fapi">Enable feature API (requires openssl as crypto backend)</flag>
+ <flag name="mbedtls">Use <pkg>net-libs/mbedtls</pkg> as crypto engine</flag>
+ <flag name="openssl">Use <pkg>dev-libs/openssl</pkg> as crypto engine</flag>
+ </use>
+ <upstream>
+ <remote-id type="github">tpm2-software/tpm2-tss</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild
new file mode 100644
index 0000000..bc8875b
--- /dev/null
+++ b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info multilib-minimal tmpfiles udev
+
+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss"
+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0/3"
+KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
+IUSE="doc +fapi +openssl mbedtls static-libs test"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( mbedtls openssl )
+ fapi? ( openssl !mbedtls )"
+
+RDEPEND="acct-group/tss
+ acct-user/tss
+ fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}]
+ >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] )
+ mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] )
+ openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )"
+
+DEPEND="${RDEPEND}
+ test? ( app-crypt/swtpm
+ dev-libs/uthash
+ dev-util/cmocka
+ fapi? ( >=net-misc/curl-7.80.0 ) )"
+BDEPEND="sys-apps/acl
+ virtual/pkgconfig
+ doc? ( app-doc/doxygen )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch"
+ "${FILESDIR}/${P}-libressl.patch"
+)
+
+pkg_setup() {
+ local CONFIG_CHECK=" \
+ ~TCG_TPM
+ "
+ linux-info_pkg_setup
+ kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required"
+}
+
+src_prepare() {
+ default
+
+ # See bug #833887 (and similar); eautoreconf means .pc file gets wrong version.
+ sed -i \
+ "s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \
+ "configure.ac" || die
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ ECONF_SOURCE=${S} econf \
+ --localstatedir=/var \
+ $(use_enable doc doxygen-doc) \
+ $(use_enable fapi) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_enable test unit) \
+ $(multilib_native_use_enable test integration) \
+ $(multilib_native_use_enable test self-generated-certificate) \
+ --disable-tcti-libtpms \
+ --disable-defaultflags \
+ --disable-weakcrypto \
+ --with-crypto="$(usex mbedtls mbed ossl)" \
+ --with-runstatedir=/run \
+ --with-udevrulesdir="$(get_udevdir)/rules.d" \
+ --with-udevrulesprefix=60- \
+ --with-sysusersdir="/usr/lib/sysusers.d" \
+ --with-tmpfilesdir="/usr/lib/tmpfiles.d"
+}
+
+multilib_src_install() {
+ default
+
+ if [[ ${PV} != $(sed -n -e 's/^Version: //p' "${ED}/usr/$(get_libdir)/pkgconfig/tss2-sys.pc" || die) ]] ; then
+ # Safeguard for bug #833887
+ die "pkg-config file version doesn't match ${PV}! Please report a bug!"
+ fi
+
+ find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ tmpfiles_process tpm2-tss-fapi.conf
+ udev_reload
+}
+
+pkg_postrm() {
+ udev_reload
+}
next reply other threads:[~2022-07-05 21:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-05 21:19 Quentin Retornaz [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-04-15 0:49 [gentoo-commits] repo/proj/libressl:master commit in: app-crypt/tpm2-tss/, app-crypt/tpm2-tss/files/ orbea
2023-06-28 1:12 orbea
2023-06-28 1:12 orbea
2024-11-11 20:16 orbea
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1657055925.0df6c8964f4fe0fff2aac033e5f1622be55a4cfe.quentin@gentoo \
--to=gentoo@retornaz.com \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox