From ddef2337083206a2811cc20bf98afc4145a55988 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 2 Apr 2024 12:18:39 -0400 Subject: [PATCH] modules-tpm2-tools: bump from 5.2->5.6 (removes need to hack around PACKAGE_VERSION string which configure.ac points to ./VERSION already tpm2-tools-5.6 patch: comment out git versioning output under ./VERSION; module: output current version under ./VERSION instead. Document under module Signed-off-by: Thierry Laurion --- modules/tpm2-tools | 26 ++++++++++------------ patches/tpm2-tools-5.2.patch | 33 ---------------------------- patches/tpm2-tools-5.6.patch | 42 ++++++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 48 deletions(-) delete mode 100644 patches/tpm2-tools-5.2.patch create mode 100644 patches/tpm2-tools-5.6.patch diff --git a/modules/tpm2-tools b/modules/tpm2-tools index 7407dae0..df06afaf 100644 --- a/modules/tpm2-tools +++ b/modules/tpm2-tools @@ -8,34 +8,30 @@ ifeq "$(CONFIG_TPM2_TOOLS)" "y" export CONFIG_TPM=y endif -tpm2-tools_version := 5.2 +tpm2-tools_version := 5.6 #tpm2-tools_version := 78a7681 #tpm2-tools_repo := https://github.com/tpm2-software/tpm2-tools.git tpm2-tools_dir := tpm2-tools-$(tpm2-tools_version) tpm2-tools_tar := tpm2-tools-$(tpm2-tools_version).tar.gz tpm2-tools_url := https://github.com/tpm2-software/tpm2-tools/releases/download/$(tpm2-tools_version)/$(tpm2-tools_tar) -tpm2-tools_hash := c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630 +tpm2-tools_hash := 52c8bcbaadca082abfe5eb7ee4967d2d632d84b1677675f2f071b6d2ec22cec3 -# we have ESYS 3.0, but it doesn't figure that out on its own +#tpm2-tools 5.6 adds release version based on git, while tarball downloaded doesn't include any .git +# the patch comments out git output to ./VERSION, and we fill it here based on this Makefile's version +#tpm2-tools doesn't play nice with reproducible builds, hardcoding lib paths without providing a configure option to remove rpaths +# We make sure no hardcoding of libdir flags exist in configure script prior of calling the script with sed call +# We pass additional remapping of prefix-map from $INSTALL to local dir tpm2-tools_configure := \ - ./bootstrap \ - && sed -i 's/hardcode_direct=yes/hardcode_direct=no/g' configure \ - && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \ - && sed -i 's/hardcode_minus_L=yes/hardcode_minus_L=no/g' configure \ - && sed -i 's/hardcode_automatic=yes/hardcode_automatic=no/g' configure \ - && sed -i 's/hardcode_runpath_var=yes/hardcode_runpath_var=no/g' configure \ - && sed -i 's/hardcode_into_libs=yes/hardcode_into_libs=no/g' configure \ - && sed -i 's/hardcode_direct_absolute=yes/hardcode_direct_absolute=no/g' configure \ - && sed -i 's/inherit_rpath=yes/inherit_rpath=no/g' configure \ - && sed -i "s/VERSION='.*'/VERSION='reproducible_build'/g" configure \ + echo "$(tpm2-tools_version)" > ./VERSION \ + && ./bootstrap \ + && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=/' configure \ && ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ --disable-fapi \ - TSS2_ESYS_3_0_CFLAGS="-I$(INSTALL)/include" \ - TSS2_ESYS_3_0_LIBS="-ltss2-esys" \ + CFLAGS="-fdebug-prefix-map=$(INSTALL)=." \ tpm2-tools_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/patches/tpm2-tools-5.2.patch b/patches/tpm2-tools-5.2.patch deleted file mode 100644 index f4720f23..00000000 --- a/patches/tpm2-tools-5.2.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 7132215..32e2193 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -93,7 +93,7 @@ tss2_tools = \ - - # Bundle all the tools into a single program similar to busybox - bin_PROGRAMS += tools/tpm2 --tools_tpm2_LDADD = $(LDADD) $(CURL_LIBS) -+tools_tpm2_LDADD = $(LDADD) - tools_tpm2_CFLAGS = $(AM_CFLAGS) -DTPM2_TOOLS_MAX="$(words $(tpm2_tools))" - tools_tpm2_SOURCES = \ - tools/tpm2_tool.c \ -@@ -127,7 +127,6 @@ tpm2_tools = \ - tools/tpm2_encryptdecrypt.c \ - tools/tpm2_evictcontrol.c \ - tools/tpm2_flushcontext.c \ -- tools/tpm2_getekcertificate.c \ - tools/tpm2_getrandom.c \ - tools/tpm2_gettime.c \ - tools/tpm2_hash.c \ -diff --git a/configure.ac b/configure.ac -index f1c1711..7279baa 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -59,7 +59,6 @@ PKG_CHECK_MODULES([TSS2_MU], [tss2-mu]) - PKG_CHECK_MODULES([TSS2_RC], [tss2-rc]) - PKG_CHECK_MODULES([TSS2_SYS], [tss2-sys]) - PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) --PKG_CHECK_MODULES([CURL], [libcurl]) - - # pretty print of devicepath if efivar library is present - PKG_CHECK_MODULES([EFIVAR], [efivar],,[true]) diff --git a/patches/tpm2-tools-5.6.patch b/patches/tpm2-tools-5.6.patch new file mode 100644 index 00000000..991d0791 --- /dev/null +++ b/patches/tpm2-tools-5.6.patch @@ -0,0 +1,42 @@ +--- ./bootstrap.orig 2023-11-08 02:19:36.000000000 -0500 ++++ ./bootstrap 2024-04-03 12:18:46.722995465 -0400 +@@ -5,7 +5,7 @@ + + # Generate a VERSION file that is included in the dist tarball to avoid needed git + # when calling autoreconf in a release tarball. +-git describe --tags --always --dirty > VERSION ++#git describe --tags --always --dirty > VERSION + + # generate list of source files for use in Makefile.am + # if you add new source files, you must run ./bootstrap again +diff --git a/Makefile.am b/Makefile.am +index 7132215..32e2193 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -93,7 +93,7 @@ tss2_tools = \ + + # Bundle all the tools into a single program similar to busybox + bin_PROGRAMS += tools/tpm2 +-tools_tpm2_LDADD = $(LDADD) $(CURL_LIBS) ++tools_tpm2_LDADD = $(LDADD) + tools_tpm2_CFLAGS = $(AM_CFLAGS) -DTPM2_TOOLS_MAX="$(words $(tpm2_tools))" + tools_tpm2_SOURCES = \ + tools/tpm2_tool.c \ +@@ -127,7 +127,6 @@ tpm2_tools = \ + tools/tpm2_encryptdecrypt.c \ + tools/tpm2_evictcontrol.c \ + tools/tpm2_flushcontext.c \ +- tools/tpm2_getekcertificate.c \ + tools/tpm2_getrandom.c \ + tools/tpm2_gettime.c \ + tools/tpm2_hash.c \ +--- ./configure.ac.orig 2023-11-08 02:19:36.000000000 -0500 ++++ ./configure.ac 2024-04-02 12:05:00.270985575 -0400 +@@ -80,7 +80,6 @@ + AC_CHECK_LIB(crypto, [EVP_sm4_cfb128], [ + AC_DEFINE([HAVE_EVP_SM4_CFB], [1], [Support EVP_sm4_cfb in openssl])], + []) +-PKG_CHECK_MODULES([CURL], [libcurl]) + + # pretty print of devicepath if efivar library is present + # auto detect if not specified via the --with-efivar option.