tboot: 1.9.8 -> 1.10.1

https://sourceforge.net/p/tboot/code/ci/v1.10.1/tree/CHANGELOG
author: TredwellGit <tredwell@tutanota.com> 2021-04-24 02:26:23 +0000
committer: TredwellGit <tredwell@tutanota.com> 2021-04-24 02:26:23 +0000
commit: 688ed16f0055dac8c4872205cc1b1d879c614c3b (patch)
tree: a286c9b4a684361d01004c7ad61690b46e9734be /pkgs/tools/security/tboot
parent: bbffc43d56992d53272c1263aab169b86cf59fc1 (diff)
2 files changed, 9 insertions, 62 deletions
diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix
index bf13fe7822e84..9c5d44c6d6078 100644
--- a/pkgs/tools/security/tboot/default.nix
+++ b/pkgs/tools/security/tboot/default.nix
@@ -1,27 +1,23 @@
-{ lib, stdenv, fetchurl, trousers, openssl, zlib }:
+{ lib, stdenv, fetchurl, openssl, perl, trousers, zlib }:
 
 stdenv.mkDerivation rec {
   pname = "tboot";
-  version = "1.9.8";
+  version = "1.10.1";
 
   src = fetchurl {
     url = "mirror://sourceforge/tboot/${pname}-${version}.tar.gz";
-    sha256 = "06f0ggl6vrb5ghklblvh2ixgmmjv31rkp1vfj9qm497iqwq9ac00";
+    sha256 = "18bnkwnlk16cc20nysqfcjx006idi7jmmhahk8vk09w458bhaajg";
   };
 
-  patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ];
-
-  buildInputs = [ trousers openssl zlib ];
+  buildInputs = [ openssl trousers zlib ];
 
   enableParallelBuilding = true;
 
-  hardeningDisable = [ "pic" "stackprotector" ];
-
-  NIX_CFLAGS_COMPILE = [ "-Wno-error=address-of-packed-member" ];
+  preConfigure = ''
+    substituteInPlace tboot/Makefile --replace /usr/bin/perl ${perl}/bin/perl
 
-  configurePhase = ''
-    for a in lcptools utils tb_polgen; do
-      substituteInPlace $a/Makefile --replace /usr/sbin /sbin
+    for a in lcptools-v2 tb_polgen utils; do
+      substituteInPlace "$a/Makefile" --replace /usr/sbin /sbin
     done
     substituteInPlace docs/Makefile --replace /usr/share /share
   '';
@@ -31,6 +27,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "A pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM";
     homepage    = "https://sourceforge.net/projects/tboot/";
+    changelog   = "https://sourceforge.net/p/tboot/code/ci/v${version}/tree/CHANGELOG";
     license     = licenses.bsd3;
     maintainers = with maintainers; [ ak ];
     platforms   = [ "x86_64-linux" "i686-linux" ];
diff --git a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch
deleted file mode 100644
index a16ba9f4fbab2..0000000000000
--- a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c
---- tboot-1.8.0.orig/lcptools/writepol.c	2014-01-30 10:34:57.000000000 +0100
-+++ tboot-1.8.0/lcptools/writepol.c	2014-02-12 01:48:51.523581057 +0100
-@@ -40,6 +40,7 @@
- #include <getopt.h>
- #include <trousers/tss.h>
- #include <trousers/trousers.h>
-+#include <tss/tss_defines.h>
- 
- #define PRINT   printf
- #include "../include/uuid.h"
-@@ -51,14 +52,15 @@ static uint32_t index_value = 0;
- static char *file_arg=NULL;
- static uint32_t fLeng;
- static unsigned char *policy_data = NULL;
--static char *password = NULL;
-+static const char *password = NULL;
- static uint32_t passwd_length = 0;
-+static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET;
- static int help_input = 0;
- static unsigned char empty_pol_data[] = {0};
- 
--static const char *short_option = "ehi:f:p:";
-+static const char *short_option = "ehi:f:p:Z";
- static const char *usage_string = "lcp_writepol -i index_value "
--                                  "[-f policy_file] [-e] [-p passwd] [-h]";
-+                                  "[-f policy_file] [-e] [-p passwd|-Z] [-h]";
- 
- static const char *option_strings[] = {
-     "-i index value: uint32/string.\n"
-@@ -67,6 +69,7 @@ static const char *option_strings[] = {
-     "\tINDEX_AUX:0x50000002 or \"aux\"\n",
-     "-f file_name: string. File name of the policy data is stored. \n",
-     "-p password: string. \n",
-+    "-Z use well known secret as password. \n",
-     "-e write 0 length data to the index.\n"
-     "\tIt will be used for some special index.\n"
-     "\tFor example, the index with permission WRITEDEFINE.\n",
-@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg
-                 fLeng = 0;
-                 break;
- 
-+            case 'Z':
-+                password = well_known_secret;
-+                passwd_length = sizeof(well_known_secret);
-+                break;
-+
-             case 'h':
-                 help_input = 1;
-                 break;
author	TredwellGit <tredwell@tutanota.com>	2021-04-24 02:26:23 +0000
committer	TredwellGit <tredwell@tutanota.com>	2021-04-24 02:26:23 +0000
commit	688ed16f0055dac8c4872205cc1b1d879c614c3b (patch)
tree	a286c9b4a684361d01004c7ad61690b46e9734be /pkgs/tools/security/tboot
parent	bbffc43d56992d53272c1263aab169b86cf59fc1 (diff)