about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/tpm2-tss
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/tpm2-tss')
-rw-r--r--nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix98
-rw-r--r--nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch234
2 files changed, 332 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix b/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
new file mode 100644
index 000000000000..628f32a91c69
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
@@ -0,0 +1,98 @@
+{ stdenv, lib, fetchFromGitHub, fetchurl
+, autoreconfHook, autoconf-archive, pkg-config, doxygen, perl
+, openssl, json_c, curl, libgcrypt
+, cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
+, shadow, libuuid
+}:
+let
+  # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss,
+  # tpm2-tss tests depend on procps, procps depends on systemd by default). This
+  # needs to be conditional based on isLinux because procps for other systems
+  # might not support the withSystemd option.
+  procpsWithoutSystemd = procps.override { withSystemd = false; };
+  procps_pkg = if stdenv.isLinux then procpsWithoutSystemd else procps;
+in
+
+stdenv.mkDerivation rec {
+  pname = "tpm2-tss";
+  version = "4.0.1";
+
+  src = fetchFromGitHub {
+    owner = "tpm2-software";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-75yiKVZrR1vcCwKp4tDO4A9JB0KDM0MXPJ1N85kAaRk=";
+  };
+
+  outputs = [ "out" "man" "dev" ];
+
+  nativeBuildInputs = [
+    autoreconfHook autoconf-archive pkg-config doxygen perl
+    shadow
+  ];
+
+  buildInputs = [
+    openssl json_c curl libgcrypt uthash libuuid
+  ]
+  # cmocka is checked in the configure script
+  # when unit and/or integration testing is enabled
+  # cmocka doesn't build with pkgsStatic, and we don't need it anyway
+  # when tests are not run
+  ++ lib.optional doInstallCheck cmocka;
+
+  nativeInstallCheckInputs = [
+    cmocka which openssl procps_pkg iproute2 ibm-sw-tpm2
+  ];
+
+  strictDeps = true;
+  preAutoreconf = "./bootstrap";
+
+  enableParallelBuilding = true;
+
+  patches = [
+    # Do not rely on dynamic loader path
+    # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory
+    ./no-dynamic-loader-path.patch
+    (fetchurl {
+      name = "skip-test-fapi-fix-provisioning-with-template-if-no-certificate-available.patch";
+      url = "https://github.com/tpm2-software/tpm2-tss/commit/218c0da8d9f675766b1de502a52e23a3aa52648e.patch";
+      sha256 = "sha256-dnl9ZAknCdmvix2TdQvF0fHoYeWp+jfCTg8Uc7h0voA=";
+    })
+  ];
+
+  postPatch = ''
+    patchShebangs script
+    substituteInPlace src/tss2-tcti/tctildr-dl.c \
+      --replace '@PREFIX@' $out/lib/
+    substituteInPlace ./test/unit/tctildr-dl.c \
+      --replace '@PREFIX@' $out/lib
+    substituteInPlace ./bootstrap \
+      --replace 'git describe --tags --always --dirty' 'echo "${version}"'
+  '';
+
+  configureFlags = lib.optionals doInstallCheck [
+    "--enable-unit"
+    "--enable-integration"
+  ];
+
+  postInstall = ''
+    # Do not install the upstream udev rules, they rely on specific
+    # users/groups which aren't guaranteed to exist on the system.
+    rm -R $out/lib/udev
+  '';
+
+  doCheck = false;
+  doInstallCheck = stdenv.buildPlatform == stdenv.hostPlatform;
+  # Since we rewrote the load path in the dynamic loader for the TCTI
+  # The various tcti implementation should be placed in their target directory
+  # before we could run tests, so we make turn checkPhase into installCheckPhase
+  installCheckTarget = "check";
+
+  meta = with lib; {
+    description = "OSS implementation of the TCG TPM2 Software Stack (TSS2)";
+    homepage = "https://github.com/tpm2-software/tpm2-tss";
+    license = licenses.bsd2;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ baloo ];
+  };
+}
diff --git a/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch b/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
new file mode 100644
index 000000000000..60f8c91bae85
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
@@ -0,0 +1,234 @@
+diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c
+index 622637dc..88fc3d8f 100644
+--- a/src/tss2-tcti/tctildr-dl.c
++++ b/src/tss2-tcti/tctildr-dl.c
+@@ -92,7 +92,7 @@ handle_from_name(const char *file,
+         LOG_DEBUG("Could not load TCTI file: \"%s\": %s", file, dlerror());
+     }
+ 
+-    len = snprintf(NULL, 0, TCTI_NAME_TEMPLATE_0, file);
++    len = snprintf(NULL, 0, "@PREFIX@" TCTI_NAME_TEMPLATE_0, file);
+     if (len >= PATH_MAX) {
+         LOG_ERROR("TCTI name truncated in transform.");
+         return TSS2_TCTI_RC_BAD_VALUE;
+@@ -129,6 +129,50 @@ handle_from_name(const char *file,
+         return TSS2_TCTI_RC_BAD_VALUE;
+     }
+     *handle = dlopen(file_xfrm, RTLD_NOW);
++    if (*handle != NULL) {
++        return TSS2_RC_SUCCESS;
++    } else {
++        LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror());
++    }
++    size = snprintf(file_xfrm,
++                    len + 1,
++                    "@PREFIX@%s",
++                    file);
++    if (size >= len + 1) {
++        LOG_ERROR("TCTI name truncated in transform.");
++        return TSS2_TCTI_RC_BAD_VALUE;
++    }
++    *handle = dlopen(file_xfrm, RTLD_NOW);
++    if (*handle != NULL) {
++        return TSS2_RC_SUCCESS;
++    } else {
++        LOG_DEBUG("Could not load TCTI file: \"%s\": %s", file, dlerror());
++    }
++    /* 'name' alone didn't work, try libtss2-tcti-<name>.so.0 */
++    size = snprintf(file_xfrm,
++                    len + 1,
++                    "@PREFIX@" TCTI_NAME_TEMPLATE_0,
++                    file);
++    if (size >= len + 1) {
++        LOG_ERROR("TCTI name truncated in transform.");
++        return TSS2_TCTI_RC_BAD_VALUE;
++    }
++    *handle = dlopen(file_xfrm, RTLD_NOW);
++    if (*handle != NULL) {
++        return TSS2_RC_SUCCESS;
++    } else {
++        LOG_DEBUG("Could not load TCTI file \"%s\": %s", file, dlerror());
++    }
++    /* libtss2-tcti-<name>.so.0 didn't work, try libtss2-tcti-<name>.so */
++    size = snprintf(file_xfrm,
++                    len + 1,
++                    "@PREFIX@" TCTI_NAME_TEMPLATE,
++                    file);
++    if (size >= len + 1) {
++        LOG_ERROR("TCTI name truncated in transform.");
++        return TSS2_TCTI_RC_BAD_VALUE;
++    }
++    *handle = dlopen(file_xfrm, RTLD_NOW);
+     if (*handle == NULL) {
+         LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror());
+         SAFE_FREE(file_xfrm);
+diff --git a/test/unit/tctildr-dl.c b/test/unit/tctildr-dl.c
+index 4279baee..6685c811 100644
+--- a/test/unit/tctildr-dl.c
++++ b/test/unit/tctildr-dl.c
+@@ -229,6 +229,18 @@ test_get_info_default_success (void **state)
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
+ 
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-default.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-default.so.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-default.so.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, HANDLE);
+@@ -261,6 +273,18 @@ test_get_info_default_info_fail (void **state)
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
+ 
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-default.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-default.so.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-default.so.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, HANDLE);
+@@ -413,6 +437,15 @@ test_tcti_fail_all (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-default.so.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-default.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-default.so.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-default.so.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     /* Skip over libtss2-tcti-tabrmd.so */
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
+@@ -424,6 +457,15 @@ test_tcti_fail_all (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-tabrmd.so.0.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-tabrmd.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-tabrmd.so.0.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-tabrmd.so.0.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     /* Skip over libtss2-tcti-device.so, /dev/tpmrm0 */
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0");
+@@ -435,6 +477,15 @@ test_tcti_fail_all (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-device.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-device.so.0.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-device.so.0.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     /* Skip over libtss2-tcti-device.so, /dev/tpm0 */
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0");
+@@ -446,6 +497,15 @@ test_tcti_fail_all (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-device.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-device.so.0.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-device.so.0.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     /* Skip over libtss2-tcti-swtpm.so */
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-swtpm.so.0");
+@@ -457,6 +517,15 @@ test_tcti_fail_all (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-swtpm.so.0.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-swtpm.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-swtpm.so.0.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-swtpm.so.0.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     /* Skip over libtss2-tcti-mssim.so */
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-mssim.so.0");
+@@ -468,6 +537,15 @@ test_tcti_fail_all (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-mssim.so.0.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-mssim.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-mssim.so.0.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-libtss2-tcti-mssim.so.0.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     TSS2_RC r;
+     TSS2_TCTI_CONTEXT *tcti;
+@@ -496,6 +574,15 @@ test_info_from_name_handle_fail (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/foo");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-foo.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-foo.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     TSS2_RC rc = info_from_name ("foo", &info, &data);
+     assert_int_equal (rc, TSS2_TCTI_RC_NOT_SUPPORTED);
+@@ -612,6 +699,15 @@ test_tctildr_get_info_from_name (void **state)
+     expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so");
+     expect_value(__wrap_dlopen, flags, RTLD_NOW);
+     will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/foo");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-foo.so.0");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
++    expect_string(__wrap_dlopen, filename, "@PREFIX@/libtss2-tcti-foo.so");
++    expect_value(__wrap_dlopen, flags, RTLD_NOW);
++    will_return(__wrap_dlopen, NULL);
+ 
+     TSS2_RC rc = tctildr_get_info ("foo", &info, &data);
+     assert_int_equal (rc, TSS2_TCTI_RC_NOT_SUPPORTED);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-29 04:44:20 +0000