diff options
Diffstat (limited to 'app-crypt/tpm2-tss/files')
7 files changed, 153 insertions, 37 deletions
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch deleted file mode 100644 index c916bbf0133c..000000000000 --- a/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index c543a287..58187f7e 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -558,10 +558,6 @@ uninstall-local: - -rm $(DESTDIR)$(udevrulesdir)/$(udevrulesprefix)tpm-udev.rules - endif - --# Create tss user and FAPI directories directly after installation (vs. after a reboot) --install-exec-hook: -- systemd-sysusers && systemd-tmpfiles --create || true -- - uninstall-hook: - cd $(DESTDIR)$(man3dir) && \ - [ -L Tss2_TctiLdr_Initialize_Ex.3 ] && \ diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-fix-tmpfiles-path.patch b/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-fix-tmpfiles-path.patch deleted file mode 100644 index 93a1fed8a877..000000000000 --- a/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-fix-tmpfiles-path.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/dist/fapi-config.json.in b/dist/fapi-config.json.in -index e32a3c36..4aa636e2 100644 ---- a/dist/fapi-config.json.in -+++ b/dist/fapi-config.json.in -@@ -2,7 +2,7 @@ - "profile_name": "P_RSA2048SHA256", - "profile_dir": "@sysconfdir@/tpm2-tss/fapi-profiles/", - "user_dir": "~/@userstatedir@/tpm2-tss/user/keystore", -- "system_dir": "@localstatedir@/lib/tpm2-tss/system/keystore", -+ "system_dir": "@localstatedir@/tpm2-tss/system/keystore", - "tcti": "", - "system_pcrs" : [], - "log_dir" : "@runstatedir@/tpm2-tss/eventlog/" -diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in -index 1793c4d7..3f0c8380 100644 ---- a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in -+++ b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in -@@ -1,3 +1,3 @@ - #Type Path Mode User Group Age Argument --d @localstatedir@/lib/tpm2-tss/system/keystore 775 tss tss - - -+d @localstatedir@/tpm2-tss/system/keystore 775 tss tss - - - d @runstatedir@/tpm2-tss/eventlog 775 tss tss - - diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch new file mode 100644 index 000000000000..ca51ab7f9382 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch @@ -0,0 +1,26 @@ +diff --git a/Makefile.am b/Makefile.am +index 2c81cfa9..2673995c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -767,13 +767,11 @@ define set_tss_permissions + endef + + define make_fapi_dirs +- ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \ + ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) + endef + + define set_fapi_permissions + if test -z "${DESTDIR}"; then \ e +- ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \ + ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \ + fi + endef +@@ -784,7 +782,6 @@ endef + + define check_fapi_dirs + if test -z "${DESTDIR}"; then \ +- ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \ + ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \ + fi; + endef diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch new file mode 100644 index 000000000000..83f123ffdc52 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch @@ -0,0 +1,27 @@ +From 0632885d08917092ffc8d98febd158745a74465a Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 4 Aug 2023 16:07:52 +0200 +Subject: [PATCH] Do not consider failures to write files in /sys hard errors + +systemd-tmpfiles can run in containers, chroots, ... where writing to /sys will fail, so let's suffix these lines with "-" to avoid considering these cases hard errors. + +Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> +--- + dist/tmpfiles.d/tpm2-tss-fapi.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +index 7ea3c652..51ff78e5 100644 +--- a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in ++++ b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +@@ -3,5 +3,5 @@ d @localstatedir@/lib/tpm2-tss/system/keystore 2775 tss tss - + a+ @localstatedir@/lib/tpm2-tss/system/keystore - - - - default:group:tss:rwx + d @runstatedir@/tpm2-tss/eventlog 2775 tss tss - - + a+ @runstatedir@/tpm2-tss/eventlog - - - - default:group:tss:rwx +-z /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - +-z /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - ++z- /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - ++z- /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - +-- +2.43.0 + diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch new file mode 100644 index 000000000000..d93fcf9ef2d6 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch @@ -0,0 +1,50 @@ +From 75f53cf7eab591870ce735203995d01d2f577187 Mon Sep 17 00:00:00 2001 +From: Christopher Byrne <salah.coronya@gmail.com> +Date: Tue, 13 Jun 2023 21:40:56 -0500 +Subject: [PATCH] configure.ac: Make sysusers and tmpfiles optional + +Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> +--- + Makefile.am | 6 +++++- + configure.ac | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 2c81cfa9..98965fa7 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -563,10 +563,14 @@ fapi-config.json: dist/fapi-config.json.in + -e 's|[@]sysmeasurements@|$(sysmeasurements)|g' \ + < "$<" > "$@" + ++if SYSD_SYSUSERS + sysusers_DATA = dist/sysusers.d/tpm2-tss.conf +-tmpfiles_DATA = tpm2-tss-fapi.conf ++endif + ++if SYSD_TMPFILES ++tmpfiles_DATA = tpm2-tss-fapi.conf + CLEANFILES += tpm2-tss-fapi.conf ++endif + + # We have to do this ourselves, in order to get absolute paths + tpm2-tss-fapi.conf: dist/tmpfiles.d/tpm2-tss-fapi.conf.in +diff --git a/configure.ac b/configure.ac +index b6550278..2d478147 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -550,9 +550,9 @@ AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_cer + + # Check for systemd helper tools used by make install + AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes) +-AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") ++AM_CONDITIONAL([SYSD_SYSUSERS], [test "x$systemd_sysusers" = "xyes" && test "x$sysusersdir" != "xno"]) + AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) +-AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") ++AM_CONDITIONAL([SYSD_TMPFILES], [test "x$systemd_tmpfiles" = "xyes" && test "x$tmpfilesdir" != "xno"]) + + # Check all tools used by make install + AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], +-- +2.39.3 + diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Dont-install-files-into-run.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Dont-install-files-into-run.patch new file mode 100644 index 000000000000..022cd6145c18 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Dont-install-files-into-run.patch @@ -0,0 +1,26 @@ +diff --git a/Makefile.am b/Makefile.am +index 07b7a2bf..e478fc77 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -770,13 +770,11 @@ define set_tss_permissions + endef + + define make_fapi_dirs +- ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \ + ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) + endef + + define set_fapi_permissions + if test -z "${DESTDIR}"; then \ +- ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \ + ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \ + fi + endef +@@ -787,7 +785,6 @@ endef + + define check_fapi_dirs + if test -z "${DESTDIR}"; then \ +- ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \ + ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \ + fi; + endef diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Hide-write-all-function.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Hide-write-all-function.patch new file mode 100644 index 000000000000..bd682df53bac --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.2-Hide-write-all-function.patch @@ -0,0 +1,24 @@ +diff --git a/src/util/io.c b/src/util/io.c +index c6446826..50c0fd6c 100644 +--- a/src/util/io.c ++++ b/src/util/io.c +@@ -81,6 +81,7 @@ read_all ( + return recvd_total; + } + ++__attribute__ ((visibility("hidden"))) + ssize_t + write_all ( + SOCKET fd, +diff --git a/src/util/io.h b/src/util/io.h +index 25dd5c45..fec391d8 100644 +--- a/src/util/io.h ++++ b/src/util/io.h +@@ -70,6 +70,7 @@ read_all ( + * are detected. This is currently limited to interrupted system calls and + * short writes. + */ ++__attribute__ ((visibility("hidden"))) + ssize_t + write_all ( + SOCKET fd, |