All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-security][PATCH] tpm2.0-tss: install resourcemgr service
@ 2017-03-23 14:26 Benjamin Gaignard
  2017-03-24  9:28 ` Patrick Ohly
  0 siblings, 1 reply; 2+ messages in thread
From: Benjamin Gaignard @ 2017-03-23 14:26 UTC (permalink / raw)
  To: yocto; +Cc: Benjamin Gaignard

Install systemd resource.mgr service and it needed user/group.

Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
---
 .../tpm2.0-tss/change-resourcemgr-location.patch   | 23 ++++++++++++++++++++++
 recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb           | 22 ++++++++++++++++++---
 2 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 recipes-tpm/tpm2.0-tss/tpm2.0-tss/change-resourcemgr-location.patch

diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss/change-resourcemgr-location.patch b/recipes-tpm/tpm2.0-tss/tpm2.0-tss/change-resourcemgr-location.patch
new file mode 100644
index 0000000..ba3775a
--- /dev/null
+++ b/recipes-tpm/tpm2.0-tss/tpm2.0-tss/change-resourcemgr-location.patch
@@ -0,0 +1,23 @@
+resourcemgr: change resourcemgr location
+
+Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
+---
+ contrib/resourcemgr.service | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/resourcemgr.service b/contrib/resourcemgr.service
+index 7f23739..e5b0900 100644
+--- a/contrib/resourcemgr.service
++++ b/contrib/resourcemgr.service
+@@ -3,7 +3,7 @@ Description=TPM2 resource manager & access broker
+ Documentation=http://www.github.com/01org/TPM2.0-TSS
+ 
+ [Service]
+-ExecStart=/usr/local/sbin/resourcemgr
++ExecStart=/usr/sbin/resourcemgr
+ StandardOutput=null
+ User=tss
+ Group=tss
+-- 
+1.9.1
+
diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb b/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
index a03559c..96b3d72 100644
--- a/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
+++ b/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
@@ -8,9 +8,10 @@ SRCREV = "8e25d0cbb287d30c93b2b77e99bc761dc67e31a9"
 SRC_URI = " \
     git://github.com/01org/TPM2.0-TSS.git;protocol=git;branch=master;name=TPM2.0-TSS;destsuffix=TPM2.0-TSS \
     file://ax_pthread.m4 \
-    file://fix_musl_select_include.patch "
+    file://fix_musl_select_include.patch \
+    file://change-resourcemgr-location.patch "
 
-inherit autotools pkgconfig
+inherit autotools pkgconfig systemd
 
 S = "${WORKDIR}/${@d.getVar('BPN',d).upper()}"
 
@@ -24,6 +25,21 @@ do_configure_prepend () {
 	cd $currentdir
 }
 
+INHERIT += "extrausers"
+EXTRA_USERS_PARAMS = "\
+	useradd -p '' tss; \
+	groupadd tss; \
+	"
+
+SYSTEMD_PACKAGES += "resourcemgr"
+SYSTEMD_SERVICE_resourcemgr = "resourcemgr.service"
+SYSTEMD_AUTO_ENABLE_resourcemgr = "enable"
+
+do_install_append() {
+    install -d ${D}${systemd_system_unitdir}
+    install -m0644 ${S}/contrib/resourcemgr.service ${D}${systemd_system_unitdir}/resourcemgr.service
+}
+
 PROVIDES = "${PACKAGES}"
 PACKAGES = " \
     ${PN}-dbg \
@@ -64,4 +80,4 @@ FILES_libtctisocket-dev = " \
     ${libdir}/pkgconfig/tcti-socket.pc \
 "
 FILES_libtctisocket-staticdev = "${libdir}/libtcti-socket.*a"
-FILES_resourcemgr = "${sbindir}/resourcemgr"
+FILES_resourcemgr = "${sbindir}/resourcemgr ${systemd_system_unitdir}/resourcemgr.service"
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [meta-security][PATCH] tpm2.0-tss: install resourcemgr service
  2017-03-23 14:26 [meta-security][PATCH] tpm2.0-tss: install resourcemgr service Benjamin Gaignard
@ 2017-03-24  9:28 ` Patrick Ohly
  0 siblings, 0 replies; 2+ messages in thread
From: Patrick Ohly @ 2017-03-24  9:28 UTC (permalink / raw)
  To: Benjamin Gaignard; +Cc: yocto

On Thu, 2017-03-23 at 15:26 +0100, Benjamin Gaignard wrote:
> +diff --git a/contrib/resourcemgr.service b/contrib/resourcemgr.service
> +index 7f23739..e5b0900 100644
> +--- a/contrib/resourcemgr.service
> ++++ b/contrib/resourcemgr.service
> +@@ -3,7 +3,7 @@ Description=TPM2 resource manager & access broker
> + Documentation=http://www.github.com/01org/TPM2.0-TSS
> + 
> + [Service]
> +-ExecStart=/usr/local/sbin/resourcemgr
> ++ExecStart=/usr/sbin/resourcemgr
> + StandardOutput=null
> + User=tss
> + Group=tss
> +-- 
> +1.9.1

I think it would be better to patch the actual ${sbindir} into the
resourcemgr.service file, instead of assuming that ${sbindir}
= /usr/sbin and using a static patch.

Something like this:

do_patch[postfuncs] += "fix_systemd_unit"
fix_systemd_unit () {
    sed -i -e 's;^ExecStart=.*/resourcemgr;ExecStart=${sbindir}/resourcemgr;' ${S}/contrib/resourcemgr.service
}

Just my 2 cents.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-24  9:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-23 14:26 [meta-security][PATCH] tpm2.0-tss: install resourcemgr service Benjamin Gaignard
2017-03-24  9:28 ` Patrick Ohly

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.