From 26d7d0d7c72adab9e88132fb1e8f2b33d1ea528a Mon Sep 17 00:00:00 2001 From: orbea Date: Tue, 5 Jul 2022 00:01:35 -0700 Subject: [PATCH] app-crypt/tpm2-tss: Add package Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380 Signed-off-by: orbea --- app-crypt/tpm2-tss/Manifest | 1 + ...ont-run-systemd-sysusers-in-Makefile.patch | 29 +++++ .../files/tpm2-tss-3.2.0-libressl.patch | 84 +++++++++++++++ app-crypt/tpm2-tss/metadata.xml | 20 ++++ app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild | 100 ++++++++++++++++++ 5 files changed, 234 insertions(+) create mode 100644 app-crypt/tpm2-tss/Manifest create mode 100644 app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch create mode 100644 app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch create mode 100644 app-crypt/tpm2-tss/metadata.xml create mode 100644 app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest new file mode 100644 index 00000000..fbe15112 --- /dev/null +++ b/app-crypt/tpm2-tss/Manifest @@ -0,0 +1 @@ +DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23 diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch new file mode 100644 index 00000000..b66b6e79 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch @@ -0,0 +1,29 @@ +diff --git a/Makefile.am b/Makefile.am +index 183289f7..c791896c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -689,24 +689,6 @@ endif #FAPI + EXTRA_DIST += dist/tpm-udev.rules + + install-dirs: +-if HOSTOS_LINUX +-if SYSD_SYSUSERS +- @echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf" +- @systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group" +-else +- @echo "call make_tss_user_and_group" +- @$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group" +-endif +-if SYSD_TMPFILES +- @echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf" +- @systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions" +-else +- @echo "(call make_fapi_dirs) && (call set_fapi_permissions)" +- @-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions" +-endif +- @echo "call check_fapi_dirs" +- @$(call check_fapi_dirs) +-endif + + install-data-hook: install-dirs + -if [ ! -z "$(udevrulesprefix)" ]; then \ diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch new file mode 100644 index 00000000..211424c1 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch @@ -0,0 +1,84 @@ +Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380 + +From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001 +From: orbea +Date: Mon, 4 Jul 2022 23:55:18 -0700 +Subject: [PATCH] Support LibreSSL + +This works with LibreSSL 3.5.x. + +Signed-off-by: orbea +--- + src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++--- + src/tss2-fapi/fapi_crypto.c | 4 ++-- + 2 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c +index 89d312f70..961d7707f 100644 +--- a/src/tss2-esys/esys_crypto_ossl.c ++++ b/src/tss2-esys/esys_crypto_ossl.c +@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context, + "Error EVP_MD_CTX_create", cleanup); + } + +-#if OPENSSL_VERSION_NUMBER < 0x10101000L ++#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER) + if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) { + #else + /* this is preferred, but available since OpenSSL 1.1.1 only */ +@@ -558,7 +558,11 @@ iesys_cryptossl_random2b( + int rc; + #if OPENSSL_VERSION_NUMBER < 0x30000000L + const RAND_METHOD *rand_save = RAND_get_rand_method(); ++#ifdef LIBRESSL_VERSION_NUMBER ++ RAND_set_rand_method(RAND_SSLeay()); ++#else + RAND_set_rand_method(RAND_OpenSSL()); ++#endif + #else + OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); + if (!libctx) +@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, + RSA *rsa_key = NULL; + const EVP_MD * hashAlg = NULL; + const RAND_METHOD *rand_save = RAND_get_rand_method(); +- ++#ifdef LIBRESSL_VERSION_NUMBER ++ RAND_set_rand_method(RAND_SSLeay()); ++#else + RAND_set_rand_method(RAND_OpenSSL()); ++#endif + #else + OSSL_LIB_CTX *libctx = NULL; + EVP_MD * hashAlg = NULL; +@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key, + curveId = NID_secp521r1; + key_size = 66; + break; +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + case TPM2_ECC_SM2_P256: + curveId = NID_sm2; + key_size = 32; +diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c +index 2fe37c0c4..c1563237a 100644 +--- a/src/tss2-fapi/fapi_crypto.c ++++ b/src/tss2-fapi/fapi_crypto.c +@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey) + case TPM2_ECC_NIST_P521: + curveId = NID_secp521r1; + break; +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + case TPM2_ECC_SM2_P256: + curveId = NID_sm2; + break; +@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp( + case NID_secp521r1: + tpmCurveId = TPM2_ECC_NIST_P521; + break; +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + case NID_sm2: + tpmCurveId = TPM2_ECC_SM2_P256; + break; diff --git a/app-crypt/tpm2-tss/metadata.xml b/app-crypt/tpm2-tss/metadata.xml new file mode 100644 index 00000000..0a726fa2 --- /dev/null +++ b/app-crypt/tpm2-tss/metadata.xml @@ -0,0 +1,20 @@ + + + + + salah.coronya@gmail.com + Christopher Byrne + + + proxy-maint@gentoo.org + Proxy Maintainers + + + Enable feature API (requires openssl as crypto backend) + Use net-libs/mbedtls as crypto engine + Use dev-libs/openssl as crypto engine + + + tpm2-software/tpm2-tss + + diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild new file mode 100644 index 00000000..bc8875bd --- /dev/null +++ b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools linux-info multilib-minimal tmpfiles udev + +DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tss" +SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD-2" +SLOT="0/3" +KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86" +IUSE="doc +fapi +openssl mbedtls static-libs test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="^^ ( mbedtls openssl ) + fapi? ( openssl !mbedtls )" + +RDEPEND="acct-group/tss + acct-user/tss + fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}] + >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] ) + mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] ) + openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )" + +DEPEND="${RDEPEND} + test? ( app-crypt/swtpm + dev-libs/uthash + dev-util/cmocka + fapi? ( >=net-misc/curl-7.80.0 ) )" +BDEPEND="sys-apps/acl + virtual/pkgconfig + doc? ( app-doc/doxygen )" + +PATCHES=( + "${FILESDIR}/${PN}-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch" + "${FILESDIR}/${P}-libressl.patch" +) + +pkg_setup() { + local CONFIG_CHECK=" \ + ~TCG_TPM + " + linux-info_pkg_setup + kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required" +} + +src_prepare() { + default + + # See bug #833887 (and similar); eautoreconf means .pc file gets wrong version. + sed -i \ + "s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \ + "configure.ac" || die + + eautoreconf +} + +multilib_src_configure() { + ECONF_SOURCE=${S} econf \ + --localstatedir=/var \ + $(use_enable doc doxygen-doc) \ + $(use_enable fapi) \ + $(use_enable static-libs static) \ + $(multilib_native_use_enable test unit) \ + $(multilib_native_use_enable test integration) \ + $(multilib_native_use_enable test self-generated-certificate) \ + --disable-tcti-libtpms \ + --disable-defaultflags \ + --disable-weakcrypto \ + --with-crypto="$(usex mbedtls mbed ossl)" \ + --with-runstatedir=/run \ + --with-udevrulesdir="$(get_udevdir)/rules.d" \ + --with-udevrulesprefix=60- \ + --with-sysusersdir="/usr/lib/sysusers.d" \ + --with-tmpfilesdir="/usr/lib/tmpfiles.d" +} + +multilib_src_install() { + default + + if [[ ${PV} != $(sed -n -e 's/^Version: //p' "${ED}/usr/$(get_libdir)/pkgconfig/tss2-sys.pc" || die) ]] ; then + # Safeguard for bug #833887 + die "pkg-config file version doesn't match ${PV}! Please report a bug!" + fi + + find "${D}" -name '*.la' -delete || die +} + +pkg_postinst() { + tmpfiles_process tpm2-tss-fapi.conf + udev_reload +} + +pkg_postrm() { + udev_reload +}