|
|
25f266 |
%bcond_without gnutls
|
|
|
25f266 |
|
|
|
25f266 |
%global gitdate 20211109
|
|
|
25f266 |
%global gitcommit b79fd91c4b4a74c9c5027b517c5036952c5525db
|
|
|
25f266 |
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7})
|
|
|
25f266 |
|
|
|
25f266 |
# Macros needed by SELinux
|
|
|
25f266 |
%global selinuxtype targeted
|
|
|
25f266 |
%global moduletype contrib
|
|
|
25f266 |
%global modulename swtpm
|
|
|
25f266 |
|
|
|
25f266 |
Summary: TPM Emulator
|
|
|
25f266 |
Name: swtpm
|
|
|
25f266 |
Version: 0.7.0
|
|
|
cee5f4 |
Release: 4.%{gitdate}git%{gitshortcommit}%{?dist}
|
|
|
25f266 |
License: BSD
|
|
|
25f266 |
Url: http://github.com/stefanberger/swtpm
|
|
|
25f266 |
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
|
|
|
25f266 |
ExcludeArch: i686
|
|
|
cee5f4 |
Patch0001: 0001-swtpm-Check-header-size-indicator-against-expected-s.patch
|
|
|
cee5f4 |
Patch0002: 0001-swtpm-Disable-OpenSSL-FIPS-mode-to-avoid-libtpms-fai.patch
|
|
|
cee5f4 |
Patch0003: 0001-swtpm_localca-Test-for-available-issuercert-before-c.patch
|
|
|
25f266 |
|
|
|
25f266 |
BuildRequires: make
|
|
|
25f266 |
BuildRequires: git-core
|
|
|
25f266 |
BuildRequires: automake
|
|
|
25f266 |
BuildRequires: autoconf
|
|
|
25f266 |
BuildRequires: libtool
|
|
|
25f266 |
BuildRequires: libtpms-devel >= 0.6.0
|
|
|
25f266 |
BuildRequires: expect
|
|
|
25f266 |
BuildRequires: net-tools
|
|
|
25f266 |
BuildRequires: openssl-devel
|
|
|
25f266 |
BuildRequires: socat
|
|
|
25f266 |
BuildRequires: softhsm
|
|
|
25f266 |
BuildRequires: json-glib-devel
|
|
|
25f266 |
%if %{with gnutls}
|
|
|
25f266 |
BuildRequires: gnutls >= 3.4.0
|
|
|
25f266 |
BuildRequires: gnutls-devel
|
|
|
25f266 |
BuildRequires: gnutls-utils
|
|
|
25f266 |
BuildRequires: libtasn1-devel
|
|
|
25f266 |
BuildRequires: libtasn1
|
|
|
25f266 |
%endif
|
|
|
25f266 |
BuildRequires: selinux-policy-devel
|
|
|
25f266 |
BuildRequires: gcc
|
|
|
25f266 |
BuildRequires: libseccomp-devel
|
|
|
25f266 |
BuildRequires: tpm2-tools tpm2-abrmd
|
|
|
25f266 |
BuildRequires: python3-devel
|
|
|
25f266 |
|
|
|
25f266 |
Requires: %{name}-libs = %{version}-%{release}
|
|
|
25f266 |
Requires: libtpms >= 0.6.0
|
|
|
25f266 |
%{?selinux_requires}
|
|
|
25f266 |
|
|
|
25f266 |
%description
|
|
|
25f266 |
TPM emulator built on libtpms providing TPM functionality for QEMU VMs
|
|
|
25f266 |
|
|
|
25f266 |
%package libs
|
|
|
25f266 |
Summary: Private libraries for swtpm TPM emulators
|
|
|
25f266 |
License: BSD
|
|
|
25f266 |
|
|
|
25f266 |
%description libs
|
|
|
25f266 |
A private library with callback functions for libtpms based swtpm TPM emulator
|
|
|
25f266 |
|
|
|
25f266 |
%package devel
|
|
|
25f266 |
Summary: Include files for the TPM emulator's CUSE interface for usage by clients
|
|
|
25f266 |
License: BSD
|
|
|
25f266 |
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
25f266 |
|
|
|
25f266 |
%description devel
|
|
|
25f266 |
Include files for the TPM emulator's CUSE interface.
|
|
|
25f266 |
|
|
|
25f266 |
%package tools
|
|
|
25f266 |
Summary: Tools for the TPM emulator
|
|
|
25f266 |
License: BSD
|
|
|
25f266 |
Requires: swtpm = %{version}-%{release}
|
|
|
25f266 |
Requires: bash gnutls-utils
|
|
|
25f266 |
|
|
|
25f266 |
%description tools
|
|
|
25f266 |
Tools for the TPM emulator from the swtpm package
|
|
|
25f266 |
|
|
|
25f266 |
%package tools-pkcs11
|
|
|
25f266 |
Summary: Tools for creating a local CA based on a TPM pkcs11 device
|
|
|
25f266 |
License: BSD
|
|
|
25f266 |
Requires: swtpm-tools = %{version}-%{release}
|
|
|
25f266 |
Requires: tpm2-tools tpm2-abrmd
|
|
|
25f266 |
Requires: expect gnutls-utils
|
|
|
25f266 |
|
|
|
25f266 |
%description tools-pkcs11
|
|
|
25f266 |
Tools for creating a local CA based on a pkcs11 device
|
|
|
25f266 |
|
|
|
25f266 |
%prep
|
|
|
25f266 |
%autosetup -S git -n %{name}-%{gitcommit} -p1
|
|
|
25f266 |
|
|
|
25f266 |
%build
|
|
|
25f266 |
|
|
|
25f266 |
NOCONFIGURE=1 ./autogen.sh
|
|
|
25f266 |
%configure \
|
|
|
25f266 |
%if %{with gnutls}
|
|
|
25f266 |
--with-gnutls \
|
|
|
25f266 |
%endif
|
|
|
25f266 |
--without-cuse \
|
|
|
25f266 |
--without-tpm1
|
|
|
25f266 |
|
|
|
25f266 |
%make_build V=1
|
|
|
25f266 |
|
|
|
25f266 |
%check
|
|
|
25f266 |
make %{?_smp_mflags} check VERBOSE=1
|
|
|
25f266 |
|
|
|
25f266 |
%install
|
|
|
25f266 |
|
|
|
25f266 |
%make_install
|
|
|
25f266 |
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
|
|
|
25f266 |
|
|
|
25f266 |
%post
|
|
|
25f266 |
for pp in /usr/share/selinux/packages/swtpm.pp \
|
|
|
25f266 |
/usr/share/selinux/packages/swtpm_svirt.pp; do
|
|
|
25f266 |
%selinux_modules_install -s %{selinuxtype} ${pp}
|
|
|
25f266 |
done
|
|
|
25f266 |
restorecon %{_bindir}/swtpm
|
|
|
25f266 |
|
|
|
25f266 |
%postun
|
|
|
25f266 |
if [ $1 -eq 0 ]; then
|
|
|
25f266 |
for p in swtpm swtpm_svirt; do
|
|
|
25f266 |
%selinux_modules_uninstall -s %{selinuxtype} $p
|
|
|
25f266 |
done
|
|
|
25f266 |
fi
|
|
|
25f266 |
|
|
|
25f266 |
%posttrans
|
|
|
25f266 |
%selinux_relabel_post -s %{selinuxtype}
|
|
|
25f266 |
|
|
|
25f266 |
%ldconfig_post libs
|
|
|
25f266 |
%ldconfig_postun libs
|
|
|
25f266 |
|
|
|
25f266 |
%files
|
|
|
25f266 |
%license LICENSE
|
|
|
25f266 |
%doc README
|
|
|
25f266 |
%{_bindir}/swtpm
|
|
|
25f266 |
%{_mandir}/man8/swtpm.8*
|
|
|
25f266 |
%{_datadir}/selinux/packages/swtpm.pp
|
|
|
25f266 |
%{_datadir}/selinux/packages/swtpm_svirt.pp
|
|
|
25f266 |
|
|
|
25f266 |
%files libs
|
|
|
25f266 |
%license LICENSE
|
|
|
25f266 |
%doc README
|
|
|
25f266 |
|
|
|
25f266 |
%dir %{_libdir}/%{name}
|
|
|
25f266 |
%{_libdir}/%{name}/libswtpm_libtpms.so.0
|
|
|
25f266 |
%{_libdir}/%{name}/libswtpm_libtpms.so.0.0.0
|
|
|
25f266 |
|
|
|
25f266 |
%files devel
|
|
|
25f266 |
%dir %{_includedir}/%{name}
|
|
|
25f266 |
%{_includedir}/%{name}/*.h
|
|
|
25f266 |
%{_mandir}/man3/swtpm_ioctls.3*
|
|
|
25f266 |
|
|
|
25f266 |
%files tools
|
|
|
25f266 |
%doc README
|
|
|
25f266 |
%{_bindir}/swtpm_bios
|
|
|
25f266 |
%if %{with gnutls}
|
|
|
25f266 |
%{_bindir}/swtpm_cert
|
|
|
25f266 |
%endif
|
|
|
25f266 |
%{_bindir}/swtpm_setup
|
|
|
25f266 |
%{_bindir}/swtpm_ioctl
|
|
|
25f266 |
%{_bindir}/swtpm_localca
|
|
|
25f266 |
%{_mandir}/man8/swtpm_bios.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm_cert.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm_ioctl.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm-localca.conf.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm-localca.options.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm-localca.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm_localca.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm_setup.8*
|
|
|
25f266 |
%{_mandir}/man8/swtpm_setup.conf.8*
|
|
|
25f266 |
%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
|
|
|
25f266 |
%config(noreplace) %{_sysconfdir}/swtpm-localca.options
|
|
|
25f266 |
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
|
|
|
25f266 |
%dir %{_datadir}/swtpm
|
|
|
25f266 |
%{_datadir}/swtpm/swtpm-localca
|
|
|
25f266 |
%{_datadir}/swtpm/swtpm-create-user-config-files
|
|
|
25f266 |
%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca
|
|
|
25f266 |
|
|
|
25f266 |
%files tools-pkcs11
|
|
|
25f266 |
%{_mandir}/man8/swtpm-create-tpmca.8*
|
|
|
25f266 |
%{_datadir}/swtpm/swtpm-create-tpmca
|
|
|
25f266 |
|
|
|
25f266 |
%changelog
|
|
|
cee5f4 |
* Mon Jul 18 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-4.20211109gitb79fd91
|
|
|
954474 |
- swtpm_localca: Test for available issuercert before creating CA
|
|
|
cee5f4 |
Resolves: rhbz#2100508
|
|
|
954474 |
|
|
|
cee5f4 |
* Mon Jun 20 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-3.20211109gitb79fd91
|
|
|
cee5f4 |
- Disable OpenSSL FIPS mode to avoid libtpms failures
|
|
|
cee5f4 |
Resolves: rhbz#2097947
|
|
|
cee5f4 |
|
|
|
cee5f4 |
* Mon Feb 21 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-2.20211109gitb79fd91
|
|
|
cee5f4 |
- Add fix for CVE-2022-23645.
|
|
|
cee5f4 |
Resolves: rhbz#2056517
|
|
|
954474 |
|
|
|
25f266 |
* Tue Jan 04 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20211109gitb79fd91
|
|
|
25f266 |
- Rebase to 0.7.0, disable TPM 1.2.
|
|
|
25f266 |
Resovles: rhbz#2029612
|
|
|
25f266 |
|
|
|
25f266 |
* Thu Sep 16 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-2.20210607gitea627b3
|
|
|
25f266 |
- rebuilt with missing CFLAGS fix.
|
|
|
25f266 |
|
|
|
25f266 |
* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-1.20210607gitea627b3
|
|
|
25f266 |
- Update to 0.6.0.
|
|
|
25f266 |
Resolves: rhbz#1972783
|
|
|
25f266 |
|
|
|
25f266 |
* Tue Dec 1 20:40:07 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4.2-1.20201201git2df14e3
|
|
|
25f266 |
- Update to 0.4.2, to address potential symlink vulnerabilities (CVE-2020-28407).
|
|
|
25f266 |
Resolves: rhbz#1906043
|
|
|
25f266 |
|
|
|
25f266 |
* Thu Sep 24 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4.0-3.20200828git0c238a2
|
|
|
25f266 |
- swtpm_setup: Add missing .config path when using ${HOME}. Resolves: rhbz#1881418
|
|
|
25f266 |
|
|
|
25f266 |
* Thu Sep 17 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4.0-2.20200828git0c238a2
|
|
|
25f266 |
- Backport fixes from 0.4.0 stable branch. Resolves: rhbz#1868375
|
|
|
25f266 |
(fixes usage of swtpm-localca with passwords when signing keys)
|
|
|
25f266 |
|
|
|
25f266 |
* Sat Sep 12 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4.0-1.20200828git0c238a2
|
|
|
25f266 |
- Update to v0.4.0. Resolves: rhbz#1868375
|
|
|
25f266 |
|
|
|
25f266 |
* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@gmail.com> - 0.3.0-1.20200218git74ae43b
|
|
|
25f266 |
- Update to v0.3.0. Fixes rhbz#1809778
|
|
|
25f266 |
- exclude i686 build
|
|
|
25f266 |
|
|
|
25f266 |
* Mon Jan 27 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.2.0-2.20200127gitff5a83b
|
|
|
25f266 |
- Update to latest 0.2-stable branch, fix random test failure. rhbz#1782451
|
|
|
25f266 |
|
|
|
25f266 |
* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.2.0-1.20191018git9227cf4
|
|
|
25f266 |
- rebuilt
|
|
|
25f266 |
|
|
|
25f266 |
* Tue Aug 13 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.1.0-1.20190425gitca85606.1
|
|
|
25f266 |
- Fix SELinux labels on /usr/bin/swtpm installation rhbz#1739994
|
|
|
25f266 |
|
|
|
25f266 |
* Thu Apr 25 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20190425gitca85606
|
|
|
25f266 |
- pick up bug fixes
|
|
|
25f266 |
|
|
|
25f266 |
* Mon Feb 04 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20190204git2c25d13.1
|
|
|
25f266 |
- v0.1.0 release of swtpm
|
|
|
25f266 |
|
|
|
25f266 |
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.0-0.20181212git8b9484a.1
|
|
|
25f266 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
25f266 |
|
|
|
25f266 |
* Wed Dec 12 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181212git8b9484a
|
|
|
25f266 |
- Follow improvements in swtpm repo primarily related to fixes for 'ubsan'
|
|
|
25f266 |
|
|
|
25f266 |
* Tue Nov 06 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181106git05d8160
|
|
|
25f266 |
- Follow improvements in swtpm repo
|
|
|
25f266 |
- Remove ownership change of swtpm_setup.sh; have root own the file as required
|
|
|
25f266 |
|
|
|
25f266 |
* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181031gitc782a85
|
|
|
25f266 |
- Follow improvements and fixes in swtpm
|
|
|
25f266 |
|
|
|
25f266 |
* Tue Oct 02 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20181002git0143c41
|
|
|
25f266 |
- Fixes to SELinux policy
|
|
|
25f266 |
- Improvements on various other parts
|
|
|
25f266 |
* Tue Sep 25 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20180924gitce13edf
|
|
|
25f266 |
- Initial Fedora build
|
|
|
25f266 |
* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20180918git67d7ea3
|
|
|
25f266 |
- Created initial version of rpm spec files
|
|
|
25f266 |
- Version is now 0.1.0
|
|
|
25f266 |
- Bugzilla for this spec: https://bugzilla.redhat.com/show_bug.cgi?id=1611829
|