app-crypt/tpm2-tools: Add from Gentoo

It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420
2025-08-11 23:16:58 +02:00 · 2024-03-13 13:36:56 +01:00 · 2024-03-13 13:36:56 +01:00 · f71638f7ef
commit f71638f7ef
parent e5867917ec
7 changed files with 351 additions and 0 deletions
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest
@ -0,0 +1,3 @@
+DIST tpm2-tools-5.5.tar.gz 1241390 BLAKE2B 2225f9e0835988351f84ed06f914616e25fd65bacaa93b51d0bb04185314efb9a6f60eb3539b250f54b2c2ba590f1b76594df3e625e45c8d37e38d13371bea26 SHA512 24f72a3e9840d531d900e96771a863baae1c71a76fcad0fda8020dff06acd8e3b65b86401ace21f034766403caf9ae97ce710ff6013bb7ed25657a6ecf325470
+DIST tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz 47916 BLAKE2B 1bbc84f58ad46507417c89be1b4ce2450fb33cf3abe8f080c23890d96be85379f135ef1dbf4b580e1a386fa6d5ebc4fbaab351b5238bbf1011bb97b0f49a847b SHA512 3db0daa39a8dc756d7cb25e3673149dc3eeafd7410f2c6537464431b501e3704a886d9b7a9acd71440d6d419649dd471fd6f9247d593c89a30b05774a8d1b3de
+DIST tpm2-tools-5.6.tar.gz 1266731 BLAKE2B fe88722c26d62128cd6dfbdd8ef2568656a75fe27b1443fed28387d0db1f50b7d0651819d34dfa98acde785b4cfb4e7c11420b110bb5333ed2bb6b67cdd4fc70 SHA512 14216f29ed3ecca5fbe356ed3744c8b6b25a62ff11b2aed596d11101328c8bfd29a02f6ca5a218f9a4477a5e9648c50f0ae96e71de0b4ff5ea1f98ebeeb73cd7
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch
@ -0,0 +1,15 @@
+diff --git a/Makefile.am b/Makefile.am
+index 627983ca..d32f109c 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -659,10 +659,3 @@ else
+ endif
+ 
+ check: prepare-check
+-
+-if !HAVE_PANDOC
+-# If pandoc is not enabled, we want to complain that you need pandoc for make dist,
+-# so hook the target and complain.
+-	@(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages")
+-	@exit 1
+-endif
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch
@ -0,0 +1,47 @@
+https://github.com/tpm2-software/tpm2-tools/pull/3339
+
+From 9f244c3f74747b7f79c8c6813657b2f2f8a1c844 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Sun, 21 Jan 2024 08:08:28 +0000
+Subject: [PATCH] configure.ac: fix bashisms
+
+configure scripts need to be runnable with a POSIX-compliant /bin/sh.
+
+On many (but not all!) systems, /bin/sh is provided by Bash, so errors
+like this aren't spotted. Notably Debian defaults to /bin/sh provided
+by dash which doesn't tolerate such bashisms as '=='.
+
+This retains compatibility with bash.
+
+Fixes configure warnings/errors like:
+```
+checking for libcurl... yes
+./configure: 15201: test: xauto: unexpected operator
+./configure: 15286: test: xauto: unexpected operator
+checking for efivar/efivar.h... yes
+```
+
+This fixes a build error later on too:
+```
+/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: lib/libcommon.a(libcommon_a-tpm2_eventlog_yaml.o): in function `yaml_devicepath':
+tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x2f): undefined reference to `efidp_format_device_path'
+/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x61): undefined reference to `efidp_format_device_path'
+```
+
+Bug: https://bugs.gentoo.org/922592
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
+++ b/configure.ac
+@@ -94,9 +94,9 @@ AC_ARG_WITH([efivar],
+ )
+ 
+ # use the true program to avoid failing hard
+-AS_IF([test "x$with_efivar" == "xauto"],
+AS_IF([test "x$with_efivar" = "xauto"],
+   [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h], , [true])], [true])],
+-  [test "x$with_efivar" == "xyes"],
+  [test "x$with_efivar" = "xyes"],
+   [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])],
+ )
+ 
+
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch
@ -0,0 +1,123 @@
+From 9cd74df24dbeee81b408e12ac10a98a088008d07 Mon Sep 17 00:00:00 2001
+From: Juergen Repp <juergen_repp@web.de>
+Date: Mon, 20 Nov 2023 13:55:36 +0100
+Subject: [PATCH] test eventlog: fix check eventlog.sh if efivar.h exists
+
+If efivar.h exist a pretty print function for the DevicePath
+is executed. Therefore two yaml test files are needed for
+the bin test file uefiservices.
+Fixes #3302.
+
+Signed-off-by: Juergen Repp <juergen_repp@web.de>
+---
+ Makefile.am                                   | 13 ++++++
+ configure.ac                                  |  3 ++
+ .../event-uefiservices.bin.yaml.pretty        | 45 +++++++++++++++++++
+ ...n.yaml => event-uefiservices.bin.yaml.raw} |  0
+ 4 files changed, 61 insertions(+)
+ create mode 100644 test/integration/fixtures/event-uefiservices.bin.yaml.pretty
+ rename test/integration/fixtures/{event-uefiservices.bin.yaml => event-uefiservices.bin.yaml.raw} (100%)
+
+diff --git a/Makefile.am b/Makefile.am
+index 413345cd..ef76dca8 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -352,6 +352,7 @@ TEST_EXTENSIONS = .sh
+ 
+ check-hook:
+ 	rm -rf .lock_file
+	rm -f  $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml
+ 
+ EXTRA_DIST_IGNORE = \
+     .gitignore \
+@@ -647,6 +648,18 @@ dist-hook:
+ 	for f in $(EXTRA_DIST_IGNORE); do \
+ 		rm -rf `find $(distdir) -name $$f`; \
+ 	done;
+
+prepare-check:
+if HAVE_EFIVAR_H
+	cp  $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.pretty \
+	    $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml
+else
+	cp  $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.raw \
+	    $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml
+endif
+
+check: prepare-check
+
+ if !HAVE_PANDOC
+ # If pandoc is not enabled, we want to complain that you need pandoc for make dist,
+ # so hook the target and complain.
+diff --git a/configure.ac b/configure.ac
+index 362ae0aa..54224048 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -97,6 +97,9 @@ AS_IF([test "x$with_efivar" == "xauto"],
+   [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])],
+ )
+ 
+AC_CHECK_HEADERS([efivar/efivar.h],[efivar_h=yes ], [efivar = no ])
+AM_CONDITIONAL([HAVE_EFIVAR_H], [test "$efivar_h" = yes])
+
+ # backwards compat with older pkg-config
+ # - pull in AC_DEFUN from pkg.m4
+ m4_ifndef([PKG_CHECK_VAR], [
+diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml.pretty b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty
+new file mode 100644
+index 00000000..f0819f70
+--- /dev/null
+++ b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty
+@@ -0,0 +1,45 @@
+---
+version: 1
+events:
+- EventNum: 0
+  PCRIndex: 0
+  EventType: EV_NO_ACTION
+  Digest: "0000000000000000000000000000000000000000"
+  EventSize: 37
+  SpecID:
+  - Signature: Spec ID Event03
+    platformClass: 0
+    specVersionMinor: 0
+    specVersionMajor: 2
+    specErrata: 0
+    uintnSize: 2
+    numberOfAlgorithms: 2
+    Algorithms:
+    - Algorithm[0]:
+      algorithmId: sha1
+      digestSize: 20
+    - Algorithm[1]:
+      algorithmId: sha256
+      digestSize: 32
+    vendorInfoSize: 0
+- EventNum: 1
+  PCRIndex: 2
+  EventType: EV_EFI_BOOT_SERVICES_DRIVER
+  DigestCount: 2
+  Digests:
+  - AlgorithmId: sha1
+    Digest: "855685b4dbd4b67d50e0594571055054cfe2b1e9"
+  - AlgorithmId: sha256
+    Digest: "dd8576b4ff346c19c56c3e4f97ce55c5afa646f9c669be0a7cdd05057a0ecdf3"
+  EventSize: 84
+  Event:
+    ImageLocationInMemory: 0x7dcf6018
+    ImageLengthInMemory: 171464
+    ImageLinkTimeAddress: 0x0
+    LengthOfDevicePath: 52
+    DevicePath1: 'PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Offset(0x12600,0x3c3ff)'
+pcrs:
+  sha1:
+    2  : 0x5b5f4d5c31664f01670a98a5796a36473671befc
+  sha256:
+    2  : 0x35fcf9d737c52c971f7c74058d36937dbd7824177fa0f1de3eba3934fcb83b9d
+diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml b/test/integration/fixtures/event-uefiservices.bin.yaml.raw
+similarity index 100%
+rename from test/integration/fixtures/event-uefiservices.bin.yaml
+rename to test/integration/fixtures/event-uefiservices.bin.yaml.raw
+-- 
+2.41.0
+
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml
@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>salah.coronya@gmail.com</email>
+		<name>Christopher Byrne</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="fapi">Enable feature API tools</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">tpm2-software/tpm2-tools</remote-id>
+	</upstream>
+</pkgmetadata>
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild
@ -0,0 +1,66 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+	dev-libs/openssl:=
+	net-misc/curl
+	sys-libs/efivar:="
+DEPEND="${RDEPEND}
+	test? (
+		app-crypt/swtpm
+		app-crypt/tpm2-abrmd
+		dev-util/cmocka
+	)"
+BDEPEND="virtual/pkgconfig
+	dev-build/autoconf-archive
+	test? (
+		app-editors/vim-core
+		dev-tcltk/expect
+		$(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+	)
+	${PYTHON_DEPS}"
+
+python_check_deps() {
+	python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_configure() {
+	# tests fail with LTO enabbled. See bug 865275 and 865277
+	filter-lto
+	econf \
+		$(use_enable fapi) \
+		$(use_enable test unit) \
+		--with-bashcompdir=$(get_bashcompdir) \
+		--enable-hardening
+}
+
+src_install() {
+	default
+	mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+	local utils=( "${ED}"/usr/bin/tpm2_* )
+	utils=("${utils[@]##*/}")
+	# these utiltites don't have bash completions
+	local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig )
+	mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}")
+	bashcomp_alias tpm2 "${utils[@]}"
+}
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild
@ -0,0 +1,79 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit autotools bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+	dev-libs/openssl:=
+	net-misc/curl
+	sys-libs/efivar:="
+DEPEND="${RDEPEND}
+	test? (
+		app-crypt/swtpm
+		app-crypt/tpm2-abrmd
+		dev-util/cmocka
+	)"
+BDEPEND="virtual/pkgconfig
+	dev-build/autoconf-archive
+	test? (
+		app-editors/vim-core
+		dev-tcltk/expect
+		$(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+	)
+	${PYTHON_DEPS}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch"
+	"${WORKDIR}/${PN}-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch"
+	"${FILESDIR}/${PN}-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch"
+	"${FILESDIR}/${PN}-5.6-bashism.patch"
+)
+
+python_check_deps() {
+	python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# tests fail with LTO enabbled. See bug 865275 and 865277
+	filter-lto
+	econf \
+		$(use_enable fapi) \
+		$(use_enable test unit) \
+		--with-bashcompdir=$(get_bashcompdir) \
+		--enable-hardening
+}
+
+src_install() {
+	default
+	mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+	local utils=( "${ED}"/usr/bin/tpm2_* )
+	utils=("${utils[@]##*/}")
+	# these utiltites don't have bash completions
+	local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig )
+	mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}")
+	bashcomp_alias tpm2 "${utils[@]}"
+}