diff options
Diffstat (limited to 'app-crypt/tpm2-tools')
12 files changed, 579 insertions, 65 deletions
diff --git a/app-crypt/tpm2-tools/Manifest b/app-crypt/tpm2-tools/Manifest index bb9cff375869..de6dabd7afff 100644 --- a/app-crypt/tpm2-tools/Manifest +++ b/app-crypt/tpm2-tools/Manifest @@ -1 +1,5 @@ -DIST tpm2-tools-4.2.1.tar.gz 879294 BLAKE2B 7619f72f0fe39360f111822b4ec7a0bb90156f295977115c4612efac33059dd786abfa5d5f46a8fcc134fce11d099b03cb7f9ee01aa3addf5a3bb2455e1eb2d4 SHA512 4da103e70880d72a9aa402dea39ea439a0657729af22f08ac7275022c475ab46cb3dd6123d6846669d9b7f8f9af7b3e3df7c3b1d33cd0149b649b7941c84c339 +DIST tpm2-tools-5.5.tar.gz 1241390 BLAKE2B 2225f9e0835988351f84ed06f914616e25fd65bacaa93b51d0bb04185314efb9a6f60eb3539b250f54b2c2ba590f1b76594df3e625e45c8d37e38d13371bea26 SHA512 24f72a3e9840d531d900e96771a863baae1c71a76fcad0fda8020dff06acd8e3b65b86401ace21f034766403caf9ae97ce710ff6013bb7ed25657a6ecf325470 +DIST tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz 47916 BLAKE2B 1bbc84f58ad46507417c89be1b4ce2450fb33cf3abe8f080c23890d96be85379f135ef1dbf4b580e1a386fa6d5ebc4fbaab351b5238bbf1011bb97b0f49a847b SHA512 3db0daa39a8dc756d7cb25e3673149dc3eeafd7410f2c6537464431b501e3704a886d9b7a9acd71440d6d419649dd471fd6f9247d593c89a30b05774a8d1b3de +DIST tpm2-tools-5.6.1.tar.gz 1255474 BLAKE2B 7fda0084283bbd592c3323605f598ebb77ba267ebb900e62b2eff2742257378d95f99b48aab090f80438a6c86f168e1863f9350c18571a23e17eea90a1b9bdd9 SHA512 7a5903db0578a1364c44ca8ac3672c3cae745e2b0ab66ddf6a91fdb75146441af32dfe4ccad6825bea343fea74bed97f9e45bf752594ee56f32e4cb7be2bed33 +DIST tpm2-tools-5.6.tar.gz 1266731 BLAKE2B fe88722c26d62128cd6dfbdd8ef2568656a75fe27b1443fed28387d0db1f50b7d0651819d34dfa98acde785b4cfb4e7c11420b110bb5333ed2bb6b67cdd4fc70 SHA512 14216f29ed3ecca5fbe356ed3744c8b6b25a62ff11b2aed596d11101328c8bfd29a02f6ca5a218f9a4477a5e9648c50f0ae96e71de0b4ff5ea1f98ebeeb73cd7 +DIST tpm2-tools-5.7.tar.gz 1339035 BLAKE2B 3984f25176e0b092793a33a0b40b396bc650de989e0b600989d11439cccdf7bc410535c01e1a0e985ab67b36b63eb02d392342aa1746b86727ba22d67d522389 SHA512 629b0b1826815877f452935285f7b3fe0f32bd24fe9130eb169a2dc9b7b254a737797043af9eea68be706b87c32ab2b7189151360c9c00bc5c31dce62a799670 diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-4.2.1-libressl.patch b/app-crypt/tpm2-tools/files/tpm2-tools-4.2.1-libressl.patch deleted file mode 100644 index 2f39db3283c3..000000000000 --- a/app-crypt/tpm2-tools/files/tpm2-tools-4.2.1-libressl.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a1ac2ee0c6592e6f730458c03a2abd1532c66046 Mon Sep 17 00:00:00 2001 -From: Salah Coronya <salah.coronya@gmail.com> -Date: Sun, 12 Jan 2020 19:17:48 -0600 -Subject: [PATCH] lib/tpm2_openssl.c: Fix build for libressl - -Signed-off-by: Salah Coronya <salah.coronya@gmail.com> ---- - lib/tpm2_openssl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c -index 505dd7a0..fd3861d9 100644 ---- a/lib/tpm2_openssl.c -+++ b/lib/tpm2_openssl.c -@@ -14,7 +14,7 @@ - #include "tpm2_openssl.h" - - /* compatibility function for OpenSSL versions < 1.1.0 */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - static int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int r; - int topad; --- -2.24.1 - diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch new file mode 100644 index 000000000000..7b6fc8821940 --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch @@ -0,0 +1,15 @@ +diff --git a/Makefile.am b/Makefile.am +index 627983ca..d32f109c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -659,10 +659,3 @@ else + endif + + check: prepare-check +- +-if !HAVE_PANDOC +-# If pandoc is not enabled, we want to complain that you need pandoc for make dist, +-# so hook the target and complain. +- @(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages") +- @exit 1 +-endif diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch new file mode 100644 index 000000000000..01ce4301d4e3 --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch @@ -0,0 +1,47 @@ +https://github.com/tpm2-software/tpm2-tools/pull/3339 + +From 9f244c3f74747b7f79c8c6813657b2f2f8a1c844 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sun, 21 Jan 2024 08:08:28 +0000 +Subject: [PATCH] configure.ac: fix bashisms + +configure scripts need to be runnable with a POSIX-compliant /bin/sh. + +On many (but not all!) systems, /bin/sh is provided by Bash, so errors +like this aren't spotted. Notably Debian defaults to /bin/sh provided +by dash which doesn't tolerate such bashisms as '=='. + +This retains compatibility with bash. + +Fixes configure warnings/errors like: +``` +checking for libcurl... yes +./configure: 15201: test: xauto: unexpected operator +./configure: 15286: test: xauto: unexpected operator +checking for efivar/efivar.h... yes +``` + +This fixes a build error later on too: +``` +/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: lib/libcommon.a(libcommon_a-tpm2_eventlog_yaml.o): in function `yaml_devicepath': +tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x2f): undefined reference to `efidp_format_device_path' +/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x61): undefined reference to `efidp_format_device_path' +``` + +Bug: https://bugs.gentoo.org/922592 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/configure.ac ++++ b/configure.ac +@@ -94,9 +94,9 @@ AC_ARG_WITH([efivar], + ) + + # use the true program to avoid failing hard +-AS_IF([test "x$with_efivar" == "xauto"], ++AS_IF([test "x$with_efivar" = "xauto"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h], , [true])], [true])], +- [test "x$with_efivar" == "xyes"], ++ [test "x$with_efivar" = "xyes"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + + diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch new file mode 100644 index 000000000000..f24cf50aff5c --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch @@ -0,0 +1,123 @@ +From 9cd74df24dbeee81b408e12ac10a98a088008d07 Mon Sep 17 00:00:00 2001 +From: Juergen Repp <juergen_repp@web.de> +Date: Mon, 20 Nov 2023 13:55:36 +0100 +Subject: [PATCH] test eventlog: fix check eventlog.sh if efivar.h exists + +If efivar.h exist a pretty print function for the DevicePath +is executed. Therefore two yaml test files are needed for +the bin test file uefiservices. +Fixes #3302. + +Signed-off-by: Juergen Repp <juergen_repp@web.de> +--- + Makefile.am | 13 ++++++ + configure.ac | 3 ++ + .../event-uefiservices.bin.yaml.pretty | 45 +++++++++++++++++++ + ...n.yaml => event-uefiservices.bin.yaml.raw} | 0 + 4 files changed, 61 insertions(+) + create mode 100644 test/integration/fixtures/event-uefiservices.bin.yaml.pretty + rename test/integration/fixtures/{event-uefiservices.bin.yaml => event-uefiservices.bin.yaml.raw} (100%) + +diff --git a/Makefile.am b/Makefile.am +index 413345cd..ef76dca8 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -352,6 +352,7 @@ TEST_EXTENSIONS = .sh + + check-hook: + rm -rf .lock_file ++ rm -f $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml + + EXTRA_DIST_IGNORE = \ + .gitignore \ +@@ -647,6 +648,18 @@ dist-hook: + for f in $(EXTRA_DIST_IGNORE); do \ + rm -rf `find $(distdir) -name $$f`; \ + done; ++ ++prepare-check: ++if HAVE_EFIVAR_H ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.pretty \ ++ $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml ++else ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.raw \ ++ $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml ++endif ++ ++check: prepare-check ++ + if !HAVE_PANDOC + # If pandoc is not enabled, we want to complain that you need pandoc for make dist, + # so hook the target and complain. +diff --git a/configure.ac b/configure.ac +index 362ae0aa..54224048 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -97,6 +97,9 @@ AS_IF([test "x$with_efivar" == "xauto"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + ++AC_CHECK_HEADERS([efivar/efivar.h],[efivar_h=yes ], [efivar = no ]) ++AM_CONDITIONAL([HAVE_EFIVAR_H], [test "$efivar_h" = yes]) ++ + # backwards compat with older pkg-config + # - pull in AC_DEFUN from pkg.m4 + m4_ifndef([PKG_CHECK_VAR], [ +diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml.pretty b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty +new file mode 100644 +index 00000000..f0819f70 +--- /dev/null ++++ b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty +@@ -0,0 +1,45 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "855685b4dbd4b67d50e0594571055054cfe2b1e9" ++ - AlgorithmId: sha256 ++ Digest: "dd8576b4ff346c19c56c3e4f97ce55c5afa646f9c669be0a7cdd05057a0ecdf3" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7dcf6018 ++ ImageLengthInMemory: 171464 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath1: 'PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Offset(0x12600,0x3c3ff)' ++pcrs: ++ sha1: ++ 2 : 0x5b5f4d5c31664f01670a98a5796a36473671befc ++ sha256: ++ 2 : 0x35fcf9d737c52c971f7c74058d36937dbd7824177fa0f1de3eba3934fcb83b9d +diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml b/test/integration/fixtures/event-uefiservices.bin.yaml.raw +similarity index 100% +rename from test/integration/fixtures/event-uefiservices.bin.yaml +rename to test/integration/fixtures/event-uefiservices.bin.yaml.raw +-- +2.41.0 + diff --git a/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog.sh-Fix-accidental-deletions.patch b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog.sh-Fix-accidental-deletions.patch new file mode 100644 index 000000000000..7274ee40827a --- /dev/null +++ b/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog.sh-Fix-accidental-deletions.patch @@ -0,0 +1,68 @@ +From 4dec5295361d753c3466bc9e8b0ae3a3cc58dff5 Mon Sep 17 00:00:00 2001 +From: Juergen Repp <juergen_repp@web.de> +Date: Thu, 4 Apr 2024 09:42:51 +0200 +Subject: [PATCH] test eventlog.sh Fix accidental deletions. + +* Accidental deletions made in commit 196e3d439407e81040ced054a8ed302489348a9d + are undone. +* python3 is used as default instead of python. + +Signed-off-by: Juergen Repp <juergen_repp@web.de> +--- + test/integration/tests/eventlog.sh | 33 ++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/test/integration/tests/eventlog.sh b/test/integration/tests/eventlog.sh +index 9d5290f0..e7c13706 100755 +--- a/test/integration/tests/eventlog.sh ++++ b/test/integration/tests/eventlog.sh +@@ -3,7 +3,7 @@ + set -E + shopt -s expand_aliases + +-alias python=${PYTHON-python} ++alias python=${PYTHON-python3} + + yaml_validate() { + cmd=$1 +@@ -88,7 +88,36 @@ expect_pass() { + expect_fail + expect_fail foo + expect_fail foo bar +-expect_fail ${srcdir}/test/integration/fix ++expect_fail ${srcdir}/test/integration/fixtures/event-bad.bin ++ ++expect_pass ${srcdir}/test/integration/fixtures/specid-vendordata.bin ++expect_pass ${srcdir}/test/integration/fixtures/event.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefivar.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefiaction.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefiservices.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-uefi-sha1-log.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-bootorder.bin ++expect_pass ${srcdir}/test/integration/fixtures/event-postcode.bin ++ ++# Make sure that --eventlog-version=2 works on complete TPM2 logs ++expect_pass ${srcdir}/test/integration/fixtures/event-arch-linux.bin --eventlog-version=2 ++expect_pass ${srcdir}/test/integration/fixtures/event-gce-ubuntu-2104-log.bin --eventlog-version=2 ++expect_pass ${srcdir}/test/integration/fixtures/event-sd-boot-fedora37.bin --eventlog-version=2 ++expect_pass ${srcdir}/test/integration/fixtures/event-moklisttrusted.bin --eventlog-version=2 ++ ++# Pick an event with leading whitespace and validate we have ++# preserved it correctly after parsing the YAML ++event=$(yaml_validate "print(y['events'][80]['Event']['String'])" < ${srcdir}/test/integration/fixtures/event-moklisttrusted.bin.yaml | tr -d '\0') ++expect=$(echo -e "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\t\tfwsetup\n\t}") ++if test "$event" != "$expect" ++then ++ echo "Got $event" ++ echo "Want $expect" ++ exit 1 ++fi ++ ++# Compare strings generated by tpm2_eventlog with binary data of the corresponding ++# events. + hex_file="${srcdir}/test/integration/fixtures/event-moklisttrusted-hex.yaml" + tool_file="${srcdir}/test/integration/fixtures/event-moklisttrusted.bin.yaml" + +-- +2.43.2 + diff --git a/app-crypt/tpm2-tools/metadata.xml b/app-crypt/tpm2-tools/metadata.xml index 26b4dcbaf517..655f63bb3df0 100644 --- a/app-crypt/tpm2-tools/metadata.xml +++ b/app-crypt/tpm2-tools/metadata.xml @@ -1,11 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person"> + <maintainer type="person" proxied="yes"> <email>salah.coronya@gmail.com</email> - <name>Salah Coronya</name> + <name>Christopher Byrne</name> </maintainer> - <maintainer type="project"> + <maintainer type="project" proxied="proxy"> <email>proxy-maint@gentoo.org</email> <name>Proxy Maintainers</name> </maintainer> diff --git a/app-crypt/tpm2-tools/tpm2-tools-4.2.1.ebuild b/app-crypt/tpm2-tools/tpm2-tools-4.2.1.ebuild deleted file mode 100644 index f791854a95a5..000000000000 --- a/app-crypt/tpm2-tools/tpm2-tools-4.2.1.ebuild +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -DESCRIPTION="Tools for the TPM 2.0 TSS" -HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" -SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64" -IUSE="+fapi libressl" - -# Integration test are now run as part of the testing suite, which will fail -# because none of the supported TPM emulators are in Portage. In a future -# version of tpm2-tools, swtpm will be supported and the tests can be run. -RESTRICT="test" - -RDEPEND="net-misc/curl:= - fapi? ( >=app-crypt/tpm2-tss-2.4.0:=[fapi?] ) - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= )" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" -PATCHES=( - "${FILESDIR}/${P}-libressl.patch" -) - -src_configure() { - econf \ - $(use_enable fapi) \ - $(use_enable !libressl hardening) -} diff --git a/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild b/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild new file mode 100644 index 000000000000..866f1e799d24 --- /dev/null +++ b/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit bash-completion-r1 flag-o-matic python-any-r1 + +DESCRIPTION="Tools for the TPM 2.0 TSS" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" +SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="amd64 arm arm64 ppc64 x86" +IUSE="+fapi test" + +RESTRICT="!test? ( test )" + +RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?] + dev-libs/openssl:= + net-misc/curl + sys-libs/efivar:=" +DEPEND="${RDEPEND} + test? ( + app-crypt/swtpm + app-crypt/tpm2-abrmd + dev-util/cmocka + )" +BDEPEND="virtual/pkgconfig + dev-build/autoconf-archive + test? ( + app-editors/vim-core + dev-tcltk/expect + $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]') + ) + ${PYTHON_DEPS}" + +python_check_deps() { + python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_configure() { + # tests fail with LTO enabbled. See bug 865275 and 865277 + filter-lto + econf \ + $(use_enable fapi) \ + $(use_enable test unit) \ + --with-bashcompdir=$(get_bashcompdir) \ + --enable-hardening +} + +src_install() { + default + mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die + local utils=( "${ED}"/usr/bin/tpm2_* ) + utils=("${utils[@]##*/}") + # these utiltites don't have bash completions + local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig ) + mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}") + bashcomp_alias tpm2 "${utils[@]}" +} diff --git a/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild b/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild new file mode 100644 index 000000000000..ab59eed9520d --- /dev/null +++ b/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit autotools bash-completion-r1 flag-o-matic python-any-r1 + +DESCRIPTION="Tools for the TPM 2.0 TSS" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" +SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="+fapi test" + +RESTRICT="!test? ( test )" + +RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?] + dev-libs/openssl:= + net-misc/curl + sys-libs/efivar:=" +DEPEND="${RDEPEND} + test? ( + app-crypt/swtpm + app-crypt/tpm2-abrmd + dev-util/cmocka + )" +BDEPEND="virtual/pkgconfig + dev-build/autoconf-archive + test? ( + app-editors/vim-core + dev-tcltk/expect + $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]') + ) + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch" + "${WORKDIR}/${PN}-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch" + "${FILESDIR}/${PN}-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch" + "${FILESDIR}/${PN}-5.6-bashism.patch" + "${FILESDIR}/${PN}-5.6-test-eventlog.sh-Fix-accidental-deletions.patch" +) + +python_check_deps() { + python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # tests fail with LTO enabbled. See bug 865275 and 865277 + filter-lto + econf \ + $(use_enable fapi) \ + $(use_enable test unit) \ + --with-bashcompdir=$(get_bashcompdir) \ + --enable-hardening +} + +src_install() { + default + mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die + local utils=( "${ED}"/usr/bin/tpm2_* ) + utils=("${utils[@]##*/}") + # these utiltites don't have bash completions + local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest\ + tpm2_sessionconfig tpm2_tr_encode) + mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}") + bashcomp_alias tpm2 "${utils[@]}" +} diff --git a/app-crypt/tpm2-tools/tpm2-tools-5.6.1.ebuild b/app-crypt/tpm2-tools/tpm2-tools-5.6.1.ebuild new file mode 100644 index 000000000000..f8ad3a1b74c9 --- /dev/null +++ b/app-crypt/tpm2-tools/tpm2-tools-5.6.1.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit autotools bash-completion-r1 flag-o-matic python-any-r1 + +DESCRIPTION="Tools for the TPM 2.0 TSS" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" +SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~ppc64 x86" +IUSE="+fapi test" + +RESTRICT="!test? ( test )" + +RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?] + dev-libs/openssl:= + net-misc/curl + sys-libs/efivar:=" +DEPEND="${RDEPEND} + test? ( + app-crypt/swtpm + app-crypt/tpm2-abrmd + dev-util/cmocka + )" +BDEPEND="virtual/pkgconfig + dev-build/autoconf-archive + test? ( + app-editors/vim-core + dev-tcltk/expect + $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]') + ) + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch" + "${WORKDIR}/${PN}-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch" + "${FILESDIR}/${PN}-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch" + "${FILESDIR}/${PN}-5.6-test-eventlog.sh-Fix-accidental-deletions.patch" +) + +python_check_deps() { + python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # tests fail with LTO enabbled. See bug 865275 and 865277 + filter-lto + econf \ + $(use_enable fapi) \ + $(use_enable test unit) \ + --with-bashcompdir=$(get_bashcompdir) \ + --enable-hardening +} + +src_install() { + default + mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die + local utils=( "${ED}"/usr/bin/tpm2_* ) + utils=("${utils[@]##*/}") + # these utiltites don't have bash completions + local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest\ + tpm2_sessionconfig tpm2_tr_encode) + mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}") + bashcomp_alias tpm2 "${utils[@]}" +} + +src_test() { +# This hook doesn't get invoked consisently, so call it manually +# else one of the tests will fail + emake prepare-check + default +} diff --git a/app-crypt/tpm2-tools/tpm2-tools-5.7.ebuild b/app-crypt/tpm2-tools/tpm2-tools-5.7.ebuild new file mode 100644 index 000000000000..f0c382e9893b --- /dev/null +++ b/app-crypt/tpm2-tools/tpm2-tools-5.7.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit autotools bash-completion-r1 flag-o-matic python-any-r1 + +DESCRIPTION="Tools for the TPM 2.0 TSS" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" +SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="+fapi test" + +RESTRICT="!test? ( test )" + +RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?] + dev-libs/openssl:= + net-misc/curl + sys-libs/efivar:=" +DEPEND="${RDEPEND} + test? ( + app-crypt/swtpm + app-crypt/tpm2-abrmd + dev-util/cmocka + )" +BDEPEND="virtual/pkgconfig + dev-build/autoconf-archive + test? ( + app-editors/vim-core + dev-tcltk/expect + $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]') + ) + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch" +) + +python_check_deps() { + python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # tests fail with LTO enabbled. See bug 865275 and 865277 + filter-lto + econf \ + $(use_enable fapi) \ + $(use_enable test unit) \ + --with-bashcompdir=$(get_bashcompdir) \ + --enable-hardening +} + +src_install() { + default + mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die + local utils=( "${ED}"/usr/bin/tpm2_* ) + utils=("${utils[@]##*/}") + # these utiltites don't have bash completions + local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest\ + tpm2_sessionconfig tpm2_tr_encode) + mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}") + bashcomp_alias tpm2 "${utils[@]}" +} + +src_test() { +# This hook doesn't get invoked consisently, so call it manually +# else one of the tests will fail + emake prepare-check + default +} |