[yocto] [meta-security][PATCH 6/6] swtpm: update to tip

Armin Kuster akuster808 at gmail.com
Sun Jan 29 09:12:32 PST 2017 

fix signed build issues

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 -------------------
 recipes-tpm/swtpm/files/fix_signed_issue.patch    | 48 +++++++++++++++++++++++
 recipes-tpm/swtpm/swtpm_1.0.bb                    | 18 +++++++--
 3 files changed, 63 insertions(+), 44 deletions(-)
 delete mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
 create mode 100644 recipes-tpm/swtpm/files/fix_signed_issue.patch

diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
deleted file mode 100644
index 015f418..0000000
--- a/recipes-tpm/swtpm/files/fix_lib_search_path.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-
-Upstream-Status: Inappropriate [OE config]
-
-Signed-off-by: Armin Kuster <akuster808 at gmail.com>
-
-Index: configure.ac
-===================================================================
---- a/configure.ac
-+++ b/configure.ac
-@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
- dnl We have to make sure libtpms is using the same crypto library
- dnl to avoid problems
- AC_MSG_CHECKING([the crypto library libtpms is using])
--dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
--       sed -n '/SEARCH_DIR/p' | \
--       sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
--for dir in $dirs; do
--  if test -r $dir/libtpms.so; then
--    if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
--      libtpms_cryptolib="openssl"
--      break
--    fi
--    if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
--      libtpms_cryptolib="freebl"
--      break
--    fi
-+dir="$SEARCH_DIR"
-+if test -r $dir/libtpms.so; then
-+  if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
-+    libtpms_cryptolib="openssl"
-+    break
-   fi
--done
-+  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
-+    libtpms_cryptolib="freebl"
-+    break
-+  fi
-+fi
- 
- if test -z "$libtpms_cryptolib"; then
-   AC_MSG_ERROR([Could not determine libtpms crypto library.])
diff --git a/recipes-tpm/swtpm/files/fix_signed_issue.patch b/recipes-tpm/swtpm/files/fix_signed_issue.patch
new file mode 100644
index 0000000..427df62
--- /dev/null
+++ b/recipes-tpm/swtpm/files/fix_signed_issue.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Pending
+Signed-off-by Armin Kuster <akuster808 at gmail>
+
+Index: git/src/swtpm/ctrlchannel.c
+===================================================================
+--- git.orig/src/swtpm/ctrlchannel.c
++++ git/src/swtpm/ctrlchannel.c
+@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
+     uint32_t tpm_number = 0;
+     unsigned char *blob = NULL;
+     uint32_t blob_length = be32toh(pss->u.req.length);
+-    uint32_t remain = blob_length, offset = 0;
++    ssize_t remain = (ssize_t) blob_length;
++    uint32_t offset = 0;
+     TPM_RESULT res;
+     uint32_t flags = be32toh(pss->u.req.state_flags);
+     TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
+Index: git/src/swtpm_ioctl/tpm_ioctl.c
+===================================================================
+--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
++++ git/src/swtpm_ioctl/tpm_ioctl.c
+@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
+         numbytes = write(file_fd, pgs.u.resp.data,
+                          devtoh32(is_chardev, pgs.u.resp.length));
+ 
+-        if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
++        if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
+             fprintf(stderr,
+                     "Could not write to file '%s': %s\n",
+                     filename, strerror(errno));
+@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
+                had_error = true;
+                break;
+             }
+-            pss.u.req.length = htodev32(is_chardev, numbytes);
++            pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
+ 
+             /* the returnsize is zero on all intermediate packets */
+             returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
+@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
+             return EXIT_FAILURE;
+         }
+         /* no tpm_result here */
+-        printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
++        printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
+ 
+     } else if (!strcmp(command, "-i")) {
+         init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
index 04777e1..27b4b8c 100644
--- a/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -5,9 +5,11 @@ SECTION = "apps"
 
 DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm libtpm-native"
 
-SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
-SRC_URI = "git://github.com/stefanberger/swtpm.git \
-	   file://fix_lib_search_path.patch"
+SRCREV = "ca906a02124d0ed8b6194e845d272d23ee394a34"
+SRC_URI = " \
+	git://github.com/stefanberger/swtpm.git \
+	file://fix_signed_issue.patch \
+	"
 
 S = "${WORKDIR}/git"
 
@@ -22,11 +24,21 @@ PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux',
 PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
 PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
 PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
+PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, libselinux"
 
 EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
 
 export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
 
+# dup bootstrap 
+do_configure_prepend () {
+	libtoolize --force --copy
+	autoheader
+	aclocal
+	automake --add-missing -c
+	autoconf
+}
+
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
 USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir  \
-- 
2.7.4

More information about the yocto mailing list