From e2ad8ef8cf3032efe2edb4b11a273b760c90a005 Mon Sep 17 00:00:00 2001 From: Leon Schuermann Date: Sun, 27 Oct 2019 17:06:10 +0100 Subject: [PATCH] tpm2-pkcs11: init at v1.0.1 --- .../0001-configure-ac-version.patch | 13 +++ pkgs/misc/tpm2-pkcs11/default.nix | 79 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 3 files changed, 94 insertions(+) create mode 100644 pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch create mode 100644 pkgs/misc/tpm2-pkcs11/default.nix diff --git a/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch b/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch new file mode 100644 index 00000000000..fa2575cb938 --- /dev/null +++ b/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index e861e42..018c19c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -26,7 +26,7 @@ + #;**********************************************************************; + + AC_INIT([tpm2-pkcs11], +- [m4_esyscmd_s([git describe --tags --always --dirty])], ++ [git-@VERSION@], + [https://github.com/tpm2-software/tpm2-pkcs11/issues], + [], + [https://github.com/tpm2-software/tpm2-pkcs11]) diff --git a/pkgs/misc/tpm2-pkcs11/default.nix b/pkgs/misc/tpm2-pkcs11/default.nix new file mode 100644 index 00000000000..d34619d5b52 --- /dev/null +++ b/pkgs/misc/tpm2-pkcs11/default.nix @@ -0,0 +1,79 @@ +{ stdenv, lib, fetchFromGitHub, substituteAll +, pkgconfig, autoreconfHook, autoconf-archive, makeWrapper, patchelf +, tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python37, glibc, libyaml +, abrmdSupport ? true, tpm2-abrmd ? null +}: + +stdenv.mkDerivation rec { + pname = "tpm2-pkcs11"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "tpm2-software"; + repo = pname; + rev = version; + sha256 = "sha256:06kpf730al50xv1q53ahycky3im23ysrqp40libls4k24zxs9ha2"; + }; + + patches = lib.singleton ( + substituteAll { + src = ./0001-configure-ac-version.patch; + VERSION = version; + }); + + # The preConfigure phase doesn't seem to be working here + # ./bootstrap MUST be executed as the first step, before all + # of the autoreconfHook stuff + postPatch = '' + ./bootstrap + ''; + + nativeBuildInputs = [ + pkgconfig autoreconfHook autoconf-archive makeWrapper patchelf + ]; + buildInputs = [ + tpm2-tss tpm2-tools opensc openssl sqlite libyaml + (python37.withPackages (ps: [ ps.pyyaml ps.cryptography ps.pyasn1-modules ])) + ]; + + outputs = [ "out" "bin" "dev" ]; + + dontStrip = true; + dontPatchELF = true; + + # To be able to use the userspace resource manager, the RUNPATH must + # explicitly include the tpm2-abrmd shared libraries. + preFixup = let + rpath = lib.makeLibraryPath ( + (lib.optional abrmdSupport tpm2-abrmd) + ++ [ + tpm2-tss + sqlite + openssl + glibc + libyaml + ] + ); + in '' + patchelf \ + --set-rpath ${rpath} \ + ${lib.optionalString abrmdSupport "--add-needed ${lib.makeLibraryPath [tpm2-abrmd]}/libtss2-tcti-tabrmd.so"} \ + --add-needed ${lib.makeLibraryPath [tpm2-tss]}/libtss2-tcti-device.so \ + $out/lib/libtpm2_pkcs11.so.0.0.0 + ''; + + postInstall = '' + mkdir -p $bin/bin/ $bin/share/tpm2_pkcs11/ + mv ./tools/* $bin/share/tpm2_pkcs11/ + makeWrapper $bin/share/tpm2_pkcs11/tpm2_ptool.py $bin/bin/tpm2_ptool \ + --prefix PATH : ${lib.makeBinPath [ tpm2-tools ]} + ''; + + meta = with lib; { + description = "A PKCS#11 interface for TPM2 hardware"; + homepage = https://github.com/tpm2-software/tpm2-pkcs11; + license = licenses.bsd2; + platforms = platforms.linux; + maintainers = with maintainers; [ lschuermann ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1bb7da68843..20b00f37535 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6847,6 +6847,8 @@ in tpm2-abrmd = callPackage ../tools/security/tpm2-abrmd { }; + tpm2-pkcs11 = callPackage ../misc/tpm2-pkcs11 { }; + tpm2-tools = callPackage ../tools/security/tpm2-tools { }; trezor-udev-rules = callPackage ../os-specific/linux/trezor-udev-rules {};