freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security/tpm2-abrmd: Assorted improvements to the port

Browse Source 
* Fix name collision on function write_all():
* Stop installing tpm2-abrmd-devd.conf as it is useless and does not work
* Use "wheel" as FreeBSD does not have the "root" group
* Fix inconsistent naming of the rc script

PR:		286218
Approved by:	maintainer
Pull Request:	https://github.com/freebsd/freebsd-ports/pull/391
This commit is contained in:
Andrea Cocito 2025-05-07 08:56:00 +00:00 committed by Gleb Popov
parent 89e0b144b4
commit e788fbf430
10 changed files with 73 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
security/tpm2-abrmd/Makefile
View File

@ -1,6 +1,6 @@
PORTNAME= tpm2-abrmd
DISTVERSION= 3.0.0
PORTREVISION= 3
PORTREVISION= 4
CATEGORIES= security
MASTER_SITES= https://github.com/tpm2-software/tpm2-abrmd/releases/download/${DISTVERSION}/
@ -17,7 +17,7 @@ RUN_DEPENDS= dbus-daemon:devel/dbus
USES= gmake libtool pkgconfig gnome
USE_LDCONFIG= yes
USE_GNOME= glib20
USE_RC_SUBR= tpm2-abrmd
USE_RC_SUBR= tpm2_abrmd
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
@ -28,9 +28,6 @@ USERS= _tss
SUB_LIST= DBUS_DAEMON=dbus
pre-install:
@${INSTALL_DATA} ${FILESDIR}/tpm2-abrmd-devd.conf ${STAGEDIR}${PREFIX}/etc/devd
post-install:
@${RM} ${STAGEDIR}${PREFIX}/lib/systemd/system-preset/tpm2-abrmd.preset
@${RM} ${STAGEDIR}${PREFIX}/lib/systemd/system/tpm2-abrmd.service

22
security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
View File

@ -1,25 +1,37 @@
--- dist/tpm2-abrmd.conf.orig 2022-05-09 15:39:53 UTC
+++ dist/tpm2-abrmd.conf
@@ -2,7 +2,7 @@
@@ -2,27 +2,25 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- ../system.conf have denied everything, so we just punch some holes -->
- <policy user="tss">
+ <policy user="_tss">
<allow own="com.intel.tss2.Tabrmd"/>
</policy>
- <allow own="com.intel.tss2.Tabrmd"/>
- </policy>
- <policy user="root">
- <allow own="com.intel.tss2.Tabrmd"/>
- </policy>
<!-- Match /dev/tpmrm0 permissions tss tss 0660 -->
<policy user="root">
@@ -17,11 +17,11 @@
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
+ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
- <policy group="root">
+ <policy group="wheel">
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
+ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
- <policy user="tss">
+ <policy user="_tss">
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
+ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
- <policy group="tss">
+ <policy group="_tss">
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
+ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
</busconfig>

11
security/tpm2-abrmd/files/patch-src_response-sink.c Normal file
View File

@ -0,0 +1,11 @@
--- src/response-sink.c.orig 2025-02-22 21:59:15 UTC
+++ src/response-sink.c
@@ -188,7 +188,7 @@ response_sink_process_response (Tpm2Response *response
g_debug ("%s: writing 0x%x bytes", __func__, size);
g_debug_bytes (buffer, size, 16, 4);
- written = write_all (ostream, buffer, size);
+ written = g_write_all (ostream, buffer, size);
g_object_unref (connection);
return written;

11
security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c Normal file
View File

@ -0,0 +1,11 @@
--- src/tcti-tabrmd.c.orig 2025-02-22 21:59:15 UTC
+++ src/tcti-tabrmd.c
@@ -46,7 +46,7 @@ tss2_tcti_tabrmd_transmit (TSS2_TCTI_CONTEXT *context,
g_debug_bytes (command, size, 16, 4);
ostream = g_io_stream_get_output_stream (TSS2_TCTI_TABRMD_IOSTREAM (context));
g_debug ("%s: blocking write on ostream", __func__);
- write_ret = write_all (ostream, command, size);
+ write_ret = g_write_all (ostream, command, size);
/* should switch on possible errors to translate to TSS2 error codes */
switch (write_ret) {
case -1:

11
security/tpm2-abrmd/files/patch-src_util.c Normal file
View File

@ -0,0 +1,11 @@
--- src/util.c.orig 2025-02-22 21:59:15 UTC
+++ src/util.c
@@ -68,7 +68,7 @@ ssize_t
/** Write as many of the size bytes from buf to fd as possible.
*/
ssize_t
-write_all (GOutputStream *ostream,
+g_write_all (GOutputStream *ostream,
const uint8_t *buf,
const size_t size)
{

11
security/tpm2-abrmd/files/patch-src_util.h Normal file
View File

@ -0,0 +1,11 @@
--- src/util.h.orig 2025-02-22 21:59:15 UTC
+++ src/util.h
@@ -79,7 +79,7 @@ typedef TSS2_RC (*KeyValueFunc) (const key_value_t* ke
#define TPMA_CC_RES(attrs) (attrs.val & 0xc0000000)
*/
-ssize_t write_all (GOutputStream *ostream,
+ssize_t g_write_all (GOutputStream *ostream,
const uint8_t *buf,
const size_t size);
int read_data (GInputStream *istream,

9
security/tpm2-abrmd/files/tpm2-abrmd-devd.conf
View File

@ -1,9 +0,0 @@
# Allow members of _tss group to access tpm device
notify 100 {
match "system" "DEVFS";
match "subsystem" "CDEV";
match "type" "CREATE";
match "cdev" "tpm[0-9]+";
action "chgrp _tss /dev/tpm0; chmod g+rw /dev/tpm0";
};

0
security/tpm2-abrmd/files/tpm2-abrmd.in → security/tpm2-abrmd/files/tpm2_abrmd.in
View File

10
security/tpm2-abrmd/pkg-message Normal file
View File

@ -0,0 +1,10 @@
[
{ type: install
message: <<EOM
Please add the following lines to /etc/devfs.conf as tpm2-abrmd needs /dev/tpm0
to be mode 0660 and group _tss:
perm tpm0 0660
own tpm0 root:_tss
EOM
}
]

1
security/tpm2-abrmd/pkg-plist
View File

@ -1,6 +1,5 @@
include/tss2/tss2-tcti-tabrmd.h
etc/dbus-1/system.d/tpm2-abrmd.conf
etc/devd/tpm2-abrmd-devd.conf
lib/libtss2-tcti-tabrmd.a
lib/libtss2-tcti-tabrmd.so
lib/libtss2-tcti-tabrmd.so.0