diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..540596e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tpm2-abrmd-2.0.0.tar.gz diff --git a/.tpm2-abrmd.metadata b/.tpm2-abrmd.metadata new file mode 100644 index 0000000..cb67256 --- /dev/null +++ b/.tpm2-abrmd.metadata @@ -0,0 +1 @@ +3df5896c55f6ffd520c4ff3c1f4b1d65f8738417 SOURCES/tpm2-abrmd-2.0.0.tar.gz diff --git a/SOURCES/tcti-dynamic-Make-the-tss2-device-TCTI-library-SONAM.patch b/SOURCES/tcti-dynamic-Make-the-tss2-device-TCTI-library-SONAM.patch new file mode 100644 index 0000000..13b2f6c --- /dev/null +++ b/SOURCES/tcti-dynamic-Make-the-tss2-device-TCTI-library-SONAM.patch @@ -0,0 +1,106 @@ +From 9c4a30c22725948537911dafa664d3741fd0249b Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 4 Jul 2018 16:04:15 +0200 +Subject: [PATCH 1/1] tcti-dynamic: Make the tss2 device TCTI library SONAME + the default + +The raw libtss2-tcti-device.so is only included in the development package +but the tpm2-abrmd tries to dynamically load this instead of the library's +SONAME which is included in the tpm2-tss package. + +This was reported in [0] and partially fixed by the commit d2f0b2d1f0f +("tcti-util: Use proper SONAME for TCTI dlopen"). But I still needed these +changes so the tpm2-abrmd daemon could lookup the correct library name. + +[0]: https://lists.01.org/pipermail/tpm2/2018-May/000700.html + +Signed-off-by: Javier Martinez Canillas +--- + man/tpm2-abrmd.8.in | 12 ++++++------ + src/tabrmd.h | 2 +- + src/tcti-dynamic.c | 2 +- + src/tcti-dynamic.h | 2 +- + 4 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/man/tpm2-abrmd.8.in b/man/tpm2-abrmd.8.in +index c745a7e5eac..e02cbf44a16 100644 +--- a/man/tpm2-abrmd.8.in ++++ b/man/tpm2-abrmd.8.in +@@ -25,7 +25,7 @@ is formatted as "tcti-name:tcti-conf" where: + .IP 'tcti-name' + The name of the TCTI library shared object file. Libraries are found using + the same algorithm as dlopen (3). If the TCTI library file name follows the +-naming convention: \fBlibtss2-tcti-.so\fR where is the name for ++naming convention: \fBlibtss2-tcti-.so.0\fR where is the name for + the TCTI, the value of \fB\fR may be supplied in place of the full + library file name. See 'EXAMPLES' below. + .IP 'tcti-conf' +@@ -89,21 +89,21 @@ Execute daemon with default TCTI and provided config string: + This is equivalent to: + .B tpm2-abrmd --tcti="device:/dev/tpm0" + .br +-.B tpm2-abrmd --tcti="libtss2-tcti-device.so:/dev/tpm0" ++.B tpm2-abrmd --tcti="libtss2-tcti-device.so.0:/dev/tpm0" + .TP + Have daemon use Microsoft/IBM TPM2 Simulator tcti library +-'libtss2-tcti-mssim.so'. ++'libtss2-tcti-mssim.so.0'. + This connects to a TPM2 simulator via a TCP mssim. + .br + .B tpm2-abrmd --tcti="mssim" + .br +-.B tpm2-abrmd --tcti="libtss2-tcti-mssim.so" ++.B tpm2-abrmd --tcti="libtss2-tcti-mssim.so.0" + .TP +-Have daemon use tcti library 'libtss2-tcti-mssim.so' and config string ++Have daemon use tcti library 'libtss2-tcti-mssim.so.0' and config string + 'tcp://127.0.0.1:5555': + .B tpm2-abrmd --tcti=mssim:tcp://127.0.0.1:5555" + .br +-.B tpm2-abrmd --tcti="libtss2-tcti-mssim.so:tcp://127.0.0.1:5555" ++.B tpm2-abrmd --tcti="libtss2-tcti-mssim.so.0:tcp://127.0.0.1:5555" + .SH AUTHOR + Philip Tricca + .SH "SEE ALSO" +diff --git a/src/tabrmd.h b/src/tabrmd.h +index 7e0eb02b4ef..ed9d7dd063b 100644 +--- a/src/tabrmd.h ++++ b/src/tabrmd.h +@@ -43,7 +43,7 @@ + #define TABRMD_ENTROPY_SRC_DEFAULT "/dev/urandom" + #define TABRMD_SESSIONS_MAX_DEFAULT 4 + #define TABRMD_SESSIONS_MAX 64 +-#define TABRMD_TCTI_FILENAME_DEFAULT "libtss2-tcti-device.so" ++#define TABRMD_TCTI_FILENAME_DEFAULT "libtss2-tcti-device.so.0" + #define TABRMD_TCTI_CONF_DEFAULT NULL + #define TABRMD_TRANSIENT_MAX_DEFAULT 27 + #define TABRMD_TRANSIENT_MAX 100 +diff --git a/src/tcti-dynamic.c b/src/tcti-dynamic.c +index f3e0b6db694..852eb70b2ea 100644 +--- a/src/tcti-dynamic.c ++++ b/src/tcti-dynamic.c +@@ -139,7 +139,7 @@ tcti_dynamic_class_init (TctiDynamicClass *klass) + g_param_spec_string ("file-name", + "TCTI library file", + "Library file containing TCTI implementation.", +- "libtss2-tcti-device.so", ++ "libtss2-tcti-device.so.0", + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY); + obj_properties[PROP_CONF_STR] = + g_param_spec_string ("conf-str", +diff --git a/src/tcti-dynamic.h b/src/tcti-dynamic.h +index 08691a66d58..2ed0eaea640 100644 +--- a/src/tcti-dynamic.h ++++ b/src/tcti-dynamic.h +@@ -34,7 +34,7 @@ + + G_BEGIN_DECLS + +-#define TCTI_DYNAMIC_DEFAULT_FILE_NAME "libtss2-tcti-device.so" ++#define TCTI_DYNAMIC_DEFAULT_FILE_NAME "libtss2-tcti-device.so.0" + #define TCTI_DYNAMIC_DEFAULT_CONF_STR "/dev/tpm0" + + typedef struct _TctiDynamicClass { +-- +2.17.1 + diff --git a/SPECS/tpm2-abrmd.spec b/SPECS/tpm2-abrmd.spec new file mode 100644 index 0000000..260d2a2 --- /dev/null +++ b/SPECS/tpm2-abrmd.spec @@ -0,0 +1,146 @@ +%global selinuxtype targeted + +Name: tpm2-abrmd +Version: 2.0.0 +Release: 3%{?dist} +Summary: A system daemon implementing TPM2 Access Broker and Resource Manager + +License: BSD +URL: https://github.com/tpm2-software/tpm2-abrmd +Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/%{name}-%{version}.tar.gz + +Patch0: tcti-dynamic-Make-the-tss2-device-TCTI-library-SONAM.patch + +%{?systemd_requires} +BuildRequires: systemd +BuildRequires: libtool +BuildRequires: autoconf-archive +BuildRequires: pkgconfig(cmocka) +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: pkgconfig(tss2-sys) +# tpm2-abrmd depends on tpm2-tss-devel for tss2-mu/sys libs +BuildRequires: tpm2-tss-devel >= 2.0.0-2%{?dist} + +# tpm2-abrmd depends on the package that contains its SELinux policy module +Requires: (%{name}-selinux >= %{version}-1%{?dist} if selinux-policy-%{selinuxtype}) + +%description +tpm2-abrmd is a system daemon implementing the TPM2 access broker (TAB) and +Resource Manager (RM) spec from the TCG. + +%prep +%autosetup -p1 -n %{name}-%{version} + +%build +%configure --disable-static --disable-silent-rules \ + --with-systemdsystemunitdir=%{_unitdir} \ + --with-systemdpresetdir=%{_presetdir} +%make_build + +%install +%make_install +find %{buildroot}%{_libdir} -type f -name \*.la -delete + +%pre +getent group tss >/dev/null || groupadd -g 59 -r tss +getent passwd tss >/dev/null || \ +useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \ + -c "Account used by the tpm2-abrmd package to sandbox the tpm2-abrmd daemon" tss +exit 0 + +%files +%doc README.md CHANGELOG.md +%license LICENSE +%{_libdir}/libtss2-tcti-tabrmd.so.* +%{_sbindir}/tpm2-abrmd +%config(noreplace) %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf +%{_datarootdir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service +%{_unitdir}/tpm2-abrmd.service +%{_presetdir}/tpm2-abrmd.preset +%{_mandir}/man3/Tss2_Tcti_Tabrmd_Init.3.gz +%{_mandir}/man7/tss2-tcti-tabrmd.7.gz +%{_mandir}/man8/tpm2-abrmd.8.gz + + +%package devel +Summary: Headers, static libraries and package config files of tpm2-abrmd +Requires: %{name}%{_isa} = %{version}-%{release} +# tpm2-abrmd-devel depends on tpm2-tss-devel for tss2-mu/sys libs +Requires: tpm2-tss-devel%{?_isa} >= 2.0.0-1%{?dist} + +%description devel +This package contains headers, static libraries and package config files +required to build applications that use tpm2-abrmd. + +%files devel +%{_includedir}/tss2/tss2-tcti-tabrmd.h +%{_libdir}/libtss2-tcti-tabrmd.so +%{_libdir}/pkgconfig/tss2-tcti-tabrmd.pc + +# on package installation +%post +/sbin/ldconfig +%systemd_post tpm2-abrmd.service + +%preun +%systemd_preun tpm2-abrmd.service + +%postun +/sbin/ldconfig +%systemd_postun tpm2-abrmd.service + +%changelog +* Wed Feb 06 2019 Jerry Snitselaar - 2.0.0-3 +- Fix tpm2-abrmd-selinux Requires +resolves: rhbz#1642000 + +* Sat Jul 14 2018 Fedora Release Engineering - 2.0.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 04 2018 Javier Martinez Canillas - 2.0.0-1 +- Download the distributed tarball instead of the source code tarball +- Update URLs to point to the new project location +- Update to 2.0.0 release + +* Fri Feb 23 2018 Javier Martinez Canillas - 1.1.0-12 +- Don't install udev rule for TPM character devices + +* Wed Feb 21 2018 Javier Martinez Canillas - 1.1.0-11 +- Remove ExclusiveArch: x86_64 directive + +* Thu Feb 15 2018 Javier Martinez Canillas - 1.1.0-10 +- Remove %%{_isa} from BuildRequires (RHBZ#1545210) + +* Fri Feb 09 2018 Fedora Release Engineering - 1.1.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Oct 25 2017 Peter Jones - 1.1.0-8 +- Make only tpm2-abrmd-devel have a runtime dep on tpm2-tools-devel + +* Wed Oct 18 2017 Jerry Snitselaar - 1.1.0-7 +- tcti-abrmd: Fix null deref + +* Fri Oct 13 2017 Sun Yunying - 1.1.0-6 +- Add tss user if doesn't currently exist - PR#1 from Jerry Snitselaar +- Removed source tarball and cleared it from .gitignore + +* Wed Aug 16 2017 Sun Yunying - 1.1.0-5 +- Updated source0 URL to fix rpmlint warnings + +* Tue Aug 15 2017 Sun Yunying - 1.1.0-4 +- Rename and relocate udev rules file to _udevrulesdir +- Update scriptlet to add service name after systemd_postrun + +* Tue Aug 1 2017 Sun Yunying - 1.1.0-3 +- Use config option with-systemdsystemunitdir to set systemd unit file location + +* Mon Jul 31 2017 Sun Yunying - 1.1.0-2 +- Removed BuildRequires for gcc +- Move tpm2-abrmd systemd service to /usr/lib/systemd/system +- Added scriptlet for tpm2-abrmd systemd service +- Use autoreconf instead of bootstrap + +* Wed Jul 26 2017 Sun Yunying - 1.1.0-1 +- Initial packaging