Added trousers, tpm-tools, and tboot.

Added lcp_writepol -Z option.

4 files changed, 105 insertions, 0 deletions

diff --git a/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
new file mode 100644
index 0000000000000..774a14f72babe
--- /dev/null
+++ b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
@@ -0,0 +1,19 @@
+diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c
+--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c	2013-07-12 18:27:37.000000000 +0200
++++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c	2013-08-21 14:29:42.917231648 +0200
+@@ -763,6 +763,7 @@
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
+ 	}
+ 
++#ifndef ALLOW_NON_TSS_CONFIG_FILE
+ 	/* make sure user/group TSS owns the conf file */
+ 	if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
+ 		LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
+@@ -775,6 +776,7 @@
+ 		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
+ 	}
++#endif
+ #endif /* SOLARIS */
+ 
+ 	if ((f = fopen(tcsd_config_file, "r")) == NULL) {
diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix
new file mode 100644
index 0000000000000..20952aeea9dd2
--- /dev/null
+++ b/pkgs/tools/security/trousers/default.nix
@@ -0,0 +1,27 @@
+{stdenv, fetchurl, autoconf, automake, openssl}:
+
+stdenv.mkDerivation {
+  name = "trousers-0.3.11.2";
+
+  src = fetchurl {
+    url = https://sourceforge.net/projects/trousers/files/trousers/0.3.11/trousers-0.3.11.2.tar.gz;
+    sha256 = "03c71szmij1nx3jicacmazh0yan3qm00k0ahmh4mq88fw00k1p4v";
+  };
+
+  buildInputs = [ openssl ];
+
+  patches = [ # ./double-installed-man-page.patch
+              ./disable-install-rule.patch
+              ./allow-non-tss-config-file-owner.patch
+            ];
+
+  NIX_CFLAGS_COMPILE = "-DALLOW_NON_TSS_CONFIG_FILE";
+  NIX_LDFLAGS = "-lgcc_s";
+
+  meta = with stdenv.lib; {
+    description = "TrouSerS is an CPL (Common Public License) licensed Trusted Computing Software Stack.";
+    homepage    = http://trousers.sourceforge.net/;
+    license     = licenses.cpl;
+    platforms   = platforms.unix;
+  };
+}
diff --git a/pkgs/tools/security/trousers/disable-install-rule.patch b/pkgs/tools/security/trousers/disable-install-rule.patch
new file mode 100644
index 0000000000000..698beac9ffde8
--- /dev/null
+++ b/pkgs/tools/security/trousers/disable-install-rule.patch
@@ -0,0 +1,27 @@
+--- trousers-0.3.11/dist/Makefile.in	2013-08-14 06:49:37.597558787 +0200
++++ trousers-0.3.11/dist/Makefile.in	2013-08-14 06:50:07.134510774 +0200
+@@ -363,16 +363,16 @@
+ 	uninstall uninstall-am uninstall-hook
+ 
+ install: install-exec-hook
+-	if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi
+-	/bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true
+-	/bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
++#	echo if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi
++	echo /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true
++	echo /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
+ 
+ install-exec-hook:
+-	/usr/sbin/groupadd tss || true
+-	/usr/sbin/useradd -r tss -g tss || true
+-	/bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
+-	/bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
+-	/bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm
++	echo /usr/sbin/groupadd tss || true
++	echo /usr/sbin/useradd -r tss -g tss || true
++	echo /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
++	echo /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
++	echo /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm
+ 
+ uninstall-hook:
+ 	/usr/sbin/userdel tss || true
diff --git a/pkgs/tools/security/trousers/double-installed-man-page.patch b/pkgs/tools/security/trousers/double-installed-man-page.patch
new file mode 100644
index 0000000000000..6b40716120ea4
--- /dev/null
+++ b/pkgs/tools/security/trousers/double-installed-man-page.patch
@@ -0,0 +1,32 @@
+--- trousers-0.3.11/man/man3/Makefile.am	2013-08-14 04:57:47.018494495 +0200
++++ trousers-0.3.11/man/man3/Makefile.am	2013-08-14 04:58:10.353453471 +0200
+@@ -75,7 +75,6 @@
+ 	    Tspi_TPM_TakeOwnership.3 \
+ 	    Tspi_TPM_GetAuditDigest.3 \
+ 	    Tspi_TPM_OwnerGetSRKPubKey.3 \
+-	    Tspi_TPM_Quote.3 \
+ 	    Tspi_TPM_CMKSetRestrictions.3
+ if TSS_BUILD_DAA
+ man3_MANS += Tspi_DAA_IssueCredential.3 \
+--- trousers-0.3.11/man/man3/Makefile.in	2013-08-14 05:06:25.029490899 +0200
++++ trousers-0.3.11/man/man3/Makefile.in	2013-08-14 05:06:43.153457942 +0200
+@@ -243,7 +243,7 @@
+ 	Tspi_TPM_PcrExtend.3 Tspi_TPM_Quote.3 Tspi_TPM_SelfTestFull.3 \
+ 	Tspi_TPM_SetStatus.3 Tspi_TPM_StirRandom.3 \
+ 	Tspi_TPM_TakeOwnership.3 Tspi_TPM_GetAuditDigest.3 \
+-	Tspi_TPM_OwnerGetSRKPubKey.3 Tspi_TPM_Quote.3 \
++	Tspi_TPM_OwnerGetSRKPubKey.3 \
+ 	Tspi_TPM_CMKSetRestrictions.3 $(am__append_1)
+ EXTRA_DIST = $(man3_MANS)
+ all: all-am
+--- trousers-0.3.11/man/man3/Makefile	2013-08-14 05:07:05.686414845 +0200
++++ trousers-0.3.11/man/man3/Makefile	2013-08-14 05:07:23.233381327 +0200
+@@ -243,7 +243,7 @@
+ 	Tspi_TPM_PcrExtend.3 Tspi_TPM_Quote.3 Tspi_TPM_SelfTestFull.3 \
+ 	Tspi_TPM_SetStatus.3 Tspi_TPM_StirRandom.3 \
+ 	Tspi_TPM_TakeOwnership.3 Tspi_TPM_GetAuditDigest.3 \
+-	Tspi_TPM_OwnerGetSRKPubKey.3 Tspi_TPM_Quote.3 \
++	Tspi_TPM_OwnerGetSRKPubKey.3 \
+ 	Tspi_TPM_CMKSetRestrictions.3 $(am__append_1)
+ EXTRA_DIST = $(man3_MANS)
+ all: all-am