[ptxdist] [PATCH v3 1/3] tpm2-tss: version bump 2.2.2 -> 2.3.1

[ptxdist] [PATCH v3 1/3] tpm2-tss: version bump 2.2.2 -> 2.3.1

[Bastian Krause]

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
No changes since v2.
---
 rules/tpm2-tss.make | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/rules/tpm2-tss.make b/rules/tpm2-tss.make
index 4bdaef17e..768c64426 100644
--- a/rules/tpm2-tss.make
+++ b/rules/tpm2-tss.make
@@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_TPM2_TSS) += tpm2-tss
 #
 # Paths and names
 #
-TPM2_TSS_VERSION	:= 2.2.2
-TPM2_TSS_MD5		:= db341b66daab34cbb4d6a4e5a8745001
+TPM2_TSS_VERSION	:= 2.3.1
+TPM2_TSS_MD5		:= 5744b10e3cef56df5d65b50f51fb3fe9
 TPM2_TSS		:= tpm2-tss-$(TPM2_TSS_VERSION)
 TPM2_TSS_SUFFIX		:= tar.gz
 TPM2_TSS_URL		:= https://github.com/tpm2-software/tpm2-tss/releases/download/$(TPM2_TSS_VERSION)/$(TPM2_TSS).$(TPM2_TSS_SUFFIX)
@@ -34,15 +34,23 @@ TPM2_TSS_LICENSE_FILES	:= file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da
 TPM2_TSS_CONF_TOOL	:= autoconf
 TPM2_TSS_CONF_OPT	:= \
 	$(CROSS_AUTOCONF_USR) \
+	--enable-debug=info \
 	--disable-unit \
 	--enable-esapi \
 	--disable-tcti-device-async \
 	--disable-tcti-partial-reads \
 	--enable-tcti-device \
 	--enable-tcti-mssim \
+	--disable-tcti-fuzzing \
+	--disable-nodl \
 	--disable-integration \
-	--disable-debug \
+	--disable-valgrind \
+	--disable-valgrind-memcheck \
+	--disable-valgrind-helgrind \
+	--disable-valgrind-drd \
+	--disable-valgrind-sgcheck \
 	--disable-defaultflags \
+	--disable-weakcrypto \
 	--disable-doxygen-doc \
 	--disable-doxygen-dot \
 	--disable-doxygen-man \
@@ -56,6 +64,7 @@ TPM2_TSS_CONF_OPT	:= \
 	--disable-code-coverage \
 	--with-crypto=ossl \
 	--with-udevrulesdir=/usr/lib/udev/rules.d \
+	--with-fuzzing=none \
 	--without-gcov
 
 # ----------------------------------------------------------------------------
@@ -76,6 +85,8 @@ $(STATEDIR)/tpm2-tss.targetinstall:
 	@$(call install_lib, tpm2-tss, 0, 0, 0644, libtss2-sys)
 	@$(call install_lib, tpm2-tss, 0, 0, 0644, libtss2-tcti-device)
 	@$(call install_lib, tpm2-tss, 0, 0, 0644, libtss2-tcti-mssim)
+	@$(call install_lib, tpm2-tss, 0, 0, 0644, libtss2-tctildr)
+	@$(call install_lib, tpm2-tss, 0, 0, 0644, libtss2-rc)
 
 	@$(call install_alternative, tpm2-tss, 0, 0, 0644, \
 		/usr/lib/udev/rules.d/70-tpm-udev.rules)
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v3 2/3] tpm2-tools: version bump 3.1.4 -> 4.1

[Bastian Krause]

v3.1.4 was actually BSD-2-Clause licensed. v4.1 is now BSD-3-Clause, so
only fix the md5 sum.

See: https://github.com/tpm2-software/tpm2-tools/issues/1478

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
No changes since v2.
---
 rules/tpm2-tools.make | 73 ++++++++++++++++++++++++++++++++++++-------
 1 file changed, 61 insertions(+), 12 deletions(-)

diff --git a/rules/tpm2-tools.make b/rules/tpm2-tools.make
index e7fb757ec..9fbb0cbc7 100644
--- a/rules/tpm2-tools.make
+++ b/rules/tpm2-tools.make
@@ -14,15 +14,15 @@ PACKAGES-$(PTXCONF_TPM2_TOOLS) += tpm2-tools
 #
 # Paths and names
 #
-TPM2_TOOLS_VERSION		:= 3.1.4
-TPM2_TOOLS_MD5			:= 61b4a382d24c950148a3f5fe41ac2306
+TPM2_TOOLS_VERSION		:= 4.1
+TPM2_TOOLS_MD5			:= aecec22668233776922909f2ebf55e65
 TPM2_TOOLS			:= tpm2-tools-$(TPM2_TOOLS_VERSION)
 TPM2_TOOLS_SUFFIX		:= tar.gz
 TPM2_TOOLS_URL			:= https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
 TPM2_TOOLS_SOURCE		:= $(SRCDIR)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
 TPM2_TOOLS_DIR			:= $(BUILDDIR)/$(TPM2_TOOLS)
 TPM2_TOOLS_LICENSE		:= BSD-3-Clause
-TPM2_TOOLS_LICENSE_FILES	:= file://LICENSE;md5=91b7c548d73ea16537799e8060cea819
+TPM2_TOOLS_LICENSE_FILES	:= file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
 
 # ----------------------------------------------------------------------------
 # Prepare
@@ -34,10 +34,12 @@ TPM2_TOOLS_LICENSE_FILES	:= file://LICENSE;md5=91b7c548d73ea16537799e8060cea819
 TPM2_TOOLS_CONF_TOOL	:= autoconf
 TPM2_TOOLS_CONF_OPT	:= \
 	$(CROSS_AUTOCONF_USR) \
+	--enable-debug=info \
 	--disable-code-coverage \
 	--disable-unit \
 	--enable-hardening \
-	--without-gcov
+	--without-gcov \
+	--without-bashcompdir
 
 # ----------------------------------------------------------------------------
 # Target-Install
@@ -46,41 +48,88 @@ TPM2_TOOLS_CONF_OPT	:= \
 TPM2_TOOLS_PROGS := \
 	tpm2_activatecredential \
 	tpm2_certify \
+	tpm2_certifycreation \
+	tpm2_changeauth \
+	tpm2_changeeps \
+	tpm2_changepps \
+	tpm2_checkquote \
+	tpm2_clear \
+	tpm2_clearcontrol \
+	tpm2_clockrateadjust \
 	tpm2_create \
+	tpm2_createak \
+	tpm2_createek \
 	tpm2_createpolicy \
 	tpm2_createprimary \
 	tpm2_dictionarylockout \
+	tpm2_duplicate \
 	tpm2_encryptdecrypt \
 	tpm2_evictcontrol \
+	tpm2_flushcontext \
 	tpm2_getcap \
-	tpm2_getmanufec \
-	tpm2_getpubak \
-	tpm2_getpubek \
+	tpm2_getekcertificate \
 	tpm2_getrandom \
+	tpm2_gettestresult \
+	tpm2_gettime \
 	tpm2_hash \
+	tpm2_hierarchycontrol \
 	tpm2_hmac \
-	tpm2_listpersistent \
+	tpm2_import \
+	tpm2_incrementalselftest \
 	tpm2_load \
 	tpm2_loadexternal \
 	tpm2_makecredential \
+	tpm2_nvcertify \
 	tpm2_nvdefine \
-	tpm2_nvlist \
+	tpm2_nvextend \
+	tpm2_nvincrement \
 	tpm2_nvread \
 	tpm2_nvreadlock \
-	tpm2_nvrelease \
+	tpm2_nvreadpublic \
+	tpm2_nvsetbits \
+	tpm2_nvundefine \
 	tpm2_nvwrite \
+	tpm2_nvwritelock \
+	tpm2_pcrallocate \
 	tpm2_pcrevent \
 	tpm2_pcrextend \
-	tpm2_pcrlist \
+	tpm2_pcrread \
+	tpm2_pcrreset \
+	tpm2_policyauthorize \
+	tpm2_policyauthorizenv \
+	tpm2_policyauthvalue \
+	tpm2_policycommandcode \
+	tpm2_policycountertimer \
+	tpm2_policyduplicationselect \
+	tpm2_policylocality \
+	tpm2_policynamehash \
+	tpm2_policynv \
+	tpm2_policynvwritten \
+	tpm2_policyor \
+	tpm2_policypassword \
+	tpm2_policypcr \
+	tpm2_policyrestart \
+	tpm2_policysecret \
+	tpm2_policysigned \
+	tpm2_policytemplate \
+	tpm2_policyticket \
+	tpm2_print \
 	tpm2_quote \
 	tpm2_rc_decode \
+	tpm2_readclock \
 	tpm2_readpublic \
 	tpm2_rsadecrypt \
 	tpm2_rsaencrypt \
+	tpm2_selftest \
 	tpm2_send \
+	tpm2_setclock \
+	tpm2_setprimarypolicy \
+	tpm2_shutdown \
 	tpm2_sign \
+	tpm2_startauthsession \
 	tpm2_startup \
-	tpm2_takeownership \
+	tpm2_stirrandom \
+	tpm2_testparms \
 	tpm2_unseal \
 	tpm2_verifysignature
 
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v3 3/3] tpm2-abrmd: version bump 2.1.1 -> 2.3.0

[Bastian Krause]

Incorporate upstream changes of exit codes that prevent a restart loop
introduced by 036504e ("tabrmd-init: Give meaning to return values from tabrmd-init.")

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
Added in v3, because tpm2-abrmd 2.1.1 and tpm2-tss 2.3.1 are incompatible.
---
 projectroot/usr/lib/systemd/system/tpm2-abrmd.service | 2 ++
 rules/tpm2-abrmd.make                                 | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/projectroot/usr/lib/systemd/system/tpm2-abrmd.service b/projectroot/usr/lib/systemd/system/tpm2-abrmd.service
index 204834738..5cccace95 100644
--- a/projectroot/usr/lib/systemd/system/tpm2-abrmd.service
+++ b/projectroot/usr/lib/systemd/system/tpm2-abrmd.service
@@ -5,6 +5,8 @@ ConditionPathExists=/dev/tpm0
 [Service]
 Type=dbus
 Restart=always
+# 69=EX_UNAVAILABLE, 71=EX_OSERR, 74=EX_IOERR
+RestartPreventExitStatus=69 71 74
 RestartSec=5
 BusName=com.intel.tss2.Tabrmd
 StandardOutput=syslog
diff --git a/rules/tpm2-abrmd.make b/rules/tpm2-abrmd.make
index 24b1a0236..bbf334412 100644
--- a/rules/tpm2-abrmd.make
+++ b/rules/tpm2-abrmd.make
@@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_TPM2_ABRMD) += tpm2-abrmd
 #
 # Paths and names
 #
-TPM2_ABRMD_VERSION		:= 2.1.1
-TPM2_ABRMD_MD5			:= 47f9ee5be9cedec3a8f1a03f60ead4d5
+TPM2_ABRMD_VERSION		:= 2.3.0
+TPM2_ABRMD_MD5			:= 1326e92638d4f55cc4553260e5c24b6c
 TPM2_ABRMD			:= tpm2-abrmd-$(TPM2_ABRMD_VERSION)
 TPM2_ABRMD_SUFFIX		:= tar.gz
 TPM2_ABRMD_URL			:= https://github.com/tpm2-software/tpm2-abrmd/releases/download/$(TPM2_ABRMD_VERSION)/$(TPM2_ABRMD).$(TPM2_ABRMD_SUFFIX)
@@ -34,6 +34,7 @@ TPM2_ABRMD_LICENSE_FILES	:= file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da
 TPM2_ABRMD_CONF_TOOL	:= autoconf
 TPM2_ABRMD_CONF_OPT	:= \
 	$(CROSS_AUTOCONF_USR) \
+	--enable-debug=info \
 	--disable-unit \
 	--disable-code-coverage \
 	--disable-valgrind \
@@ -44,6 +45,7 @@ TPM2_ABRMD_CONF_OPT	:= \
 	--disable-dlclose \
 	--disable-test-hwtpm \
 	--disable-integration \
+	--disable-defaultflags \
 	--without-gcov \
 	--with-systemdsystemunitdir=/usr/lib/systemd/system \
 	--with-dbuspolicydir=/usr/share/dbus-1/system.d
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3 2/3] tpm2-tools: version bump 3.1.4 -> 4.1

[Bruno Thomsen]

Hi Bastian,

Den fre. 29. nov. 2019 kl. 12.52 skrev Bastian Krause <bst@pengutronix.de>:
> -TPM2_TOOLS_VERSION             := 3.1.4
> -TPM2_TOOLS_MD5                 := 61b4a382d24c950148a3f5fe41ac2306
> +TPM2_TOOLS_VERSION             := 4.1

I just tested your version bump and found that our build still need
a minor change otherwise the prepare stage fails.

$ ptxdist prepare tpm2-tools

checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -Wformat... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wstack-protector... yes
checking whether C compiler accepts -fstack-protector-all... yes
checking whether C compiler accepts -Wstrict-overflow=5... yes
checking whether C compiler accepts -Wbool-compare... yes
checking whether C compiler accepts -O2... yes
checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
checking whether C compiler accepts -fPIC... yes
checking whether the linker accepts -shared... no
configure: error: Cannot enable -shared, consider configuring with
--disable-hardening


ptxdist platformconfig:
#
# hardening options
#
# PTXCONF_TARGET_HARDEN_STACK_NONE is not set
# PTXCONF_TARGET_HARDEN_STACK is not set
# PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
PTXCONF_TARGET_HARDEN_STACK_ALL=y
PTXCONF_TARGET_HARDEN_STACKCLASH=y
PTXCONF_TARGET_HARDEN_FORTIFY=y
PTXCONF_TARGET_HARDEN_RELRO=y
PTXCONF_TARGET_HARDEN_BINDNOW=y
PTXCONF_TARGET_HARDEN_PIE=y
PTXCONF_TARGET_HARDEN_GLIBCXX_ASSERTIONS=y

Disabling PIE does not change anything when using arm-v7a-linux-gnueabihf-gcc.

>  # ----------------------------------------------------------------------------
>  # Prepare
> @@ -34,10 +34,12 @@ TPM2_TOOLS_LICENSE_FILES    := file://LICENSE;md5=91b7c548d73ea16537799e8060cea819
>  TPM2_TOOLS_CONF_TOOL   := autoconf
>  TPM2_TOOLS_CONF_OPT    := \
>         $(CROSS_AUTOCONF_USR) \
> +       --enable-debug=info \
>         --disable-code-coverage \
>         --disable-unit \
>         --enable-hardening \
> -       --without-gcov
> +       --without-gcov \
> +       --without-bashcompdir

TPM2_TOOLS_CFLAGS := \
    -fPIC


I don't know if this is the correct fix or something else is the root cause.

/Bruno

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3 2/3] tpm2-tools: version bump 3.1.4 -> 4.1

[Bastian Krause]

Hi Bruno,

On 12/17/19 4:16 PM, Bruno Thomsen wrote:
> Den fre. 29. nov. 2019 kl. 12.52 skrev Bastian Krause <bst@pengutronix.de>:
>> -TPM2_TOOLS_VERSION             := 3.1.4
>> -TPM2_TOOLS_MD5                 := 61b4a382d24c950148a3f5fe41ac2306
>> +TPM2_TOOLS_VERSION             := 4.1
> 
> I just tested your version bump and found that our build still need
> a minor change otherwise the prepare stage fails.
> 
> $ ptxdist prepare tpm2-tools
> 
> checking whether C compiler accepts -Wall... yes
> checking whether C compiler accepts -Wextra... yes
> checking whether C compiler accepts -Werror... yes
> checking whether C compiler accepts -Wformat... yes
> checking whether C compiler accepts -Wformat-security... yes
> checking whether C compiler accepts -Wstack-protector... yes
> checking whether C compiler accepts -fstack-protector-all... yes
> checking whether C compiler accepts -Wstrict-overflow=5... yes
> checking whether C compiler accepts -Wbool-compare... yes
> checking whether C compiler accepts -O2... yes
> checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
> checking whether C compiler accepts -fPIC... yes
> checking whether the linker accepts -shared... no
> configure: error: Cannot enable -shared, consider configuring with
> --disable-hardening
> 
> 
> ptxdist platformconfig:
> #
> # hardening options
> #
> # PTXCONF_TARGET_HARDEN_STACK_NONE is not set
> # PTXCONF_TARGET_HARDEN_STACK is not set
> # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
> PTXCONF_TARGET_HARDEN_STACK_ALL=y
> PTXCONF_TARGET_HARDEN_STACKCLASH=y
> PTXCONF_TARGET_HARDEN_FORTIFY=y
> PTXCONF_TARGET_HARDEN_RELRO=y
> PTXCONF_TARGET_HARDEN_BINDNOW=y
> PTXCONF_TARGET_HARDEN_PIE=y
> PTXCONF_TARGET_HARDEN_GLIBCXX_ASSERTIONS=y
> 
> Disabling PIE does not change anything when using arm-v7a-linux-gnueabihf-gcc.
> 
>>  # ----------------------------------------------------------------------------
>>  # Prepare
>> @@ -34,10 +34,12 @@ TPM2_TOOLS_LICENSE_FILES    := file://LICENSE;md5=91b7c548d73ea16537799e8060cea819
>>  TPM2_TOOLS_CONF_TOOL   := autoconf
>>  TPM2_TOOLS_CONF_OPT    := \
>>         $(CROSS_AUTOCONF_USR) \
>> +       --enable-debug=info \
>>         --disable-code-coverage \
>>         --disable-unit \
>>         --enable-hardening \
>> -       --without-gcov
>> +       --without-gcov \
>> +       --without-bashcompdir
> 
> TPM2_TOOLS_CFLAGS := \
>     -fPIC
> 
> 
> I don't know if this is the correct fix or something else is the root cause.

Looks okay to me. Let's wait what Michael has to say about it.

Regards,
Bastian

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3 2/3] tpm2-tools: version bump 3.1.4 -> 4.1

[Michael Olbrich]

On Wed, Dec 18, 2019 at 09:57:24AM +0100, Bastian Krause wrote:
> Hi Bruno,
> 
> On 12/17/19 4:16 PM, Bruno Thomsen wrote:
> > Den fre. 29. nov. 2019 kl. 12.52 skrev Bastian Krause <bst@pengutronix.de>:
> >> -TPM2_TOOLS_VERSION             := 3.1.4
> >> -TPM2_TOOLS_MD5                 := 61b4a382d24c950148a3f5fe41ac2306
> >> +TPM2_TOOLS_VERSION             := 4.1
> > 
> > I just tested your version bump and found that our build still need
> > a minor change otherwise the prepare stage fails.
> > 
> > $ ptxdist prepare tpm2-tools
> > 
> > checking whether C compiler accepts -Wall... yes
> > checking whether C compiler accepts -Wextra... yes
> > checking whether C compiler accepts -Werror... yes
> > checking whether C compiler accepts -Wformat... yes
> > checking whether C compiler accepts -Wformat-security... yes
> > checking whether C compiler accepts -Wstack-protector... yes
> > checking whether C compiler accepts -fstack-protector-all... yes
> > checking whether C compiler accepts -Wstrict-overflow=5... yes
> > checking whether C compiler accepts -Wbool-compare... yes
> > checking whether C compiler accepts -O2... yes
> > checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
> > checking whether C compiler accepts -fPIC... yes
> > checking whether the linker accepts -shared... no
> > configure: error: Cannot enable -shared, consider configuring with
> > --disable-hardening
> > 
> > 
> > ptxdist platformconfig:
> > #
> > # hardening options
> > #
> > # PTXCONF_TARGET_HARDEN_STACK_NONE is not set
> > # PTXCONF_TARGET_HARDEN_STACK is not set
> > # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
> > PTXCONF_TARGET_HARDEN_STACK_ALL=y
> > PTXCONF_TARGET_HARDEN_STACKCLASH=y
> > PTXCONF_TARGET_HARDEN_FORTIFY=y
> > PTXCONF_TARGET_HARDEN_RELRO=y
> > PTXCONF_TARGET_HARDEN_BINDNOW=y
> > PTXCONF_TARGET_HARDEN_PIE=y
> > PTXCONF_TARGET_HARDEN_GLIBCXX_ASSERTIONS=y
> > 
> > Disabling PIE does not change anything when using arm-v7a-linux-gnueabihf-gcc.
> > 
> >>  # ----------------------------------------------------------------------------
> >>  # Prepare
> >> @@ -34,10 +34,12 @@ TPM2_TOOLS_LICENSE_FILES    := file://LICENSE;md5=91b7c548d73ea16537799e8060cea819
> >>  TPM2_TOOLS_CONF_TOOL   := autoconf
> >>  TPM2_TOOLS_CONF_OPT    := \
> >>         $(CROSS_AUTOCONF_USR) \
> >> +       --enable-debug=info \
> >>         --disable-code-coverage \
> >>         --disable-unit \
> >>         --enable-hardening \
> >> -       --without-gcov
> >> +       --without-gcov \
> >> +       --without-bashcompdir
> > 
> > TPM2_TOOLS_CFLAGS := \
> >     -fPIC
> > 
> > 
> > I don't know if this is the correct fix or something else is the root cause.
> 
> Looks okay to me. Let's wait what Michael has to say about it.

That makes sense to me. I think this should be handled correctly
internally, but I think for a lot if distributions that's already the
default in the toolchain, so it does not fail there.

Michael

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3 2/3] tpm2-tools: version bump 3.1.4 -> 4.1

[Bastian Krause]

On 1/6/20 12:24 PM, Michael Olbrich wrote:
> On Wed, Dec 18, 2019 at 09:57:24AM +0100, Bastian Krause wrote:
>> Hi Bruno,
>>
>> On 12/17/19 4:16 PM, Bruno Thomsen wrote:
>>> Den fre. 29. nov. 2019 kl. 12.52 skrev Bastian Krause <bst@pengutronix.de>:
>>>> -TPM2_TOOLS_VERSION             := 3.1.4
>>>> -TPM2_TOOLS_MD5                 := 61b4a382d24c950148a3f5fe41ac2306
>>>> +TPM2_TOOLS_VERSION             := 4.1
>>>
>>> I just tested your version bump and found that our build still need
>>> a minor change otherwise the prepare stage fails.
>>>
>>> $ ptxdist prepare tpm2-tools
>>>
>>> checking whether C compiler accepts -Wall... yes
>>> checking whether C compiler accepts -Wextra... yes
>>> checking whether C compiler accepts -Werror... yes
>>> checking whether C compiler accepts -Wformat... yes
>>> checking whether C compiler accepts -Wformat-security... yes
>>> checking whether C compiler accepts -Wstack-protector... yes
>>> checking whether C compiler accepts -fstack-protector-all... yes
>>> checking whether C compiler accepts -Wstrict-overflow=5... yes
>>> checking whether C compiler accepts -Wbool-compare... yes
>>> checking whether C compiler accepts -O2... yes
>>> checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
>>> checking whether C compiler accepts -fPIC... yes
>>> checking whether the linker accepts -shared... no
>>> configure: error: Cannot enable -shared, consider configuring with
>>> --disable-hardening
>>>
>>>
>>> ptxdist platformconfig:
>>> #
>>> # hardening options
>>> #
>>> # PTXCONF_TARGET_HARDEN_STACK_NONE is not set
>>> # PTXCONF_TARGET_HARDEN_STACK is not set
>>> # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
>>> PTXCONF_TARGET_HARDEN_STACK_ALL=y
>>> PTXCONF_TARGET_HARDEN_STACKCLASH=y
>>> PTXCONF_TARGET_HARDEN_FORTIFY=y
>>> PTXCONF_TARGET_HARDEN_RELRO=y
>>> PTXCONF_TARGET_HARDEN_BINDNOW=y
>>> PTXCONF_TARGET_HARDEN_PIE=y
>>> PTXCONF_TARGET_HARDEN_GLIBCXX_ASSERTIONS=y
>>>
>>> Disabling PIE does not change anything when using arm-v7a-linux-gnueabihf-gcc.
>>>
>>>>  # ----------------------------------------------------------------------------
>>>>  # Prepare
>>>> @@ -34,10 +34,12 @@ TPM2_TOOLS_LICENSE_FILES    := file://LICENSE;md5=91b7c548d73ea16537799e8060cea819
>>>>  TPM2_TOOLS_CONF_TOOL   := autoconf
>>>>  TPM2_TOOLS_CONF_OPT    := \
>>>>         $(CROSS_AUTOCONF_USR) \
>>>> +       --enable-debug=info \
>>>>         --disable-code-coverage \
>>>>         --disable-unit \
>>>>         --enable-hardening \
>>>> -       --without-gcov
>>>> +       --without-gcov \
>>>> +       --without-bashcompdir
>>>
>>> TPM2_TOOLS_CFLAGS := \
>>>     -fPIC
>>>
>>>
>>> I don't know if this is the correct fix or something else is the root cause.
>>
>> Looks okay to me. Let's wait what Michael has to say about it.
> 
> That makes sense to me. I think this should be handled correctly
> internally, but I think for a lot if distributions that's already the
> default in the toolchain, so it does not fail there.

Alright. Bruno, could you send this as a proper patch?

Regards,
Bastian

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3 2/3] tpm2-tools: version bump 3.1.4 -> 4.1

[Bruno Thomsen]

Hi Bastian,

Den man. 6. jan. 2020 kl. 15.41 skrev Bastian Krause <bst@pengutronix.de>:
>
> >>> TPM2_TOOLS_CFLAGS := \
> >>>     -fPIC
> >>>
> >>>
> >>> I don't know if this is the correct fix or something else is the root cause.
> >>
> >> Looks okay to me. Let's wait what Michael has to say about it.
> >
> > That makes sense to me. I think this should be handled correctly
> > internally, but I think for a lot if distributions that's already the
> > default in the toolchain, so it does not fail there.
>
> Alright. Bruno, could you send this as a proper patch?

Yes, I can do that.

Bruno

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de