mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
Merge pull request #266568 from nbdd0121/tpm2
tpm2-pkcs11: 1.8.0 -> 1.9.0
This commit is contained in:
commit
71dbd20e29
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index e861e42..018c19c 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -26,7 +26,7 @@
|
|
||||||
#;**********************************************************************;
|
|
||||||
|
|
||||||
AC_INIT([tpm2-pkcs11],
|
|
||||||
- [m4_esyscmd_s([git describe --tags --always --dirty])],
|
|
||||||
+ [git-@VERSION@],
|
|
||||||
[https://github.com/tpm2-software/tpm2-pkcs11/issues],
|
|
||||||
[],
|
|
||||||
[https://github.com/tpm2-software/tpm2-pkcs11])
|
|
|
@ -2,32 +2,38 @@
|
||||||
, pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf
|
, pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf
|
||||||
, tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml
|
, tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml
|
||||||
, abrmdSupport ? true, tpm2-abrmd ? null
|
, abrmdSupport ? true, tpm2-abrmd ? null
|
||||||
|
, fapiSupport ? true
|
||||||
}:
|
}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "tpm2-pkcs11";
|
pname = "tpm2-pkcs11";
|
||||||
version = "1.8.0";
|
version = "1.9.0";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "tpm2-software";
|
owner = "tpm2-software";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "sha256-f5wi0nIM071yaQCwPkY1agKc7OEQa/IxHJc4V2i0Q9I=";
|
sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk=";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = lib.singleton (
|
patches = [
|
||||||
substituteAll {
|
./version.patch
|
||||||
src = ./0001-configure-ac-version.patch;
|
./graceful-fapi-fail.patch
|
||||||
VERSION = version;
|
];
|
||||||
});
|
|
||||||
|
|
||||||
# The preConfigure phase doesn't seem to be working here
|
# The preConfigure phase doesn't seem to be working here
|
||||||
# ./bootstrap MUST be executed as the first step, before all
|
# ./bootstrap MUST be executed as the first step, before all
|
||||||
# of the autoreconfHook stuff
|
# of the autoreconfHook stuff
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
|
echo ${version} > VERSION
|
||||||
./bootstrap
|
./bootstrap
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
configureFlags = lib.optionals (!fapiSupport) [
|
||||||
|
# Note: this will be renamed to with-fapi in next release.
|
||||||
|
"--enable-fapi=no"
|
||||||
|
];
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
pkg-config autoreconfHook autoconf-archive makeWrapper patchelf
|
pkg-config autoreconfHook autoconf-archive makeWrapper patchelf
|
||||||
];
|
];
|
||||||
|
|
51
pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch
Normal file
51
pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jonathan McDowell <noodles@earth.li>
|
||||||
|
Date: Wed, 1 Feb 2023 09:29:58 +0000
|
||||||
|
Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in
|
||||||
|
|
||||||
|
Instead of emitting:
|
||||||
|
|
||||||
|
WARNING: Getting tokens from fapi backend failed.
|
||||||
|
|
||||||
|
errors when FAPI support is not compiled in gracefully fail the FAPI
|
||||||
|
init and don't log any warnings. We'll still produce a message
|
||||||
|
indicating this is what's happened in verbose mode, but normal operation
|
||||||
|
no longer gets an unnecessary message.
|
||||||
|
|
||||||
|
Fixes #792
|
||||||
|
|
||||||
|
Signed-off-by: Jonathan McDowell <noodles@earth.li>
|
||||||
|
---
|
||||||
|
src/lib/backend.c | 4 +++-
|
||||||
|
src/lib/backend_fapi.c | 3 ++-
|
||||||
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/backend.c b/src/lib/backend.c
|
||||||
|
index ca5e2ccf..128f58b9 100644
|
||||||
|
--- a/src/lib/backend.c
|
||||||
|
+++ b/src/lib/backend.c
|
||||||
|
@@ -53,7 +53,9 @@ CK_RV backend_init(void) {
|
||||||
|
LOGE(msg);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
- LOGW(msg);
|
||||||
|
+ if (rv != CKR_FUNCTION_NOT_SUPPORTED) {
|
||||||
|
+ LOGW(msg);
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
fapi_init = true;
|
||||||
|
}
|
||||||
|
diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c
|
||||||
|
index fe594f0e..3a203632 100644
|
||||||
|
--- a/src/lib/backend_fapi.c
|
||||||
|
+++ b/src/lib/backend_fapi.c
|
||||||
|
@@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist
|
||||||
|
|
||||||
|
CK_RV backend_fapi_init(void) {
|
||||||
|
|
||||||
|
- return CKR_OK;
|
||||||
|
+ LOGV("FAPI not enabled, failing init");
|
||||||
|
+ return CKR_FUNCTION_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
CK_RV backend_fapi_destroy(void) {
|
10
pkgs/misc/tpm2-pkcs11/version.patch
Normal file
10
pkgs/misc/tpm2-pkcs11/version.patch
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
--- a/bootstrap
|
||||||
|
+++ b/bootstrap
|
||||||
|
@@ -4,7 +4,6 @@
|
||||||
|
|
||||||
|
# Generate a VERSION file that is included in the dist tarball to avoid needed git
|
||||||
|
# when calling autoreconf in a release tarball.
|
||||||
|
-git describe --tags --always --dirty > VERSION
|
||||||
|
|
||||||
|
# generate list of source files for use in Makefile.am
|
||||||
|
# if you add new source files, you must run ./bootstrap again
|
Loading…
Reference in a new issue