commit: 94e3879a5d3de52591d62e2e88a05c9219614ffd Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Wed Mar 13 17:14:56 2024 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Wed Mar 13 17:15:25 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=94e3879a
dev-libs/libtpms: new package, add 0.9.6 Signed-off-by: orbea <orbea <AT> riseup.net> dev-libs/libtpms/Manifest | 1 + dev-libs/libtpms/files/407.patch | 27 +++++++++++ .../files/libtpms-0.9.0-Remove-WError.patch | 13 ++++++ .../libtpms/files/libtpms-0.9.5-slibtool.patch | 52 ++++++++++++++++++++++ .../libtpms/files/libtpms-0.9.6-libressl.patch | 29 ++++++++++++ dev-libs/libtpms/libtpms-0.9.6.ebuild | 49 ++++++++++++++++++++ dev-libs/libtpms/metadata.xml | 19 ++++++++ 7 files changed, 190 insertions(+) diff --git a/dev-libs/libtpms/Manifest b/dev-libs/libtpms/Manifest new file mode 100644 index 0000000..b253048 --- /dev/null +++ b/dev-libs/libtpms/Manifest @@ -0,0 +1 @@ +DIST libtpms-0.9.6.tar.gz 1264338 BLAKE2B 7b127ef370a48214814bb9ad0e8461ed0af21f32ab84f243945980c5e36ba5e374b4de7a83bf9c67c29264609063d48eae2dae83832daed70170bb1ed39eafea SHA512 35f26e4849eb98cd73461aff439c19f77bbbcde9b7661402e3d419354c4dcddd057349c4f7178573f1ceea2e95326498eb9afea3bd48064bbff534fc7f6939c3 diff --git a/dev-libs/libtpms/files/407.patch b/dev-libs/libtpms/files/407.patch new file mode 100644 index 0000000..2c7aecf --- /dev/null +++ b/dev-libs/libtpms/files/407.patch @@ -0,0 +1,27 @@ +From 96cf3dede02cbf58134115603209d863fc82a06c Mon Sep 17 00:00:00 2001 +From: orbea <or...@riseup.net> +Date: Wed, 13 Mar 2024 10:01:49 -0700 +Subject: [PATCH] tpm_crypto: add missing openssl includes + +This fixes the build with LibreSSL 3.9.0 where many implicit +declarations for BN_, EVP_ and RSA_ functions occur which were +implicitly included before. + +Signed-off-by: orbea <or...@riseup.net> +--- + src/tpm12/tpm_crypto.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tpm12/tpm_crypto.c b/src/tpm12/tpm_crypto.c +index bcbaa7fc2..628e27cc2 100644 +--- a/src/tpm12/tpm_crypto.c ++++ b/src/tpm12/tpm_crypto.c +@@ -48,6 +48,8 @@ + #include <openssl/rand.h> + #include <openssl/sha.h> + #include <openssl/engine.h> ++#include <openssl/evp.h> ++#include <openssl/rsa.h> + + #include "tpm_cryptoh.h" + #include "tpm_debug.h" diff --git a/dev-libs/libtpms/files/libtpms-0.9.0-Remove-WError.patch b/dev-libs/libtpms/files/libtpms-0.9.0-Remove-WError.patch new file mode 100644 index 0000000..14fe4c5 --- /dev/null +++ b/dev-libs/libtpms/files/libtpms-0.9.0-Remove-WError.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index 5f995a8..957c461 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -321,7 +321,7 @@ if test "x$enable_hardening" != "xno"; then + AC_SUBST([HARDENING_LDFLAGS]) + fi + +-AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes" ++AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes" + AM_CFLAGS="$AM_CFLAGS" + AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS" + diff --git a/dev-libs/libtpms/files/libtpms-0.9.5-slibtool.patch b/dev-libs/libtpms/files/libtpms-0.9.5-slibtool.patch new file mode 100644 index 0000000..7e83434 --- /dev/null +++ b/dev-libs/libtpms/files/libtpms-0.9.5-slibtool.patch @@ -0,0 +1,52 @@ +Bug: https://bugs.gentoo.org/858671 +Upstream-PR: https://github.com/stefanberger/libtpms/pull/344 +Upstream-Commit: https://github.com/stefanberger/libtpms/commit/0c2bc32a21e2c7218faa8cd6d5cf31b13835e6d5 + +From 343f1b21b36fe98daf31c355ebc12902ba7e162a Mon Sep 17 00:00:00 2001 +From: orbea <or...@riseup.net> +Date: Fri, 15 Jul 2022 17:02:43 -0700 +Subject: [PATCH] tests: Fix the build with slibtool + +When building the tests with `make check` and slibtool the tests will +then all fail to load libtpms.so.0. + + $ ./base64decode + /tmp/libtpms/tests/.libs/base64decode: error while loading shared libraries: libtpms.so.0: cannot open shared object file: No such file or directory + +This happens because they are linked with -ltpms rather than the +libtpms.la file which has unexpected results with slibtool. GNU libtool +does some magic to make this work while slibtool fails to link the +dependency. + +The correct way to link internal dependencies is directly with the +libtool archive (.la) files where the -lfoo linker flags should be only +used with external dependencies. Additionally -no-undefined is added to +the LDFLAGS to ensure there aren't undefined references in the future. + +Note: + +* This doesn't happen if libtpms is installed to the system and the tests + find the already installs libtpms rather than the newly built library. + +* GNU libtool silently ignores -no-undefined, but slibtool will respect + it. + +Signed-off-by: orbea <or...@riseup.net> +--- + tests/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index eb23c59a4..d3d831938 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -10,7 +10,8 @@ TESTS_ENVIRONMENT = \ + abs_top_srcdir=`cd '$(top_srcdir)'; pwd` + + AM_CFLAGS = -I$(top_srcdir)/include $(SANITIZERS) +-AM_LDFLAGS = -ltpms -L$(top_builddir)/src/.libs $(SANITIZERS) ++AM_LDFLAGS = -no-undefined $(SANITIZERS) ++LDADD = $(top_builddir)/src/libtpms.la + + check_PROGRAMS = \ + base64decode diff --git a/dev-libs/libtpms/files/libtpms-0.9.6-libressl.patch b/dev-libs/libtpms/files/libtpms-0.9.6-libressl.patch new file mode 100644 index 0000000..8b7041c --- /dev/null +++ b/dev-libs/libtpms/files/libtpms-0.9.6-libressl.patch @@ -0,0 +1,29 @@ +https://github.com/stefanberger/libtpms/pull/407 + +From 96cf3dede02cbf58134115603209d863fc82a06c Mon Sep 17 00:00:00 2001 +From: orbea <or...@riseup.net> +Date: Wed, 13 Mar 2024 10:01:49 -0700 +Subject: [PATCH] tpm_crypto: add missing openssl includes + +This fixes the build with LibreSSL 3.9.0 where many implicit +declarations for BN_, EVP_ and RSA_ functions occur which were +implicitly included before. + +Signed-off-by: orbea <or...@riseup.net> +--- + src/tpm12/tpm_crypto.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tpm12/tpm_crypto.c b/src/tpm12/tpm_crypto.c +index bcbaa7fc2..628e27cc2 100644 +--- a/src/tpm12/tpm_crypto.c ++++ b/src/tpm12/tpm_crypto.c +@@ -48,6 +48,8 @@ + #include <openssl/rand.h> + #include <openssl/sha.h> + #include <openssl/engine.h> ++#include <openssl/evp.h> ++#include <openssl/rsa.h> + + #include "tpm_cryptoh.h" + #include "tpm_debug.h" diff --git a/dev-libs/libtpms/libtpms-0.9.6.ebuild b/dev-libs/libtpms/libtpms-0.9.6.ebuild new file mode 100644 index 0000000..10f0bf4 --- /dev/null +++ b/dev-libs/libtpms/libtpms-0.9.6.ebuild @@ -0,0 +1,49 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="Library providing software emultion of a TPM" +HOMEPAGE="https://github.com/stefanberger/libtpms"; +SRC_URI="https://github.com/stefanberger/libtpms/archive/v${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~loong ~ppc ppc64 ~riscv x86" + +DEPEND="dev-libs/openssl:=" +RDEPEND="${DEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.0-Remove-WError.patch" + "${FILESDIR}/${PN}-0.9.5-slibtool.patch" # 858671 + "${FILESDIR}/${PN}-0.9.6-libressl.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + --with-openssl +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + if [[ ${REPLACING_VERSIONS} ]] && ver_test ${REPLACING_VERSIONS} -lt 0.8.0; then + elog "Versions of libtpms prior to 0.8.0 generate weaker than expected TPM 2.0 RSA" + elog "keys due to a flawed key creation algorithm. Because fixing this would render" + elog "existing sealed data inaccessible, to use the corrected algorithm, the old" + elog "TPM state file must be deleted and a new TPM state file created. Data still" + elog "sealed using the old state file will be permanently inaccessible. For the" + elog "details see https://github.com/stefanberger/libtpms/issues/183"; + fi +} diff --git a/dev-libs/libtpms/metadata.xml b/dev-libs/libtpms/metadata.xml new file mode 100644 index 0000000..655ec18 --- /dev/null +++ b/dev-libs/libtpms/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person" proxied="yes"> + <email>salah.coro...@gmail.com</email> + <name>Christopher Byrne</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-ma...@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <maintainer type="project"> + <email>virtualizat...@gentoo.org</email> + <name>Gentoo Virtualization Project</name> + </maintainer> + <upstream> + <remote-id type="github">stefanberger/libtpms</remote-id> + </upstream> +</pkgmetadata>
