From 78b727985e7571e0b196561e44427690f04d57d9 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Tue, 14 Jun 2022 06:47:25 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-openembedded: a9e6d16e66..11df15765c: Adrian Fiergolski (1): python3-matplotlib: add missing dependency Adrian Freihofer (6): conntrack-tools: fix postinst script networkmanager: improve dependency handling networkmanager: simplify selective installation networkmanager: use nftables by default networkmanager: udpate to 1.38.0 modemmanager: update to 1.18.8 Armin Kuster (2): mariadb: update to 10.7.4 mariadb: Fix i386 Clang builds Bartosz Golaszewski (2): python3-uinput: new package python3-speedtest-cli: fix RDEPENDS Changqing Li (1): redis: upgrade 7.0-rc3 -> 7.0.0 Denys Dmytriyenko (1): devmem2: the source and patches moved to github repo Enrico Scholz (1): nodejs-oe-cache-native: initial checkin Jiaqing Zhao (1): openldap: Remove unnecessary use-urandom.patch Kai Kang (2): libportal: add distro features check graphviz: rrecommends on liberation-fonts Khem Raj (5): ubi-utils-klibc: Disable lzo compression by default unattended-upgrades: Disable auto-detecting modules sdbus-c++: Link with libatomic for rv32 sdbus-c++-libsystemd: Fix patch fuzz python3-uinput: Fix build on 32bit arches using 64bit times_t Luca Boccassi (1): dbus-broker: update 29 -> 31 Marcel Ziswiler (1): libavtp: add recipe for audio video transport protocol (avtp) Markus Volk (6): jack: allow to build native/nativesdk pipewire: reduce native/nativesdk dependencies; add backport patch p8platform: unbreak do_populate_sdk pavucontrol: update; fix build for wayland only gnome-disk-utility: fix build for wayland only unblock some recipes for wayland Martin Jansa (1): mm-common: package the files from ${PN} in ${PN}-dev and use allarch Ming Liu (1): bluealsa: uprev to 4.0.0 Nikhil R (1): duktape: Add ptest Peter Marko (1): libgpiod: move test dependencies to ptest package Ross Burton (8): python3-cppy: fix inherits and DEPENDS python3-setuptools-scm-git-archive: add new recipe python3-traitlets: upgrade to 5.2.1 python3-pathspec: add new recipe python3-hatchling: add new recipe and build class python3-editables: add new recipe python3-setuptools-declarative-requirements: add new recipe lzop: add (from oe-core) Samuli Piippo (2): flite: add recipe libtomcrypt: add recipe Thomas Perrot (1): nbd: update 3.20 -> 3.24 Vyacheslav Yurkov (4): packagegroup-meta-filesystems: fix build issue overlayfs-progs: add new recipe overlayfs-tools: add new recipe xfstests: add new recipe Wang Mingyu (38): babeld: upgrade 1.12 -> 1.12.1 ctags: upgrade 5.9.20220508.0 -> 5.9.20220515.0 libbpf: upgrade 0.7.0 -> 0.8.0 evtest: upgrade 1.34 -> 1.35 nbdkit: upgrade 1.31.5 -> 1.31.7 smarty: upgrade 4.1.0 -> 4.1.1 thingsboard-gateway: upgrade 2.9 -> 3.1 opencl-headers: upgrade 2022.01.04 -> 2022.05.18 python3-robotframework: upgrade 5.0 -> 5.0.1 python3-watchdog: upgrade 2.1.7 -> 2.1.8 python3-web3: upgrade 5.29.0 -> 5.29.1 python3-xmlschema: upgrade 1.10.0 -> 1.11.0 python3-sqlalchemy: upgrade 1.4.35 -> 1.4.36 python3-yappi: upgrade 1.3.3 -> 1.3.5 apitrace: upgrade 11.0 -> 11.1 ctags: upgrade 5.9.20220515.0 -> 5.9.20220529.0 gedit: upgrade 42.0 -> 42.1 hidapi: upgrade 0.11.2 -> 0.12.0 libbytesize: upgrade 2.6 -> 2.7 libdvdread: upgrade 6.1.2 -> 6.1.3 links: upgrade 2.26 -> 2.27 libxmlb: upgrade 0.3.8 -> 0.3.9 ser2net: upgrade 4.3.5 -> 4.3.6 python3-awesomeversion: upgrade 22.5.1 -> 22.5.2 htop: upgrade 3.2.0 -> 3.2.1 hwdata: upgrade 0.359 -> 0.360 libnet-dns-perl: upgrade 1.33 -> 1.34 tinyproxy: upgrade 1.11.0 -> 1.11.1 function2: upgrade 4.2.0 -> 4.2.1 openvpn: upgrade 2.5.6 -> 2.5.7 poppler: upgrade 22.05.0 -> 22.06.0 sshfs-fuse: upgrade 3.7.2 -> 3.7.3 tgt: upgrade 1.0.82 -> 1.0.83 tracker: upgrade 3.3.0 -> 3.3.1 unbound: upgrade 1.15.0 -> 1.16.0 zabbix: upgrade 6.0.4 -> 6.0.5 botan: upgrade 2.19.1 -> 2.19.2 evolution-data-server: upgrade 3.44.1 -> 3.44.2 Wolfgang Meyer (1): fbida: remove bash from RDEPENDS Xu Huan (17): python3-pint: upgrade 0.19.1 -> 0.19.2 python3-pylint: upgrade 2.13.7 -> 2.13.9 python3-redis: upgrade 4.2.2 -> 4.3.1 python3-werkzeug: upgrade 2.1.1 -> 2.1.2 python3-zeroconf: upgrade 0.38.4 -> 0.38.6 python3-sentry-sdk: upgrade 1.5.10 -> 1.5.12 python3-astroid: upgrade 2.11.3 -> 2.11.5 python3-cachetools: upgrade 5.0.0 -> 5.1.0 python3-imageio: upgrade 2.19.1 -> 2.19.2 python3-asyncinotify: upgrade 2.0.2 -> 2.0.3 python3-croniter: upgrade 1.3.4 -> 1.3.5 python3-google-api-core: upgrade 2.7.3 -> 2.8.0 python3-flask-socketio: upgrade 5.1.2 -> 5.2.0 python3-h5py: upgrade 3.6.0 -> 3.7.0 python3-lz4: upgrade 4.0.0 -> 4.0.1 python3-mypy: upgrade 0.950 -> 0.960 python3-pyscaffold: upgrade 4.2.1 -> 4.2.2 zhengrq.fnst (10): python3-google-api-python-client: upgrade 2.45.0 -> 2.48.0 python3-grpcio-tools: upgrade 1.46.0 -> 1.46.3 python3-openpyxl: upgrade 3.0.9 -> 3.0.10 python3-paramiko: upgrade 2.10.4 -> 2.11.0 python3-humanize: upgrade 4.0.0 -> 4.1.0 python3-pychromecast: upgrade 12.1.1 -> 12.1.2 python3-cachetools: upgrade 5.1.0 -> 5.2.0 python3-google-api-python-client: upgrade 2.48.0 -> 2.49.0 python3-googleapis-common-protos: upgrade 1.56.1 -> 1.56.2 python3-imageio: upgrade 2.19.2 -> 2.19.3 zhengruoqin (6): python3-bitarray: upgrade 2.5.0 -> 2.5.1 python3-eventlet: upgrade 0.33.0 -> 0.33.1 python3-googleapis-common-protos: upgrade 1.56.0 -> 1.56.1 python3-imageio: upgrade 2.18.0 -> 2.19.1 python3-pyjwt: upgrade 2.3.0 -> 2.4.0 python3-wrapt: upgrade 1.14.0 -> 1.14.1 poky: 13d70e57f8..ee0d001b81: Alex Stewart (1): opkg: upgrade to version 0.6.0 Alexander Kanavin (23): bash: submit patch upstream valgrind: submit arm patches upstream apt: fix upstream version check zip/unzip: mark all submittable patches as Inactive-Upstream less: mark upstream version as unknown wayland: exclude pre-releases from version check mesa-demos: update 8.4.0 -> 8.5.0 seatd: update 0.6.4 -> 0.7.0 systemd: update 250.5 -> 251.2 btrfs-tools: update 5.16.2 -> 5.18 llvm: update 14.0.3 -> 14.0.4 python3-psutil: update 5.9.0 -> 5.9.1 tiff: update 4.3.0 -> 4.4.0 pulseaudio: update 15.0 -> 16.0 alsa-utils-scripts: merge into alsa-utils alsa-utils: update 1.2.6 -> 1.2.7 ovmf: update 202202 -> 202205 cmake: update 3.23.1 -> 3.23.2 ltp: upgrade 20220121 -> 20220527 perl: update 5.34.1 -> 5.36.0 perl: drop perltoc regeneration perl: clean prior to build perl: enable _GNU_SOURCE define via d_gnulibc Bruce Ashfield (7): linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default linux-yocto/5.15: update to v5.15.43 linux-yocto/5.10: update to v5.10.118 linux-yocto/5.15: Enable MDIO bus config linux-yocto/5.15: cfg/xen: Move x86 configs to separate file linux-yocto/5.15: update to v5.15.44 linux-yocto/5.10: update to v5.10.119 Chen Qi (1): libsdl2: add back xvm and xinerama options Daiane Angolini (1): python3-pip: Fix RDEPENDS after the update Davide Gardenal (2): efivar: add musl libc compatibility baremetal-image: fix broken symlink in do_rootfs Dmitry Baryshkov (2): go.bbclass: fix path to linker in native Go builds linux-firmware: add support for building snapshots Ernst Sjöstrand (2): cve-check: Add helper for symlink handling cve-check: Only include installed packages for rootfs manifest He Zhe (1): lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel Jack Mitchell (1): meson.bbclass: add cython binary to cross/native toolchain config Jeremy Puhlman (1): gcc: depend on zstd-native Jiaqing Zhao (1): systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch Joerg Vehlow (1): libseccomp: Add missing files for ptests Jose Quaresma (1): archiver: use bb.note instead of echo Kai Kang (1): xxhash: fix build with gcc 12 Marcel Ziswiler (2): alsa-plugins: fix libavtp vs. avtp packageconfig gstreamer1.0-plugins-bad: add libavtp packageconfig Markus Volk (1): gcr: build with gtk+3 for wayland Marta Rybczynska (4): cve-check: move update_symlinks to a library cve-check: write empty fragment files in the text mode cve-check: fix return type in check_cves cve-update-db-native: make it possible to disable database updates Martin Jansa (9): makedevs: Don't use COPYING.patch just to add license file into ${S} insane.bbclass: make sure to close .patch files staging.bbclass: process direct dependencies in deterministic order patch.py: make sure that patches/series file exists before quilt pop lttng-modules: fix shell syntax buildhistory.bbclass: fix shell syntax when using dash rootfs.py: close kernel_abi_ver_file ltp: use bfd even when gold is used with ld-is-gold systemd: Fix build without utmp Michael Opdenacker (1): migration guides: release notes for 4.0.1 Mikko Rapeli (1): bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit Ming Liu (1): udev-extraconf: let automount base directory configurable Mingli Yu (4): perl: Fix build with gcc-12 ccache: Fix build with gcc-12 oescripts: change compare logic in OEListPackageconfigTests python3-cryptography: remove test_x509.py Naveen Saini (1): pciutils: avoid lspci conflict with busybox Pavel Zhukov (6): bitbake.conf: Make TCLIBC and TCMODE lazy assigned bitbake: fetch2: Honour BB_FETCH_PREMIRRORONLY option bitbake: Add tests to cover BB_FETCH_PREMIRRORONLY functionality dbus: Specify runstatedir configure option bitbake: tests/fetch: Drop unnecessary duplicated function bitbake: tests/fetch: Add tests for premirror using real project Peter Kjellerstedt (2): libseccomp: Correct LIC_FILES_CHKSUM license.bbclass: Bound beginline and endline in copy_license_files() Quentin Schulz (2): docs: set_versions.py: remove honister from active releases list docs: set_versions.py: check for first latest release tag Rasmus Villemoes (2): vim: put xxd in its own package e2fsprogs: add alternatives handling of lsattr as well Ricardo Salveti (1): gnu-efi: enable for riscv64 Richard Purdie (51): cve-extra-exclusions: Add kernel CVEs lzo: Add further info to a patch and mark as Inactive-Upstream python3: Remove problematic paths from sysroot files python3: Ensure stale empty python module directories don't break the build Revert "qemu.inc: Remove empty egg-info directories before running meson" Revert "meson.bblcass: Remove empty egg-info directories before running meson" vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210 libxslt: Mark CVE-2022-29824 as not applying oeqa/imagefeatures: Replace lzo with zst oeqa/imagefeatures: Disable squashfs-lzo cve-check: Allow warnings to be disabled openssl: Backport fix for ptest cert expiry bitbake: runqueue: Fix unihash cache mismatch issues bitbake: cache/siggen: Add unihash cache copy function bitbake: bitbake: Bump to version 2.0.1 populate_sdk_ext: Fix race condition on bb_unihashes.dat gcc-cross-canadian: Add nativesdk-zstd dependency glib-2.0: upgrade 2.72.1 -> 2.72.2 dnf: upgrade 4.12.0 -> 4.13.0 python3-dtschema: upgrade 2022.4 -> 2022.5 python3-sphinx: upgrade 4.5.0 -> 5.0.0 python3-pip: upgrade 22.1.1 -> 22.1.2 alsa-lib: upgrade 1.2.6.1 -> 1.2.7 sysklogd: upgrade 2.3.0 -> 2.4.0 libxkbcommon: upgrade 1.4.0 -> 1.4.1 piglit: upgrade to latest revision sysstat: upgrade 12.4.5 -> 12.6.0 harfbuzz: upgrade 4.2.1 -> 4.3.0 gtk+3: upgrade 3.24.33 -> 3.24.34 xwayland: upgrade 22.1.1 -> 22.1.2 alsa-ucm-conf: upgrade 1.2.6.3 -> 1.2.7 gnutls: upgrade 3.7.5 -> 3.7.6 webkitgtk: upgrade 2.36.1 -> 2.36.3 diffoscope: upgrade 212 -> 215 populate_sdk_ext: Fix second bb_unihashes reference sanity: Switch to make 4.0 as a minimum version perl: Add dependency on make-native to avoid race issues glibc: Drop make-native dependency bitbake: fetch/wget: Move files into place atomically bitbake: server/process: Avoid risk of exception deadlocks bitbake: server/process: Remove daemonic thread usage bitbake: server/process: Avoid tracebacks at exit uboot-sign: Fix potential index error issues selftest/multiconfig: Test that multiconfigs in separate layers works bitbake: cooker: Drop sre_constants usage classes/buildcfg: Move git/layer revision code into new OE module buildcfg lib/buildcfg: Share common clean/dirty layer function buildcfg: Drop unused svn revision function base/buildhistory/image-buildinfo: Use common buildcfg function image-buildinfo: Improve and extend to SDK coverage too Robert Yang (1): systemd: Set RebootWatchdogSec to 60s as watchdog Ross Burton (8): python3-pluggy: add BBCLASSEXTEND for native/nativesdk btrfs-tools: add a PACKAGECONFIG for lzo tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid packagegroup-self-hosted: remove lzo libarchive: disable LZO by default squashfs-tools: disable LZO by default lzop: remove recipe from oe-core setuptools3: clean up class Rusty Howell (1): oe-depends-dot: Handle new format for task-depends.dot Sean Anderson (1): rootfs.py: find .ko.zst kernel modules Stefan Wiehler (1): kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task Tobias Schmidl (2): oeqa/selftest/wic.py: Repaired test_qemu() wic/plugins/images/direct: Allow changes in fstab on rootfs Vyacheslav Yurkov (2): files: rootfs-postcommands: move helper commands to script files: respect overlayfs owner from lower layer Xiaobing Luo (1): devtool: Fix _copy_file() TypeError Zach Welch (2): test-manual/intro: reorder bitbake-selftest steps test-manual/intro: bitbake-selftest needs bitbake leimaohui (1): gnutls: Added fips option. wangmy (30): bind: upgrade 9.18.2 -> 9.18.3 ccache: upgrade 4.6 -> 4.6.1 init-system-helpers: upgrade 1.62 -> 1.63 ninja: upgrade 1.10.2 -> 1.11.0 python3-certifi: upgrade 2021.10.8 -> 2022.5.18.1 python3-cython: upgrade 0.29.28 -> 0.29.30 python3-hypothesis: upgrade 6.46.4 -> 6.46.7 python3-importlib-metadata: upgrade 4.11.3 -> 4.11.4 python3-magic: upgrade 0.4.25 -> 0.4.26 python3-pip: upgrade 22.1 -> 22.1.1 python3-setuptools: upgrade 62.3.1 -> 62.3.2 python3-hypothesis: upgrade 6.46.7 -> 6.46.9 python3-semantic-version: upgrade 2.9.0 -> 2.10.0 python3-webcolors: upgrade 1.11.1 -> 1.12 python3-pytest-subtests: upgrade 0.7.0 -> 0.8.0 asciidoc: upgrade 10.1.4 -> 10.2.0 cups: upgrade 2.4.1 -> 2.4.2 iproute2: upgrade 5.17.0 -> 5.18.0 iw: upgrade 5.16 -> 5.19 logrotate: upgrade 3.19.0 -> 3.20.1 dpkg: upgrade 1.21.7 -> 1.21.8 repo: upgrade 2.25 -> 2.26 iso-codes: upgrade 4.9.0 -> 4.10.0 lttng-ust: upgrade 2.13.2 -> 2.13.3 meson: upgrade 0.62.1 -> 0.62.2 mtools: upgrade 4.0.39 -> 4.0.40 nettle: upgrade 3.7.3 -> 3.8 kbd: upgrade 2.4.0 -> 2.5.0 python3-hypothesis: upgrade 6.46.9 -> 6.46.11 xkeyboard-config: upgrade 2.35.1 -> 2.36 meta-security: 7628a3e90b..8c6fe006a1: Armin Kuster (18): swtpm: enable seccomp if DISTRO is enabled security-tpm2-image: add swtpm swtpm: enable gnutls oeqa/swtpm: add swtpm runtime oeqa/tpm2: fix and cleanup tests tpm2-pkcs11: we really need the symlinks smack-test: switch to python3 oeqa/smack: consolidate classes checksec: update 2.6.0 chkrootkit: update SRC_URI packagegroup-core-security: add arpwatch and chkrootkit to pkg grp layer.conf: Post release codename changes README: Update for dynamic layers arpwatch: riscv not supported packagegroup-core-security: drop arpwatch for riscv from pkg grp chkrootkit: Fix missing includes for musl arpwatch: update to 3.3 packagegroup-core-security: don't include aprwatch for musl Signed-off-by: Andrew Geissler Change-Id: Ic83db16445cf0a1286685f11d378e1e3e9b794c3 --- meta-security/meta-tpm/conf/layer.conf | 2 +- .../meta-tpm/lib/oeqa/runtime/cases/swtpm.py | 24 +++++++++++++++++++++ .../meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 25 ++++++++++++++-------- .../recipes-core/images/security-tpm2-image.bb | 1 + .../meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb | 5 +++-- .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb | 11 ++-------- 6 files changed, 47 insertions(+), 21 deletions(-) create mode 100644 meta-security/meta-tpm/lib/oeqa/runtime/cases/swtpm.py (limited to 'meta-security/meta-tpm') diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index 52e3ee0a1c..1fd2e4c1ba 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "kirkstone" +LAYERSERIES_COMPAT_tpm-layer = "kirkstone langdale" LAYERDEPENDS_tpm-layer = " \ core \ diff --git a/meta-security/meta-tpm/lib/oeqa/runtime/cases/swtpm.py b/meta-security/meta-tpm/lib/oeqa/runtime/cases/swtpm.py new file mode 100644 index 0000000000..df47b353ed --- /dev/null +++ b/meta-security/meta-tpm/lib/oeqa/runtime/cases/swtpm.py @@ -0,0 +1,24 @@ +# Copyright (C) 2022 Armin Kuster +# +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.depends import OETestDepends +from oeqa.runtime.decorator.package import OEHasPackage +from oeqa.core.decorator.data import skipIfNotFeature + +class SwTpmTest(OERuntimeTestCase): + @classmethod + def setUpClass(cls): + cls.tc.target.run('mkdir /tmp/myvtpm2') + cls.tc.target.run('chown tss:root /tmp/myvtpm2') + + @classmethod + def tearDownClass(cls): + cls.tc.target.run('rm -fr /tmp/myvtpm2') + + @skipIfNotFeature('tpm2','Test tpm2_swtpm_socket requires tpm2 to be in DISTRO_FEATURES') + @OETestDepends(['ssh.SSHTest.test_ssh']) + @OEHasPackage(['swtpm']) + def test_swtpm2_ek_cert(self): + cmd = 'swtpm_setup --tpmstate /tmp/myvtpm2 --create-ek-cert --create-platform-cert --tpm2', + status, output = self.target.run(cmd) + self.assertEqual(status, 0, msg="swtpm create-ek-cert failed: %s" % output) diff --git a/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py index c2c95e7159..e64d19d69e 100644 --- a/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py +++ b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py @@ -1,11 +1,19 @@ -# Copyright (C) 2019 Armin Kuster +# Copyright (C) 2019 - 2022 Armin Kuster # from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends from oeqa.runtime.decorator.package import OEHasPackage - +from oeqa.core.decorator.data import skipIfNotFeature class Tpm2Test(OERuntimeTestCase): + @classmethod + def setUpClass(cls): + cls.tc.target.run('mkdir /tmp/myvtpm2') + + @classmethod + def tearDownClass(cls): + cls.tc.target.run('rm -fr /tmp/myvtpm2') + def check_endlines(self, results, expected_endlines): for line in results.splitlines(): for el in expected_endlines: @@ -19,20 +27,19 @@ class Tpm2Test(OERuntimeTestCase): @OEHasPackage(['tpm2-tools']) @OEHasPackage(['tpm2-abrmd']) @OEHasPackage(['swtpm']) + @skipIfNotFeature('tpm2','Test tpm2_startup requires tpm2 to be in DISTRO_FEATURES') @OETestDepends(['ssh.SSHTest.test_ssh']) - def test_tpm2_swtpm_socket(self): + def test_tpm2_startup(self): cmds = [ - 'mkdir /tmp/myvtpm', - 'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &', - 'export TPM2TOOLS_TCTI="swtpm:port=2321"', - 'tpm2_startup -c' + 'swtpm socket -d --tpmstate dir=/tmp/myvtpm2 --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init', + 'tpm2_startup -c -T "swtpm:port=2321"', ] for cmd in cmds: status, output = self.target.run(cmd) self.assertEqual(status, 0, msg='\n'.join([cmd, output])) - @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket']) + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_startup']) def test_tpm2_pcrread(self): (status, output) = self.target.run('tpm2_pcrread') expected_endlines = [] @@ -49,7 +56,7 @@ class Tpm2Test(OERuntimeTestCase): @OEHasPackage(['p11-kit']) @OEHasPackage(['tpm2-pkcs11']) - @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket']) + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pcrread']) def test_tpm2_pkcs11(self): (status, output) = self.target.run('p11-kit list-modules -v') self.assertEqual(status, 0, msg="Modules missing: %s" % output) diff --git a/meta-security/meta-tpm/recipes-core/images/security-tpm2-image.bb b/meta-security/meta-tpm/recipes-core/images/security-tpm2-image.bb index 7e047d1274..941a6617ad 100644 --- a/meta-security/meta-tpm/recipes-core/images/security-tpm2-image.bb +++ b/meta-security/meta-tpm/recipes-core/images/security-tpm2-image.bb @@ -7,6 +7,7 @@ IMAGE_INSTALL = "\ packagegroup-core-boot \ packagegroup-security-tpm2 \ os-release \ + swtpm \ " IMAGE_LINGUAS ?= " " diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb index 85e4c5d557..03899d8032 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb @@ -20,14 +20,15 @@ inherit autotools pkgconfig perlnative TSS_USER="tss" TSS_GROUP="tss" -PACKAGECONFIG ?= "openssl" +PACKAGECONFIG ?= "openssl gnutls" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}" PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is # used by swtpm-create-tpmca (the last two is provided by gnutls) # gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools" +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools" PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb index e8812d06d0..dd0a0b57b5 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb @@ -25,15 +25,6 @@ do_compile:append() { } do_install:append() { - install -d ${D}${libdir}/pkcs11 - install -d ${D}${datadir}/p11-kit - - # remove symlinks - rm -f ${D}${libdir}/pkcs11/libtpm2_pkcs11.so - - #install lib - install -m 755 ${B}/src/.libs/libtpm2_pkcs11.so ${D}${libdir}/pkcs11/libtpm2_pkcs11.so - cd ${S}/tools export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build @@ -53,5 +44,7 @@ FILES:${PN} += "\ ${datadir}/p11-kit/* \ " +INSANE_SKIP:${PN} += "dev-so" + RDEPENDS:${PN} = "p11-kit tpm2-tools " RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" -- cgit v1.2.3