Hello community, here is the log from the commit of package tpm2-0-tss for openSUSE:Factory checked in at 2017-06-04 01:56:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2-0-tss (Old) and /work/SRC/openSUSE:Factory/.tpm2-0-tss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2-0-tss" Sun Jun 4 01:56:40 2017 rev:7 rq:498707 version:1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2-0-tss/tpm2-0-tss.changes 2017-04-24 09:48:30.758258283 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2-0-tss.new/tpm2-0-tss.changes 2017-06-04 01:56:42.902596132 +0200 @@ -1,0 +2,18 @@ +Sat May 27 05:07:22 UTC 2017 - [email protected] + +- Add reproducible.patch to sort input files to make build reproducible + (boo#1041090) + +------------------------------------------------------------------- +Thu May 11 15:13:49 UTC 2017 - [email protected] + +- create tss user account and install udev rule to fix startup of resourcemgr + (bnc#1038586) + +------------------------------------------------------------------- +Wed May 10 13:33:16 CEST 2017 - [email protected] + +- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing + to do with tpm2-tss. + +------------------------------------------------------------------- New: ---- reproducible.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2-0-tss.spec ++++++ --- /var/tmp/diff_new_pack.ta4pXv/_old 2017-06-04 01:56:43.558503468 +0200 +++ /var/tmp/diff_new_pack.ta4pXv/_new 2017-06-04 01:56:43.562502903 +0200 @@ -26,6 +26,8 @@ Source0: https://github.com/01org/TPM2.0-TSS/archive/%{version}.tar.gz Source2: baselibs.conf Patch0: tpm2-0-tss-configure.patch +# PATCH-FIX-UPSTREAM bmwiedemann https://github.com/01org/TPM2.0-TSS/pull/419 +Patch1: reproducible.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -36,7 +38,10 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -The tpm2-0-tss package provides a TPM 2.0 TSS implementation. +The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This +implementation is developed by INTEL. Note that the current resource manager +implementation is considered deprecated (a prototype, probably buggy and +insecure) by its developers. %package devel Summary: Development headers for the Intel TSS library for TPM 2.0 chips @@ -53,7 +58,6 @@ %package -n libsapi0 Summary: TPM2 System API library Group: System/Libraries -Requires: trousers # Non-SLPP package name from earlier Obsoletes: libtss2 < %version-%release Provides: libtss2 = %version-%release @@ -81,6 +85,7 @@ %prep %setup -q -n TPM2.0-TSS-%{version} %patch0 -p1 +%patch1 -p1 %build bash bootstrap @@ -93,6 +98,8 @@ install -D -m 0644 contrib/resourcemgr.service %{buildroot}/%{_unitdir}/resourcemgr.service sed -e 's#usr/local/sbin/#usr/sbin/#;' -i %{buildroot}/%{_unitdir}/resourcemgr.service ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcresourcemgr +%define udev_rule_file 90-tpm.rules +install -D -m 0644 contrib/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file} %post -n libsapi0 -p /sbin/ldconfig %postun -n libsapi0 -p /sbin/ldconfig @@ -102,6 +109,26 @@ %postun -n libtcti-socket0 -p /sbin/ldconfig %pre +# the same user is employed by trousers: +# +# trousers just needs those accounts for dropping privileges to. The service +# starts as root and uses set*id to drop to tss, after the tpm device has been +# opened. +# +# resourcemgr has no set*id handling and thus requires /dev/tpm to be owned +# by the tss user. Therefore we also need to install a udev rule file. +# +# trousers was here first and created the user like this, also giving it a +# home in /var/lib/tpm. I don't think the home directory is used by any of +# both packages ATM. Trousers is keeping state there, but the directory is +# owned by root and files are opened before dropping privileges. The passwd +# entry seems not to be evaluated. +# +# so I guess we can share the account between the two packages for now. +%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss +%_bindir/getent passwd tss >/dev/null || \ + %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ + -d %{_localstatedir}/lib/tpm tss %service_add_pre resourcemgr.service %post @@ -119,6 +146,7 @@ %{_sbindir}/resourcemgr /%{_unitdir}/resourcemgr.service %{_sbindir}/rcresourcemgr +%{_udevrulesdir}/%{udev_rule_file} %files devel %defattr(-,root,root) @@ -127,7 +155,7 @@ %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc ##only available in static form -#%{_libdir}/libtddl.a +#%%{_libdir}/libtddl.a %files -n libsapi0 %defattr(-,root,root) ++++++ reproducible.patch ++++++ >From 010ebd4a161e424e09e5d89a336a84a0a42c456e Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" <[email protected]> Date: Sat, 27 May 2017 07:08:56 +0200 Subject: [PATCH] sort input files when building packages (e.g. for openSUSE Linux) (random) filesystem order of input files influences ordering of functions in the output, thus without the patch, builds (in disposable VMs) would differ. See https://reproducible-builds.org/ for why this matters. --- bootstrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap b/bootstrap index 95a6dda..610e817 100755 --- a/bootstrap +++ b/bootstrap @@ -8,7 +8,7 @@ src_listvar () { suffix=$2 var=$3 - find "${basedir}" -name "${suffix}" | tr '\n' ' ' | (echo -n "${var} = " && cat) + find "${basedir}" -name "${suffix}" | LC_ALL=C sort | tr '\n' ' ' | (echo -n "${var} = " && cat) echo "" } -- 2.12.0
