git: e788fbf4300d - main - security/tpm2-abrmd: Assorted improvements to the port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 13 May 2025 10:22:20 UTC
The branch main has been updated by arrowd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e788fbf4300d6a78ccf680b943d16c26e0cee8c7
commit e788fbf4300d6a78ccf680b943d16c26e0cee8c7
Author: Andrea Cocito <andrea@cocito.eu>
AuthorDate: 2025-05-07 08:56:00 +0000
Commit: Gleb Popov <arrowd@FreeBSD.org>
CommitDate: 2025-05-13 10:22:15 +0000
security/tpm2-abrmd: Assorted improvements to the port
* Fix name collision on function write_all():
* Stop installing tpm2-abrmd-devd.conf as it is useless and does not work
* Use "wheel" as FreeBSD does not have the "root" group
* Fix inconsistent naming of the rc script
PR: 286218
Approved by: maintainer
Pull Request: https://github.com/freebsd/freebsd-ports/pull/391
---
security/tpm2-abrmd/Makefile | 7 ++-----
.../tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf | 22 +++++++++++++++++-----
.../tpm2-abrmd/files/patch-src_response-sink.c | 11 +++++++++++
security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c | 11 +++++++++++
security/tpm2-abrmd/files/patch-src_util.c | 11 +++++++++++
security/tpm2-abrmd/files/patch-src_util.h | 11 +++++++++++
security/tpm2-abrmd/files/tpm2-abrmd-devd.conf | 9 ---------
.../files/{tpm2-abrmd.in => tpm2_abrmd.in} | 0
security/tpm2-abrmd/pkg-message | 10 ++++++++++
security/tpm2-abrmd/pkg-plist | 1 -
10 files changed, 73 insertions(+), 20 deletions(-)
diff --git a/security/tpm2-abrmd/Makefile b/security/tpm2-abrmd/Makefile
index 0e4b4e89641a..00e8255f5b4c 100644
--- a/security/tpm2-abrmd/Makefile
+++ b/security/tpm2-abrmd/Makefile
@@ -1,6 +1,6 @@
PORTNAME= tpm2-abrmd
DISTVERSION= 3.0.0
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security
MASTER_SITES= https://github.com/tpm2-software/tpm2-abrmd/releases/download/${DISTVERSION}/
@@ -17,7 +17,7 @@ RUN_DEPENDS= dbus-daemon:devel/dbus
USES= gmake libtool pkgconfig gnome
USE_LDCONFIG= yes
USE_GNOME= glib20
-USE_RC_SUBR= tpm2-abrmd
+USE_RC_SUBR= tpm2_abrmd
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
@@ -28,9 +28,6 @@ USERS= _tss
SUB_LIST= DBUS_DAEMON=dbus
-pre-install:
- @${INSTALL_DATA} ${FILESDIR}/tpm2-abrmd-devd.conf ${STAGEDIR}${PREFIX}/etc/devd
-
post-install:
@${RM} ${STAGEDIR}${PREFIX}/lib/systemd/system-preset/tpm2-abrmd.preset
@${RM} ${STAGEDIR}${PREFIX}/lib/systemd/system/tpm2-abrmd.service
diff --git a/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf b/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
index 755942458792..29c02ab9640d 100644
--- a/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
+++ b/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
@@ -1,25 +1,37 @@
--- dist/tpm2-abrmd.conf.orig 2022-05-09 15:39:53 UTC
+++ dist/tpm2-abrmd.conf
-@@ -2,7 +2,7 @@
+@@ -2,27 +2,25 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- ../system.conf have denied everything, so we just punch some holes -->
- <policy user="tss">
-+ <policy user="_tss">
- <allow own="com.intel.tss2.Tabrmd"/>
- </policy>
+- <allow own="com.intel.tss2.Tabrmd"/>
+- </policy>
+- <policy user="root">
+- <allow own="com.intel.tss2.Tabrmd"/>
+- </policy>
+ <!-- Match /dev/tpmrm0 permissions tss tss 0660 -->
<policy user="root">
-@@ -17,11 +17,11 @@
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
++ <allow own="com.intel.tss2.Tabrmd"/>
+ </policy>
+- <policy group="root">
++ <policy group="wheel">
+ <allow send_destination="com.intel.tss2.Tabrmd"/>
+ <allow receive_sender="com.intel.tss2.Tabrmd"/>
++ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
- <policy user="tss">
+ <policy user="_tss">
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
++ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
- <policy group="tss">
+ <policy group="_tss">
<allow send_destination="com.intel.tss2.Tabrmd"/>
<allow receive_sender="com.intel.tss2.Tabrmd"/>
++ <allow own="com.intel.tss2.Tabrmd"/>
</policy>
+ </busconfig>
diff --git a/security/tpm2-abrmd/files/patch-src_response-sink.c b/security/tpm2-abrmd/files/patch-src_response-sink.c
new file mode 100644
index 000000000000..a54debd6835a
--- /dev/null
+++ b/security/tpm2-abrmd/files/patch-src_response-sink.c
@@ -0,0 +1,11 @@
+--- src/response-sink.c.orig 2025-02-22 21:59:15 UTC
++++ src/response-sink.c
+@@ -188,7 +188,7 @@ response_sink_process_response (Tpm2Response *response
+
+ g_debug ("%s: writing 0x%x bytes", __func__, size);
+ g_debug_bytes (buffer, size, 16, 4);
+- written = write_all (ostream, buffer, size);
++ written = g_write_all (ostream, buffer, size);
+ g_object_unref (connection);
+
+ return written;
diff --git a/security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c b/security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c
new file mode 100644
index 000000000000..4af7e9727b29
--- /dev/null
+++ b/security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c
@@ -0,0 +1,11 @@
+--- src/tcti-tabrmd.c.orig 2025-02-22 21:59:15 UTC
++++ src/tcti-tabrmd.c
+@@ -46,7 +46,7 @@ tss2_tcti_tabrmd_transmit (TSS2_TCTI_CONTEXT *context,
+ g_debug_bytes (command, size, 16, 4);
+ ostream = g_io_stream_get_output_stream (TSS2_TCTI_TABRMD_IOSTREAM (context));
+ g_debug ("%s: blocking write on ostream", __func__);
+- write_ret = write_all (ostream, command, size);
++ write_ret = g_write_all (ostream, command, size);
+ /* should switch on possible errors to translate to TSS2 error codes */
+ switch (write_ret) {
+ case -1:
diff --git a/security/tpm2-abrmd/files/patch-src_util.c b/security/tpm2-abrmd/files/patch-src_util.c
new file mode 100644
index 000000000000..32c36126c75b
--- /dev/null
+++ b/security/tpm2-abrmd/files/patch-src_util.c
@@ -0,0 +1,11 @@
+--- src/util.c.orig 2025-02-22 21:59:15 UTC
++++ src/util.c
+@@ -68,7 +68,7 @@ ssize_t
+ /** Write as many of the size bytes from buf to fd as possible.
+ */
+ ssize_t
+-write_all (GOutputStream *ostream,
++g_write_all (GOutputStream *ostream,
+ const uint8_t *buf,
+ const size_t size)
+ {
diff --git a/security/tpm2-abrmd/files/patch-src_util.h b/security/tpm2-abrmd/files/patch-src_util.h
new file mode 100644
index 000000000000..2c8936779c7f
--- /dev/null
+++ b/security/tpm2-abrmd/files/patch-src_util.h
@@ -0,0 +1,11 @@
+--- src/util.h.orig 2025-02-22 21:59:15 UTC
++++ src/util.h
+@@ -79,7 +79,7 @@ typedef TSS2_RC (*KeyValueFunc) (const key_value_t* ke
+ #define TPMA_CC_RES(attrs) (attrs.val & 0xc0000000)
+ */
+
+-ssize_t write_all (GOutputStream *ostream,
++ssize_t g_write_all (GOutputStream *ostream,
+ const uint8_t *buf,
+ const size_t size);
+ int read_data (GInputStream *istream,
diff --git a/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf b/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf
deleted file mode 100644
index f7f4091a25a5..000000000000
--- a/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Allow members of _tss group to access tpm device
-
-notify 100 {
- match "system" "DEVFS";
- match "subsystem" "CDEV";
- match "type" "CREATE";
- match "cdev" "tpm[0-9]+";
- action "chgrp _tss /dev/tpm0; chmod g+rw /dev/tpm0";
-};
diff --git a/security/tpm2-abrmd/files/tpm2-abrmd.in b/security/tpm2-abrmd/files/tpm2_abrmd.in
similarity index 100%
rename from security/tpm2-abrmd/files/tpm2-abrmd.in
rename to security/tpm2-abrmd/files/tpm2_abrmd.in
diff --git a/security/tpm2-abrmd/pkg-message b/security/tpm2-abrmd/pkg-message
new file mode 100644
index 000000000000..cfc2c09fdf0b
--- /dev/null
+++ b/security/tpm2-abrmd/pkg-message
@@ -0,0 +1,10 @@
+[
+{ type: install
+ message: <<EOM
+Please add the following lines to /etc/devfs.conf as tpm2-abrmd needs /dev/tpm0
+to be mode 0660 and group _tss:
+perm tpm0 0660
+own tpm0 root:_tss
+EOM
+}
+]
diff --git a/security/tpm2-abrmd/pkg-plist b/security/tpm2-abrmd/pkg-plist
index d20a9a42b2ca..978d156f8219 100644
--- a/security/tpm2-abrmd/pkg-plist
+++ b/security/tpm2-abrmd/pkg-plist
@@ -1,6 +1,5 @@
include/tss2/tss2-tcti-tabrmd.h
etc/dbus-1/system.d/tpm2-abrmd.conf
-etc/devd/tpm2-abrmd-devd.conf
lib/libtss2-tcti-tabrmd.a
lib/libtss2-tcti-tabrmd.so
lib/libtss2-tcti-tabrmd.so.0