kumquat-buildroot/package/tpm2-tss/tpm2-tss.mk

45 lines
1.5 KiB
Makefile
Raw Normal View History

################################################################################
#
# tpm2-tss
#
################################################################################
TPM2_TSS_VERSION = 3.1.0
TPM2_TSS_SITE = https://github.com/tpm2-software/tpm2-tss/releases/download/$(TPM2_TSS_VERSION)
TPM2_TSS_LICENSE = BSD-2-Clause
TPM2_TSS_LICENSE_FILES = LICENSE
TPM2_TSS_CPE_ID_VENDOR = tpm2_software_stack_project
TPM2_TSS_CPE_ID_PRODUCT = tpm2_software_stack
TPM2_TSS_INSTALL_STAGING = YES
TPM2_TSS_DEPENDENCIES = liburiparser openssl host-pkgconf
package/tpm2-tss: fix build on host without setfacl Fixes: http://autobuild.buildroot.org/results/eab44622f8d8ff4fbf464b5a98856382f019c2cb/ Since the bump to 3.1.0 in commit 470e2e9bc521 (package/tpm2-tss: bump version to 3.1.0), the install is borked because it is looking for programs at configure time, so it finds those on the host if they exist, or do not find any at all, which can very well differ from what will be present on the target. But this is not totally unreasonable: there is no way, at cross-configure time, for a package to find the tools that will be present at runtime. All that can be done in such a case is to force the path to such tools. However, in this case, tpm2-tss only uses setfacl if systemd-tmpfiles is not available. If the call to setfacl fails, the install does not fail (split on two lines for readability): @-$(call make_fapi_dirs) && $(call set_fapi_permissions) \ || echo "WARNING Failed to create the FAPI directories with the correct permissions" set_fapi_permissions is a macro that eventually expands to: (chown -R tss:tss "$1") && \ (chmod -R 2775 "$1") && \ (setfacl -m default:group:tss:rwx "$1") So the call to setfacl will not even be ever attempted, because the chown will fail first. Furthermore, it would look for the 'tss' username and groupname from the host, which could differ from those on the target. So we can just fake the fact that setfacl is available. As for the permissions, they are to be set on a directory that is in ${runstatedir}, i.e. /run, which is a tmpfs, so there is no way we can prepare them at build time. We'd need a startup script or systemd unit, or proper systemd-tmpfiles support, either of which can be done in a followup patch by an interested party... Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Yair Ben-Avraham <yairba@protonmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-11-06 16:45:25 +01:00
# 0001-configure-Only-use-CXX-when-fuzzing.patch
TPM2_TSS_AUTORECONF = YES
tpm2-tss: allow building without stack smashing protection (SSP) Disable SSP if the toolchain does not support it. This must be done explicitly because configure.ac passes -fstack-protector-all to the compiler but doesn't contain a link test, so it doesn't detect when libssp is missing. Fixes: http://autobuild.buildroot.net/results/f98749311c5a4338f5fbd6d29c9ca29ac6c24abd http://autobuild.buildroot.net/results/4112a001038eb5e04c67c7b5c79280813d196911 http://autobuild.buildroot.net/results/451fcf7e36ea8774967b84279abb89ffb0fd6923 http://autobuild.buildroot.net/results/8e1181836249105be28f04a59cf6d31afcea91d7 http://autobuild.buildroot.net/results/49151df111ad3d03c70551e4516c3d3b36e12d70 http://autobuild.buildroot.net/results/42d625c579a8a16fb0c0a3df441ea186c3d52b9a http://autobuild.buildroot.net/results/b0af881e080c4fcc6094489c037ee853fdf42869 http://autobuild.buildroot.net/results/0909d94af3f9589dd6b8897e2501c05b421262c4 http://autobuild.buildroot.net/results/2fd0ee29c0b28cb1fee1b43433ab8373f49ca397 http://autobuild.buildroot.net/results/3fa19441fd2594b064c8ff759df8849705100a65 http://autobuild.buildroot.net/results/8675d2aa8f1e8e568a42bc0dbfae8f3721e86796 http://autobuild.buildroot.net/results/786de50b53fa9a325c92a5d48f3928082eff0045 http://autobuild.buildroot.net/results/a575b340f7cc562c1b87eb31d4304131b52698a7 http://autobuild.buildroot.net/results/0b1d50d9e266d889d7e848275ebfbce45ccb419d http://autobuild.buildroot.net/results/d632b0e1efbb5e133dfb6595554badea9e31c492 http://autobuild.buildroot.net/results/0c95459bfa82048d7e99661cf5f2d6d393179090 http://autobuild.buildroot.net/results/bd494dc69fb0da46065f10a3cd8a4cab0bcbcc9b http://autobuild.buildroot.net/results/b397e44cd17b3d576cc55f02d5463e9c14743907 http://autobuild.buildroot.net/results/40ed7a3b519c18102df515b5c4b993ed9a488236 http://autobuild.buildroot.net/results/e5fc04c2ded86e03eb174a89845a50f52e407d48 http://autobuild.buildroot.net/results/95a7c14da225d9e42545ee7a155f461303c62aa6 http://autobuild.buildroot.net/results/25ebda7a13afa4790ad28018f42c46a795f3c284 http://autobuild.buildroot.net/results/1bc081b78c625f13327c733fc734e36fe28ecc2a http://autobuild.buildroot.net/results/273108e2798155464109b9fb4d16884e7d0f9ab3 http://autobuild.buildroot.net/results/f677d340cd42ea7242d4102fbb5fa6091a05e8ef http://autobuild.buildroot.net/results/ae15b625260801b494bbfa541ef86edcdbaedfe0 Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 21:27:48 +01:00
# systemd-sysusers and systemd-tmpfiles are only used at install time
# to trigger the creation of users adn tmpfiles, which we do not care
# about at build time. groupadd, useradd, and setfacl are used in the
# fallback path when systemd-sysusers or systemd-tmpfiles are missing
# and their failure is ignored anyway.
package/tpm2-tss: fix build on host without setfacl Fixes: http://autobuild.buildroot.org/results/eab44622f8d8ff4fbf464b5a98856382f019c2cb/ Since the bump to 3.1.0 in commit 470e2e9bc521 (package/tpm2-tss: bump version to 3.1.0), the install is borked because it is looking for programs at configure time, so it finds those on the host if they exist, or do not find any at all, which can very well differ from what will be present on the target. But this is not totally unreasonable: there is no way, at cross-configure time, for a package to find the tools that will be present at runtime. All that can be done in such a case is to force the path to such tools. However, in this case, tpm2-tss only uses setfacl if systemd-tmpfiles is not available. If the call to setfacl fails, the install does not fail (split on two lines for readability): @-$(call make_fapi_dirs) && $(call set_fapi_permissions) \ || echo "WARNING Failed to create the FAPI directories with the correct permissions" set_fapi_permissions is a macro that eventually expands to: (chown -R tss:tss "$1") && \ (chmod -R 2775 "$1") && \ (setfacl -m default:group:tss:rwx "$1") So the call to setfacl will not even be ever attempted, because the chown will fail first. Furthermore, it would look for the 'tss' username and groupname from the host, which could differ from those on the target. So we can just fake the fact that setfacl is available. As for the permissions, they are to be set on a directory that is in ${runstatedir}, i.e. /run, which is a tmpfs, so there is no way we can prepare them at build time. We'd need a startup script or systemd unit, or proper systemd-tmpfiles support, either of which can be done in a followup patch by an interested party... Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Yair Ben-Avraham <yairba@protonmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-11-06 16:45:25 +01:00
TPM2_TSS_CONF_OPTS = \
ac_cv_prog_result_groupadd=yes \
package/tpm2-tss: fix build on host without setfacl Fixes: http://autobuild.buildroot.org/results/eab44622f8d8ff4fbf464b5a98856382f019c2cb/ Since the bump to 3.1.0 in commit 470e2e9bc521 (package/tpm2-tss: bump version to 3.1.0), the install is borked because it is looking for programs at configure time, so it finds those on the host if they exist, or do not find any at all, which can very well differ from what will be present on the target. But this is not totally unreasonable: there is no way, at cross-configure time, for a package to find the tools that will be present at runtime. All that can be done in such a case is to force the path to such tools. However, in this case, tpm2-tss only uses setfacl if systemd-tmpfiles is not available. If the call to setfacl fails, the install does not fail (split on two lines for readability): @-$(call make_fapi_dirs) && $(call set_fapi_permissions) \ || echo "WARNING Failed to create the FAPI directories with the correct permissions" set_fapi_permissions is a macro that eventually expands to: (chown -R tss:tss "$1") && \ (chmod -R 2775 "$1") && \ (setfacl -m default:group:tss:rwx "$1") So the call to setfacl will not even be ever attempted, because the chown will fail first. Furthermore, it would look for the 'tss' username and groupname from the host, which could differ from those on the target. So we can just fake the fact that setfacl is available. As for the permissions, they are to be set on a directory that is in ${runstatedir}, i.e. /run, which is a tmpfs, so there is no way we can prepare them at build time. We'd need a startup script or systemd unit, or proper systemd-tmpfiles support, either of which can be done in a followup patch by an interested party... Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Yair Ben-Avraham <yairba@protonmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-11-06 16:45:25 +01:00
ac_cv_prog_result_setfacl=yes \
ac_cv_prog_systemd_sysusers=no \
ac_cv_prog_systemd_tmpfiles=no \
ac_cv_prog_result_useradd=yes \
package/tpm2-tss: fix build on host without setfacl Fixes: http://autobuild.buildroot.org/results/eab44622f8d8ff4fbf464b5a98856382f019c2cb/ Since the bump to 3.1.0 in commit 470e2e9bc521 (package/tpm2-tss: bump version to 3.1.0), the install is borked because it is looking for programs at configure time, so it finds those on the host if they exist, or do not find any at all, which can very well differ from what will be present on the target. But this is not totally unreasonable: there is no way, at cross-configure time, for a package to find the tools that will be present at runtime. All that can be done in such a case is to force the path to such tools. However, in this case, tpm2-tss only uses setfacl if systemd-tmpfiles is not available. If the call to setfacl fails, the install does not fail (split on two lines for readability): @-$(call make_fapi_dirs) && $(call set_fapi_permissions) \ || echo "WARNING Failed to create the FAPI directories with the correct permissions" set_fapi_permissions is a macro that eventually expands to: (chown -R tss:tss "$1") && \ (chmod -R 2775 "$1") && \ (setfacl -m default:group:tss:rwx "$1") So the call to setfacl will not even be ever attempted, because the chown will fail first. Furthermore, it would look for the 'tss' username and groupname from the host, which could differ from those on the target. So we can just fake the fact that setfacl is available. As for the permissions, they are to be set on a directory that is in ${runstatedir}, i.e. /run, which is a tmpfs, so there is no way we can prepare them at build time. We'd need a startup script or systemd unit, or proper systemd-tmpfiles support, either of which can be done in a followup patch by an interested party... Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Cc: Yair Ben-Avraham <yairba@protonmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-11-06 16:45:25 +01:00
--with-crypto=ossl \
--disable-doxygen-doc \
--disable-defaultflags
# uses C99 code but forgets to pass -std=c99 when --disable-defaultflags is used
TPM2_TSS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99"
ifeq ($(BR2_PACKAGE_TPM2_TSS_FAPI),y)
TPM2_TSS_DEPENDENCIES += json-c libcurl
TPM2_TSS_CONF_OPTS += --enable-fapi
else
TPM2_TSS_CONF_OPTS += --disable-fapi
endif
$(eval $(autotools-package))