* [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error
@ 2017-01-29 17:12 Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 2/6] qemu: use wildcard for PV Armin Kuster
` (4 more replies)
0 siblings, 5 replies; 8+ messages in thread
From: Armin Kuster @ 2017-01-29 17:12 UTC (permalink / raw)
To: yocto, akuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../tpm2.0-tss/fix_musl_select_include.patch | 31 ++++++++++++++++++++++
recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb | 3 ++-
2 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch b/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
new file mode 100644
index 0000000..ecaca6e
--- /dev/null
+++ b/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
@@ -0,0 +1,31 @@
+This fixes musl build issue do to missing FD_* defines.
+Add sys/select.h
+
+Upstream-Status: Pending
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: TPM2.0-TSS/tcti/tcti_socket.cpp
+===================================================================
+--- TPM2.0-TSS.orig/tcti/tcti_socket.cpp
++++ TPM2.0-TSS/tcti/tcti_socket.cpp
+@@ -28,6 +28,7 @@
+ #include <stdio.h>
+ #include <stdlib.h> // Needed for _wtoi
+
++#include "sys/select.h"
+ #include <sapi/tpm20.h>
+ #include <tcti/tcti_socket.h>
+ #include "sysapi_util.h"
+Index: TPM2.0-TSS/resourcemgr/resourcemgr.c
+===================================================================
+--- TPM2.0-TSS.orig/resourcemgr/resourcemgr.c
++++ TPM2.0-TSS/resourcemgr/resourcemgr.c
+@@ -28,6 +28,7 @@
+ #include <stdio.h>
+ #include <stdlib.h> // Needed for _wtoi
+
++#include "sys/select.h"
+ #include <sapi/tpm20.h>
+ #include <tcti/tcti_device.h>
+ #include <tcti/tcti_socket.h>
diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb b/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
index c4b5c8c..a03559c 100644
--- a/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
+++ b/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
@@ -7,7 +7,8 @@ SECTION = "tpm"
SRCREV = "8e25d0cbb287d30c93b2b77e99bc761dc67e31a9"
SRC_URI = " \
git://github.com/01org/TPM2.0-TSS.git;protocol=git;branch=master;name=TPM2.0-TSS;destsuffix=TPM2.0-TSS \
- file://ax_pthread.m4"
+ file://ax_pthread.m4 \
+ file://fix_musl_select_include.patch "
inherit autotools pkgconfig
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 2/6] qemu: use wildcard for PV
2017-01-29 17:12 [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error Armin Kuster
@ 2017-01-29 17:12 ` Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 3/6] tpm-tools: update to 1.3.9 Armin Kuster
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Armin Kuster @ 2017-01-29 17:12 UTC (permalink / raw)
To: yocto, akuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-devtools/qemu/{qemu_2.7.0.bbappend => qemu_2%.bbappend} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-devtools/qemu/{qemu_2.7.0.bbappend => qemu_2%.bbappend} (100%)
diff --git a/recipes-devtools/qemu/qemu_2.7.0.bbappend b/recipes-devtools/qemu/qemu_2%.bbappend
similarity index 100%
rename from recipes-devtools/qemu/qemu_2.7.0.bbappend
rename to recipes-devtools/qemu/qemu_2%.bbappend
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [meta-security][PATCH 3/6] tpm-tools: update to 1.3.9
2017-01-29 17:12 [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 2/6] qemu: use wildcard for PV Armin Kuster
@ 2017-01-29 17:12 ` Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 4/6] trousers: update to 0.3.14 Armin Kuster
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Armin Kuster @ 2017-01-29 17:12 UTC (permalink / raw)
To: yocto, akuster
remove incorperated patches.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../tpm-tools-extendpcr.patch | 0
.../03-fix-bool-error-parseStringWithValues.patch | 30 ----------------------
.../gcc6_missleading_indent_fix.patch | 24 -----------------
.../{tpm-tools_1.3.8.bb => tpm-tools_git.bb} | 27 ++++++++++++-------
4 files changed, 18 insertions(+), 63 deletions(-)
rename recipes-tpm/tpm-tools/{tpm-tools-1.3.8 => files}/tpm-tools-extendpcr.patch (100%)
delete mode 100644 recipes-tpm/tpm-tools/tpm-tools-1.3.8/03-fix-bool-error-parseStringWithValues.patch
delete mode 100644 recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch
rename recipes-tpm/tpm-tools/{tpm-tools_1.3.8.bb => tpm-tools_git.bb} (62%)
diff --git a/recipes-tpm/tpm-tools/tpm-tools-1.3.8/tpm-tools-extendpcr.patch b/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
similarity index 100%
rename from recipes-tpm/tpm-tools/tpm-tools-1.3.8/tpm-tools-extendpcr.patch
rename to recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
diff --git a/recipes-tpm/tpm-tools/tpm-tools-1.3.8/03-fix-bool-error-parseStringWithValues.patch b/recipes-tpm/tpm-tools/tpm-tools-1.3.8/03-fix-bool-error-parseStringWithValues.patch
deleted file mode 100644
index 9497e89..0000000
--- a/recipes-tpm/tpm-tools/tpm-tools-1.3.8/03-fix-bool-error-parseStringWithValues.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Title: Fix boolean comparison error (and FTBFS with gcc-5)
-Date: 2015-06-28
-Author: Pierre Chifflier <pollux@debian.org>
-Bug-Debian: http://bugs.debian.org/778147
-Index: tpm-tools/src/tpm_mgmt/tpm_nvcommon.c
-===================================================================
---- tpm-tools.orig/src/tpm_mgmt/tpm_nvcommon.c
-+++ tpm-tools/src/tpm_mgmt/tpm_nvcommon.c
-@@ -140,8 +140,8 @@ int parseStringWithValues(const char *aA
- aArg);
- return -1;
- }
-- if (!aArg[offset+numbytes] == '|' &&
-- !aArg[offset+numbytes] == 0) {
-+ if (!(aArg[offset+numbytes] == '|' ||
-+ aArg[offset+numbytes] == 0)) {
- logError(_("Illegal character following "
- "hexadecimal number in %s\n"),
- aArg + offset);
-@@ -164,8 +164,8 @@ int parseStringWithValues(const char *aA
- return -1;
- }
-
-- if (!aArg[offset+numbytes] == '|' &&
-- !aArg[offset+numbytes] == 0) {
-+ if (!(aArg[offset+numbytes] == '|' ||
-+ aArg[offset+numbytes] == 0)) {
- logError(_("Illegal character following decimal "
- "number in %s\n"),
- aArg + offset);
diff --git a/recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch b/recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch
deleted file mode 100644
index aec5e7a..0000000
--- a/recipes-tpm/tpm-tools/tpm-tools-1.3.8/gcc6_missleading_indent_fix.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Index: tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c
-===================================================================
---- tpm-tools-1.3.8.orig/src/tpm_mgmt/tpm_present.c
-+++ tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c
-@@ -349,13 +349,13 @@ int main(int argc, char **argv)
- }
- } while (flags[++i].name);
-
-- out_success:
-+out_success:
- logSuccess(argv[0]);
- iRc = 0;
-- out_close:
-+out_close:
- contextClose(hContext);
-- out:
-- if (szTpmPasswd && !isWellKnown)
-- shredPasswd( szTpmPasswd );
-- return iRc;
-+out:
-+ if (szTpmPasswd && !isWellKnown)
-+ shredPasswd( szTpmPasswd );
-+return iRc;
- }
diff --git a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb b/recipes-tpm/tpm-tools/tpm-tools_git.bb
similarity index 62%
rename from recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
rename to recipes-tpm/tpm-tools/tpm-tools_git.bb
index 790894a..83f1091 100644
--- a/recipes-tpm/tpm-tools/tpm-tools_1.3.8.bb
+++ b/recipes-tpm/tpm-tools/tpm-tools_git.bb
@@ -8,19 +8,28 @@ DESCRIPTION = " \
SECTION = "tpm"
LICENSE = "CPL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
+
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRC_URI += " \
- http://downloads.sourceforge.net/project/trousers/${BPN}/${PV}/${BP}.tar.gz \
- file://tpm-tools-extendpcr.patch \
- file://03-fix-bool-error-parseStringWithValues.patch \
- file://gcc6_missleading_indent_fix.patch \
-"
+SRCREV = "80954ab83be8d091c6e3112514945556aaa09d39"
+SRC_URI = " \
+ git://git.code.sf.net/p/trousers/tpm-tools \
+ file://tpm-tools-extendpcr.patch \
+ "
+
+PV = "1.3.9+git${SRCPV}"
+
+inherit autotools-brokensep gettext
-SRC_URI[md5sum] = "85a978c4e03fefd4b73cbeadde7c4d0b"
-SRC_URI[sha256sum] = "66eb4ff095542403db6b4bd4b574e8a5c08084fe4e9e5aa9a829ee84e20bea83"
+S = "${WORKDIR}/git"
-inherit autotools gettext
+do_configure_prepend () {
+ mkdir -p po
+ mkdir -p m4
+ cp -R po_/* po/
+ touch po/Makefile.in.in
+ touch m4/Makefile.am
+}
BBCLASSEXTEND = "native"
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 4/6] trousers: update to 0.3.14
2017-01-29 17:12 [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 2/6] qemu: use wildcard for PV Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 3/6] tpm-tools: update to 1.3.9 Armin Kuster
@ 2017-01-29 17:12 ` Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 5/6] libtpm: update to tip Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 6/6] swtpm: " Armin Kuster
4 siblings, 0 replies; 8+ messages in thread
From: Armin Kuster @ 2017-01-29 17:12 UTC (permalink / raw)
To: yocto, akuster
convert to git and remove incorperated patches
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...t-getpwent_r-is-available-before-using-it.patch | 85 ----------------------
...si_param.c-Include-limits.h-for-POSIX_MAX.patch | 36 ---------
.../trousers/files/07-read_data-not-inline.patch | 65 -----------------
.../{trousers_0.3.13.bb => trousers_git.bb} | 40 +++++-----
4 files changed, 20 insertions(+), 206 deletions(-)
delete mode 100644 recipes-tpm/trousers/files/0001-Check-that-getpwent_r-is-available-before-using-it.patch
delete mode 100644 recipes-tpm/trousers/files/0001-tsp_tcsi_param.c-Include-limits.h-for-POSIX_MAX.patch
delete mode 100644 recipes-tpm/trousers/files/07-read_data-not-inline.patch
rename recipes-tpm/trousers/{trousers_0.3.13.bb => trousers_git.bb} (67%)
diff --git a/recipes-tpm/trousers/files/0001-Check-that-getpwent_r-is-available-before-using-it.patch b/recipes-tpm/trousers/files/0001-Check-that-getpwent_r-is-available-before-using-it.patch
deleted file mode 100644
index e7ba2eb..0000000
--- a/recipes-tpm/trousers/files/0001-Check-that-getpwent_r-is-available-before-using-it.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From bb721b0ae5882992037153e7257791101172556e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?No=C3=A9=20Rubinstein?= <nrubinstein@aldebaran.com>
-Date: Wed, 24 Aug 2016 18:55:25 +0200
-Subject: [PATCH] Check that getpwent_r is available before using it
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes building trousers with musl
-
-Signed-off-by: Noé Rubinstein <nrubinstein@aldebaran.com>
----
-Upstream-Status: Inappropriate [not author https://git.busybox.net/buildroot/plain/package/trousers/0004-Check-that-getpwent_r-is-available-before-using-it.patch]
-Signed-off-by: André Draszik <adraszik@tycoint.com>
- configure.in | 4 ++++
- src/tspi/ps/tspps.c | 10 +++++-----
- 2 files changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index add23dc..cfdfcaa 100644
---- a/configure.in
-+++ b/configure.in
-@@ -144,6 +144,10 @@ else
- AC_MSG_ERROR(["gtk", "openssl" and "none" are the only supported gui options for trousers])
- fi
-
-+# Look for getpwent_r. If it is not found, getpwent will be used instead, with
-+# an additional mutex.
-+AC_CHECK_FUNC(getpwent_r, [AC_DEFINE(HAVE_GETPWENT_R)])
-+
- #
- # The default port that the TCS daemon listens on
- #
-diff --git a/src/tspi/ps/tspps.c b/src/tspi/ps/tspps.c
-index c6f9c3d..9d00d2a 100644
---- a/src/tspi/ps/tspps.c
-+++ b/src/tspi/ps/tspps.c
-@@ -45,7 +45,7 @@
-
- static int user_ps_fd = -1;
- static MUTEX_DECLARE_INIT(user_ps_lock);
--#if (defined (__FreeBSD__) || defined (__OpenBSD__))
-+#ifndef HAVE_GETPWENT_R
- static MUTEX_DECLARE_INIT(user_ps_path);
- #endif
- static struct flock fl;
-@@ -60,7 +60,7 @@ get_user_ps_path(char **file)
- TSS_RESULT result;
- char *file_name = NULL, *home_dir = NULL;
- struct passwd *pwp;
--#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
-+#ifdef HAVE_GETPWENT_R
- struct passwd pw;
- #endif
- struct stat stat_buf;
-@@ -72,7 +72,7 @@ get_user_ps_path(char **file)
- *file = strdup(file_name);
- return (*file) ? TSS_SUCCESS : TSPERR(TSS_E_OUTOFMEMORY);
- }
--#if (defined (__FreeBSD__) || defined (__OpenBSD__))
-+#ifndef HAVE_GETPWENT_R
- MUTEX_LOCK(user_ps_path);
- #endif
-
-@@ -90,7 +90,7 @@ get_user_ps_path(char **file)
- #else
- setpwent();
- while (1) {
--#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
-+#ifdef HAVE_GETPWENT_R
- rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp);
- if (rc) {
- LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s",
-@@ -99,7 +99,7 @@ get_user_ps_path(char **file)
- return TSPERR(TSS_E_INTERNAL_ERROR);
- }
-
--#elif (defined (__FreeBSD__) || defined (__OpenBSD__))
-+#else
- if ((pwp = getpwent()) == NULL) {
- LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s",
- strerror(rc));
---
-2.10.2
-
diff --git a/recipes-tpm/trousers/files/0001-tsp_tcsi_param.c-Include-limits.h-for-POSIX_MAX.patch b/recipes-tpm/trousers/files/0001-tsp_tcsi_param.c-Include-limits.h-for-POSIX_MAX.patch
deleted file mode 100644
index c01040d..0000000
--- a/recipes-tpm/trousers/files/0001-tsp_tcsi_param.c-Include-limits.h-for-POSIX_MAX.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c1b5f33845c56dc7aef769c99758b4f77a041d43 Mon Sep 17 00:00:00 2001
-From: Felix Janda <felix.janda@posteo.de>
-Date: Wed, 31 Aug 2016 22:52:58 -0400
-Subject: [PATCH] tsp_tcsi_param.c: Include <limits.h> for POSIX_MAX
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use POSIX instead of glibc-specific header.
-Fixes compilation with musl libc.
-
-Signed-off-by: Felix Janda <felix.janda@posteo.de>
-Reviewed-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
-
----
-Upstream-Status: Backport [https://sourceforge.net/p/trousers/trousers/ci/59351a56cac1710e89d207dff07eb23bbc644c13/]
-Signed-off-by: André Draszik <adraszik@tycoint.com>
- src/tspi/tsp_tcsi_param.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/tspi/tsp_tcsi_param.c b/src/tspi/tsp_tcsi_param.c
-index 670f86f..8f2b4e4 100644
---- a/src/tspi/tsp_tcsi_param.c
-+++ b/src/tspi/tsp_tcsi_param.c
-@@ -11,7 +11,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <stdio.h>
--#include <bits/local_lim.h>
-+#include <limits.h>
- #include "trousers/tss.h"
- #include "trousers/trousers.h"
- #include "trousers_types.h"
---
-2.10.2
-
diff --git a/recipes-tpm/trousers/files/07-read_data-not-inline.patch b/recipes-tpm/trousers/files/07-read_data-not-inline.patch
deleted file mode 100644
index 76ba98a..0000000
--- a/recipes-tpm/trousers/files/07-read_data-not-inline.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Title: Remove inline keyword for read_data and write_data
-Date: 2015-06-28
-Origin: https://chromium.googlesource.com/chromiumos%2Fthird_party%2Ftrousers/+/c9c7cd50640c2d8882a04f59f1bcb383a88b19e9
-Bug-Debian: http://bugs.debian.org/778149
-Index: trousers/src/include/tcsps.h
-===================================================================
---- trousers.orig/src/include/tcsps.h
-+++ trousers/src/include/tcsps.h
-@@ -23,13 +23,6 @@ int get_file();
- int put_file(int);
- void close_file(int);
- void ps_destroy();
--#ifdef SOLARIS
--TSS_RESULT read_data(int, void *, UINT32);
--TSS_RESULT write_data(int, void *, UINT32);
--#else
--inline TSS_RESULT read_data(int, void *, UINT32);
--inline TSS_RESULT write_data(int, void *, UINT32);
--#endif
- int write_key_init(int, UINT32, UINT32, UINT32);
- TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32);
- TSS_RESULT UnloadBlob_KEY_PS(UINT16 *, BYTE *, TSS_KEY *);
-Index: trousers/src/include/tspps.h
-===================================================================
---- trousers.orig/src/include/tspps.h
-+++ trousers/src/include/tspps.h
-@@ -18,8 +18,8 @@
-
- TSS_RESULT get_file(int *);
- int put_file(int);
--inline TSS_RESULT read_data(int, void *, UINT32);
--inline TSS_RESULT write_data(int, void *, UINT32);
-+TSS_RESULT read_data(int, void *, UINT32);
-+TSS_RESULT write_data(int, void *, UINT32);
- UINT32 psfile_get_num_keys(int);
- TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
- TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *);
-Index: trousers/src/tcs/ps/ps_utils.c
-===================================================================
---- trousers.orig/src/tcs/ps/ps_utils.c
-+++ trousers/src/tcs/ps/ps_utils.c
-@@ -42,11 +42,7 @@
- struct key_disk_cache *key_disk_cache_head = NULL;
-
-
--#ifdef SOLARIS
- TSS_RESULT
--#else
--inline TSS_RESULT
--#endif
- read_data(int fd, void *data, UINT32 size)
- {
- int rc;
-@@ -64,11 +60,7 @@ read_data(int fd, void *data, UINT32 siz
- }
-
-
--#ifdef SOLARIS
- TSS_RESULT
--#else
--inline TSS_RESULT
--#endif
- write_data(int fd, void *data, UINT32 size)
- {
- int rc;
diff --git a/recipes-tpm/trousers/trousers_0.3.13.bb b/recipes-tpm/trousers/trousers_git.bb
similarity index 67%
rename from recipes-tpm/trousers/trousers_0.3.13.bb
rename to recipes-tpm/trousers/trousers_git.bb
index a69f763..1dedd7c 100644
--- a/recipes-tpm/trousers/trousers_0.3.13.bb
+++ b/recipes-tpm/trousers/trousers_git.bb
@@ -6,17 +6,17 @@ SECTION = "security/tpm"
DEPENDS = "openssl"
-SRC_URI = "http://sourceforge.net/projects/trousers/files/${BPN}/${PV}/${BPN}-${PV}.tar.gz \
- file://0001-tsp_tcsi_param.c-Include-limits.h-for-POSIX_MAX.patch \
- file://0001-Check-that-getpwent_r-is-available-before-using-it.patch \
- file://07-read_data-not-inline.patch \
- file://trousers.init.sh \
- file://trousers-udev.rules \
- file://tcsd.service \
- "
-
-SRC_URI[md5sum] = "ad508f97b406f6e48cd90e85d78e7ca8"
-SRC_URI[sha256sum] = "bb908e4a3c88a17b247a4fc8e0fff3419d8a13170fe7bdfbe0e2c5c082a276d3"
+SRCREV = "4b9a70d5789b0b74f43957a6c19ab2156a72d3e0"
+PV = "0.3.14+git${SRCPV}"
+
+SRC_URI = " \
+ git://git.code.sf.net/p/trousers/trousers \
+ file://trousers.init.sh \
+ file://trousers-udev.rules \
+ file://tcsd.service \
+ "
+
+S = "${WORKDIR}/git"
inherit autotools pkgconfig useradd update-rc.d ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
@@ -61,10 +61,10 @@ FILES_libtspi = " \
"
FILES_libtspi-dbg = " \
${libdir}/.debug \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tspi \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trspi \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/*.h \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/tss \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/tspi \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/trspi \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/include/*.h \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/include/tss \
"
FILES_libtspi-dev = " \
${includedir} \
@@ -88,11 +88,11 @@ FILES_${PN}-dev += "${libdir}/trousers"
FILES_${PN}-dbg = " \
${sbindir}/.debug \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcs \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcsd \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tddl \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trousers \
- ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/trousers \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/tcs \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/tcsd \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/tddl \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/trousers \
+ ${prefix}/src/debug/${BPN}/${PV}-${PR}/git/src/include/trousers \
"
FILES_${PN}-doc = " \
${mandir}/man5 \
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 5/6] libtpm: update to tip.
2017-01-29 17:12 [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error Armin Kuster
` (2 preceding siblings ...)
2017-01-29 17:12 ` [meta-security][PATCH 4/6] trousers: update to 0.3.14 Armin Kuster
@ 2017-01-29 17:12 ` Armin Kuster
2017-01-30 14:59 ` Patrick Ohly
2017-01-29 17:12 ` [meta-security][PATCH 6/6] swtpm: " Armin Kuster
4 siblings, 1 reply; 8+ messages in thread
From: Armin Kuster @ 2017-01-29 17:12 UTC (permalink / raw)
To: yocto, akuster
fix several build issues
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-tpm/libtpm/files/fix_dprintf_issue.patch | 18 +++++++++
recipes-tpm/libtpm/files/fix_signed_issue.patch | 48 ++++++++++++++++++++++++
recipes-tpm/libtpm/libtpm_1.0.bb | 8 +++-
3 files changed, 72 insertions(+), 2 deletions(-)
create mode 100644 recipes-tpm/libtpm/files/fix_dprintf_issue.patch
create mode 100644 recipes-tpm/libtpm/files/fix_signed_issue.patch
diff --git a/recipes-tpm/libtpm/files/fix_dprintf_issue.patch b/recipes-tpm/libtpm/files/fix_dprintf_issue.patch
new file mode 100644
index 0000000..25760bb
--- /dev/null
+++ b/recipes-tpm/libtpm/files/fix_dprintf_issue.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: src/tpm_library.c
+===================================================================
+--- git.orig/src/tpm_library.c
++++ git/src/tpm_library.c
+@@ -405,8 +405,8 @@ int TPMLIB_LogPrintf(const char *format,
+ }
+
+ if (debug_prefix)
+- dprintf(debug_fd, debug_prefix);
+- dprintf(debug_fd, buffer);
++ dprintf(debug_fd, "%s" , debug_prefix);
++ dprintf(debug_fd, "%s" , buffer);
+
+ return i;
+ }
diff --git a/recipes-tpm/libtpm/files/fix_signed_issue.patch b/recipes-tpm/libtpm/files/fix_signed_issue.patch
new file mode 100644
index 0000000..fc13aa5
--- /dev/null
+++ b/recipes-tpm/libtpm/files/fix_signed_issue.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Pending
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+Index: git/src/swtpm/ctrlchannel.c
+===================================================================
+--- git.orig/src/swtpm/ctrlchannel.c
++++ git/src/swtpm/ctrlchannel.c
+@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
+ uint32_t tpm_number = 0;
+ unsigned char *blob = NULL;
+ uint32_t blob_length = be32toh(pss->u.req.length);
+- uint32_t remain = blob_length, offset = 0;
++ ssize_t remain = (ssize_t) blob_length;
++ uint32_t offset = 0;
+ TPM_RESULT res;
+ uint32_t flags = be32toh(pss->u.req.state_flags);
+ TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
+Index: git/src/swtpm_ioctl/tpm_ioctl.c
+===================================================================
+--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
++++ git/src/swtpm_ioctl/tpm_ioctl.c
+@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
+ numbytes = write(file_fd, pgs.u.resp.data,
+ devtoh32(is_chardev, pgs.u.resp.length));
+
+- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
++ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
+ fprintf(stderr,
+ "Could not write to file '%s': %s\n",
+ filename, strerror(errno));
+@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
+ had_error = true;
+ break;
+ }
+- pss.u.req.length = htodev32(is_chardev, numbytes);
++ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
+
+ /* the returnsize is zero on all intermediate packets */
+ returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
+@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
+ return EXIT_FAILURE;
+ }
+ /* no tpm_result here */
+- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
++ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
+
+ } else if (!strcmp(command, "-i")) {
+ init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
diff --git a/recipes-tpm/libtpm/libtpm_1.0.bb b/recipes-tpm/libtpm/libtpm_1.0.bb
index 83b78a0..449e8c1 100644
--- a/recipes-tpm/libtpm/libtpm_1.0.bb
+++ b/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -1,8 +1,12 @@
SUMMARY = "LIBPM - Software TPM Library"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
-SRCREV = "e5dc628043e981c9f8d7711ddfe5812c8f4e38cc"
-SRC_URI = "git://github.com/stefanberger/libtpms.git"
+
+SRCREV = "ad44846dda5a96e269ad2f78a532e01e9a2f02a1"
+SRC_URI = " \
+ git://github.com/stefanberger/libtpms.git \
+ file://fix_dprintf_issue.patch \
+ "
S = "${WORKDIR}/git"
inherit autotools-brokensep pkgconfig
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [meta-security][PATCH 6/6] swtpm: update to tip
2017-01-29 17:12 [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error Armin Kuster
` (3 preceding siblings ...)
2017-01-29 17:12 ` [meta-security][PATCH 5/6] libtpm: update to tip Armin Kuster
@ 2017-01-29 17:12 ` Armin Kuster
2017-01-30 15:32 ` Patrick Ohly
4 siblings, 1 reply; 8+ messages in thread
From: Armin Kuster @ 2017-01-29 17:12 UTC (permalink / raw)
To: yocto, akuster
fix signed build issues
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 -------------------
recipes-tpm/swtpm/files/fix_signed_issue.patch | 48 +++++++++++++++++++++++
recipes-tpm/swtpm/swtpm_1.0.bb | 18 +++++++--
3 files changed, 63 insertions(+), 44 deletions(-)
delete mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
create mode 100644 recipes-tpm/swtpm/files/fix_signed_issue.patch
diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
deleted file mode 100644
index 015f418..0000000
--- a/recipes-tpm/swtpm/files/fix_lib_search_path.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-
-Upstream-Status: Inappropriate [OE config]
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: configure.ac
-===================================================================
---- a/configure.ac
-+++ b/configure.ac
-@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
- dnl We have to make sure libtpms is using the same crypto library
- dnl to avoid problems
- AC_MSG_CHECKING([the crypto library libtpms is using])
--dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
-- sed -n '/SEARCH_DIR/p' | \
-- sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
--for dir in $dirs; do
-- if test -r $dir/libtpms.so; then
-- if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
-- libtpms_cryptolib="openssl"
-- break
-- fi
-- if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
-- libtpms_cryptolib="freebl"
-- break
-- fi
-+dir="$SEARCH_DIR"
-+if test -r $dir/libtpms.so; then
-+ if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
-+ libtpms_cryptolib="openssl"
-+ break
- fi
--done
-+ if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
-+ libtpms_cryptolib="freebl"
-+ break
-+ fi
-+fi
-
- if test -z "$libtpms_cryptolib"; then
- AC_MSG_ERROR([Could not determine libtpms crypto library.])
diff --git a/recipes-tpm/swtpm/files/fix_signed_issue.patch b/recipes-tpm/swtpm/files/fix_signed_issue.patch
new file mode 100644
index 0000000..427df62
--- /dev/null
+++ b/recipes-tpm/swtpm/files/fix_signed_issue.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Pending
+Signed-off-by Armin Kuster <akuster808@gmail>
+
+Index: git/src/swtpm/ctrlchannel.c
+===================================================================
+--- git.orig/src/swtpm/ctrlchannel.c
++++ git/src/swtpm/ctrlchannel.c
+@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
+ uint32_t tpm_number = 0;
+ unsigned char *blob = NULL;
+ uint32_t blob_length = be32toh(pss->u.req.length);
+- uint32_t remain = blob_length, offset = 0;
++ ssize_t remain = (ssize_t) blob_length;
++ uint32_t offset = 0;
+ TPM_RESULT res;
+ uint32_t flags = be32toh(pss->u.req.state_flags);
+ TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
+Index: git/src/swtpm_ioctl/tpm_ioctl.c
+===================================================================
+--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
++++ git/src/swtpm_ioctl/tpm_ioctl.c
+@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
+ numbytes = write(file_fd, pgs.u.resp.data,
+ devtoh32(is_chardev, pgs.u.resp.length));
+
+- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
++ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
+ fprintf(stderr,
+ "Could not write to file '%s': %s\n",
+ filename, strerror(errno));
+@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
+ had_error = true;
+ break;
+ }
+- pss.u.req.length = htodev32(is_chardev, numbytes);
++ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
+
+ /* the returnsize is zero on all intermediate packets */
+ returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
+@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
+ return EXIT_FAILURE;
+ }
+ /* no tpm_result here */
+- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
++ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
+
+ } else if (!strcmp(command, "-i")) {
+ init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
index 04777e1..27b4b8c 100644
--- a/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -5,9 +5,11 @@ SECTION = "apps"
DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm libtpm-native"
-SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
-SRC_URI = "git://github.com/stefanberger/swtpm.git \
- file://fix_lib_search_path.patch"
+SRCREV = "ca906a02124d0ed8b6194e845d272d23ee394a34"
+SRC_URI = " \
+ git://github.com/stefanberger/swtpm.git \
+ file://fix_signed_issue.patch \
+ "
S = "${WORKDIR}/git"
@@ -22,11 +24,21 @@ PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux',
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
+PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, libselinux"
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
+# dup bootstrap
+do_configure_prepend () {
+ libtoolize --force --copy
+ autoheader
+ aclocal
+ automake --add-missing -c
+ autoconf
+}
+
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [meta-security][PATCH 5/6] libtpm: update to tip.
2017-01-29 17:12 ` [meta-security][PATCH 5/6] libtpm: update to tip Armin Kuster
@ 2017-01-30 14:59 ` Patrick Ohly
0 siblings, 0 replies; 8+ messages in thread
From: Patrick Ohly @ 2017-01-30 14:59 UTC (permalink / raw)
To: Armin Kuster; +Cc: yocto
On Sun, 2017-01-29 at 09:12 -0800, Armin Kuster wrote:
> diff --git a/recipes-tpm/libtpm/files/fix_dprintf_issue.patch
> b/recipes-tpm/libtpm/files/fix_dprintf_issue.patch
> new file mode 100644
> index 0000000..25760bb
> --- /dev/null
> +++ b/recipes-tpm/libtpm/files/fix_dprintf_issue.patch
> @@ -0,0 +1,18 @@
> +Upstream-Status: Pending
> +Signed-off-by: Armin Kuster <akuster808@gmail.com>
Just wondering: what's your approach regarding "pending" patches? Accept
them into the layer, then submit upstream later as time permits?
Besides that, the six patches are all fine, so please consider them
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
However, when I started using these recipes already before the latest
changes, I had to fix quite a few things before the recipes were usable
(will send patches shortly):
- tcsd from trousers doesn't start because of incorrect ownership of
/etc/tcsd.conf
- swtpm was more useful for me as a native tool in combination with
Stefan's qemu-tpm patches, but couldn't be compiled natively
- libtspi.so.1 was not getting installed, causing tpm tools to fail
I had the impression that the recipes were mostly in a "they build" kind
of state, but not really used much in practice. Is that correct?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-security][PATCH 6/6] swtpm: update to tip
2017-01-29 17:12 ` [meta-security][PATCH 6/6] swtpm: " Armin Kuster
@ 2017-01-30 15:32 ` Patrick Ohly
0 siblings, 0 replies; 8+ messages in thread
From: Patrick Ohly @ 2017-01-30 15:32 UTC (permalink / raw)
To: Armin Kuster; +Cc: yocto
On Sun, 2017-01-29 at 09:12 -0800, Armin Kuster wrote:
> fix signed build issues
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 -------------------
> recipes-tpm/swtpm/files/fix_signed_issue.patch | 48 +++++++++++++++++++++++
> recipes-tpm/swtpm/swtpm_1.0.bb | 18 +++++++--
> 3 files changed, 63 insertions(+), 44 deletions(-)
> delete mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
> create mode 100644 recipes-tpm/swtpm/files/fix_signed_issue.patch
>
> diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
> deleted file mode 100644
> index 015f418..0000000
> --- a/recipes-tpm/swtpm/files/fix_lib_search_path.patch
> +++ /dev/null
This patch is still needed when building swtpm-native. I'll add back a
version that applies to latest tip.
> diff --git a/recipes-tpm/swtpm/files/fix_signed_issue.patch b/recipes-tpm/swtpm/files/fix_signed_issue.patch
> new file mode 100644
> index 0000000..427df62
> --- /dev/null
> +++ b/recipes-tpm/swtpm/files/fix_signed_issue.patch
> @@ -0,0 +1,48 @@
> +Upstream-Status: Pending
> +Signed-off-by Armin Kuster <akuster808@gmail>
[...]
> +Index: git/src/swtpm_ioctl/tpm_ioctl.c
> +===================================================================
> +--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
> ++++ git/src/swtpm_ioctl/tpm_ioctl.c
> +@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
[...]
> + /* no tpm_result here */
> +- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
> ++ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
This is causing an error when building for x86-64:
tpm_ioctl.c:866:9: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 2 has type ‘long unsigned int’ [-Werror=format=]
| printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
| ^
| cc1: all warnings being treated as errors
If you want, I can fix it as part of my upcoming patches with:
printf("ptm capability is 0x%llx\n", (long long unsigned)devtoh64(is_chardev, cap));
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-01-30 15:32 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-29 17:12 [meta-security][PATCH 1/6] tpm2.0-tss: fix musl build error Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 2/6] qemu: use wildcard for PV Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 3/6] tpm-tools: update to 1.3.9 Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 4/6] trousers: update to 0.3.14 Armin Kuster
2017-01-29 17:12 ` [meta-security][PATCH 5/6] libtpm: update to tip Armin Kuster
2017-01-30 14:59 ` Patrick Ohly
2017-01-29 17:12 ` [meta-security][PATCH 6/6] swtpm: " Armin Kuster
2017-01-30 15:32 ` Patrick Ohly
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.