[yocto] [meta-security][PATCH 04/17] swtpm: add new package

Mon Oct 17 17:02:17 PDT 2016

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 +++++++++++++++++++++++
 recipes-tpm/swtpm/swtpm_1.0.bb                    | 38 +++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
 create mode 100644 recipes-tpm/swtpm/swtpm_1.0.bb

diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
new file mode 100644
index 0000000..015f418
--- /dev/null
+++ b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -0,0 +1,41 @@
+
+Upstream-Status: Inappropriate [OE config]
+
+Signed-off-by: Armin Kuster <akuster808 at gmail.com>
+
+Index: configure.ac
+===================================================================
+--- a/configure.ac
++++ b/configure.ac
+@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
+ dnl We have to make sure libtpms is using the same crypto library
+ dnl to avoid problems
+ AC_MSG_CHECKING([the crypto library libtpms is using])
+-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
+-       sed -n '/SEARCH_DIR/p' | \
+-       sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
+-for dir in $dirs; do
+-  if test -r $dir/libtpms.so; then
+-    if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
+-      libtpms_cryptolib="openssl"
+-      break
+-    fi
+-    if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
+-      libtpms_cryptolib="freebl"
+-      break
+-    fi
++dir="$SEARCH_DIR"
++if test -r $dir/libtpms.so; then
++  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
++    libtpms_cryptolib="openssl"
++    break
+   fi
+-done
++  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
++    libtpms_cryptolib="freebl"
++    break
++  fi
++fi
+ 
+ if test -z "$libtpms_cryptolib"; then
+   AC_MSG_ERROR([Could not determine libtpms crypto library.])
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
new file mode 100644
index 0000000..ae16e51
--- /dev/null
+++ b/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -0,0 +1,38 @@
+SUMMARY = "SWTPM - Software TPM Emulator"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
+SECTION = "tpm"
+
+DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm-native"
+
+SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
+SRC_URI = "git://github.com/stefanberger/swtpm.git \
+	   file://fix_lib_search_path.patch"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig
+PARALLEL_MAKE = ""
+
+TSS_USER="tss"
+TSS_GROUP="tss"
+
+PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, linselinux"
+
+CACHED_CONFIGUREVARS = "ac_cv_path_EXPECT=${STAGING_LIBDIR} \ 
+ac_cv_path_SOCAT=${STAGING_LIBDIR} "
+
+EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
+
+export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
+USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir  \
+    --no-create-home  --shell /bin/false ${BPN}"
+
+RDEPENDS_${PN} = "libtpm expect socat bash"
-- 
2.7.4


