diff options
| author | Kristian Klausen <kristian@klausen.dk> | 2021-10-02 20:37:38 +0200 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2021-10-18 21:50:13 -0700 |
| commit | 01bdc2918cfe74da7d6615711d5544b505429ddc (patch) | |
| tree | 8c66eed72f83500b20426e77cf97b808628afb3a | |
| parent | a85fbe980e5bc6acb50c0b2d520e65b98c7b3cd9 (diff) | |
| download | meta-security-01bdc2918cfe74da7d6615711d5544b505429ddc.tar.gz | |
swtpm: update to 0.6.1
swtpm no longer depends on Python[1] so the dependencies have been
removed.
"inherit perlnative" has been added due to (in oe-core):
deda455b3c ("bitbake.conf: drop pod2man from hosttools")
Some leftover dependencies have also been removed, ex: tpm-tools
required in the past by swtpm_setup.sh (<0.4.0)[2].
[1] https://github.com/stefanberger/swtpm/issues/437
[2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda38f65bf61aff19508
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb | 12 | ||||
| -rw-r--r-- | meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb (renamed from meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb) | 23 |
2 files changed, 14 insertions, 21 deletions
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb index 644f3ac..bb93374 100644 --- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb +++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" | 1 | SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" |
| 2 | LICENSE = "MIT" | 2 | LICENSE = "MIT" |
| 3 | DEPENDS = "swtpm-native tpm-tools-native net-tools-native" | 3 | DEPENDS = "swtpm-native" |
| 4 | 4 | ||
| 5 | inherit native | 5 | inherit native |
| 6 | 6 | ||
| @@ -14,23 +14,19 @@ do_create_wrapper () { | |||
| 14 | for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do | 14 | for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do |
| 15 | exe=`basename $i` | 15 | exe=`basename $i` |
| 16 | case $exe in | 16 | case $exe in |
| 17 | swtpm_setup.sh) | 17 | swtpm_setup) |
| 18 | cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF | 18 | cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF |
| 19 | #! /bin/sh | 19 | #! /bin/sh |
| 20 | # | 20 | # |
| 21 | # Wrapper around swtpm_setup.sh which adds parameters required to | 21 | # Wrapper around swtpm_setup which adds parameters required to |
| 22 | # run the setup as non-root directly from the native sysroot. | 22 | # run the setup as non-root directly from the native sysroot. |
| 23 | 23 | ||
| 24 | PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" | 24 | PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" |
| 25 | export PATH | 25 | export PATH |
| 26 | 26 | ||
| 27 | # tcsd only allows to be run as root or tss. Pretend to be root... | 27 | exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" |
| 28 | exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" | ||
| 29 | EOF | 28 | EOF |
| 30 | ;; | 29 | ;; |
| 31 | swtpm_setup) | ||
| 32 | true | ||
| 33 | ;; | ||
| 34 | *) | 30 | *) |
| 35 | cat >${WORKDIR}/${exe}_oe.sh <<EOF | 31 | cat >${WORKDIR}/${exe}_oe.sh <<EOF |
| 36 | #! /bin/sh | 32 | #! /bin/sh |
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb index 912e939..c7fc131 100644 --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | |||
| @@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause" | |||
| 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" | 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" |
| 4 | SECTION = "apps" | 4 | SECTION = "apps" |
| 5 | 5 | ||
| 6 | DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native" | 6 | # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests |
| 7 | DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" | ||
| 7 | 8 | ||
| 8 | # configure checks for the tools already during compilation and | 9 | SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1" |
| 9 | # then swtpm_setup needs them at runtime | 10 | SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \ |
| 10 | DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native" | ||
| 11 | |||
| 12 | SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464" | ||
| 13 | SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \ | ||
| 14 | file://ioctl_h.patch \ | 11 | file://ioctl_h.patch \ |
| 15 | file://oe_configure.patch \ | 12 | file://oe_configure.patch \ |
| 16 | " | 13 | " |
| @@ -19,7 +16,7 @@ PE = "1" | |||
| 19 | S = "${WORKDIR}/git" | 16 | S = "${WORKDIR}/git" |
| 20 | 17 | ||
| 21 | PARALLEL_MAKE = "" | 18 | PARALLEL_MAKE = "" |
| 22 | inherit autotools pkgconfig python3native | 19 | inherit autotools pkgconfig perlnative |
| 23 | 20 | ||
| 24 | TSS_USER="tss" | 21 | TSS_USER="tss" |
| 25 | TSS_GROUP="tss" | 22 | TSS_GROUP="tss" |
| @@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl" | |||
| 28 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" | 25 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" |
| 29 | PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" | 26 | PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" |
| 30 | PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" | 27 | PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" |
| 31 | PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" | 28 | # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is |
| 29 | # used by swtpm-create-tpmca (the last two is provided by gnutls) | ||
| 30 | # gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert | ||
| 31 | PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools" | ||
| 32 | PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" | 32 | PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" |
| 33 | PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" | 33 | PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" |
| 34 | PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" | 34 | PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" |
| @@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \ | |||
| 41 | --no-create-home --shell /bin/false ${BPN}" | 41 | --no-create-home --shell /bin/false ${BPN}" |
| 42 | 42 | ||
| 43 | 43 | ||
| 44 | PACKAGES =+ "${PN}-python" | ||
| 45 | FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" | ||
| 46 | |||
| 47 | PACKAGE_BEFORE_PN = "${PN}-cuse" | 44 | PACKAGE_BEFORE_PN = "${PN}-cuse" |
| 48 | FILES:${PN}-cuse = "${bindir}/swtpm_cuse" | 45 | FILES:${PN}-cuse = "${bindir}/swtpm_cuse" |
| 49 | 46 | ||
| 50 | INSANE_SKIP:${PN} += "dev-so" | 47 | INSANE_SKIP:${PN} += "dev-so" |
| 51 | 48 | ||
| 52 | RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted" | 49 | RDEPENDS:${PN} = "libtpm" |
| 53 | 50 | ||
| 54 | BBCLASSEXTEND = "native nativesdk" | 51 | BBCLASSEXTEND = "native nativesdk" |