2 files changed, 113 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix b/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
new file mode 100644
index 000000000000..a272cf8b9340
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/tpm2-tss/default.nix
@@ -0,0 +1,74 @@
+{ stdenv, lib, fetchFromGitHub
+, autoreconfHook, autoconf-archive, pkg-config, doxygen, perl
+, openssl, json_c, curl, libgcrypt
+, cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
+}:
+
+stdenv.mkDerivation rec {
+  pname = "tpm2-tss";
+  version = "3.0.3";
+
+  src = fetchFromGitHub {
+    owner = "tpm2-software";
+    repo = pname;
+    rev = version;
+    sha256 = "106yhsjwjadxsl9dqxywg287mdwsksman02hdalhav18vcnvnlpj";
+  };
+
+  nativeBuildInputs = [
+    autoreconfHook autoconf-archive pkg-config doxygen perl
+  ];
+  buildInputs = [ openssl json_c curl libgcrypt ];
+  checkInputs = [
+    cmocka uthash ibm-sw-tpm2 iproute2 procps which
+  ];
+
+  preAutoreconf = "./bootstrap";
+
+  enableParallelBuilding = true;
+
+  patches = [
+    # Do not rely on dynamic loader path
+    # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory
+    ./no-dynamic-loader-path.patch
+  ];
+
+  postPatch = ''
+    patchShebangs script
+    substituteInPlace src/tss2-tcti/tctildr-dl.c \
+      --replace '@PREFIX@' $out/lib/
+    substituteInPlace ./test/unit/tctildr-dl.c \
+      --replace ', "libtss2' ", \"$out/lib/libtss2" \
+      --replace ', "foo' ", \"$out/lib/foo" \
+      --replace ', TEST_TCTI_NAME' ", \"$out/lib/\"TEST_TCTI_NAME"
+  '';
+
+  configureFlags = [
+    "--enable-unit"
+    "--enable-integration"
+  ];
+
+  doCheck = true;
+  preCheck = ''
+    # Since we rewrote the load path in the dynamic loader for the TCTI
+    # The various tcti implementation should be placed in their target directory
+    # before we could run tests
+    installPhase
+    # install already done, dont need another one
+    dontInstall=1
+  '';
+
+  postInstall = ''
+    # Do not install the upstream udev rules, they rely on specific
+    # users/groups which aren't guaranteed to exist on the system.
+    rm -R $out/lib/udev
+  '';
+
+  meta = with lib; {
+    description = "OSS implementation of the TCG TPM2 Software Stack (TSS2)";
+    homepage = "https://github.com/tpm2-software/tpm2-tss";
+    license = licenses.bsd2;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ delroth ];
+  };
+}
diff --git a/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch b/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
new file mode 100644
index 000000000000..86cdcd1541e6
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
@@ -0,0 +1,39 @@
+diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c
+index b364695c..b13be3ef 100644
+--- a/src/tss2-tcti/tctildr-dl.c
++++ b/src/tss2-tcti/tctildr-dl.c
+@@ -85,7 +85,15 @@ handle_from_name(const char *file,
+     if (handle == NULL) {
+         return TSS2_TCTI_RC_BAD_REFERENCE;
+     }
+-    *handle = dlopen(file, RTLD_NOW);
++    size = snprintf(file_xfrm,
++                    sizeof (file_xfrm),
++                    "@PREFIX@%s",
++                    file);
++    if (size >= sizeof (file_xfrm)) {
++        LOG_ERROR("TCTI name truncated in transform.");
++        return TSS2_TCTI_RC_BAD_VALUE;
++    }
++    *handle = dlopen(file_xfrm, RTLD_NOW);
+     if (*handle != NULL) {
+         return TSS2_RC_SUCCESS;
+     } else {
+@@ -94,7 +102,7 @@ handle_from_name(const char *file,
+     /* 'name' alone didn't work, try libtss2-tcti-<name>.so.0 */
+     size = snprintf(file_xfrm,
+                     sizeof (file_xfrm),
+-                    TCTI_NAME_TEMPLATE_0,
++                    "@PREFIX@" TCTI_NAME_TEMPLATE_0,
+                     file);
+     if (size >= sizeof (file_xfrm)) {
+         LOG_ERROR("TCTI name truncated in transform.");
+@@ -109,7 +117,7 @@ handle_from_name(const char *file,
+     /* libtss2-tcti-<name>.so.0 didn't work, try libtss2-tcti-<name>.so */
+     size = snprintf(file_xfrm,
+                     sizeof (file_xfrm),
+-                    TCTI_NAME_TEMPLATE,
++                    "@PREFIX@" TCTI_NAME_TEMPLATE,
+                     file);
+     if (size >= sizeof (file_xfrm)) {
+         LOG_ERROR("TCTI name truncated in transform.");