Add app-crypt/trousers with updated libressl patch to suppport libres…

…sl-2.7.x
gentoo · Jun 10, 2018 · b5ac0eb · b5ac0eb
1 parent 7b40491
commit b5ac0eb
Show file tree

Hide file tree

Showing 9 changed files with 202 additions and 0 deletions.
diff --git a/app-crypt/trousers/Manifest b/app-crypt/trousers/Manifest
@@ -0,0 +1 @@
+DIST trousers-0.3.14.tar.gz 1378438 BLAKE2B 3dc2824fa2ca1b1f1181f98d59e85276e7d38af4bfc07ee8246431d9ccb300a8e0820b318643d4cf5d757d2a49492c8686e2fe9de03484263d2189d4bbaa32d0 SHA512 bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21
diff --git a/app-crypt/trousers/files/61-trousers.rules b/app-crypt/trousers/files/61-trousers.rules
@@ -0,0 +1,2 @@
+KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss", SYMLINK+="tpm"
+# vim: ft=udevrules:
diff --git a/app-crypt/trousers/files/tcsd.confd b/app-crypt/trousers/files/tcsd.confd
@@ -0,0 +1,9 @@
+# /etc/conf.d/tscd
+
+# Configuration file for the TrouSerS' TCS daemon (tcsd) init script
+# Have a look on /etc/tcsd.conf too, there is more to configure there.
+
+# TPM_MODULES: name of the module(s) that should be loaded. You only need to
+# set this if your driver is not compiled in kernel and is not already loaded
+# on boot.    (default: unset)
+#TPM_MODULES="tpm_atmel"
diff --git a/app-crypt/trousers/files/tcsd.initd b/app-crypt/trousers/files/tcsd.initd
@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	use logger
+	need net
+}
+
+checkconfig() {
+	local mod
+	if [ -n "${TPM_MODULES}" ] ; then
+		for mod in ${TPM_MODULES} ; do
+			lsmod | grep -q "^${mod}\b" \
+				|| modprobe ${mod} &>/dev/null \
+				|| ewarn "Failed to load module ${mod}"
+		done
+		# Should we sleep or something to wait for device creation?
+	fi
+	if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then
+		eerror "No TPM device found!"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	ebegin "Starting TrouSerS' TCS daemon (tcsd)"
+	checkconfig || eend $?
+	start-stop-daemon --start --user tss --exec /usr/sbin/tcsd
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping TrouSerS' TCS daemon (tcsd)"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss
+	eend $?
+}
diff --git a/app-crypt/trousers/files/tcsd.service b/app-crypt/trousers/files/tcsd.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=TCG Core Services Daemon
+
+[Service]
+User=tss
+ExecStart=/usr/sbin/tcsd -f
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch b/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch
@@ -0,0 +1,12 @@
+diff -urNp trousers-0.3.13.org/dist/Makefile.am trousers-0.3.13/dist/Makefile.am
+--- trousers-0.3.13.org/dist/Makefile.am	2014-04-24 21:05:43.000000000 +0300
++++ trousers-0.3.13/dist/Makefile.am	2015-04-08 10:05:51.018955728 +0300
+@@ -11,8 +11,6 @@ endif
+ install-exec-hook:
+ 	/bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
+ if !NOUSERCHECK
+-	/usr/sbin/groupadd tss || true
+-	/usr/sbin/useradd -r tss -g tss || true
+ 	/bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
+ 	/bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm
+ endif
diff --git a/app-crypt/trousers/files/trousers-0.3.14-libressl.patch b/app-crypt/trousers/files/trousers-0.3.14-libressl.patch
@@ -0,0 +1,13 @@
+diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c
+index 2b1205f..dc20445 100644
+--- a/src/trspi/crypto/openssl/rsa.c
++++ b/src/trspi/crypto/openssl/rsa.c
+@@ -38,7 +38,7 @@
+ #define DEBUG_print_openssl_errors()
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100001L
++#if OPENSSL_VERSION_NUMBER < 0x10100001L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
+ static int
+ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+ {
diff --git a/app-crypt/trousers/metadata.xml b/app-crypt/trousers/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="project">
+    <email>crypto@gentoo.org</email>
+    <name>Crypto</name>
+  </maintainer>
+  <upstream>
+    <remote-id type="cpe">cpe:/a:debian:trousers</remote-id>
+    <remote-id type="sourceforge">trousers</remote-id>
+  </upstream>
+</pkgmetadata>
diff --git a/app-crypt/trousers/trousers-0.3.14-r1.ebuild b/app-crypt/trousers/trousers-0.3.14-r1.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info ltprune readme.gentoo-r1 systemd user udev
+
+DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation"
+HOMEPAGE="http://trousers.sf.net"
+SRC_URI="mirror://sourceforge/trousers/${PN}/${P}.tar.gz"
+
+LICENSE="CPL-1.0 GPL-2"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~m68k ~ppc ~ppc64 ~s390 ~sh x86"
+IUSE="doc libressl selinux" # gtk
+
+# gtk support presently does NOT compile.
+#	gtk? ( >=x11-libs/gtk+-2 )
+
+CDEPEND=">=dev-libs/glib-2
+	!libressl? ( >=dev-libs/openssl-0.9.7:0 )
+	libressl? ( dev-libs/libressl )
+"
+DEPEND="${CDEPEND}
+	virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-tcsd )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.3.13-nouseradd.patch"
+	"${FILESDIR}/${P}-libressl.patch"
+)
+
+DOCS="AUTHORS ChangeLog NICETOHAVES README TODO"
+
+DOC_CONTENTS="
+	If you have problems starting tcsd, please check permissions and
+	ownership on /dev/tpm* and ~tss/system.data
+"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# Check for driver (not sure it can be an rdep, because ot depends on the
+	# version of virtual/linux-sources... Is that supported by portage?)
+	linux-info_pkg_setup
+	local tpm_kernel_version tpm_kernel_present tpm_module
+	kernel_is ge 2 6 12 && tpm_kernel_version="yes"
+	if linux_config_exists; then
+		linux_chkconfig_present TCG_TPM && tpm_kernel_present="yes"
+	else
+		ewarn "No kernel configuration could be found."
+	fi
+	has_version app-crypt/tpm-emulator && tpm_module="yes"
+	if [[ -n "${tpm_kernel_present}" ]]; then
+		einfo "Good, you seem to have in-kernel TPM support."
+	elif [[ -n "${tpm_module}" ]]; then
+		einfo "Good, you seem to have TPM support with the external module."
+		if [[ -n "${tpm_kernel_version}" ]]; then
+			elog
+			elog "Note that since you have a >=2.6.12 kernel, you could use"
+			elog "the in-kernel driver instead of (CONFIG_TCG_TPM)."
+		fi
+	elif [[ -n "${tpm_kernel_version}" ]]; then
+		eerror
+		eerror "To use this package, you will have to activate TPM support"
+		eerror "in your kernel configuration. That's at least CONFIG_TCG_TPM,"
+		eerror "plus probably a chip specific driver (like CONFIG_TCG_ATMEL)."
+		eerror
+	else
+		eerror
+		eerror "To use this package, you should install a TPM driver."
+		eerror "You can have the following options:"
+		eerror "  - install app-crypt/tpm-emulator"
+		eerror "  - switch to a >=2.6.12 kernel and compile the kernel module"
+		eerror
+	fi
+
+	# New user/group for the daemon
+	enewgroup tss
+	enewuser tss -1 -1 /var/lib/tpm tss
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# econf --with-gui=$(usex gtk gtk openssl)
+	econf --with-gui=openssl
+}
+
+src_install() {
+	default
+	keepdir /var/lib/tpm
+	use doc && dodoc doc/*
+	newinitd "${FILESDIR}"/tcsd.initd tcsd
+	newconfd "${FILESDIR}"/tcsd.confd tcsd
+	systemd_dounit "${FILESDIR}"/tcsd.service
+	udev_dorules "${FILESDIR}"/61-trousers.rules
+	fowners tss:tss /var/lib/tpm
+	prune_libtool_files
+	readme.gentoo_create_doc
+}