From 8edd4a48a39640822abe6ddb7b2a1d5b2da4ea70 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 8 Mar 2024 19:07:58 +0000 Subject: gentoo auto-resync : 08:03:2024 - 19:07:58 --- app-crypt/Manifest.gz | Bin 24803 -> 24802 bytes app-crypt/tpm2-tss/Manifest | 2 + ...sider-failures-to-write-files-in-sys-hard.patch | 27 +++++ app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild | 109 +++++++++++++++++++++ 4 files changed, 138 insertions(+) create mode 100644 app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch create mode 100644 app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild (limited to 'app-crypt') diff --git a/app-crypt/Manifest.gz b/app-crypt/Manifest.gz index 6a967e71d0cf..8d82a224de06 100644 Binary files a/app-crypt/Manifest.gz and b/app-crypt/Manifest.gz differ diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest index 394e51c9421e..a62b3cd1e086 100644 --- a/app-crypt/tpm2-tss/Manifest +++ b/app-crypt/tpm2-tss/Manifest @@ -1,5 +1,7 @@ AUX tpm2-tss-4.0.0-Dont-install-files-into-run.patch 880 BLAKE2B 8ae9b55e853dcd117730eebc274252ea7afc4e3e415eafb21d3994690687cc9daa796a97536597da8cbfc4f54567cbb678fe61ba4eb4fdc1dee6d851d472efa3 SHA512 811dd1d2597557cf9fd08d7231cd5f48a8dd9dc76adf33bc4a0ee978dc8973fc5309bdc7386cbd9878b78dba1b4a8ecf9c2e2f856c887b141a423f0d94e3244e +AUX tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch 1493 BLAKE2B 4e22a79f54758295905625ce907ee1d718ec8ab34e1917f376c2e318beabbcd424588458bb0360757d8027b87ca7fb14279585fb35e29a7bd53d7eb3fdb43c99 SHA512 f4badedc611e9903daa034306c6cca3b0a3f3ed56350af18f48586c67ffba9f4b5cc8784e4d008b123b885c33b7a3fbfd1c5bc846aa35ab648cd48be3476deb1 AUX tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch 1814 BLAKE2B 259a2b4618eeaf34228a07d6e9479658e04b7e36affa6d8d894563014a3f9ba571f1676623b744c1158ceb2fd738fe627fad76014b1893471a9467da41847f2e SHA512 78f1f6d5a448f29fd5dfbfadfb1913464d8e55eabebc9c0eca16c70031bcee9198742b1567eba2bae444cf11e32bea3c3663db155eb1e8da750ba8bb78d725c0 DIST tpm2-tss-4.0.1.tar.gz 1787139 BLAKE2B 627cdefeff6c64148f9da1425922a0a7a72debcee4930ffab208a3b9b66127c2d4f923e3e105bfd45410cdb13c19cb40cc15a720e9a05dd32ff622dabf5fcc32 SHA512 ed6ddc52cb0e8c1082a4bb001e1225eb9905fd2380da88db5fd69ff5b5d9d43a93eb67b634e49d53eb5d586832da3aef2c4c7e5f18d51bb730481f8913319d7d +EBUILD tpm2-tss-4.0.1-r1.ebuild 2588 BLAKE2B b9a58449aa540dd800e5453091c464edeba60987e0119044cf0caccfbb14ef7d15c7fc28ee27d45d80044f4b6d4df9c56cbead18fffd4819afd53dde921692f0 SHA512 bad17cc8511c05ff8295c1812ac78f48c097563efe2224d9bcf6d3f1cd131149571596f1fc47a7423ee10b88b7221ae8f52bbe05a01ab402369a66ba0a8e62d5 EBUILD tpm2-tss-4.0.1.ebuild 2492 BLAKE2B a31affba60e4b53ba69ba9bc3dece3bfca550cad98eb21d5cabb4b24e427b321fdb4104cabe6676e8128719d1e0dbf8992ad778df025f2709aefe078e01c3458 SHA512 502461ec7f03aba7d346ede6db2b0f365f16c5e37d4272f27467f62d84c09c12258994f22733f33e3869fa90fefe1fb2e3004e4ec38e5276a67f1ada32442749 MISC metadata.xml 835 BLAKE2B 58fcbb63b8fd77dd42f081e060cec1fc5593d13ad9237bd644462fd839a1fea9936342d5339a3ec8d339106ca6074c73ac31e7546feb0f1c5f0f212b21831d8a SHA512 941bfce986619b387410d49fe046218a388243c257a3164293033f8ebb4e2d64d7ff06d35dd4ef770a9e9194035839d68dcf1f00edbe439272c2e9c01ecb3c6b diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch new file mode 100644 index 000000000000..83f123ffdc52 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch @@ -0,0 +1,27 @@ +From 0632885d08917092ffc8d98febd158745a74465a Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 4 Aug 2023 16:07:52 +0200 +Subject: [PATCH] Do not consider failures to write files in /sys hard errors + +systemd-tmpfiles can run in containers, chroots, ... where writing to /sys will fail, so let's suffix these lines with "-" to avoid considering these cases hard errors. + +Signed-off-by: Daan De Meyer +--- + dist/tmpfiles.d/tpm2-tss-fapi.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +index 7ea3c652..51ff78e5 100644 +--- a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in ++++ b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +@@ -3,5 +3,5 @@ d @localstatedir@/lib/tpm2-tss/system/keystore 2775 tss tss - + a+ @localstatedir@/lib/tpm2-tss/system/keystore - - - - default:group:tss:rwx + d @runstatedir@/tpm2-tss/eventlog 2775 tss tss - - + a+ @runstatedir@/tpm2-tss/eventlog - - - - default:group:tss:rwx +-z /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - +-z /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - ++z- /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - ++z- /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - +-- +2.43.0 + diff --git a/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild b/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild new file mode 100644 index 000000000000..558f221a5be8 --- /dev/null +++ b/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic linux-info multilib-minimal tmpfiles udev + +DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tss" +SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD-2" +SLOT="0/4" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" +IUSE="doc +fapi +openssl mbedtls +policy static-libs test" +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ^^ ( mbedtls openssl ) + fapi? ( openssl !mbedtls ) + policy? ( openssl !mbedtls ) +" + +RDEPEND=" + acct-group/tss + acct-user/tss + sys-apps/util-linux:=[${MULTILIB_USEDEP}] + fapi? ( + dev-libs/json-c:=[${MULTILIB_USEDEP}] + >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] + ) + mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] ) + openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] ) +" + +DEPEND=" + ${RDEPEND} + test? ( app-crypt/swtpm + dev-libs/uthash + dev-util/cmocka + fapi? ( >=net-misc/curl-7.80.0 ) ) +" + +BDEPEND=" + sys-apps/acl + virtual/pkgconfig + doc? ( app-text/doxygen ) +" + +PATCHES=( + "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch" + "${FILESDIR}/${PN}-4.0.1-Make-sysusers-and-tmpfiles-optional.patch" + "${FILESDIR}/${PN}-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch" +) + +pkg_setup() { + local CONFIG_CHECK="~TCG_TPM" + linux-info_pkg_setup + kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required" +} + +src_prepare() { + default + eautoreconf +} + +multilib_src_configure() { + # Fails with inlining + filter-flags -fno-semantic-interposition + # tests fail with LTO enabbled. See bug 865275 and 865279 + filter-lto + + local myconf=( + --localstatedir=/var + $(multilib_native_use_enable doc doxygen-doc) + $(use_enable fapi) + $(use_enable policy) + $(use_enable static-libs static) + $(multilib_native_use_enable test unit) + $(multilib_native_use_enable test integration) + $(multilib_native_use_enable test self-generated-certificate) + --disable-tcti-libtpms + --disable-defaultflags + --disable-weakcrypto + --with-crypto="$(usex mbedtls mbed ossl)" + --with-runstatedir=/run + --with-udevrulesdir="$(get_udevdir)/rules.d" + --with-udevrulesprefix=60- + --without-sysusersdir + --with-tmpfilesdir="/usr/lib/tmpfiles.d" + ) + + ECONF_SOURCE=${S} econf "${myconf[@]}" +} + +multilib_src_install() { + default + keepdir /var/lib/tpm2-tss/system/keystore + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + tmpfiles_process tpm2-tss-fapi.conf + udev_reload +} + +pkg_postrm() { + udev_reload +} -- cgit v1.2.3