gentoo · orbea · Jul 5, 2022 · Jul 5, 2022
diff --git a/app-crypt/tpm2-tools/Manifest b/app-crypt/tpm2-tools/Manifest
diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-4.2.1-libressl.patch b/app-crypt/tpm2-tools/files/tpm2-tools-4.2.1-libressl.patch
diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-4.3.0-Remove-WError.patch b/app-crypt/tpm2-tools/files/tpm2-tools-4.3.0-Remove-WError.patch
diff --git a/app-crypt/tpm2-tools/metadata.xml b/app-crypt/tpm2-tools/metadata.xml
diff --git a/app-crypt/tpm2-tools/tpm2-tools-4.3.0.ebuild b/app-crypt/tpm2-tools/tpm2-tools-4.3.0.ebuild
diff --git a/app-crypt/tpm2-tools/tpm2-tools-5.0.ebuild b/app-crypt/tpm2-tools/tpm2-tools-5.0.ebuild
diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest
@@ -0,0 +1 @@
+DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch
@@ -0,0 +1,29 @@
+diff --git a/Makefile.am b/Makefile.am
+index 183289f7..c791896c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -689,24 +689,6 @@ endif #FAPI
+ EXTRA_DIST += dist/tpm-udev.rules
+
+ install-dirs:
+-if HOSTOS_LINUX
+-if SYSD_SYSUSERS
+-	@echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf"
+-	@systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group"
+-else
+-	@echo "call make_tss_user_and_group"
+-	@$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group"
+-endif
+-if SYSD_TMPFILES
+-	@echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf"
+-	@systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions"
+-else
+-	@echo "(call make_fapi_dirs) && (call set_fapi_permissions)"
+-	@-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions"
+-endif
+-	@echo "call check_fapi_dirs"
+-	@$(call check_fapi_dirs)
+-endif
+
+ install-data-hook: install-dirs
+ 	-if [ ! -z "$(udevrulesprefix)" ]; then \
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
@@ -0,0 +1,84 @@
+Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
+
+From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Mon, 4 Jul 2022 23:55:18 -0700
+Subject: [PATCH] Support LibreSSL
+
+This works with LibreSSL 3.5.x.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++---
+ src/tss2-fapi/fapi_crypto.c      |  4 ++--
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
+index 89d312f70..961d7707f 100644
+--- a/src/tss2-esys/esys_crypto_ossl.c
++++ b/src/tss2-esys/esys_crypto_ossl.c
+@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,
+                    "Error EVP_MD_CTX_create", cleanup);
+     }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10101000L
++#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER)
+     if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
+ #else
+     /* this is preferred, but available since OpenSSL 1.1.1 only */
+@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(
+     int rc;
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+     const RAND_METHOD *rand_save = RAND_get_rand_method();
++#ifdef LIBRESSL_VERSION_NUMBER
++    RAND_set_rand_method(RAND_SSLeay());
++#else
+     RAND_set_rand_method(RAND_OpenSSL());
++#endif
+ #else
+     OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
+     if (!libctx)
+@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+     RSA *rsa_key = NULL;
+     const EVP_MD * hashAlg = NULL;
+     const RAND_METHOD *rand_save = RAND_get_rand_method();
+-
++#ifdef LIBRESSL_VERSION_NUMBER
++    RAND_set_rand_method(RAND_SSLeay());
++#else
+     RAND_set_rand_method(RAND_OpenSSL());
++#endif
+ #else
+     OSSL_LIB_CTX *libctx = NULL;
+     EVP_MD * hashAlg = NULL;
+@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
+         curveId = NID_secp521r1;
+         key_size = 66;
+         break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     case TPM2_ECC_SM2_P256:
+         curveId = NID_sm2;
+         key_size = 32;
+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
+index 2fe37c0c4..c1563237a 100644
+--- a/src/tss2-fapi/fapi_crypto.c
++++ b/src/tss2-fapi/fapi_crypto.c
+@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey)
+     case TPM2_ECC_NIST_P521:
+         curveId = NID_secp521r1;
+         break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     case TPM2_ECC_SM2_P256:
+         curveId = NID_sm2;
+         break;
+@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(
+     case NID_secp521r1:
+         tpmCurveId = TPM2_ECC_NIST_P521;
+         break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     case NID_sm2:
+         tpmCurveId = TPM2_ECC_SM2_P256;
+         break;
diff --git a/app-crypt/tpm2-tss/metadata.xml b/app-crypt/tpm2-tss/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>salah.coronya@gmail.com</email>
+		<name>Christopher Byrne</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="fapi">Enable feature API (requires openssl as crypto backend)</flag>
+		<flag name="mbedtls">Use <pkg>net-libs/mbedtls</pkg> as crypto engine</flag>
+		<flag name="openssl">Use <pkg>dev-libs/openssl</pkg> as crypto engine</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">tpm2-software/tpm2-tss</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info multilib-minimal tmpfiles udev
+
+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss"
+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0/3"
+KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
+IUSE="doc +fapi +openssl mbedtls static-libs test"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( mbedtls openssl )
+		fapi? ( openssl !mbedtls )"
+
+RDEPEND="acct-group/tss
+	acct-user/tss
+	fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}]
+		>=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] )
+	mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] )
+	openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )"
+
+DEPEND="${RDEPEND}
+	test? ( app-crypt/swtpm
+		dev-libs/uthash
+		dev-util/cmocka
+		fapi? ( >=net-misc/curl-7.80.0 ) )"
+BDEPEND="sys-apps/acl
+	virtual/pkgconfig
+	doc? ( app-doc/doxygen )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch"
+	"${FILESDIR}/${P}-libressl.patch"
+)
+
+pkg_setup() {
+	local CONFIG_CHECK=" \
+		~TCG_TPM
+	"
+	linux-info_pkg_setup
+	kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required"
+}
+
+src_prepare() {
+	default
+
+	# See bug #833887 (and similar); eautoreconf means .pc file gets wrong version.
+	sed -i \
+	"s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \
+		"configure.ac" || die
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE=${S} econf \
+		--localstatedir=/var \
+		$(use_enable doc doxygen-doc) \
+		$(use_enable fapi) \
+		$(use_enable static-libs static) \
+		$(multilib_native_use_enable test unit) \
+		$(multilib_native_use_enable test integration) \
+		$(multilib_native_use_enable test self-generated-certificate) \
+		--disable-tcti-libtpms \
+		--disable-defaultflags \
+		--disable-weakcrypto \
+		--with-crypto="$(usex mbedtls mbed ossl)" \
+		--with-runstatedir=/run \
+		--with-udevrulesdir="$(get_udevdir)/rules.d" \
+		--with-udevrulesprefix=60- \
+		--with-sysusersdir="/usr/lib/sysusers.d" \
+		--with-tmpfilesdir="/usr/lib/tmpfiles.d"
+}
+
+multilib_src_install() {
+	default
+
+	if [[ ${PV} != $(sed -n -e 's/^Version: //p' "${ED}/usr/$(get_libdir)/pkgconfig/tss2-sys.pc" || die) ]] ; then
+		# Safeguard for bug #833887
+		die "pkg-config file version doesn't match ${PV}! Please report a bug!"
+	fi
+
+	find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	tmpfiles_process tpm2-tss-fapi.conf
+	udev_reload
+}
+
+pkg_postrm() {
+	udev_reload
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23