mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 04:58:47 +00:00
Code Issues Projects Releases Wiki Activity

swtpm: update to tip

Browse Source 
fix signed build issues

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Armin Kuster
2017-01-29 08:50:59 -08:00
parent 33f4ac7996
commit a764c5972c
3 changed files with 63 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
recipes-tpm/swtpm/files/fix_lib_search_path.patch
-41
View File
@@ -1,41 +0,0 @@
Upstream-Status: Inappropriate [OE config]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: configure.ac
===================================================================
--- a/configure.ac
+++ b/configure.ac
@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
dnl We have to make sure libtpms is using the same crypto library
dnl to avoid problems
AC_MSG_CHECKING([the crypto library libtpms is using])
-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
- sed -n '/SEARCH_DIR/p' | \
- sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
-for dir in $dirs; do
- if test -r $dir/libtpms.so; then
- if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
- libtpms_cryptolib="openssl"
- break
- fi
- if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
- libtpms_cryptolib="freebl"
- break
- fi
+dir="$SEARCH_DIR"
+if test -r $dir/libtpms.so; then
+ if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+ libtpms_cryptolib="openssl"
+ break
fi
-done
+ if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+ libtpms_cryptolib="freebl"
+ break
+ fi
+fi
if test -z "$libtpms_cryptolib"; then
AC_MSG_ERROR([Could not determine libtpms crypto library.])
recipes-tpm/swtpm/files/fix_signed_issue.patch
+48
View File
@@ -0,0 +1,48 @@
Upstream-Status: Pending
Signed-off-by Armin Kuster <akuster808@gmail>
Index: git/src/swtpm/ctrlchannel.c
===================================================================
--- git.orig/src/swtpm/ctrlchannel.c
+++ git/src/swtpm/ctrlchannel.c
@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
uint32_t tpm_number = 0;
unsigned char *blob = NULL;
uint32_t blob_length = be32toh(pss->u.req.length);
- uint32_t remain = blob_length, offset = 0;
+ ssize_t remain = (ssize_t) blob_length;
+ uint32_t offset = 0;
TPM_RESULT res;
uint32_t flags = be32toh(pss->u.req.state_flags);
TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
Index: git/src/swtpm_ioctl/tpm_ioctl.c
===================================================================
--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
+++ git/src/swtpm_ioctl/tpm_ioctl.c
@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
numbytes = write(file_fd, pgs.u.resp.data,
devtoh32(is_chardev, pgs.u.resp.length));
- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
+ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
fprintf(stderr,
"Could not write to file '%s': %s\n",
filename, strerror(errno));
@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
had_error = true;
break;
}
- pss.u.req.length = htodev32(is_chardev, numbytes);
+ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
/* the returnsize is zero on all intermediate packets */
returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
return EXIT_FAILURE;
}
/* no tpm_result here */
- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
+ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
} else if (!strcmp(command, "-i")) {
init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
recipes-tpm/swtpm/swtpm_1.0.bb
+15 -3
View File
@@ -5,9 +5,11 @@ SECTION = "apps"
DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm libtpm-native" DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm libtpm-native"
SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d" SRCREV = "ca906a02124d0ed8b6194e845d272d23ee394a34"
SRC_URI = "git://github.com/stefanberger/swtpm.git \ SRC_URI = " \
file://fix_lib_search_path.patch" git://github.com/stefanberger/swtpm.git \
file://fix_signed_issue.patch \
"
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
@@ -22,11 +24,21 @@ PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux',
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, libselinux"
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}" export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
# dup bootstrap
do_configure_prepend () {
libtoolize --force --copy
autoheader
aclocal
automake --add-missing -c
autoconf
}
USERADD_PACKAGES = "${PN}" USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \