diff options
author | Alexander Kjeldaas <ak@formalprivacy.com> | 2013-08-14 08:16:52 +0200 |
---|---|---|
committer | Alexander Kjeldaas <ak@formalprivacy.com> | 2014-04-22 13:24:44 +0200 |
commit | dbe8d7ad030206987910057a9cfb0bd90a8b5c15 (patch) | |
tree | 7b7a00af8e30bd94733b844089ce3d9b00748b6a /pkgs/tools/security/trousers | |
parent | 396da207391b3b16d511b6fa6bbed035af82a6e8 (diff) |
Added trousers, tpm-tools, and tboot.
Added lcp_writepol -Z option.
Diffstat (limited to 'pkgs/tools/security/trousers')
4 files changed, 105 insertions, 0 deletions
diff --git a/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch new file mode 100644 index 0000000000000..774a14f72babe --- /dev/null +++ b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch @@ -0,0 +1,19 @@ +diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c +--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c 2013-07-12 18:27:37.000000000 +0200 ++++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c 2013-08-21 14:29:42.917231648 +0200 +@@ -763,6 +763,7 @@ + return TCSERR(TSS_E_INTERNAL_ERROR); + } + ++#ifndef ALLOW_NON_TSS_CONFIG_FILE + /* make sure user/group TSS owns the conf file */ + if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, +@@ -775,6 +776,7 @@ + LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } ++#endif + #endif /* SOLARIS */ + + if ((f = fopen(tcsd_config_file, "r")) == NULL) { diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix new file mode 100644 index 0000000000000..20952aeea9dd2 --- /dev/null +++ b/pkgs/tools/security/trousers/default.nix @@ -0,0 +1,27 @@ +{stdenv, fetchurl, autoconf, automake, openssl}: + +stdenv.mkDerivation { + name = "trousers-0.3.11.2"; + + src = fetchurl { + url = https://sourceforge.net/projects/trousers/files/trousers/0.3.11/trousers-0.3.11.2.tar.gz; + sha256 = "03c71szmij1nx3jicacmazh0yan3qm00k0ahmh4mq88fw00k1p4v"; + }; + + buildInputs = [ openssl ]; + + patches = [ # ./double-installed-man-page.patch + ./disable-install-rule.patch + ./allow-non-tss-config-file-owner.patch + ]; + + NIX_CFLAGS_COMPILE = "-DALLOW_NON_TSS_CONFIG_FILE"; + NIX_LDFLAGS = "-lgcc_s"; + + meta = with stdenv.lib; { + description = "TrouSerS is an CPL (Common Public License) licensed Trusted Computing Software Stack."; + homepage = http://trousers.sourceforge.net/; + license = licenses.cpl; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/trousers/disable-install-rule.patch b/pkgs/tools/security/trousers/disable-install-rule.patch new file mode 100644 index 0000000000000..698beac9ffde8 --- /dev/null +++ b/pkgs/tools/security/trousers/disable-install-rule.patch @@ -0,0 +1,27 @@ +--- trousers-0.3.11/dist/Makefile.in 2013-08-14 06:49:37.597558787 +0200 ++++ trousers-0.3.11/dist/Makefile.in 2013-08-14 06:50:07.134510774 +0200 +@@ -363,16 +363,16 @@ + uninstall uninstall-am uninstall-hook + + install: install-exec-hook +- if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi +- /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true +- /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf ++# echo if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi ++ echo /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true ++ echo /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf + + install-exec-hook: +- /usr/sbin/groupadd tss || true +- /usr/sbin/useradd -r tss -g tss || true +- /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' +- /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true +- /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm ++ echo /usr/sbin/groupadd tss || true ++ echo /usr/sbin/useradd -r tss -g tss || true ++ echo /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' ++ echo /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true ++ echo /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm + + uninstall-hook: + /usr/sbin/userdel tss || true diff --git a/pkgs/tools/security/trousers/double-installed-man-page.patch b/pkgs/tools/security/trousers/double-installed-man-page.patch new file mode 100644 index 0000000000000..6b40716120ea4 --- /dev/null +++ b/pkgs/tools/security/trousers/double-installed-man-page.patch @@ -0,0 +1,32 @@ +--- trousers-0.3.11/man/man3/Makefile.am 2013-08-14 04:57:47.018494495 +0200 ++++ trousers-0.3.11/man/man3/Makefile.am 2013-08-14 04:58:10.353453471 +0200 +@@ -75,7 +75,6 @@ + Tspi_TPM_TakeOwnership.3 \ + Tspi_TPM_GetAuditDigest.3 \ + Tspi_TPM_OwnerGetSRKPubKey.3 \ +- Tspi_TPM_Quote.3 \ + Tspi_TPM_CMKSetRestrictions.3 + if TSS_BUILD_DAA + man3_MANS += Tspi_DAA_IssueCredential.3 \ +--- trousers-0.3.11/man/man3/Makefile.in 2013-08-14 05:06:25.029490899 +0200 ++++ trousers-0.3.11/man/man3/Makefile.in 2013-08-14 05:06:43.153457942 +0200 +@@ -243,7 +243,7 @@ + Tspi_TPM_PcrExtend.3 Tspi_TPM_Quote.3 Tspi_TPM_SelfTestFull.3 \ + Tspi_TPM_SetStatus.3 Tspi_TPM_StirRandom.3 \ + Tspi_TPM_TakeOwnership.3 Tspi_TPM_GetAuditDigest.3 \ +- Tspi_TPM_OwnerGetSRKPubKey.3 Tspi_TPM_Quote.3 \ ++ Tspi_TPM_OwnerGetSRKPubKey.3 \ + Tspi_TPM_CMKSetRestrictions.3 $(am__append_1) + EXTRA_DIST = $(man3_MANS) + all: all-am +--- trousers-0.3.11/man/man3/Makefile 2013-08-14 05:07:05.686414845 +0200 ++++ trousers-0.3.11/man/man3/Makefile 2013-08-14 05:07:23.233381327 +0200 +@@ -243,7 +243,7 @@ + Tspi_TPM_PcrExtend.3 Tspi_TPM_Quote.3 Tspi_TPM_SelfTestFull.3 \ + Tspi_TPM_SetStatus.3 Tspi_TPM_StirRandom.3 \ + Tspi_TPM_TakeOwnership.3 Tspi_TPM_GetAuditDigest.3 \ +- Tspi_TPM_OwnerGetSRKPubKey.3 Tspi_TPM_Quote.3 \ ++ Tspi_TPM_OwnerGetSRKPubKey.3 \ + Tspi_TPM_CMKSetRestrictions.3 $(am__append_1) + EXTRA_DIST = $(man3_MANS) + all: all-am |