From eea5575bd364d6327f46e02d0301e62a68d3ca5a Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 23 Feb 2021 07:42:56 +0000 Subject: [PATCH 1/2] tpm-tss2: do not rely on a dynamic load path for tcti modules Signed-off-by: Arthur Gautier --- .../libraries/tpm2-tss/default.nix | 24 +++++++++++- .../tpm2-tss/no-dynamic-loader-path.patch | 39 +++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index fa506733c16..42e6e920be4 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -27,7 +27,21 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - postPatch = "patchShebangs script"; + patches = [ + # Do not rely on dynamic loader path + # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory + ./no-dynamic-loader-path.patch + ]; + + postPatch = '' + patchShebangs script + substituteInPlace src/tss2-tcti/tctildr-dl.c \ + --replace '@PREFIX@' $out/lib/ + substituteInPlace ./test/unit/tctildr-dl.c \ + --replace ', "libtss2' ", \"$out/lib/libtss2" \ + --replace ', "foo' ", \"$out/lib/foo" \ + --replace ', TEST_TCTI_NAME' ", \"$out/lib/\"TEST_TCTI_NAME" + ''; configureFlags = [ "--enable-unit" @@ -35,6 +49,14 @@ stdenv.mkDerivation rec { ]; doCheck = true; + preCheck = '' + # Since we rewrote the load path in the dynamic loader for the TCTI + # The various tcti implementation should be placed in their target directory + # before we could run tests + installPhase + # install already done, dont need another one + dontInstall=1 + ''; postInstall = '' # Do not install the upstream udev rules, they rely on specific diff --git a/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch b/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch new file mode 100644 index 00000000000..86cdcd1541e --- /dev/null +++ b/pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch @@ -0,0 +1,39 @@ +diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c +index b364695c..b13be3ef 100644 +--- a/src/tss2-tcti/tctildr-dl.c ++++ b/src/tss2-tcti/tctildr-dl.c +@@ -85,7 +85,15 @@ handle_from_name(const char *file, + if (handle == NULL) { + return TSS2_TCTI_RC_BAD_REFERENCE; + } +- *handle = dlopen(file, RTLD_NOW); ++ size = snprintf(file_xfrm, ++ sizeof (file_xfrm), ++ "@PREFIX@%s", ++ file); ++ if (size >= sizeof (file_xfrm)) { ++ LOG_ERROR("TCTI name truncated in transform."); ++ return TSS2_TCTI_RC_BAD_VALUE; ++ } ++ *handle = dlopen(file_xfrm, RTLD_NOW); + if (*handle != NULL) { + return TSS2_RC_SUCCESS; + } else { +@@ -94,7 +102,7 @@ handle_from_name(const char *file, + /* 'name' alone didn't work, try libtss2-tcti-.so.0 */ + size = snprintf(file_xfrm, + sizeof (file_xfrm), +- TCTI_NAME_TEMPLATE_0, ++ "@PREFIX@" TCTI_NAME_TEMPLATE_0, + file); + if (size >= sizeof (file_xfrm)) { + LOG_ERROR("TCTI name truncated in transform."); +@@ -109,7 +117,7 @@ handle_from_name(const char *file, + /* libtss2-tcti-.so.0 didn't work, try libtss2-tcti-.so */ + size = snprintf(file_xfrm, + sizeof (file_xfrm), +- TCTI_NAME_TEMPLATE, ++ "@PREFIX@" TCTI_NAME_TEMPLATE, + file); + if (size >= sizeof (file_xfrm)) { + LOG_ERROR("TCTI name truncated in transform."); From 7710eed6d0a55f79bc28922a7aa7924b135a70a4 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 23 Feb 2021 04:50:13 +0000 Subject: [PATCH 2/2] pythonPackages.tpm2-pytss: init at 0.2.4 Signed-off-by: Arthur Gautier --- .../python-modules/tpm2-pytss/default.nix | 41 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 43 insertions(+) create mode 100644 pkgs/development/python-modules/tpm2-pytss/default.nix diff --git a/pkgs/development/python-modules/tpm2-pytss/default.nix b/pkgs/development/python-modules/tpm2-pytss/default.nix new file mode 100644 index 00000000000..544c1a3084a --- /dev/null +++ b/pkgs/development/python-modules/tpm2-pytss/default.nix @@ -0,0 +1,41 @@ +{ lib, buildPythonPackage, fetchPypi, pythonOlder +, pkg-config, swig +, tpm2-tss +, cryptography, ibm-sw-tpm2 +}: + +buildPythonPackage rec { + pname = "tpm2-pytss"; + + # Last version on github is 0.2.4, but it looks + # like a mistake (it's missing commits from 0.1.9) + version = "0.1.9"; + disabled = pythonOlder "3.5"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-v5Xth0A3tFnLFg54nvWYL2TD201e/GWv+2y5Qc60CmU="; + }; + postPatch = '' + substituteInPlace tpm2_pytss/config.py --replace \ + 'SYSCONFDIR = CONFIG.get("sysconfdir", "/etc")' \ + 'SYSCONFDIR = "${tpm2-tss}/etc"' + ''; + + nativeBuildInputs = [ pkg-config swig ]; + # The TCTI is dynamically loaded from tpm2-tss, we have to provide the library to the end-user + propagatedBuildInputs = [ tpm2-tss ]; + + checkInputs = [ + cryptography + # provide tpm_server used as simulator for the tests + ibm-sw-tpm2 + ]; + + meta = with lib; { + homepage = "https://github.com/tpm2-software/tpm2-pytss"; + description = "TPM2 TSS Python bindings for Enhanced System API (ESYS)"; + license = licenses.bsd2; + maintainers = with maintainers; [ baloo ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 4ae605e1d3d..d00039c9e5c 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7944,6 +7944,8 @@ in { tox = callPackage ../development/python-modules/tox { }; + tpm2-pytss = callPackage ../development/python-modules/tpm2-pytss { }; + tqdm = callPackage ../development/python-modules/tqdm { }; traceback2 = callPackage ../development/python-modules/traceback2 { };