diff --git a/app-crypt/trousers/Manifest b/app-crypt/trousers/Manifest new file mode 100644 index 00000000..bbdd6825 --- /dev/null +++ b/app-crypt/trousers/Manifest @@ -0,0 +1 @@ +DIST trousers-0.3.14.tar.gz 1378438 BLAKE2B 3dc2824fa2ca1b1f1181f98d59e85276e7d38af4bfc07ee8246431d9ccb300a8e0820b318643d4cf5d757d2a49492c8686e2fe9de03484263d2189d4bbaa32d0 SHA512 bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21 diff --git a/app-crypt/trousers/files/61-trousers.rules b/app-crypt/trousers/files/61-trousers.rules new file mode 100644 index 00000000..20e89cbe --- /dev/null +++ b/app-crypt/trousers/files/61-trousers.rules @@ -0,0 +1,2 @@ +KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss", SYMLINK+="tpm" +# vim: ft=udevrules: diff --git a/app-crypt/trousers/files/tcsd.confd b/app-crypt/trousers/files/tcsd.confd new file mode 100644 index 00000000..78bedb9f --- /dev/null +++ b/app-crypt/trousers/files/tcsd.confd @@ -0,0 +1,9 @@ +# /etc/conf.d/tscd + +# Configuration file for the TrouSerS' TCS daemon (tcsd) init script +# Have a look on /etc/tcsd.conf too, there is more to configure there. + +# TPM_MODULES: name of the module(s) that should be loaded. You only need to +# set this if your driver is not compiled in kernel and is not already loaded +# on boot. (default: unset) +#TPM_MODULES="tpm_atmel" diff --git a/app-crypt/trousers/files/tcsd.initd b/app-crypt/trousers/files/tcsd.initd new file mode 100644 index 00000000..19278c56 --- /dev/null +++ b/app-crypt/trousers/files/tcsd.initd @@ -0,0 +1,38 @@ +#!/sbin/openrc-run +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + use logger + need net +} + +checkconfig() { + local mod + if [ -n "${TPM_MODULES}" ] ; then + for mod in ${TPM_MODULES} ; do + lsmod | grep -q "^${mod}\b" \ + || modprobe ${mod} &>/dev/null \ + || ewarn "Failed to load module ${mod}" + done + # Should we sleep or something to wait for device creation? + fi + if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then + eerror "No TPM device found!" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting TrouSerS' TCS daemon (tcsd)" + checkconfig || eend $? + start-stop-daemon --start --user tss --exec /usr/sbin/tcsd + eend $? +} + +stop() { + ebegin "Stopping TrouSerS' TCS daemon (tcsd)" + start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss + eend $? +} diff --git a/app-crypt/trousers/files/tcsd.service b/app-crypt/trousers/files/tcsd.service new file mode 100644 index 00000000..4a46e614 --- /dev/null +++ b/app-crypt/trousers/files/tcsd.service @@ -0,0 +1,10 @@ +[Unit] +Description=TCG Core Services Daemon + +[Service] +User=tss +ExecStart=/usr/sbin/tcsd -f + +[Install] +WantedBy=multi-user.target + diff --git a/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch b/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch new file mode 100644 index 00000000..5426e992 --- /dev/null +++ b/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch @@ -0,0 +1,12 @@ +diff -urNp trousers-0.3.13.org/dist/Makefile.am trousers-0.3.13/dist/Makefile.am +--- trousers-0.3.13.org/dist/Makefile.am 2014-04-24 21:05:43.000000000 +0300 ++++ trousers-0.3.13/dist/Makefile.am 2015-04-08 10:05:51.018955728 +0300 +@@ -11,8 +11,6 @@ endif + install-exec-hook: + /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' + if !NOUSERCHECK +- /usr/sbin/groupadd tss || true +- /usr/sbin/useradd -r tss -g tss || true + /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true + /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm + endif diff --git a/app-crypt/trousers/files/trousers-0.3.14-libressl.patch b/app-crypt/trousers/files/trousers-0.3.14-libressl.patch new file mode 100644 index 00000000..6bf9afd7 --- /dev/null +++ b/app-crypt/trousers/files/trousers-0.3.14-libressl.patch @@ -0,0 +1,13 @@ +diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c +index 2b1205f..dc20445 100644 +--- a/src/trspi/crypto/openssl/rsa.c ++++ b/src/trspi/crypto/openssl/rsa.c +@@ -38,7 +38,7 @@ + #define DEBUG_print_openssl_errors() + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100001L ++#if OPENSSL_VERSION_NUMBER < 0x10100001L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000) + static int + RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) + { diff --git a/app-crypt/trousers/metadata.xml b/app-crypt/trousers/metadata.xml new file mode 100644 index 00000000..090e56fa --- /dev/null +++ b/app-crypt/trousers/metadata.xml @@ -0,0 +1,12 @@ + + + + + crypto@gentoo.org + Crypto + + + cpe:/a:debian:trousers + trousers + + diff --git a/app-crypt/trousers/trousers-0.3.14-r1.ebuild b/app-crypt/trousers/trousers-0.3.14-r1.ebuild new file mode 100644 index 00000000..07098464 --- /dev/null +++ b/app-crypt/trousers/trousers-0.3.14-r1.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools linux-info ltprune readme.gentoo-r1 systemd user udev + +DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation" +HOMEPAGE="http://trousers.sf.net" +SRC_URI="mirror://sourceforge/trousers/${PN}/${P}.tar.gz" + +LICENSE="CPL-1.0 GPL-2" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~m68k ~ppc ~ppc64 ~s390 ~sh x86" +IUSE="doc libressl selinux" # gtk + +# gtk support presently does NOT compile. +# gtk? ( >=x11-libs/gtk+-2 ) + +CDEPEND=">=dev-libs/glib-2 + !libressl? ( >=dev-libs/openssl-0.9.7:0 ) + libressl? ( dev-libs/libressl ) +" +DEPEND="${CDEPEND} + virtual/pkgconfig" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-tcsd )" + +PATCHES=( + "${FILESDIR}/${PN}-0.3.13-nouseradd.patch" + "${FILESDIR}/${P}-libressl.patch" +) + +DOCS="AUTHORS ChangeLog NICETOHAVES README TODO" + +DOC_CONTENTS=" + If you have problems starting tcsd, please check permissions and + ownership on /dev/tpm* and ~tss/system.data +" + +S="${WORKDIR}" + +pkg_setup() { + # Check for driver (not sure it can be an rdep, because ot depends on the + # version of virtual/linux-sources... Is that supported by portage?) + linux-info_pkg_setup + local tpm_kernel_version tpm_kernel_present tpm_module + kernel_is ge 2 6 12 && tpm_kernel_version="yes" + if linux_config_exists; then + linux_chkconfig_present TCG_TPM && tpm_kernel_present="yes" + else + ewarn "No kernel configuration could be found." + fi + has_version app-crypt/tpm-emulator && tpm_module="yes" + if [[ -n "${tpm_kernel_present}" ]]; then + einfo "Good, you seem to have in-kernel TPM support." + elif [[ -n "${tpm_module}" ]]; then + einfo "Good, you seem to have TPM support with the external module." + if [[ -n "${tpm_kernel_version}" ]]; then + elog + elog "Note that since you have a >=2.6.12 kernel, you could use" + elog "the in-kernel driver instead of (CONFIG_TCG_TPM)." + fi + elif [[ -n "${tpm_kernel_version}" ]]; then + eerror + eerror "To use this package, you will have to activate TPM support" + eerror "in your kernel configuration. That's at least CONFIG_TCG_TPM," + eerror "plus probably a chip specific driver (like CONFIG_TCG_ATMEL)." + eerror + else + eerror + eerror "To use this package, you should install a TPM driver." + eerror "You can have the following options:" + eerror " - install app-crypt/tpm-emulator" + eerror " - switch to a >=2.6.12 kernel and compile the kernel module" + eerror + fi + + # New user/group for the daemon + enewgroup tss + enewuser tss -1 -1 /var/lib/tpm tss +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # econf --with-gui=$(usex gtk gtk openssl) + econf --with-gui=openssl +} + +src_install() { + default + keepdir /var/lib/tpm + use doc && dodoc doc/* + newinitd "${FILESDIR}"/tcsd.initd tcsd + newconfd "${FILESDIR}"/tcsd.confd tcsd + systemd_dounit "${FILESDIR}"/tcsd.service + udev_dorules "${FILESDIR}"/61-trousers.rules + fowners tss:tss /var/lib/tpm + prune_libtool_files + readme.gentoo_create_doc +}