[meta-security][PATCH 1/5] swtpm: fix check for tscd deamon on host


Armin Kuster
 

Found a few places that tscd check was trying to run the hosts.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../swtpm/files/oe_configure.patch | 65 +++++++++++++++++++
meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb | 1 +
2 files changed, 66 insertions(+)
create mode 100644 meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch

diff --git a/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch b/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch
new file mode 100644
index 0000000..5aee933
--- /dev/null
+++ b/meta-tpm/recipes-tpm/swtpm/files/oe_configure.patch
@@ -0,0 +1,65 @@
+Don't check for tscd deamon on host.
+
+Upstream-Status: OE Specific
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -179,15 +179,6 @@ AC_SUBST([LIBTPMS_LIBS])
+ AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
+ AC_SUBST([LIBRT_LIBS])
+
+-AC_PATH_PROG([TCSD], tcsd)
+-if test "x$TCSD" = "x"; then
+- have_tcsd=no
+- AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests])
+-else
+- have_tcsd=yes
+-fi
+-AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
+-
+ dnl We either need netstat (more common across systems) or 'ss' for test cases
+ AC_PATH_PROG([NETSTAT], [netstat])
+ if test "x$NETSTAT" = "x"; then
+@@ -440,23 +431,6 @@ AC_ARG_WITH([tss-group],
+ [TSS_GROUP="tss"]
+ )
+
+-case $have_tcsd in
+-yes)
+- AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available])
+- if ! test $(id -u $TSS_USER); then
+- AC_MSG_ERROR(["$TSS_USER is not available"])
+- else
+- AC_MSG_RESULT([yes])
+- fi
+- AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available])
+- if ! test $(id -g $TSS_GROUP); then
+- AC_MSG_ERROR(["$TSS_GROUP is not available"])
+- else
+- AC_MSG_RESULT([yes])
+- fi
+- ;;
+-esac
+-
+ AC_SUBST([TSS_USER])
+ AC_SUBST([TSS_GROUP])
+
+Index: git/tests/Makefile.am
+===================================================================
+--- git.orig/tests/Makefile.am
++++ git/tests/Makefile.am
+@@ -83,10 +83,6 @@ TESTS += \
+ test_tpm2_swtpm_cert \
+ test_tpm2_swtpm_cert_ecc \
+ test_tpm2_swtpm_setup_create_cert
+-if HAVE_TCSD
+-TESTS += \
+- test_tpm2_samples_create_tpmca
+-endif
+ endif
+
+ EXTRA_DIST=$(TESTS) \
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
index ab77196..caf99e8 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
@@ -12,6 +12,7 @@ DEPENDS_append = " tpm-tools-native expect-native socat-native python3-pip-nativ
SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
file://ioctl_h.patch \
+ file://oe_configure.patch \
"
PE = "1"

--
2.25.1