All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-security][PATCH v2] swtpm: update to 0.6.1
@ 2021-10-02 18:37 Kristian Klausen
  0 siblings, 0 replies; only message in thread
From: Kristian Klausen @ 2021-10-02 18:37 UTC (permalink / raw)
  To: yocto; +Cc: Kristian Klausen

swtpm no longer depends on Python[1] so the dependencies have been
removed.

"inherit perlnative" has been added due to (in oe-core):
deda455b3c ("bitbake.conf: drop pod2man from hosttools")

Some leftover dependencies have also been removed, ex: tpm-tools
required in the past by swtpm_setup.sh (<0.4.0)[2].

[1] https://github.com/stefanberger/swtpm/issues/437
[2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda38f65bf61aff19508

Signed-off-by: Kristian Klausen <kristian@klausen.dk>
---
V2:
Squashed chnanges from https://lists.yoctoproject.org/g/yocto/topic/86012566
(decided to still use RRECOMMENDS for swtpm-create-tpmca deps)
Fix build error due to missing expect (expect -> expect-native)
Changed socat to socat-native

Building tested with:
bitbake swtpm && bitbake swtpm-native (with and without gnutls)

 .../swtpm/swtpm-wrappers-native.bb            | 12 ++++------
 .../swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb}  | 23 ++++++++-----------
 2 files changed, 14 insertions(+), 21 deletions(-)
 rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.5.2.bb => swtpm_0.6.1.bb} (69%)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
index 644f3ac..bb93374 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -1,6 +1,6 @@
 SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
 LICENSE = "MIT"
-DEPENDS = "swtpm-native tpm-tools-native net-tools-native"
+DEPENDS = "swtpm-native"
 
 inherit native
 
@@ -14,23 +14,19 @@ do_create_wrapper () {
     for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
         exe=`basename $i`
         case $exe in
-            swtpm_setup.sh)
+            swtpm_setup)
                 cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
 #! /bin/sh
 #
-# Wrapper around swtpm_setup.sh which adds parameters required to
+# Wrapper around swtpm_setup which adds parameters required to
 # run the setup as non-root directly from the native sysroot.
 
 PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
 export PATH
 
-# tcsd only allows to be run as root or tss. Pretend to be root...
-exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
 EOF
                 ;;
-            swtpm_setup)
-                true
-                ;;
             *)
                 cat >${WORKDIR}/${exe}_oe.sh <<EOF
 #! /bin/sh
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
similarity index 69%
rename from meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 912e939..c7fc131 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
 SECTION = "apps"
 
-DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
+DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
 
-# configure checks for the tools already during compilation and
-# then swtpm_setup needs them at runtime
-DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native"
-
-SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
+SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6 \
            file://ioctl_h.patch \
            file://oe_configure.patch \
            "
@@ -19,7 +16,7 @@ PE = "1"
 S = "${WORKDIR}/git"
 
 PARALLEL_MAKE = ""
-inherit autotools pkgconfig python3native
+inherit autotools pkgconfig perlnative
 
 TSS_USER="tss"
 TSS_GROUP="tss"
@@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
 PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
 PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
 PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
 PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
 PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
@@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir  \
     --no-create-home  --shell /bin/false ${BPN}"
 
 
-PACKAGES =+ "${PN}-python"
-FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
-
 PACKAGE_BEFORE_PN = "${PN}-cuse"
 FILES:${PN}-cuse = "${bindir}/swtpm_cuse"
 
 INSANE_SKIP:${PN}   += "dev-so"
 
-RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
+RDEPENDS:${PN} = "libtpm"
 
 BBCLASSEXTEND = "native nativesdk"
-- 
2.25.1



^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2021-10-02 18:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-02 18:37 [meta-security][PATCH v2] swtpm: update to 0.6.1 Kristian Klausen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.