[Buildroot] [PATCH] package/tpm2-tss: fix build on host with setfacl

From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: buildroot@buildroot.org
Cc: Yair Ben-Avraham <yairba@protonmail.com>,
	"Yann E. MORIN" <yann.morin.1998@free.fr>,
	Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
	Fabrice Fontaine <fontaine.fabrice@gmail.com>
Subject: [Buildroot] [PATCH] package/tpm2-tss: fix build on host with setfacl
Date: Sat,  6 Nov 2021 16:45:25 +0100	[thread overview]
Message-ID: <20211106154525.910204-1-yann.morin.1998@free.fr> (raw)

Since the bump to 3.1.0 in commit 470e2e9bc521 (package/tpm2-tss: bump
version to 3.1.0), the install is borked because it is looking for
programs at configure time, so it finds those on the host if they exist,
or do not find any at all, which can very well differ from what will be
present on the target.

But this is not totally unreasonable: there is no way, at cross-configure
time, for a package to find the tools that will be present at runtime.

All that can be done in such a case is to force the path to such tools.

However, in this case, tpm2-tss only uses setfacl if systemd-tmpfiles is
not available. If the call to setfacl fails, the install does not fail
(split on two lines for readability):

    @-$(call make_fapi_dirs) && $(call set_fapi_permissions) \
    || echo "WARNING Failed to create the FAPI directories with the correct permissions"

set_fapi_permissions is a macro that eventually expands to:

    (chown -R tss:tss "$1") && \
    (chmod -R 2775 "$1") && \
    (setfacl -m default:group:tss:rwx "$1")

So the call to setfacl will not even be ever attempted, because the
chown will fail first. Furthermore, it would look for the 'tss' username
and groupname from the host, which could differ from those on the
target.

So we can just fake the fact that setfacl is available.

As for the permissions, they are to be set on a directory that is in
${runstatedir}, i.e. /run, which is a tmpfs, so there is no way we can
prepare them at build time. We'd need a startup script or systemd unit,
or proper systemd-tmpfiles support, either of which can be done in a
followup patch by an interested party...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yair Ben-Avraham <yairba@protonmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
---
 package/tpm2-tss/tpm2-tss.mk | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/package/tpm2-tss/tpm2-tss.mk b/package/tpm2-tss/tpm2-tss.mk
index 8e701933c4..73764141a1 100644
--- a/package/tpm2-tss/tpm2-tss.mk
+++ b/package/tpm2-tss/tpm2-tss.mk
@@ -12,10 +12,16 @@ TPM2_TSS_CPE_ID_VENDOR = tpm2_software_stack_project
 TPM2_TSS_CPE_ID_PRODUCT = tpm2_software_stack
 TPM2_TSS_INSTALL_STAGING = YES
 TPM2_TSS_DEPENDENCIES = liburiparser openssl host-pkgconf
-TPM2_TSS_CONF_OPTS = --with-crypto=ossl --disable-doxygen-doc --disable-defaultflags
+
 # 0001-configure-Only-use-CXX-when-fuzzing.patch
 TPM2_TSS_AUTORECONF = YES
 
+TPM2_TSS_CONF_OPTS = \
+	ac_cv_prog_result_setfacl=yes \
+	--with-crypto=ossl \
+	--disable-doxygen-doc \
+	--disable-defaultflags
+
 # uses C99 code but forgets to pass -std=c99 when --disable-defaultflags is used
 TPM2_TSS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99"
 
-- 
2.25.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
