[yocto] [meta-security][PATCH 6/6] swtpm: update to tip
Armin Kuster
akuster808 at gmail.com
Sun Jan 29 09:12:32 PST 2017
fix signed build issues
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
recipes-tpm/swtpm/files/fix_lib_search_path.patch | 41 -------------------
recipes-tpm/swtpm/files/fix_signed_issue.patch | 48 +++++++++++++++++++++++
recipes-tpm/swtpm/swtpm_1.0.bb | 18 +++++++--
3 files changed, 63 insertions(+), 44 deletions(-)
delete mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
create mode 100644 recipes-tpm/swtpm/files/fix_signed_issue.patch
diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/recipes-tpm/swtpm/files/fix_lib_search_path.patch
deleted file mode 100644
index 015f418..0000000
--- a/recipes-tpm/swtpm/files/fix_lib_search_path.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-
-Upstream-Status: Inappropriate [OE config]
-
-Signed-off-by: Armin Kuster <akuster808 at gmail.com>
-
-Index: configure.ac
-===================================================================
---- a/configure.ac
-+++ b/configure.ac
-@@ -349,21 +349,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-securi
- dnl We have to make sure libtpms is using the same crypto library
- dnl to avoid problems
- AC_MSG_CHECKING([the crypto library libtpms is using])
--dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
-- sed -n '/SEARCH_DIR/p' | \
-- sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
--for dir in $dirs; do
-- if test -r $dir/libtpms.so; then
-- if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
-- libtpms_cryptolib="openssl"
-- break
-- fi
-- if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
-- libtpms_cryptolib="freebl"
-- break
-- fi
-+dir="$SEARCH_DIR"
-+if test -r $dir/libtpms.so; then
-+ if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
-+ libtpms_cryptolib="openssl"
-+ break
- fi
--done
-+ if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
-+ libtpms_cryptolib="freebl"
-+ break
-+ fi
-+fi
-
- if test -z "$libtpms_cryptolib"; then
- AC_MSG_ERROR([Could not determine libtpms crypto library.])
diff --git a/recipes-tpm/swtpm/files/fix_signed_issue.patch b/recipes-tpm/swtpm/files/fix_signed_issue.patch
new file mode 100644
index 0000000..427df62
--- /dev/null
+++ b/recipes-tpm/swtpm/files/fix_signed_issue.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Pending
+Signed-off-by Armin Kuster <akuster808 at gmail>
+
+Index: git/src/swtpm/ctrlchannel.c
+===================================================================
+--- git.orig/src/swtpm/ctrlchannel.c
++++ git/src/swtpm/ctrlchannel.c
+@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
+ uint32_t tpm_number = 0;
+ unsigned char *blob = NULL;
+ uint32_t blob_length = be32toh(pss->u.req.length);
+- uint32_t remain = blob_length, offset = 0;
++ ssize_t remain = (ssize_t) blob_length;
++ uint32_t offset = 0;
+ TPM_RESULT res;
+ uint32_t flags = be32toh(pss->u.req.state_flags);
+ TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
+Index: git/src/swtpm_ioctl/tpm_ioctl.c
+===================================================================
+--- git.orig/src/swtpm_ioctl/tpm_ioctl.c
++++ git/src/swtpm_ioctl/tpm_ioctl.c
+@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
+ numbytes = write(file_fd, pgs.u.resp.data,
+ devtoh32(is_chardev, pgs.u.resp.length));
+
+- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
++ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
+ fprintf(stderr,
+ "Could not write to file '%s': %s\n",
+ filename, strerror(errno));
+@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
+ had_error = true;
+ break;
+ }
+- pss.u.req.length = htodev32(is_chardev, numbytes);
++ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
+
+ /* the returnsize is zero on all intermediate packets */
+ returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
+@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
+ return EXIT_FAILURE;
+ }
+ /* no tpm_result here */
+- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
++ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
+
+ } else if (!strcmp(command, "-i")) {
+ init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/recipes-tpm/swtpm/swtpm_1.0.bb
index 04777e1..27b4b8c 100644
--- a/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -5,9 +5,11 @@ SECTION = "apps"
DEPENDS = "libtasn1 fuse expect socat glib-2.0 libtpm libtpm-native"
-SRCREV = "2cd10cee2f74c84bda22081514b6b2cb566fa42d"
-SRC_URI = "git://github.com/stefanberger/swtpm.git \
- file://fix_lib_search_path.patch"
+SRCREV = "ca906a02124d0ed8b6194e845d272d23ee394a34"
+SRC_URI = " \
+ git://github.com/stefanberger/swtpm.git \
+ file://fix_signed_issue.patch \
+ "
S = "${WORKDIR}/git"
@@ -22,11 +24,21 @@ PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux',
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
+PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, libselinux"
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
+# dup bootstrap
+do_configure_prepend () {
+ libtoolize --force --copy
+ autoheader
+ aclocal
+ automake --add-missing -c
+ autoconf
+}
+
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--
2.7.4
More information about the yocto
mailing list