recipes-tpm: use this for common tpm recipes

a bit of re-org Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-07 04:58:47 +00:00 · 2023-04-26 09:56:38 -04:00
parent 250b67fc6f
commit 617f0af2dc
8 changed files with 0 additions and 0 deletions
@@ -0,0 +1,26 @@
+From 09e7dd42e5201d079bad70e9f7cc6033ce1c7cad Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Fri, 3 Feb 2017 10:58:22 -0500
+Subject: [PATCH] Convert another vdprintf to dprintf
+
+Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/tpm_library.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/src/tpm_library.c
+===================================================================
+--- git.orig/src/tpm_library.c
+++ git/src/tpm_library.c
+@@ -427,7 +427,7 @@ void TPMLIB_LogPrintfA(unsigned int inde
+             indent = sizeof(spaces) - 1;
+         memset(spaces, ' ', indent);
+         spaces[indent] = 0;
+-        vdprintf(debug_fd, spaces, NULL);
+        dprintf(debug_fd, "%s", spaces);
+     }
+ 
+     va_start(args, format);
@@ -0,0 +1,33 @@
+From 6a9b4e5d70f770aa9ca31e3e6d3b1ae72c192070 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Tue, 31 Jan 2017 20:10:51 -0500
+Subject: [PATCH] Use format '%s' for call to dprintf
+
+Fix the dprintf call to use a format parameter that otherwise causes
+errors with gcc on certain platforms.
+
+Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+
+Upstream-Status: Backport
+replaces local patch
+Signed-off-by: Armin Kuster <akuster@mvsita.com>
+
+---
+ src/tpm_library.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/src/tpm_library.c
+===================================================================
+--- git.orig/src/tpm_library.c
+++ git/src/tpm_library.c
+@@ -405,8 +405,8 @@ int TPMLIB_LogPrintf(const char *format,
+     }
+ 
+     if (debug_prefix)
+-        dprintf(debug_fd, debug_prefix);
+-    dprintf(debug_fd, buffer);
+        dprintf(debug_fd, "%s", debug_prefix);
+    dprintf(debug_fd, "%s", buffer);
+ 
+     return i;
+ }
@@ -0,0 +1,48 @@
+Upstream-Status: Pending
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+Index: git/src/swtpm/ctrlchannel.c
+===================================================================
+--- git.orig/src/swtpm/ctrlchannel.c
+++ git/src/swtpm/ctrlchannel.c
+@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
+     uint32_t tpm_number = 0;
+     unsigned char *blob = NULL;
+     uint32_t blob_length = be32toh(pss->u.req.length);
+-    uint32_t remain = blob_length, offset = 0;
+    ssize_t remain = (ssize_t) blob_length;
+    uint32_t offset = 0;
+     TPM_RESULT res;
+     uint32_t flags = be32toh(pss->u.req.state_flags);
+     TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
+Index: git/src/swtpm_ioctl/tpm_ioctl.c
+===================================================================
+--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
+++ git/src/swtpm_ioctl/tpm_ioctl.c
+@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
+         numbytes = write(file_fd, pgs.u.resp.data,
+                          devtoh32(is_chardev, pgs.u.resp.length));
+ 
+-        if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
+        if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
+             fprintf(stderr,
+                     "Could not write to file '%s': %s\n",
+                     filename, strerror(errno));
+@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
+                had_error = true;
+                break;
+             }
+-            pss.u.req.length = htodev32(is_chardev, numbytes);
+            pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
+ 
+             /* the returnsize is zero on all intermediate packets */
+             returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
+@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
+             return EXIT_FAILURE;
+         }
+         /* no tpm_result here */
+-        printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
+        printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
+ 
+     } else if (!strcmp(command, "-i")) {
+         init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
@@ -0,0 +1,16 @@
+SUMMARY = "LIBPM - Software TPM Library"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
+
+SRCREV = "df1c3e98d697f3c1f09262d2ba161a7db784d6cc"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https"
+
+PE = "1"
+
+S = "${WORKDIR}/git"
+inherit autotools-brokensep pkgconfig perlnative
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+
+BBCLASSEXTEND = "native"
@@ -0,0 +1,31 @@
+From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster@mvista.com>
+Date: Tue, 14 Mar 2017 22:59:36 -0700
+Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl
+
+ error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp]
+ #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/swtpm/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c
+index f16cab6..7da8606 100644
+--- a/src/swtpm/logging.c
+++ b/src/swtpm/logging.c
+@@ -45,7 +45,7 @@
+ #include <errno.h>
+ #include <string.h>
+ #include <sys/types.h>
+-#include <sys/fcntl.h>
+#include <fcntl.h>
+ #include <sys/stat.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+-- 
+2.11.0
+
@@ -0,0 +1,66 @@
+From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@gmail.com>
+Date: Thu, 13 Oct 2016 02:03:56 -0700
+Subject: [PATCH 1/4] swtpm: add new package
+
+Upstream-Status: Inappropriate [OE config]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Rebased to current tip.
+
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+
+---
+ configure.ac | 34 ++++++++++------------------------
+ 1 file changed, 10 insertions(+), 24 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index abf5be1..85ed6ac 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
+ dnl We have to make sure libtpms is using the same crypto library
+ dnl to avoid problems
+ AC_MSG_CHECKING([the crypto library libtpms is using])
+-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
+-       sed -n '/SEARCH_DIR/p' | \
+-       sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \
+-       sed 's|=/|/|g')
+-for dir in $dirs $LIBRARY_PATH; do
+-  if test -r $dir/libtpms.so; then
+-    if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+-      libtpms_cryptolib="openssl"
+-      break
+-    fi
+-    if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+-      libtpms_cryptolib="freebl"
+-      break
+-    fi
+dir="$SEARCH_DIR"
+if test -r $dir/libtpms.so; then
+  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+    libtpms_cryptolib="openssl"
+    break
+   fi
+-  case $host_os in
+-  cygwin|openbsd*)
+-    if test -r $dir/libtpms.a; then
+-      if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then
+-        libtpms_cryptolib="openssl"
+-      fi
+-    fi
+-    ;;
+-  esac
+-done
+  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+    libtpms_cryptolib="freebl"
+    break
+  fi
+fi
+ 
+ if test -z "$libtpms_cryptolib"; then
+   AC_MSG_ERROR([Could not determine libtpms crypto library.])
+-- 
+2.11.0
+
@@ -0,0 +1,49 @@
+SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
+LICENSE = "MIT"
+DEPENDS = "swtpm-native"
+
+inherit native
+
+# The whole point of the recipe is to make files available
+# for use after the build is done, so don't clean up...
+RM_WORK_EXCLUDE += "${PN}"
+
+do_create_wrapper () {
+    # Wrap (almost) all swtpm binaries. Some get special wrappers and some
+    # are not needed.
+    for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
+        exe=`basename $i`
+        case $exe in
+            swtpm_setup)
+                cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
+#! /bin/sh
+#
+# Wrapper around swtpm_setup which adds parameters required to
+# run the setup as non-root directly from the native sysroot.
+
+PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
+export PATH
+
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+EOF
+                ;;
+            *)
+                cat >${WORKDIR}/${exe}_oe.sh <<EOF
+#! /bin/sh
+#
+# Wrapper around $exe which makes it easier to invoke
+# the right binary.
+
+PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
+export PATH
+
+exec ${exe} "\$@"
+EOF
+                ;;
+        esac
+    done
+
+    chmod a+rx ${WORKDIR}/*.sh
+}
+
+addtask do_create_wrapper before do_build after do_prepare_recipe_sysroot
@@ -0,0 +1,50 @@
+SUMMARY = "SWTPM - Software TPM Emulator"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
+SECTION = "apps"
+
+# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
+DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
+
+SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
+           "
+PE = "1"
+
+S = "${WORKDIR}/git"
+
+PARALLEL_MAKE = ""
+inherit autotools pkgconfig perlnative
+
+TSS_USER="tss"
+TSS_GROUP="tss"
+
+PACKAGECONFIG ?= "openssl gnutls"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools"
+PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
+PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
+PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
+
+EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system ${TSS_USER}"
+USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir  \
+    --no-create-home  --shell /bin/false ${BPN}"
+
+
+PACKAGE_BEFORE_PN = "${PN}-cuse"
+FILES:${PN}-cuse = "${bindir}/swtpm_cuse"
+
+INSANE_SKIP:${PN}   += "dev-so"
+
+RDEPENDS:${PN} = "libtpm"
+
+BBCLASSEXTEND = "native nativesdk"