* [meta-security][PATCH 1/2] swtpm: update to 0.6.1
@ 2021-09-28 23:39 Armin Kuster
2021-09-28 23:39 ` [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect Armin Kuster
0 siblings, 1 reply; 4+ messages in thread
From: Armin Kuster @ 2021-09-28 23:39 UTC (permalink / raw)
To: yocto; +Cc: Kristian Klausen via lists.yoctoproject.org, Kristian Klausen
From: "Kristian Klausen via lists.yoctoproject.org" <kristian=klausen.dk@lists.yoctoproject.org>
swtpm no longer depends on Python[1] so the dependencies have been
removed.
"inherit perlnative" has been added due to (in oe-core):
deda455b3c ("bitbake.conf: drop pod2man from hosttools")
Some leftover dependencies have also been removed, ex: tpm-tools
required in the past by swtpm_setup.sh (<0.4.0)[2].
[1] https://github.com/stefanberger/swtpm/issues/437
[2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda38f65bf61aff19508
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../swtpm/swtpm-wrappers-native.bb | 12 ++++------
.../swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} | 23 ++++++++-----------
2 files changed, 14 insertions(+), 21 deletions(-)
rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} (72%)
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
index 644f3ac..bb93374 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -1,6 +1,6 @@
SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
LICENSE = "MIT"
-DEPENDS = "swtpm-native tpm-tools-native net-tools-native"
+DEPENDS = "swtpm-native"
inherit native
@@ -14,23 +14,19 @@ do_create_wrapper () {
for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
exe=`basename $i`
case $exe in
- swtpm_setup.sh)
+ swtpm_setup)
cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
#! /bin/sh
#
-# Wrapper around swtpm_setup.sh which adds parameters required to
+# Wrapper around swtpm_setup which adds parameters required to
# run the setup as non-root directly from the native sysroot.
PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
export PATH
-# tcsd only allows to be run as root or tss. Pretend to be root...
-exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
EOF
;;
- swtpm_setup)
- true
- ;;
*)
cat >${WORKDIR}/${exe}_oe.sh <<EOF
#! /bin/sh
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
similarity index 72%
rename from meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 912e939..807c02b 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+# coreutils-native and net-tools-native are reportedly only required for the tests
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"
-# configure checks for the tools already during compilation and
-# then swtpm_setup needs them at runtime
-DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native"
-
-SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
+SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
file://ioctl_h.patch \
file://oe_configure.patch \
"
@@ -19,7 +16,7 @@ PE = "1"
S = "${WORKDIR}/git"
PARALLEL_MAKE = ""
-inherit autotools pkgconfig python3native
+inherit autotools pkgconfig perlnative
TSS_USER="tss"
TSS_GROUP="tss"
@@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl"
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
@@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
-PACKAGES =+ "${PN}-python"
-FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
-
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES:${PN}-cuse = "${bindir}/swtpm_cuse"
INSANE_SKIP:${PN} += "dev-so"
-RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
+RDEPENDS:${PN} = "libtpm"
BBCLASSEXTEND = "native nativesdk"
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect
2021-09-28 23:39 [meta-security][PATCH 1/2] swtpm: update to 0.6.1 Armin Kuster
@ 2021-09-28 23:39 ` Armin Kuster
2021-09-29 6:44 ` [yocto] " Kristian Klausen
0 siblings, 1 reply; 4+ messages in thread
From: Armin Kuster @ 2021-09-28 23:39 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 807c02b..d602ee0 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
# coreutils-native and net-tools-native are reportedly only required for the tests
-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib expect expect-native"
SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
@@ -28,7 +28,7 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
# used by swtpm-create-tpmca (the last two is provided by gnutls)
# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, bash tpm2-pkcs11-tools"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [yocto] [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect
2021-09-28 23:39 ` [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect Armin Kuster
@ 2021-09-29 6:44 ` Kristian Klausen
2021-09-30 13:55 ` akuster808
0 siblings, 1 reply; 4+ messages in thread
From: Kristian Klausen @ 2021-09-29 6:44 UTC (permalink / raw)
To: Armin Kuster; +Cc: yocto
Den Tue, Sep 28, 2021 at 16:39:09 -0700 skrev Armin Kuster:
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
> index 807c02b..d602ee0 100644
> --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
> +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
> @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
> SECTION = "apps"
>
> # coreutils-native and net-tools-native are reportedly only required for the tests
> -DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"
> +DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib expect expect-native"
expect is there twice now (+ native). Would expect-native be enough or
do we also need expect?
>
> SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
> SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
> @@ -28,7 +28,7 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
> # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
> # used by swtpm-create-tpmca (the last two is provided by gnutls)
> # gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
> -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
> +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, bash tpm2-pkcs11-tools"
expect is needed as a runtime dependency for swtpm-create-tpmca, but I
added it as a recommended dependency as I don't think all people are
interesting in swtpm-create-tpmca working out-of-the-box.
expect should still be here, no?
> PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
> PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
> PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#54899): https://lists.yoctoproject.org/g/yocto/message/54899
> Mute This Topic: https://lists.yoctoproject.org/mt/85937662/6376886
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [kristian@klausen.dk]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [yocto] [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect
2021-09-29 6:44 ` [yocto] " Kristian Klausen
@ 2021-09-30 13:55 ` akuster808
0 siblings, 0 replies; 4+ messages in thread
From: akuster808 @ 2021-09-30 13:55 UTC (permalink / raw)
To: Kristian Klausen; +Cc: yocto
On 9/28/21 11:44 PM, Kristian Klausen wrote:
> Den Tue, Sep 28, 2021 at 16:39:09 -0700 skrev Armin Kuster:
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>> meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
>> index 807c02b..d602ee0 100644
>> --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
>> +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
>> @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
>> SECTION = "apps"
>>
>> # coreutils-native and net-tools-native are reportedly only required for the tests
>> -DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib"
>> +DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm json-glib expect expect-native"
> expect is there twice now (+ native). Would expect-native be enough or
> do we also need expect?
expect-native only fixes the build issue.
>
>>
>> SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
>> SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
>> @@ -28,7 +28,7 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
>> # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
>> # used by swtpm-create-tpmca (the last two is provided by gnutls)
>> # gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
>> -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
>> +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, bash tpm2-pkcs11-tools"
> expect is needed as a runtime dependency for swtpm-create-tpmca, but I
> added it as a recommended dependency as I don't think all people are
> interesting in swtpm-create-tpmca working out-of-the-box.
> expect should still be here, no?
>
>> PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
>> PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
>> PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
>> --
>> 2.25.1
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#54899): https://lists.yoctoproject.org/g/yocto/message/54899
>> Mute This Topic: https://lists.yoctoproject.org/mt/85937662/6376886
>> Group Owner: yocto+owner@lists.yoctoproject.org
>> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [kristian@klausen.dk]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-09-30 13:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-28 23:39 [meta-security][PATCH 1/2] swtpm: update to 0.6.1 Armin Kuster
2021-09-28 23:39 ` [meta-security][PATCH 2/2] swtpm: fix build issues of missing expect Armin Kuster
2021-09-29 6:44 ` [yocto] " Kristian Klausen
2021-09-30 13:55 ` akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.