Merge remote-tracking branch 'nixpkgs/nixos-unstable'

2 files changed, 64 insertions, 3 deletions

diff --git a/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix b/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
index fa506733c16e..a272cf8b9340 100644
--- a/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
+++ b/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
@@ -1,7 +1,7 @@
 { stdenv, lib, fetchFromGitHub
 , autoreconfHook, autoconf-archive, pkg-config, doxygen, perl
 , openssl, json_c, curl, libgcrypt
-, cmocka, uthash, ibm-sw-tpm2, iproute, procps, which
+, cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
 }:
 
 stdenv.mkDerivation rec {
@@ -20,14 +20,28 @@ stdenv.mkDerivation rec {
   ];
   buildInputs = [ openssl json_c curl libgcrypt ];
   checkInputs = [
-    cmocka uthash ibm-sw-tpm2 iproute procps which
+    cmocka uthash ibm-sw-tpm2 iproute2 procps which
   ];
 
   preAutoreconf = "./bootstrap";
 
   enableParallelBuilding = true;
 
-  postPatch = "patchShebangs script";
+  patches = [
+    # Do not rely on dynamic loader path
+    # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory
+    ./no-dynamic-loader-path.patch
+  ];
+
+  postPatch = ''
+    patchShebangs script
+    substituteInPlace src/tss2-tcti/tctildr-dl.c \
+      --replace '@PREFIX@' $out/lib/
+    substituteInPlace ./test/unit/tctildr-dl.c \
+      --replace ', "libtss2' ", \"$out/lib/libtss2" \
+      --replace ', "foo' ", \"$out/lib/foo" \
+      --replace ', TEST_TCTI_NAME' ", \"$out/lib/\"TEST_TCTI_NAME"
+  '';
 
   configureFlags = [
     "--enable-unit"
@@ -35,6 +49,14 @@ stdenv.mkDerivation rec {
   ];
 
   doCheck = true;
+  preCheck = ''
+    # Since we rewrote the load path in the dynamic loader for the TCTI
+    # The various tcti implementation should be placed in their target directory
+    # before we could run tests
+    installPhase
+    # install already done, dont need another one
+    dontInstall=1
+  '';
 
   postInstall = ''
     # Do not install the upstream udev rules, they rely on specific
diff --git a/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch b/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
new file mode 100644
index 000000000000..86cdcd1541e6
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
@@ -0,0 +1,39 @@
+diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c
+index b364695c..b13be3ef 100644
+--- a/src/tss2-tcti/tctildr-dl.c
++++ b/src/tss2-tcti/tctildr-dl.c
+@@ -85,7 +85,15 @@ handle_from_name(const char *file,
+     if (handle == NULL) {
+         return TSS2_TCTI_RC_BAD_REFERENCE;
+     }
+-    *handle = dlopen(file, RTLD_NOW);
++    size = snprintf(file_xfrm,
++                    sizeof (file_xfrm),
++                    "@PREFIX@%s",
++                    file);
++    if (size >= sizeof (file_xfrm)) {
++        LOG_ERROR("TCTI name truncated in transform.");
++        return TSS2_TCTI_RC_BAD_VALUE;
++    }
++    *handle = dlopen(file_xfrm, RTLD_NOW);
+     if (*handle != NULL) {
+         return TSS2_RC_SUCCESS;
+     } else {
+@@ -94,7 +102,7 @@ handle_from_name(const char *file,
+     /* 'name' alone didn't work, try libtss2-tcti-<name>.so.0 */
+     size = snprintf(file_xfrm,
+                     sizeof (file_xfrm),
+-                    TCTI_NAME_TEMPLATE_0,
++                    "@PREFIX@" TCTI_NAME_TEMPLATE_0,
+                     file);
+     if (size >= sizeof (file_xfrm)) {
+         LOG_ERROR("TCTI name truncated in transform.");
+@@ -109,7 +117,7 @@ handle_from_name(const char *file,
+     /* libtss2-tcti-<name>.so.0 didn't work, try libtss2-tcti-<name>.so */
+     size = snprintf(file_xfrm,
+                     sizeof (file_xfrm),
+-                    TCTI_NAME_TEMPLATE,
++                    "@PREFIX@" TCTI_NAME_TEMPLATE,
+                     file);
+     if (size >= sizeof (file_xfrm)) {
+         LOG_ERROR("TCTI name truncated in transform.");