On 11/26/18 11:22 AM, Thorsten K. Scherer wrote: > Signed-off-by: Thorsten K. Scherer > --- > projectroot/etc/group | 31 ++++++++ > projectroot/etc/passwd | 17 +++++ > projectroot/etc/shadow | 1 + > .../etc/systemd/system/tpm2-abrmd.service | 14 ++++ > .../com.intel.tss2.Tabrmd.service | 5 ++ > rules/tpm2-abrmd.in | 17 +++++ > rules/tpm2-abrmd.make | 71 +++++++++++++++++++ > 7 files changed, 156 insertions(+) > create mode 100644 projectroot/etc/group > create mode 100644 projectroot/etc/passwd > create mode 100644 projectroot/etc/systemd/system/tpm2-abrmd.service > create mode 100755 projectroot/usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service > create mode 100755 rules/tpm2-abrmd.in > create mode 100755 rules/tpm2-abrmd.make Why are the files executable? > > diff --git a/projectroot/etc/group b/projectroot/etc/group > new file mode 100644 > index 0000000..15e3f91 > --- /dev/null > +++ b/projectroot/etc/group > @@ -0,0 +1,31 @@ > +root:x:0: > +daemon:x:1: > +adm:x:4: > +kvm:x:36: > +shadow:x:42: > +utmp:x:43: > +users:x:100: > +ftp:x:101: > +www:x:102: > +messagebus:x:104: > +cdrom:x:105: > +dialout:x:106: > +disk:x:107: > +floppy:x:108: > +kmem:x:109: > +lp:x:110: > +tape:x:111: > +tty:x:112: > +video:x:113: > +lock:x:114: > +audio:x:115: > +input:x:116: > +mysql:x:117: > +systemd-journal:x:201: > +systemd-network:x:202: > +systemd-journal-gateway:x:206: > +systemd-journal-remote:x:203: > +systemd-journal-upload:x:208: > +render:x:209: > +nogroup:x:65534: > +tss:x:998: > diff --git a/projectroot/etc/passwd b/projectroot/etc/passwd > new file mode 100644 > index 0000000..d773aa1 > --- /dev/null > +++ b/projectroot/etc/passwd > @@ -0,0 +1,17 @@ > +root:x:0:0:root:/root:/bin/sh > +daemon:x:1:1:daemon:/usr/sbin:/bin/sh > +ftp:x:11:101:ftp user:/home:/bin/false > +www:x:12:102:www user:/home:/bin/false > +sshd:x:100:65534:SSH Server:/var/run/sshd:/bin/false > +mysql:x:101:117:mySQL Server:/var/run/mysql:/bin/false > +messagebus:x:103:104:messagebus:/dev/null:/bin/false > +systemd-network:x:202:202:systemd-network:/dev/null:/bin/false > +systemd-resolve:x:203:65534:systemd-resolve:/dev/null:/bin/false > +systemd-timesync:x:204:65534:systemd-timesync:/dev/null:/bin/false > +systemd-coredump:x:205:65534:systemd-coredump:/dev/null:/bin/false > +systemd-journal-gateway:x:206:206:systemd-journal-gateway:/dev/null:/bin/false > +systemd-journal-remote:x:207:203:systemd-journal-remote:/dev/null:/bin/false > +systemd-journal-upload:x:208:208:systemd-journal-upload:/dev/null:/bin/false > +rpcuser:x:65533:65534:RPC user:/dev/null:/bin/false > +nobody:x:65534:65534:Unprivileged Nobody:/dev/null:/bin/false > +tss:x:998:998: :/dev/null:/bin/false > diff --git a/projectroot/etc/shadow b/projectroot/etc/shadow > index 7cf6f27..9034a0c 100644 > --- a/projectroot/etc/shadow > +++ b/projectroot/etc/shadow > @@ -2,3 +2,4 @@ root:$1$X8ymmpO3$amNaEv3Jw9.EjhrurM7r0.:16475:0:99999:7::: > daemon:*:14250:0:99999:7::: > sshd:*:0:0:99999:7::: > ftp::0:0:99999:7::: > +tss:!:17835:0:99999:7::: > diff --git a/projectroot/etc/systemd/system/tpm2-abrmd.service b/projectroot/etc/systemd/system/tpm2-abrmd.service > new file mode 100644 > index 0000000..589f9bc > --- /dev/null > +++ b/projectroot/etc/systemd/system/tpm2-abrmd.service > @@ -0,0 +1,14 @@ > +[Unit] > +Description=TPM2 Access Broker and Resource Management Daemon > + > +[Service] > +Type=dbus > +Restart=always > +RestartSec=5 > +BusName=com.intel.tss2.Tabrmd > +StandardOutput=syslog > +ExecStart=/usr/sbin/tpm2-abrmd > +User=tss > + > +[Install] > +WantedBy=multi-user.target Why do you need a seperate service unit? The package comes with it's own. > diff --git a/projectroot/usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service b/projectroot/usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service > new file mode 100755 > index 0000000..f5749a4 > --- /dev/null > +++ b/projectroot/usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service > @@ -0,0 +1,5 @@ > +[D-BUS Service] > +Name=com.intel.tss2.Tabrmd > +Exec=/usr/sbin/tpm2-abrmd > +User=tss > +SystemdService=tpm2-abrmd.service Why do you need a seperate dbus service unit? The package comes with it's own. > diff --git a/rules/tpm2-abrmd.in b/rules/tpm2-abrmd.in > new file mode 100755 > index 0000000..70869ce > --- /dev/null > +++ b/rules/tpm2-abrmd.in > @@ -0,0 +1,17 @@ > +## SECTION=tpm > + > +config TPM2_ABRMD > + tristate > + select HOST_AUTOTOOLS_AUTOCONF_ARCHIVE > + select DBUS > + select GLIB > + select TPM2_TSS > + prompt "tpm2-abrmd" > + help > + TPM2 Access Broker & Resource Management Daemon implementing > + the TCG spec. > + > + This is a system daemon implementing the TPM2 access broker > + (TAB) & Resource Manager (RM) spec from the TCG. The daemon > + (tpm2-abrmd) is implemented using Glib and the GObject > + system. > diff --git a/rules/tpm2-abrmd.make b/rules/tpm2-abrmd.make > new file mode 100755 > index 0000000..671152a > --- /dev/null > +++ b/rules/tpm2-abrmd.make > @@ -0,0 +1,71 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2017 by Marc Kleine-Budde > +# > +# See CREDITS for details about who has contributed to this project. > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_TPM2_ABRMD) += tpm2-abrmd > + > +# > +# Paths and names > +# > +TPM2_ABRMD_VERSION := 2.0.2 2.0.3 is the latest version > +TPM2_ABRMD_MD5 := 07b629d99685b4273a85e894e623e87b > +TPM2_ABRMD := tpm2-abrmd-$(TPM2_ABRMD_VERSION) > +TPM2_ABRMD_SUFFIX := tar.gz > +TPM2_ABRMD_URL := https://github.com/01org/tpm2-abrmd.git;tag=$(TPM2_ABRMD_VERSION) > +TPM2_ABRMD_SOURCE := $(SRCDIR)/$(TPM2_ABRMD).$(TPM2_ABRMD_SUFFIX) > +TPM2_ABRMD_DIR := $(BUILDDIR)/$(TPM2_ABRMD) > +TPM2_ABRMD_LICENSE := BSD-3-Clause > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# autoconf > +# > +TPM2_ABRMD_CONF_TOOL := autoconf > +TPM2_ABRMD_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ > + --with-dbuspolicydir=/usr/share/dbus-1/system.d \ > + --with-systemdsystemunitdir=/lib/systemd/system \ With new ptxdists that's: /usr/lib/systemd/system > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/tpm2-abrmd.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, tpm2-abrmd) > + @$(call install_fixup, tpm2-abrmd,PRIORITY,optional) > + @$(call install_fixup, tpm2-abrmd,SECTION,base) > + @$(call install_fixup, tpm2-abrmd,AUTHOR,"Marc Kleine-Budde ") > + @$(call install_fixup, tpm2-abrmd,DESCRIPTION,missing) > + > + @$(call install_lib, tpm2-abrmd, tss, tss, 0644, libtss2-tcti-tabrmd) > + @$(call install_copy, tpm2-abrmd, tss, tss, 0755, -, /usr/sbin/tpm2-abrmd) > + > + @$(call install_copy, tpm2-abrmd, tss, tss, 0644, -, \ > + /usr/share/dbus-1/system.d/tpm2-abrmd.conf) > + @$(call install_copy, tpm2-abrmd, tss, tss, 0644, -, \ > + /lib/systemd/system/tpm2-abrmd.service) > + > + @$(call install_alternative, tpm2-abrmd, tss, tss, 0644, \ > + /usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service) > + @$(call install_alternative, tpm2-abrmd, tss, tss, 0644, \ > + /etc/systemd/system/tpm2-abrmd.service) > + > + @$(call install_finish, tpm2-abrmd) > + > + @$(call touch) > + > +# vim: syntax=make > Marc -- Pengutronix e.K. | Marc Kleine-Budde | Industrial Linux Solutions | Phone: +49-231-2826-924 | Vertretung West/Dortmund | Fax: +49-5121-206917-5555 | Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |