autoreconf from autoconf 2.71 emmits a lot of warnings:
+ autoreconf -fiv
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: aclocal --force -I m4
autoreconf: running: /usr/bin/autoconf --force
configure.ac:29: warning: The macro `AC_CONFIG_HEADER' is obsolete.
configure.ac:29: You should run autoupdate.
./lib/autoconf/status.m4:719: AC_CONFIG_HEADER is expanded from...
configure.ac:29: the top level
configure.ac:53: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:53: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:53: the top level
configure.ac:76: warning: The macro `AC_HEADER_STDC' is obsolete.
configure.ac:76: You should run autoupdate.
./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
configure.ac:76: the top level
configure.ac:81: warning: The macro `AC_TYPE_SIGNAL' is obsolete.
configure.ac:81: You should run autoupdate.
./lib/autoconf/types.m4:776: AC_TYPE_SIGNAL is expanded from...
configure.ac:81: the top level
configure.ac:202: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:202: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:202: the top level
configure.ac:267: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:267: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:267: the top level
configure.ac:430: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:430: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:430: the top level
configure.ac:437: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:437: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:437: the top level
configure.ac:517: warning: The macro `AC_HELP_STRING' is obsolete.
configure.ac:517: You should run autoupdate.
./lib/autoconf/general.m4:204: AC_HELP_STRING is expanded from...
configure.ac:517: the top level
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:40: installing './compile'
configure.ac:48: installing './missing'
Makefile.am:34: warning: .PHONY was already defined in condition WITH_SELINUX, which is included in condition TRUE ...
Makefile.am:28: ... '.PHONY' previously defined here
src/swtpm/Makefile.am: installing './depcomp'
autoreconf: './config.sub' is updated
autoreconf: './config.guess' is updated
autoreconf: Leaving directory '.'
Execute autoupdate to apply all those changes.
Signed-off-by: Tomasz Kłoczko <kloczek@github.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch over to the new python implementation of swtpm_setup. We need to
also adjust test cases that involved the tcsd that otherwise fail for
various reasons. For in-place testing we need to adjust the PYTHONPATH
and PATH so that swtpm_setup.py can be found and so that swtpm_setup.py
then finds swtpm if it is not explicitly passed as parameter.
Adjust the man page for swtpm_setup to reflect the changes.
We now can run swtpm_setup as any user. However, libvirt still runs it
as tss:tss (for example), which is then creating the signing key as tss:tss
as well. Ideally libvirt would run it as tss:root or any other combination
since the tss group may be used for user wanting to access /dev/tpmrm0 for
example. We at least change the directory ownership of /var/lib/swtpm-localca
to tss:root and keep the world out of this directory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Rewrite swtpm_setup.sh in python. Use a permanent connection from the
tool to swtpm via passing file descriptors of a unix socketpair. Implement
all functionality in python so that we don't rely on trousers and tpm-tools
for swtpm_setup. This now allows any user to setup a TPM 1.2 whereas before
it had to be root or the tss user.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement a script that creates the user config files in the
${XDG_CONFIG_HOME} directory and sub-directories.
Extend swtpm_setup.pod showing swtpm-create-user-config-files usage.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement a script that creates the user config files in the
${XDG_CONFIG_HOME} directory and sub-directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
A typo in the condition meant that netstat was always required regardless of
whether tcsd is available or not.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
If the tcsd (trousers) is available, TPM 1.2 support should work as well.
Typically the tss user and group should be defined at this point, but
this may not always be the case, so make sure that this user and group
are available on the system.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Error out if libtpms.pc cannot be found for pkg-config. This now requires that an
in-place libtpms be accessed like this:
PKG_CONFIG_PATH=/home/stefanb/libtpms/ \
LIBTPMS_CFLAGS=-I/home/stefanb/libtpms/include/ \
LIBTPMS_LDFLAGS=-L/home/stefanb/libtpms/src/.libs/ \
./configure --prefix=/usr
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following linker issue reported for Gentoo in
issue #280.
ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to EVP_sha512
ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to PKCS5_PBKDF2_HMAC
ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to SHA512
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes a clang issue report in issue #280.
clang does not use ld, so we cannot grep for support of certain linker
flags but have to test-compile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Building things like this in-place is really useful when you can't be
bothered to package and install them for your distribution but still
want to use them. This patch allows building swtpm with libtpms in
place. Simply specify the location to LDFLAGS and CFLAGS on the
configure line
LIBTPMS_CFLAGS=-I/home/jejb/git/libtpms/include/ LIBTPMS_LDFLAGS=-L/home/jejb/git/libtpms/src/.libs/ ./configure
It will then build a version that can run in-place.
I also think it corrects a bug in the original in that if pkg-config
had specified a non standard library location, the version check
wouldn't have used it.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If no prefix is passed to the configure line we get prefix=NONE
in evaluations of variables that depend on prefix at this point.
If the user provides no --prefix we assume /usr/local as the
default and override the 'NONE' value we have at this point.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement support for --with-seccomp and --without-seccomp for Linux
systems with --with-seccomp being the default. On all other systems
--without-seccomp is the implicit default.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a post install script for swtpm-tools that creates
the /var/lib/swtpm-localca directory and changes ownersip
on it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Adjust the localstatedir variable to not have ${prefix} if
prefix is '/usr/', otherwise use ${prefix}.
Also adjust the files that were pointing to directories that
are controlled by $localstatedir.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When the project is configured with --prefix=/usr/local several configuration
files are installed to /usr/local/etc but not read by the programs that
need them. This patch fixes this issue by replacing @SYSCONFDIR@ in the source
code of those files with the actual used path.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow to build without the TPM 1.2 NVRAM area tools but print out a warning
that they are needed for TPM 1.2 certificate injection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Prevent the LIBS variable from collecting all kinds of libraries
by setting the action-if-found parameter in AC_CHECK_LIB. This
avoid linking of executables with unnecessary libraries.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of gcc need some input file to compile so that
we learn whether -fstack-protector-strong is supported.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Only when the CUSE TPM is built we need the glib-2.0 dependency
(which can be removed at some point probably).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fedora policy seems to be to use python3 explicitly for the hashbang
rather than python, which could be either python2 or python3. So convert
it to python3. Also adapt configure.ac to require python3 executable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When using --prefix=/usr never install into /etc/usr.
When using --prefix=/ never install into //share/.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On OpenBSD the gnutls library is in /usr/local/lib and AC_CHECK_LIB does
find it there without explicitly adding GNUTLS_CFLAGS and GNUTLS_LDFLAGS to
CFLAGS.
Also add the GNUTLS_CFLAGS to CFLAGS at the end.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Older distros may not have PKG_CHECK_VAR due to usage of pkg-config
older than v0.28. So, replace the call to PKG_CHECK_VAR with a direct
call to $PKG_CONFIG. Also use PKG_PROG_PKG_CONFIG to determine the
location of pkg-config.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce compile-time variable HAVE_TCSD if the TCSD could
be found. It influences whether TPM 1.2 related swtpm_setup
test cases can be run. If it is set, they can be run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
We also have to move the Travis tests to xenail since PKG_CHECK_VAR
was not available in trusty (14.04).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement support for TPM2. Some of the capabilities are not supported yet in
this patch.
Extend the man pages with description for --tpm2.
Missing: configure should probe for needed API calls in libtpms
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove FreeBL support for swtpm since there will not be support
for FreeBL with TPM 2 in libtpms.
Since a lot of documentation shows --with-openssl, we leave that for
now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
