diff options
Diffstat (limited to 'pkgs/misc/tpm2-pkcs11')
-rw-r--r-- | pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch | 13 | ||||
-rw-r--r-- | pkgs/misc/tpm2-pkcs11/default.nix | 20 | ||||
-rw-r--r-- | pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch | 51 | ||||
-rw-r--r-- | pkgs/misc/tpm2-pkcs11/version.patch | 10 |
4 files changed, 74 insertions, 20 deletions
diff --git a/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch b/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch deleted file mode 100644 index fa2575cb938a..000000000000 --- a/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index e861e42..018c19c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -26,7 +26,7 @@ - #;**********************************************************************; - - AC_INIT([tpm2-pkcs11], -- [m4_esyscmd_s([git describe --tags --always --dirty])], -+ [git-@VERSION@], - [https://github.com/tpm2-software/tpm2-pkcs11/issues], - [], - [https://github.com/tpm2-software/tpm2-pkcs11]) diff --git a/pkgs/misc/tpm2-pkcs11/default.nix b/pkgs/misc/tpm2-pkcs11/default.nix index dd0cf011b158..91b7c31eb323 100644 --- a/pkgs/misc/tpm2-pkcs11/default.nix +++ b/pkgs/misc/tpm2-pkcs11/default.nix @@ -2,32 +2,38 @@ , pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf , tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml , abrmdSupport ? true, tpm2-abrmd ? null +, fapiSupport ? true }: stdenv.mkDerivation rec { pname = "tpm2-pkcs11"; - version = "1.8.0"; + version = "1.9.0"; src = fetchFromGitHub { owner = "tpm2-software"; repo = pname; rev = version; - sha256 = "sha256-f5wi0nIM071yaQCwPkY1agKc7OEQa/IxHJc4V2i0Q9I="; + sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk="; }; - patches = lib.singleton ( - substituteAll { - src = ./0001-configure-ac-version.patch; - VERSION = version; - }); + patches = [ + ./version.patch + ./graceful-fapi-fail.patch + ]; # The preConfigure phase doesn't seem to be working here # ./bootstrap MUST be executed as the first step, before all # of the autoreconfHook stuff postPatch = '' + echo ${version} > VERSION ./bootstrap ''; + configureFlags = lib.optionals (!fapiSupport) [ + # Note: this will be renamed to with-fapi in next release. + "--enable-fapi=no" + ]; + nativeBuildInputs = [ pkg-config autoreconfHook autoconf-archive makeWrapper patchelf ]; diff --git a/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch b/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch new file mode 100644 index 000000000000..26712e9830c7 --- /dev/null +++ b/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch @@ -0,0 +1,51 @@ +From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001 +From: Jonathan McDowell <noodles@earth.li> +Date: Wed, 1 Feb 2023 09:29:58 +0000 +Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in + +Instead of emitting: + + WARNING: Getting tokens from fapi backend failed. + +errors when FAPI support is not compiled in gracefully fail the FAPI +init and don't log any warnings. We'll still produce a message +indicating this is what's happened in verbose mode, but normal operation +no longer gets an unnecessary message. + +Fixes #792 + +Signed-off-by: Jonathan McDowell <noodles@earth.li> +--- + src/lib/backend.c | 4 +++- + src/lib/backend_fapi.c | 3 ++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/lib/backend.c b/src/lib/backend.c +index ca5e2ccf..128f58b9 100644 +--- a/src/lib/backend.c ++++ b/src/lib/backend.c +@@ -53,7 +53,9 @@ CK_RV backend_init(void) { + LOGE(msg); + return rv; + } +- LOGW(msg); ++ if (rv != CKR_FUNCTION_NOT_SUPPORTED) { ++ LOGW(msg); ++ } + } else { + fapi_init = true; + } +diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c +index fe594f0e..3a203632 100644 +--- a/src/lib/backend_fapi.c ++++ b/src/lib/backend_fapi.c +@@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist + + CK_RV backend_fapi_init(void) { + +- return CKR_OK; ++ LOGV("FAPI not enabled, failing init"); ++ return CKR_FUNCTION_NOT_SUPPORTED; + } + + CK_RV backend_fapi_destroy(void) { diff --git a/pkgs/misc/tpm2-pkcs11/version.patch b/pkgs/misc/tpm2-pkcs11/version.patch new file mode 100644 index 000000000000..297a7bd53736 --- /dev/null +++ b/pkgs/misc/tpm2-pkcs11/version.patch @@ -0,0 +1,10 @@ +--- a/bootstrap ++++ b/bootstrap +@@ -4,7 +4,6 @@ + + # Generate a VERSION file that is included in the dist tarball to avoid needed git + # when calling autoreconf in a release tarball. +-git describe --tags --always --dirty > VERSION + + # generate list of source files for use in Makefile.am + # if you add new source files, you must run ./bootstrap again |