app-crypt/trousers: Sync with Gentoo

It's from Gentoo commit 794061a3298b5716db015defa7b3e2c583b73980.

sdk_container/src/third_party/portage-stable/app-crypt/trousers/Manifest

@@ -1 +1 @@
-DIST trousers-0.3.14.tar.gz 1378438 BLAKE2B 3dc2824fa2ca1b1f1181f98d59e85276e7d38af4bfc07ee8246431d9ccb300a8e0820b318643d4cf5d757d2a49492c8686e2fe9de03484263d2189d4bbaa32d0 SHA512 bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21
+DIST trousers-0.3.15.tar.gz 4699936 BLAKE2B 53c60498ed6a9d3d87295b00676e5d0d82452918c35af6b98c7979ffa2dc04dd817e7cd3f4a33ca17c30b90eab53d80b2bb25306fe9db7bda2125019edfed280 SHA512 769c7d891c6306c1b3252448f86e3043ee837e566c9431f5b4353512113e2907f6ce29c91e8044c420025b79c5f3ff2396ddce93f73b1eb2a15ea1de89ac0fdb

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/system.data

@@ -1 +0,0 @@
-/

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.confd

@@ -1,9 +0,0 @@
-# /etc/conf.d/tscd
-
-# Configuration file for the TrouSerS' TCS daemon (tcsd) init script
-# Have a look on /etc/tcsd.conf too, there is more to configure there.
-
-# TPM_MODULES: name of the module(s) that should be loaded. You only need to
-# set this if your driver is not compiled in kernel and is not already loaded
-# on boot.    (default: unset)
-#TPM_MODULES="tpm_atmel"

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.initd

@@ -1,38 +1,19 @@
 #!/sbin/openrc-run
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+command=/usr/sbin/tcsd
+description="TrouSerS' TCS daemon (tcsd)"
+command_user="tss:tss"
+
 depend() {
 	use logger
 	need net
 }
 
-checkconfig() {
-	local mod
-	if [ -n "${TPM_MODULES}" ] ; then
-		for mod in ${TPM_MODULES} ; do
-			lsmod | grep -q "^${mod}\b" \
-				|| modprobe ${mod} &>/dev/null \
-				|| ewarn "Failed to load module ${mod}"
-		done
-		# Should we sleep or something to wait for device creation?
-	fi
+start_pre() {
 	if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then
 		eerror "No TPM device found!"
 		return 1
 	fi
-	return 0
-}
-
-start() {
-	ebegin "Starting TrouSerS' TCS daemon (tcsd)"
-	checkconfig || eend $?
-	start-stop-daemon --start --user tss --exec /usr/sbin/tcsd
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping TrouSerS' TCS daemon (tcsd)"
-	start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss
-	eend $?
 }

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.service

@@ -1,11 +1,8 @@
 [Unit]
 Description=TCG Core Services Daemon
-ConditionPathExists=/dev/tpm0
-ConditionSecurity=!tpm2
 
 [Service]
 User=tss
-ExecCondition=/bin/bash -c "/usr/bin/test $(cat /sys/class/tpm/*/tpm_version_major | grep -m 1 1 || echo 0) -eq 1"
 ExecStart=/usr/sbin/tcsd -f
 
 [Install]

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tmpfiles.d/trousers.conf

@@ -1,3 +0,0 @@
-d /var/lib/tpm 0755 tss tss - -
-C /etc/tcsd.conf 0640 root tss - /usr/share/trousers/tcsd.conf
-C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.14-CVE-2020-24330_CVE-2020-24331_CVE-2020-24332.patch

@@ -1,58 +0,0 @@
-Index: trousers-0.3.14/src/tcs/ps/tcsps.c
-===================================================================
---- trousers-0.3.14.orig/src/tcs/ps/tcsps.c
-+++ trousers-0.3.14/src/tcs/ps/tcsps.c
-@@ -72,7 +72,7 @@ get_file()
- 	}
- 
- 	/* open and lock the file */
--	system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR, 0600);
-+	system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR|O_NOFOLLOW, 0600);
- 	if (system_ps_fd < 0) {
- 		LogError("system PS: open() of %s failed: %s",
- 				tcsd_options.system_ps_file, strerror(errno));
-Index: trousers-0.3.14/src/tcsd/svrside.c
-===================================================================
---- trousers-0.3.14.orig/src/tcsd/svrside.c
-+++ trousers-0.3.14/src/tcsd/svrside.c
-@@ -473,6 +473,7 @@ main(int argc, char **argv)
- 		}
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
- 	}
-+	setgid(pwd->pw_gid);
- 	setuid(pwd->pw_uid);
- #endif
- #endif
-Index: trousers-0.3.14/src/tcsd/tcsd_conf.c
-===================================================================
---- trousers-0.3.14.orig/src/tcsd/tcsd_conf.c
-+++ trousers-0.3.14/src/tcsd/tcsd_conf.c
-@@ -743,7 +743,7 @@ conf_file_init(struct tcsd_config *conf)
- #ifndef SOLARIS
- 	struct group *grp;
- 	struct passwd *pw;
--	mode_t mode = (S_IRUSR|S_IWUSR);
-+	mode_t mode = (S_IRUSR|S_IWUSR|S_IRGRP);
- #endif /* SOLARIS */
- 	TSS_RESULT result;
- 
-@@ -798,15 +798,15 @@ conf_file_init(struct tcsd_config *conf)
- 	}
- 
- 	/* make sure user/group TSS owns the conf file */
--	if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
-+	if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
- 		LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
--				TSS_USER_NAME, TSS_GROUP_NAME);
-+				"root", TSS_GROUP_NAME);
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
- 	}
- 
--	/* make sure only the tss user can manipulate the config file */
-+	/* make sure only the tss user can read (but not manipulate) the config file */
- 	if (((stat_buf.st_mode & 0777) ^ mode) != 0) {
--		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
-+		LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
- 	}
- #endif /* SOLARIS */

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch

@@ -1,15 +0,0 @@
-diff --git a/src/include/tcsd.h b/src/include/tcsd.h
-index 5b9462b..05bae97 100644
---- a/src/include/tcsd.h
-+++ b/src/include/tcsd.h
-@@ -166,8 +166,8 @@ void	   thread_signal_init();
- 
- /* signal handling */
- #ifndef __APPLE__
--struct sigaction tcsd_sa_int;
--struct sigaction tcsd_sa_chld;
-+extern struct sigaction tcsd_sa_int;
-+extern struct sigaction tcsd_sa_chld;
- #endif
- 
- #endif

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.14-libressl.patch

@@ -1,28 +0,0 @@
-From b8b1cda430270f03dc556cf9cf7d2fd478101525 Mon Sep 17 00:00:00 2001
-From: Alon Bar-Lev <alon.barlev@gmail.com>
-Date: Wed, 7 Dec 2016 09:36:34 +0200
-Subject: [PATCH] tspi: support libressl
-
-Bug: https://sourceforge.net/p/trousers/bugs/222/
-
-Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
----
- src/trspi/crypto/openssl/rsa.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c
-index 2b1205f..3e56015 100644
---- a/src/trspi/crypto/openssl/rsa.c
-+++ b/src/trspi/crypto/openssl/rsa.c
-@@ -38,7 +38,7 @@
- #define DEBUG_print_openssl_errors()
- #endif
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100001L
-+#if OPENSSL_VERSION_NUMBER < 0x10100001L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
- static int
- RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
- {
--- 
-2.7.3
-

sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.15-tspi-drop-the-use-of-getpwent_r.patch

@@ -0,0 +1,69 @@
+https://bugs.gentoo.org/713444
+
+From 2299eadf77ae7a7ec52148b6a8f4ea37e217eafa Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Thu, 2 Feb 2023 01:06:15 +0200
+Subject: [PATCH] tspi: drop the use of getpwent_r
+
+On systems with musl libc, libtspi.so is unusable due to the lack of
+getpwent_r. As there are multiple historical functions named getpwent_r
+that all behave differently, let's just play it safe and stop using it
+altogether.
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ src/tspi/ps/tspps.c | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/src/tspi/ps/tspps.c b/src/tspi/ps/tspps.c
+index b5e83d0..ae7b3df 100644
+--- a/src/tspi/ps/tspps.c
++++ b/src/tspi/ps/tspps.c
+@@ -51,9 +51,7 @@
+ 
+ static int user_ps_fd = -1;
+ static MUTEX_DECLARE_INIT(user_ps_lock);
+-#if (defined (__FreeBSD__) || defined (__OpenBSD__))
+ static MUTEX_DECLARE_INIT(user_ps_path);
+-#endif
+ static struct flock fl;
+ 
+ 
+@@ -66,9 +64,6 @@ get_user_ps_path(char **file)
+ 	TSS_RESULT result;
+ 	char *file_name = NULL, *home_dir = NULL;
+ 	struct passwd *pwp;
+-#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
+-	struct passwd pw;
+-#endif
+ 	struct stat stat_buf;
+ 	char buf[PASSWD_BUFSIZE];
+ 	uid_t euid;
+@@ -96,16 +91,6 @@ get_user_ps_path(char **file)
+ #else
+ 	setpwent();
+ 	while (1) {
+-#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
+-		rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp);
+-		if (rc) {
+-			LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s",
+-				   strerror(rc));
+-			endpwent();
+-			return TSPERR(TSS_E_INTERNAL_ERROR);
+-		}
+-
+-#elif (defined (__FreeBSD__) || defined (__OpenBSD__))
+ 		if ((pwp = getpwent()) == NULL) {
+ 			LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s",
+                                    strerror(rc));
+@@ -113,7 +98,6 @@ get_user_ps_path(char **file)
+ 			MUTEX_UNLOCK(user_ps_path);
+ 			return TSPERR(TSS_E_INTERNAL_ERROR);
+ 		}
+-#endif
+ 		if (euid == pwp->pw_uid) {
+                         home_dir = strdup(pwp->pw_dir);
+                         break;
+-- 
+2.39.1
+

sdk_container/src/third_party/portage-stable/app-crypt/trousers/metadata.xml

@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<maintainer type="person">
+	<maintainer type="person" proxied="yes">
 		<email>salah.coronya@gmail.com</email>
-		<name>Salah Coronya</name>
+		<name>Christopher Byrne</name>
 	</maintainer>
-	<maintainer type="project">
+	<maintainer type="project" proxied="proxy">
 		<email>proxy-maint@gentoo.org</email>
 		<name>Proxy Maintainers</name>
 	</maintainer>	

sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.14-r2.ebuild

@@ -1,91 +0,0 @@
-# Flatcar modifications:
-# - added "Flatcar:" customizations
-# - added condition to files/tcsd.service
-# - created files/tmpfiles.d/trousers.conf
-# - created files/system.data
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-TMPFILES_OPTIONAL=1
-inherit autotools linux-info readme.gentoo-r1 systemd tmpfiles udev
-
-DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation"
-HOMEPAGE="http://trousers.sf.net"
-SRC_URI="mirror://sourceforge/trousers/${PN}/${P}.tar.gz"
-
-LICENSE="CPL-1.0 GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~m68k ~ppc ppc64 ~s390 x86"
-IUSE="doc libressl selinux" # gtk
-
-# gtk support presently does NOT compile.
-#	gtk? ( >=x11-libs/gtk+-2 )
-
-DEPEND="acct-group/tss
-	acct-user/tss
-	>=dev-libs/glib-2
-	!libressl? ( >=dev-libs/openssl-0.9.7:0= )
-	libressl? ( dev-libs/libressl:0= )"
-RDEPEND="${DEPEND}
-	selinux? ( sec-policy/selinux-tcsd )"
-BDEPEND="virtual/pkgconfig"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-0.3.13-nouseradd.patch"
-	"${FILESDIR}/${P}-libressl.patch"
-	"${FILESDIR}/${P}-fno-common.patch"
-	"${FILESDIR}/${P}-Makefile.am-Mark-tddl.a-nodist.patch"
-	"${FILESDIR}/${P}-CVE-2020-24330_CVE-2020-24331_CVE-2020-24332.patch"
-)
-
-DOCS="AUTHORS ChangeLog NICETOHAVES README TODO"
-
-DOC_CONTENTS="
-	If you have problems starting tcsd, please check permissions and
-	ownership on /dev/tpm* and ~tss/system.data
-"
-S="${WORKDIR}"
-
-CONFIG_CHECK="~TCG_TPM"
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	# econf --with-gui=$(usex gtk gtk openssl)
-	econf --with-gui=openssl
-}
-
-src_install() {
-	default
-	find "${D}" -name '*.la' -delete || die
-
-	keepdir /var/lib/tpm
-	use doc && dodoc doc/*
-	# Flatcar: Comment out the openrc stuff.
-	# newinitd "${FILESDIR}"/tcsd.initd tcsd
-	# newconfd "${FILESDIR}"/tcsd.confd tcsd
-	fowners root:tss /etc/tcsd.conf
-
-	systemd_dounit "${FILESDIR}"/tcsd.service
-
-	# Flatcar:
-	systemd_enable_service multi-user.target tcsd.service
-
-	udev_dorules "${FILESDIR}"/61-trousers.rules
-	fowners tss:tss /var/lib/tpm
-	readme.gentoo_create_doc
-
-	# Flatcar:
-	insinto /usr/share/trousers/
-	doins "${FILESDIR}"/system.data
-	# stash a copy of the config so we can restore it from tmpfiles
-	doins "${D}"/etc/tcsd.conf
-	fowners tss:tss /usr/share/trousers/system.data
-	fowners root:tss /usr/share/trousers/tcsd.conf
-	dotmpfiles "${FILESDIR}"/tmpfiles.d/trousers.conf
-}

sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15-r1.ebuild

@@ -0,0 +1,73 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info readme.gentoo-r1 systemd udev
+
+DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation"
+HOMEPAGE="http://trousers.sf.net"
+SRC_URI="https://downloads.sourceforge.net/trousers/${PN}/${P}.tar.gz"
+
+LICENSE="CPL-1.0 GPL-2"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 x86"
+IUSE="doc selinux" # gtk
+
+# gtk support presently does NOT compile.
+#	gtk? ( >=x11-libs/gtk+-2 )
+
+DEPEND="acct-group/tss
+	acct-user/tss
+	>=dev-libs/glib-2
+	>=dev-libs/openssl-0.9.7:0=
+	"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-tcsd )"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.3.13-nouseradd.patch"
+	"${FILESDIR}/${PN}-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch"
+	"${FILESDIR}/${P}-tspi-drop-the-use-of-getpwent_r.patch"
+)
+
+DOCS="AUTHORS ChangeLog NICETOHAVES README TODO"
+
+DOC_CONTENTS="
+	If you have problems starting tcsd, please check permissions and
+	ownership on /dev/tpm* and ~tss/system.data
+"
+
+CONFIG_CHECK="~TCG_TPM"
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# econf --with-gui=$(usex gtk gtk openssl)
+	econf --with-gui=openssl
+}
+
+src_install() {
+	default
+	find "${D}" -name '*.la' -delete || die
+
+	keepdir /var/lib/tpm
+	use doc && dodoc doc/*
+	newinitd "${FILESDIR}"/tcsd.initd tcsd
+	systemd_dounit "${FILESDIR}"/tcsd.service
+	udev_dorules "${FILESDIR}"/61-trousers.rules
+	fowners tss:tss /var/lib/tpm
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	udev_reload
+}
+
+pkg_postrm() {
+	udev_reload
+}

sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15.ebuild

@@ -0,0 +1,72 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info readme.gentoo-r1 systemd udev
+
+DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation"
+HOMEPAGE="http://trousers.sf.net"
+SRC_URI="https://downloads.sourceforge.net/trousers/${PN}/${P}.tar.gz"
+
+LICENSE="CPL-1.0 GPL-2"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~loong ~m68k ~ppc ppc64 ~riscv ~s390 x86"
+IUSE="doc selinux" # gtk
+
+# gtk support presently does NOT compile.
+#	gtk? ( >=x11-libs/gtk+-2 )
+
+DEPEND="acct-group/tss
+	acct-user/tss
+	>=dev-libs/glib-2
+	>=dev-libs/openssl-0.9.7:0=
+	"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-tcsd )"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.3.13-nouseradd.patch"
+	"${FILESDIR}/${PN}-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch"
+)
+
+DOCS="AUTHORS ChangeLog NICETOHAVES README TODO"
+
+DOC_CONTENTS="
+	If you have problems starting tcsd, please check permissions and
+	ownership on /dev/tpm* and ~tss/system.data
+"
+
+CONFIG_CHECK="~TCG_TPM"
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# econf --with-gui=$(usex gtk gtk openssl)
+	econf --with-gui=openssl
+}
+
+src_install() {
+	default
+	find "${D}" -name '*.la' -delete || die
+
+	keepdir /var/lib/tpm
+	use doc && dodoc doc/*
+	newinitd "${FILESDIR}"/tcsd.initd tcsd
+	systemd_dounit "${FILESDIR}"/tcsd.service
+	udev_dorules "${FILESDIR}"/61-trousers.rules
+	fowners tss:tss /var/lib/tpm
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	udev_reload
+}
+
+pkg_postrm() {
+	udev_reload
+}