diff --git a/pkgs/tools/security/libtpms/default.nix b/pkgs/tools/security/libtpms/default.nix new file mode 100644 index 00000000000..71966a934d6 --- /dev/null +++ b/pkgs/tools/security/libtpms/default.nix @@ -0,0 +1,43 @@ +{ lib +, stdenv +, fetchFromGitHub +, pkg-config, autoreconfHook +, openssl, perl +, tpm2Support ? false +}: + +stdenv.mkDerivation rec { + pname = "libtpms"; + version = "0.7.4"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "libtpms"; + rev = "v${version}"; + sha256 = "sha256-nZSBD3WshlZHVMBFmDBBdFkhBjNgtASfg6+lYOOAhZ8="; + }; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + perl # needed for pod2man + ]; + buildInputs = [ openssl ]; + + outputs = [ "out" "lib" "man" "dev" ]; + + enableParallelBuilding = true; + + configureFlags = [ + "--with-openssl" + ] ++ lib.optionals tpm2Support [ + "--with-tpm2" # TPM2 support is flagged experimental by upstream + ]; + + meta = with lib; { + description = "The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)"; + homepage = "https://github.com/stefanberger/libtpms"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix new file mode 100644 index 00000000000..2bd0326d4d9 --- /dev/null +++ b/pkgs/tools/security/swtpm/default.nix @@ -0,0 +1,76 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, libtasn1, openssl, fuse, glib, libseccomp +, libtpms +, unixtools, expect, socat +, gnutls +, perl +, python3, python3Packages +}: + +stdenv.mkDerivation rec { + pname = "swtpm"; + version = "0.5.2"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "swtpm"; + rev = "v${version}"; + sha256 = "sha256-KY5V4z/8I15ePjorgZueNahlD/xvFa3tDarA0tuRxFk="; + }; + + pythonPath = with python3Packages; requiredPythonModules [ + setuptools + cryptography + ]; + + patches = [ + # upstream looks for /usr directory in $prefix to check + # whether or not to proceed with installation of python + # tools (swtpm_setup utility). + ./python-installation.patch + ]; + + prePatch = '' + patchShebangs src/swtpm_setup/setup.py + patchShebangs samples/setup.py + ''; + + nativeBuildInputs = [ + pkg-config unixtools.netstat expect socat + perl # for pod2man + autoreconfHook + python3 + ]; + buildInputs = [ + libtpms + openssl libtasn1 libseccomp + fuse glib + gnutls + python3.pkgs.wrapPython + ]; + propagatedBuildInputs = pythonPath; + + configureFlags = [ + "--with-cuse" + ]; + + postInstall = '' + wrapPythonProgramsIn $out/bin "$out $pythonPath" + wrapPythonProgramsIn $out/share/swtpm "$out $pythonPath" + ''; + + enableParallelBuilding = true; + + outputs = [ "out" "man" ]; + + meta = with lib; { + description = "Libtpms-based TPM emulator"; + homepage = "https://github.com/stefanberger/swtpm"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/pkgs/tools/security/swtpm/python-installation.patch b/pkgs/tools/security/swtpm/python-installation.patch new file mode 100644 index 00000000000..d2689f051c5 --- /dev/null +++ b/pkgs/tools/security/swtpm/python-installation.patch @@ -0,0 +1,60 @@ +commit 353794feb596d95e3f8893e39b174c5a89d1013e +Author: Arthur Gautier +Date: Wed Feb 17 02:27:40 2021 +0000 + + python-install + + Signed-off-by: Arthur Gautier + +diff --git a/samples/Makefile.am b/samples/Makefile.am +index 7d69bf8..1803bb9 100644 +--- a/samples/Makefile.am ++++ b/samples/Makefile.am +@@ -39,19 +39,9 @@ python-uninstall: + $(PIP3) uninstall -y $(PY_PACKAGE_NAME) + + if PYTHON_INSTALLATION +-install-exec-local: $(PY_PACKAGE) +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Warning: Not installing python package to $(DESTDIR)$(bindir)"; \ +- else \ +- $(MAKE) python-install; \ +- fi ++install-exec-local: python-install + +-uninstall-local: +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Cleanup for distcheck build not implemented" ; \ +- else \ +- $(MAKE) python-uninstall; \ +- fi ++uninstall-local: python-uninstall + endif + + +diff --git a/src/swtpm_setup/Makefile.am b/src/swtpm_setup/Makefile.am +index 529eefe..533b1b3 100644 +--- a/src/swtpm_setup/Makefile.am ++++ b/src/swtpm_setup/Makefile.am +@@ -29,19 +29,9 @@ python-uninstall: + $(PIP3) uninstall -y $(PY_PACKAGE_NAME) + + if PYTHON_INSTALLATION +-install-exec-local: $(PY_PACKAGE) +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Warning: Not installing python package to $(DESTDIR)$(bindir)"; \ +- else \ +- $(MAKE) python-install; \ +- fi ++install-exec-local: python-install + +-uninstall-local: +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Cleanup for distcheck build not implemented" ; \ +- else \ +- $(MAKE) python-uninstall; \ +- fi ++uninstall-local: python-uninstall + endif + + # for out-of-tree builds we need to clean up diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 22feb341605..6290853c896 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8225,6 +8225,13 @@ in swec = callPackage ../tools/networking/swec { }; + swtpm = callPackage ../tools/security/swtpm { }; + swtpm-tpm2 = swtpm.override { + libtpms = libtpms.override { + tpm2Support = true; + }; + }; + svn2git = callPackage ../applications/version-management/git-and-tools/svn2git { git = gitSVN; }; @@ -15592,6 +15599,8 @@ in libtoxcore_0_1 libtoxcore_0_2; libtoxcore = libtoxcore_0_2; + libtpms = callPackage ../tools/security/libtpms { }; + libtap = callPackage ../development/libraries/libtap { }; libtgvoip = callPackage ../development/libraries/libtgvoip { };