summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Byrne <salah.coronya@gmail.com>2024-03-07 20:17:31 -0600
committerMichał Górny <mgorny@gentoo.org>2024-03-08 19:28:43 +0100
commitc4911ac3943c60832bce5210e5839f326db707d5 (patch)
treeb666276fcd3cc290c5d110a5347959ebf9980345 /app-crypt
parentdev-util/maturin: Build maturin executable via cargo.eclass (diff)
downloadgentoo-c4911ac3943c60832bce5210e5839f326db707d5.tar.gz
gentoo-c4911ac3943c60832bce5210e5839f326db707d5.tar.bz2
gentoo-c4911ac3943c60832bce5210e5839f326db707d5.zip
app-crypt/tpm2-tss: Don't fail tmpfiles_process where /sys is restricted
Closes: https://bugs.gentoo.org/893636 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/35661 Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch27
-rw-r--r--app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild109
2 files changed, 136 insertions, 0 deletions
diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch
new file mode 100644
index 000000000000..83f123ffdc52
--- /dev/null
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch
@@ -0,0 +1,27 @@
+From 0632885d08917092ffc8d98febd158745a74465a Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Fri, 4 Aug 2023 16:07:52 +0200
+Subject: [PATCH] Do not consider failures to write files in /sys hard errors
+
+systemd-tmpfiles can run in containers, chroots, ... where writing to /sys will fail, so let's suffix these lines with "-" to avoid considering these cases hard errors.
+
+Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
+---
+ dist/tmpfiles.d/tpm2-tss-fapi.conf.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in
+index 7ea3c652..51ff78e5 100644
+--- a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in
++++ b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in
+@@ -3,5 +3,5 @@ d @localstatedir@/lib/tpm2-tss/system/keystore 2775 tss tss -
+ a+ @localstatedir@/lib/tpm2-tss/system/keystore - - - - default:group:tss:rwx
+ d @runstatedir@/tpm2-tss/eventlog 2775 tss tss - -
+ a+ @runstatedir@/tpm2-tss/eventlog - - - - default:group:tss:rwx
+-z /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - -
+-z /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - -
++z- /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - -
++z- /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - -
+--
+2.43.0
+
diff --git a/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild b/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild
new file mode 100644
index 000000000000..558f221a5be8
--- /dev/null
+++ b/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild
@@ -0,0 +1,109 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic linux-info multilib-minimal tmpfiles udev
+
+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss"
+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0/4"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="doc +fapi +openssl mbedtls +policy static-libs test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+ ^^ ( mbedtls openssl )
+ fapi? ( openssl !mbedtls )
+ policy? ( openssl !mbedtls )
+"
+
+RDEPEND="
+ acct-group/tss
+ acct-user/tss
+ sys-apps/util-linux:=[${MULTILIB_USEDEP}]
+ fapi? (
+ dev-libs/json-c:=[${MULTILIB_USEDEP}]
+ >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}]
+ )
+ mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] )
+ openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="
+ ${RDEPEND}
+ test? ( app-crypt/swtpm
+ dev-libs/uthash
+ dev-util/cmocka
+ fapi? ( >=net-misc/curl-7.80.0 ) )
+"
+
+BDEPEND="
+ sys-apps/acl
+ virtual/pkgconfig
+ doc? ( app-text/doxygen )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch"
+ "${FILESDIR}/${PN}-4.0.1-Make-sysusers-and-tmpfiles-optional.patch"
+ "${FILESDIR}/${PN}-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch"
+)
+
+pkg_setup() {
+ local CONFIG_CHECK="~TCG_TPM"
+ linux-info_pkg_setup
+ kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required"
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # Fails with inlining
+ filter-flags -fno-semantic-interposition
+ # tests fail with LTO enabbled. See bug 865275 and 865279
+ filter-lto
+
+ local myconf=(
+ --localstatedir=/var
+ $(multilib_native_use_enable doc doxygen-doc)
+ $(use_enable fapi)
+ $(use_enable policy)
+ $(use_enable static-libs static)
+ $(multilib_native_use_enable test unit)
+ $(multilib_native_use_enable test integration)
+ $(multilib_native_use_enable test self-generated-certificate)
+ --disable-tcti-libtpms
+ --disable-defaultflags
+ --disable-weakcrypto
+ --with-crypto="$(usex mbedtls mbed ossl)"
+ --with-runstatedir=/run
+ --with-udevrulesdir="$(get_udevdir)/rules.d"
+ --with-udevrulesprefix=60-
+ --without-sysusersdir
+ --with-tmpfilesdir="/usr/lib/tmpfiles.d"
+ )
+
+ ECONF_SOURCE=${S} econf "${myconf[@]}"
+}
+
+multilib_src_install() {
+ default
+ keepdir /var/lib/tpm2-tss/system/keystore
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ tmpfiles_process tpm2-tss-fapi.conf
+ udev_reload
+}
+
+pkg_postrm() {
+ udev_reload
+}