[Buildroot] [PATCH 1/1] Package Additions: tpm-tools and TrouSers
Arnout Vandecappelle
arnout at mind.be
Tue Jun 2 22:11:00 UTC 2015
On 06/02/15 11:15, Al West wrote:
> Hello All,
>
> I submit two new packages for using the TPM on x86 platform. Please go easy on me this is my first submission.
Hi Al,
Thanks for you contribution!
Please create a separate patch for each package (first trousers, then
tpm-tools). Each patch should have a subject line like:
tpm-tools: new package
>
> Kind regards,
> Al
>
> Signed-off-by: Al West <al.west at v-nova.com>
> ---
> package/Config.in | 2 +
> package/tpm-tools/Config.in | 8 ++
> package/tpm-tools/tpm-tools.hash | 2 +
> package/tpm-tools/tpm-tools.mk | 16 ++++
> package/trousers/0001-no-TSS-user-group.patch | 103 ++++++++++++++++++++++++++
> package/trousers/Config.in | 7 ++
> package/trousers/trousers.hash | 3 +
> package/trousers/trousers.mk | 16 ++++
> 8 files changed, 157 insertions(+)
> create mode 100644 package/tpm-tools/Config.in
> create mode 100644 package/tpm-tools/tpm-tools.hash
> create mode 100644 package/tpm-tools/tpm-tools.mk
> create mode 100644 package/trousers/0001-no-TSS-user-group.patch
> create mode 100644 package/trousers/Config.in
> create mode 100644 package/trousers/trousers.hash
> create mode 100644 package/trousers/trousers.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index e0c2e2a..c902ae5 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -727,6 +727,8 @@ menu "Crypto"
> source "package/nettle/Config.in"
> source "package/openssl/Config.in"
> source "package/polarssl/Config.in"
> + source "package/tpm-tools/Config.in"
> + source "package/trousers/Config.in"
These should be indented with a single tab.
> endmenu
>
> menu "Database"
> diff --git a/package/tpm-tools/Config.in b/package/tpm-tools/Config.in
> new file mode 100644
> index 0000000..df704cd
> --- /dev/null
> +++ b/package/tpm-tools/Config.in
> @@ -0,0 +1,8 @@
> +config BR2_PACKAGE_TPM_TOOLS
> + bool "tpm-tools"
> + select BR2_PACKAGE_TROUSERS
> + depends on BR2_PACKAGE_OPENSSL
> + help
Again, indentation with a single tab.
> + Manpages for the tpm-tools package of TrouSerS.
Tab + 2 spaces here. But I don't think this is a correct description of the
package - at least I hope it contains more than just the man pages...
> +
> + http://trousers.sourceforge.net/
> diff --git a/package/tpm-tools/tpm-tools.hash b/package/tpm-tools/tpm-tools.hash
> new file mode 100644
> index 0000000..bdd66da
> --- /dev/null
> +++ b/package/tpm-tools/tpm-tools.hash
> @@ -0,0 +1,2 @@
> +# http://sourceforge.net/projects/trousers/files/tpm-tools/
You should only mention a link here if it has the hash. In this case, just say
# Locally calculated
> +sha256 66eb4ff095542403db6b4bd4b574e8a5c08084fe4e9e5aa9a829ee84e20bea83 tpm-tools-1.3.8.tar.gz
> diff --git a/package/tpm-tools/tpm-tools.mk b/package/tpm-tools/tpm-tools.mk
> new file mode 100644
> index 0000000..93c8395
> --- /dev/null
> +++ b/package/tpm-tools/tpm-tools.mk
> @@ -0,0 +1,16 @@
> +#############################################################
> +#
> +## tpm-tools
> +#
> +##############################################################
> +TPM_TOOLS_VERSION = 1.3.8
> +TPM_TOOLS_SOURCE = tpm-tools-$(TPM_TOOLS_VERSION).tar.gz
This line is not needed, .tar.gz is the default.
> +TPM_TOOLS_SITE = http://nchc.dl.sourceforge.net/project/trousers/tpm-tools/$(TPM_TOOLS_VERSION)
Sourceforge URLs should be http://downloads.sourceforge.net/project/...
so don't refer to a specific mirror.
> +TPM_TOOLS_SUBDIR = tpm-tools-$(TPM_TOOLS_VERSION)
> +TPM_TOOLS_AUTORECONF = NO
Default, not needed.
> +TPM_TOOLS_INSTALL_STAGING = YES
This package installs a shared library but no include files. So is it really
meant to be linked with some other program?
> +TPM_TOOLS_INSTALL_TARGET = YES
Default, not needed.
> +TPM_TOOLS_DEPENDENCIES = trousers
> +
> +$(eval $(autotools-package))
> +
Redundant empty line.
> diff --git a/package/trousers/0001-no-TSS-user-group.patch b/package/trousers/0001-no-TSS-user-group.patch
> new file mode 100644
> index 0000000..d602371
> --- /dev/null
> +++ b/package/trousers/0001-no-TSS-user-group.patch
> @@ -0,0 +1,103 @@
Patches should have a description and a Signed-off-by line. Preferably they
should also be sent upstream.
But in fact I doubt if we really need this patch?
> + configure.in | 7 +++++++
> + dist/Makefile.am | 13 ++++++++++---
You're patching configure.in and Makefile.am, but not running AUTORECONF, so
this patch has no effect...
> + src/tcsd/svrside.c | 2 ++
> + src/tcsd/tcsd_conf.c | 2 ++
> + 4 files changed, 21 insertions(+), 3 deletions(-)
> +
> +diff --git a/configure.in b/configure.in
> +index c37177f..8dda289 100644
> +--- a/configure.in
> ++++ b/configure.in
> + <at> <at> -86,6 +86,13 <at> <at> AC_ARG_ENABLE(strict-spec-compliance,
Something weird happened to the @ here. Because of this, the patch applies
silently but doesn't actually make any changes (it's not recognized as the start
of a hunk).
> + SPEC_COMP=1
> + AC_MSG_RESULT([*** Enabling spec compliance at user request ***])],)
> +
> ++# user+group checking
> ++AC_ARG_ENABLE(usercheck,
> ++ [AC_HELP_STRING([--disable-usercheck], [build TrouSerS without checking and setting of
> +user/group tss [default=on] (Caution: This is intended for development purposes only.)])],
The patch got line-wrapped here.
But actually, this already seems to be present in the 0.3.13 source, so this
patch is completely redundant...
> ++ [AS_IF([test "x$enableval" = "xno"], [CFLAGS="$CFLAGS -DNOUSERCHECK"
> ++ AC_MSG_RESULT([*** Disabling user checking at user request ***])])],)
> ++AM_CONDITIONAL(NOUSERCHECK, [test "x$enable_usercheck" = "xno"])
> ++
> + # daa math lib: gmp or openssl (default openssl)
> + MATH_DEFINE=BI_OPENSSL
> + AC_ARG_WITH([gmp],
> +diff --git a/dist/Makefile.am b/dist/Makefile.am
> +index 09448fd..372736a 100644
> +--- a/dist/Makefile.am
> ++++ b/dist/Makefile.am
> + <at> <at> -1,19 +1,26 <at> <at>
> + EXTRA_DIST = system.data.auth system.data.noauth \
> + fedora/fedora.initrd.tcsd
> ++
> + install: install-exec-hook
> + if test ! -e ${DESTDIR}/ <at> sysconfdir <at> /tcsd.conf; then mkdir -p ${DESTDIR}/ <at> sysconfdir <at> && cp
> +tcsd.conf ${DESTDIR}/ <at> sysconfdir <at> ; fi
> ++if !NOUSERCHECK
> + /bin/chown tss:tss ${DESTDIR}/ <at> sysconfdir <at> /tcsd.conf || true
Because there's a || true at the end, this chown doesn't actually break the build.
> + /bin/chmod 0600 ${DESTDIR}/ <at> sysconfdir <at> /tcsd.conf
> ++endif
> +
> + install-exec-hook:
> ++ /bin/sh -c 'if [ ! -e ${DESTDIR}/ <at> localstatedir <at> /lib/tpm ];then mkdir -p
> +${DESTDIR}/ <at> localstatedir <at> /lib/tpm; fi'
> ++if !NOUSERCHECK
> + /usr/sbin/groupadd tss || true
> + /usr/sbin/useradd -r tss -g tss || true
Perhaps this package needs a _USERS and _PERMISSIONS definition, to actually
create a user tss and make these files owned by that user?
> +- /bin/sh -c 'if [ ! -e ${DESTDIR}/ <at> localstatedir <at> /lib/tpm ];then mkdir -p
> +${DESTDIR}/ <at> localstatedir <at> /lib/tpm; fi'
> + /bin/chown tss:tss ${DESTDIR}/ <at> localstatedir <at> /lib/tpm || true
> + /bin/chmod 0700 ${DESTDIR}/ <at> localstatedir <at> /lib/tpm
> ++endif
> +
> + uninstall-hook:
> +- /usr/sbin/userdel tss || true
> +- /usr/sbin/groupdel tss || true
> + rm ${DESTDIR}/ <at> sysconfdir <at> /tcsd.conf
> + rmdir ${DESTDIR}/ <at> localstatedir <at> /lib/tpm
> ++if !NOUSERCHECK
> ++ /usr/sbin/userdel tss || true
> ++ /usr/sbin/groupdel tss || true
> ++endif
> +diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c
> +index fca9d18..a29704f 100644
> +--- a/src/tcsd/svrside.c
> ++++ b/src/tcsd/svrside.c
> + <at> <at> -441,6 +441,7 <at> <at> main(int argc, char **argv)
> + if ((result = tcsd_startup()))
> + return (int)result;
> +
> ++#ifndef NOUSERCHECK
> + #ifndef SOLARIS
> + pwd = getpwnam(TSS_USER_NAME);
> + if (pwd == NULL) {
> + <at> <at> -454,6 +455,7 <at> <at> main(int argc, char **argv)
> + }
> + setuid(pwd->pw_uid);
> + #endif
> ++#endif
> +
> + if (setup_server_sockets(socks_info) == -1) {
> + LogError("Could not create sockets to listen to connections. Aborting...");
> +diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c
> +index 587f933..a31503d 100644
> +--- a/src/tcsd/tcsd_conf.c
> ++++ b/src/tcsd/tcsd_conf.c
> + <at> <at> -770,6 +770,7 <at> <at> conf_file_init(struct tcsd_config *conf)
> + }
> + }
> +
> ++#ifndef NOUSERCHECK
> + #ifndef SOLARIS
> + /* find the gid that owns the conf file */
> + errno = 0;
> + <at> <at> -809,6 +810,7 <at> <at> conf_file_init(struct tcsd_config *conf)
> + return TCSERR(TSS_E_INTERNAL_ERROR);
> + }
> + #endif /* SOLARIS */
> ++#endif /* NOUSERCHECK */
> +
> + if ((f = fopen(tcsd_config_file, "r")) == NULL) {
> + LogError("fopen(%s): %s", tcsd_config_file, strerror(errno));
> +
> diff --git a/package/trousers/Config.in b/package/trousers/Config.in
> new file mode 100644
> index 0000000..f9cf58f
> --- /dev/null
> +++ b/package/trousers/Config.in
> @@ -0,0 +1,7 @@
> +config BR2_PACKAGE_TROUSERS
> + bool "trousers"
> + depends on BR2_PACKAGE_OPENSSL
> + help
> + The open-source TCG Software Stack.
A bit more explanation of what this package does would be good.
> +
> + http://trousers.sourceforge.net/
> diff --git a/package/trousers/trousers.hash b/package/trousers/trousers.hash
> new file mode 100644
> index 0000000..86d08a7
> --- /dev/null
> +++ b/package/trousers/trousers.hash
> @@ -0,0 +1,3 @@
> +# http://sourceforge.net/projects/trousers/files/trousers/
# Locally calculated
> +sha256 bb908e4a3c88a17b247a4fc8e0fff3419d8a13170fe7bdfbe0e2c5c082a276d3 trousers-0.3.13.tar.gz
> +
> diff --git a/package/trousers/trousers.mk b/package/trousers/trousers.mk
> new file mode 100644
> index 0000000..52ade3c
> --- /dev/null
> +++ b/package/trousers/trousers.mk
> @@ -0,0 +1,16 @@
> +#############################################################
> +#
> +## trousers
> +#
> +##############################################################
> +TROUSERS_VERSION = 0.3.13
> +TROUSERS_SOURCE = trousers-$(TROUSERS_VERSION).tar.gz
Not needed.
> +TROUSERS_SITE = http://nchc.dl.sourceforge.net/project/trousers/trousers/$(TROUSERS_VERSION)
download.sourceforge.net
> +TROUSERS_AUTORECONF = NO
Not needed.
> +TROUSERS_INSTALL_STAGING = YES
> +TROUSERS_INSTALL_TARGET = YES
Not needed.
> +TROUSERS_DEPENDENCIES = openssl
> +
> +TROUSERS_CONF_OPTS += --disable-usercheck
I don't think this is needed (cfr. above).
Care to fix all this and repost?
Thanks!
Regards,
Arnout
> +
> +$(eval $(autotools-package))
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F
More information about the buildroot
mailing list