Merge branch 'master' into staging-next

author: Vladimír Čunát <v@cunat.cz> 2023-11-15 07:33:10 +0100
committer: Vladimír Čunát <v@cunat.cz> 2023-11-15 07:33:10 +0100
commit: c46eae0f3572fbe7af42e5d40648b7b4a1d1317b (patch)
tree: 84e748e6477734c4826b4d6b34152b1958e5627a /pkgs/misc
parent: 9297b620bb86624e6cf4b6ae54fc4ae1da98bb83 (diff)
parent: e8ad54f562b4621c7c080b4a3ddbafe4735bcb86 (diff)
4 files changed, 74 insertions, 20 deletions
diff --git a/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch b/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch
deleted file mode 100644
index fa2575cb938a8..0000000000000
--- a/pkgs/misc/tpm2-pkcs11/0001-configure-ac-version.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index e861e42..018c19c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -26,7 +26,7 @@
- #;**********************************************************************;
- 
- AC_INIT([tpm2-pkcs11],
--  [m4_esyscmd_s([git describe --tags --always --dirty])],
-+  [git-@VERSION@],
-   [https://github.com/tpm2-software/tpm2-pkcs11/issues],
-   [],
-   [https://github.com/tpm2-software/tpm2-pkcs11])
diff --git a/pkgs/misc/tpm2-pkcs11/default.nix b/pkgs/misc/tpm2-pkcs11/default.nix
index dd0cf011b1588..91b7c31eb3231 100644
--- a/pkgs/misc/tpm2-pkcs11/default.nix
+++ b/pkgs/misc/tpm2-pkcs11/default.nix
@@ -2,32 +2,38 @@
 , pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf
 , tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml
 , abrmdSupport ? true, tpm2-abrmd ? null
+, fapiSupport ? true
 }:
 
 stdenv.mkDerivation rec {
   pname = "tpm2-pkcs11";
-  version = "1.8.0";
+  version = "1.9.0";
 
   src = fetchFromGitHub {
     owner = "tpm2-software";
     repo = pname;
     rev = version;
-    sha256 = "sha256-f5wi0nIM071yaQCwPkY1agKc7OEQa/IxHJc4V2i0Q9I=";
+    sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk=";
   };
 
-  patches = lib.singleton (
-    substituteAll {
-      src = ./0001-configure-ac-version.patch;
-      VERSION = version;
-    });
+  patches = [
+    ./version.patch
+    ./graceful-fapi-fail.patch
+  ];
 
   # The preConfigure phase doesn't seem to be working here
   # ./bootstrap MUST be executed as the first step, before all
   # of the autoreconfHook stuff
   postPatch = ''
+    echo ${version} > VERSION
     ./bootstrap
   '';
 
+  configureFlags = lib.optionals (!fapiSupport) [
+    # Note: this will be renamed to with-fapi in next release.
+    "--enable-fapi=no"
+  ];
+
   nativeBuildInputs = [
     pkg-config autoreconfHook autoconf-archive makeWrapper patchelf
   ];
diff --git a/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch b/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch
new file mode 100644
index 0000000000000..26712e9830c7d
--- /dev/null
+++ b/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch
@@ -0,0 +1,51 @@
+From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001
+From: Jonathan McDowell <noodles@earth.li>
+Date: Wed, 1 Feb 2023 09:29:58 +0000
+Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in
+
+Instead of emitting:
+
+   WARNING: Getting tokens from fapi backend failed.
+
+errors when FAPI support is not compiled in gracefully fail the FAPI
+init and don't log any warnings. We'll still produce a message
+indicating this is what's happened in verbose mode, but normal operation
+no longer gets an unnecessary message.
+
+Fixes #792
+
+Signed-off-by: Jonathan McDowell <noodles@earth.li>
+---
+ src/lib/backend.c      | 4 +++-
+ src/lib/backend_fapi.c | 3 ++-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/backend.c b/src/lib/backend.c
+index ca5e2ccf..128f58b9 100644
+--- a/src/lib/backend.c
++++ b/src/lib/backend.c
+@@ -53,7 +53,9 @@ CK_RV backend_init(void) {
+             LOGE(msg);
+             return rv;
+         }
+-        LOGW(msg);
++        if (rv != CKR_FUNCTION_NOT_SUPPORTED) {
++            LOGW(msg);
++        }
+     } else {
+         fapi_init = true;
+     }
+diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c
+index fe594f0e..3a203632 100644
+--- a/src/lib/backend_fapi.c
++++ b/src/lib/backend_fapi.c
+@@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist
+ 
+ CK_RV backend_fapi_init(void) {
+ 
+-	return CKR_OK;
++	LOGV("FAPI not enabled, failing init");
++	return CKR_FUNCTION_NOT_SUPPORTED;
+ }
+ 
+ CK_RV backend_fapi_destroy(void) {
diff --git a/pkgs/misc/tpm2-pkcs11/version.patch b/pkgs/misc/tpm2-pkcs11/version.patch
new file mode 100644
index 0000000000000..297a7bd537362
--- /dev/null
+++ b/pkgs/misc/tpm2-pkcs11/version.patch
@@ -0,0 +1,10 @@
+--- a/bootstrap
++++ b/bootstrap
+@@ -4,7 +4,6 @@
+ 
+ # Generate a VERSION file that is included in the dist tarball to avoid needed git
+ # when calling autoreconf in a release tarball.
+-git describe --tags --always --dirty > VERSION
+ 
+ # generate list of source files for use in Makefile.am
+ # if you add new source files, you must run ./bootstrap again
author	Vladimír Čunát <v@cunat.cz>	2023-11-15 07:33:10 +0100
committer	Vladimír Čunát <v@cunat.cz>	2023-11-15 07:33:10 +0100
commit	c46eae0f3572fbe7af42e5d40648b7b4a1d1317b (patch)
tree	84e748e6477734c4826b4d6b34152b1958e5627a /pkgs/misc
parent	9297b620bb86624e6cf4b6ae54fc4ae1da98bb83 (diff)
parent	e8ad54f562b4621c7c080b4a3ddbafe4735bcb86 (diff)