[meta-security][PATCH v2] swtpm: update to 0.6.1


Kristian Klausen <kristian@...>
 

swtpm no longer depends on Python[1] so the dependencies have been
removed.

"inherit perlnative" has been added due to (in oe-core):
deda455b3c ("bitbake.conf: drop pod2man from hosttools")

Some leftover dependencies have also been removed, ex: tpm-tools
required in the past by swtpm_setup.sh (<0.4.0)[2].

[1] https://github.com/stefanberger/swtpm/issues/437
[2] https://github.com/stefanberger/swtpm/commit/eee8cb5dfb13f87140dddda3=
8f65bf61aff19508

Signed-off-by: Kristian Klausen <kristian@...>
---
V2:
Squashed chnanges from https://lists.yoctoproject.org/g/yocto/topic/86012=
566
(decided to still use RRECOMMENDS for swtpm-create-tpmca deps)
Fix build error due to missing expect (expect -> expect-native)
Changed socat to socat-native

Building tested with:
bitbake swtpm && bitbake swtpm-native (with and without gnutls)

.../swtpm/swtpm-wrappers-native.bb | 12 ++++------
.../swtpm/{swtpm_0.5.2.bb =3D> swtpm_0.6.1.bb} | 23 ++++++++-----------
2 files changed, 14 insertions(+), 21 deletions(-)
rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.5.2.bb =3D> swtpm_0.6.1.bb} (=
69%)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-t=
pm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
index 644f3ac..bb93374 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
@@ -1,6 +1,6 @@
SUMMARY =3D "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools=
"
LICENSE =3D "MIT"
-DEPENDS =3D "swtpm-native tpm-tools-native net-tools-native"
+DEPENDS =3D "swtpm-native"
=20
inherit native
=20
@@ -14,23 +14,19 @@ do_create_wrapper () {
for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -=
name 'swtpm*' -perm /+x -type f`; do
exe=3D`basename $i`
case $exe in
- swtpm_setup.sh)
+ swtpm_setup)
cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
#! /bin/sh
#
-# Wrapper around swtpm_setup.sh which adds parameters required to
+# Wrapper around swtpm_setup which adds parameters required to
# run the setup as non-root directly from the native sysroot.
=20
PATH=3D"${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
export PATH
=20
-# tcsd only allows to be run as root or tss. Pretend to be root...
-exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING=
_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
+exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$=
@"
EOF
;;
- swtpm_setup)
- true
- ;;
*)
cat >${WORKDIR}/${exe}_oe.sh <<EOF
#! /bin/sh
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes=
-tpm/swtpm/swtpm_0.6.1.bb
similarity index 69%
rename from meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
index 912e939..c7fc131 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb
@@ -3,14 +3,11 @@ LICENSE =3D "BSD-3-Clause"
LIC_FILES_CHKSUM =3D "file://LICENSE;md5=3Dfe8092c832b71ef20dfe4c6d3decb=
3a8"
SECTION =3D "apps"
=20
-DEPENDS =3D "libtasn1 coreutils-native expect socat glib-2.0 net-tools-n=
ative libtpm libtpm-native"
+# expect-native, socat-native, coreutils-native and net-tools-native are=
reportedly only required for the tests
+DEPENDS =3D "libtasn1 coreutils-native expect-native socat-native glib-2=
.0 net-tools-native libtpm json-glib"
=20
-# configure checks for the tools already during compilation and
-# then swtpm_setup needs them at runtime
-DEPENDS:append =3D " tpm-tools-native expect-native socat-native python3=
-pip-native python3-cryptography-native"
-
-SRCREV =3D "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
-SRC_URI =3D "git://github.com/stefanberger/swtpm.git;branch=3Dstable-0.5=
\
+SRCREV =3D "98187d24fe14851653a7c46eb16e9c5f0b9beaa1"
+SRC_URI =3D "git://github.com/stefanberger/swtpm.git;branch=3Dstable-0.6=
\
file://ioctl_h.patch \
file://oe_configure.patch \
"
@@ -19,7 +16,7 @@ PE =3D "1"
S =3D "${WORKDIR}/git"
=20
PARALLEL_MAKE =3D ""
-inherit autotools pkgconfig python3native
+inherit autotools pkgconfig perlnative
=20
TSS_USER=3D"tss"
TSS_GROUP=3D"tss"
@@ -28,7 +25,10 @@ PACKAGECONFIG ?=3D "openssl"
PACKAGECONFIG +=3D "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '=
selinux', '', d)}"
PACKAGECONFIG +=3D "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesyst=
ems-layer', 'cuse', '', d)}"
PACKAGECONFIG[openssl] =3D "--with-openssl, --without-openssl, openssl"
-PACKAGECONFIG[gnutls] =3D "--with-gnutls, --without-gnutls, gnutls"
+# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
+# used by swtpm-create-tpmca (the last two is provided by gnutls)
+# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cer=
t
+PACKAGECONFIG[gnutls] =3D "--with-gnutls, --without-gnutls, gnutls, gnut=
ls, expect bash tpm2-pkcs11-tools"
PACKAGECONFIG[selinux] =3D "--with-selinux, --without-selinux, libselinu=
x"
PACKAGECONFIG[cuse] =3D "--with-cuse, --without-cuse, fuse"
PACKAGECONFIG[seccomp] =3D "--with-seccomp, --without-seccomp, libseccom=
p"
@@ -41,14 +41,11 @@ USERADD_PARAM:${PN} =3D "--system -g ${TSS_GROUP} --h=
ome-dir \
--no-create-home --shell /bin/false ${BPN}"
=20
=20
-PACKAGES =3D+ "${PN}-python"
-FILES:${PN}-python =3D "${PYTHON_SITEPACKAGES_DIR}"
-
PACKAGE_BEFORE_PN =3D "${PN}-cuse"
FILES:${PN}-cuse =3D "${bindir}/swtpm_cuse"
=20
INSANE_SKIP:${PN} +=3D "dev-so"
=20
-RDEPENDS:${PN} =3D "libtpm expect socat bash tpm-tools python3 python3-c=
ryptography python3-twisted"
+RDEPENDS:${PN} =3D "libtpm"
=20
BBCLASSEXTEND =3D "native nativesdk"
--=20
2.25.1