diff options
author | Manuel Bentele | 2021-11-05 13:30:03 +0100 |
---|---|---|
committer | Manuel Bentele | 2021-11-05 13:30:03 +0100 |
commit | ad3811b12b80615436f83b2aabf6fdd3fe4b1eb4 (patch) | |
tree | adc529d3b72c64a3531f1d6e883f9683ff4b684b /core/modules/swtpm | |
parent | [pkg-config] Fix invalid space at line end in pkg-config wrapper (diff) | |
download | mltk-ad3811b12b80615436f83b2aabf6fdd3fe4b1eb4.tar.gz mltk-ad3811b12b80615436f83b2aabf6fdd3fe4b1eb4.tar.xz mltk-ad3811b12b80615436f83b2aabf6fdd3fe4b1eb4.zip |
[swtpm] Add module for TPM emulation for QEMU machines (e.g. Windows 11)
Diffstat (limited to 'core/modules/swtpm')
-rw-r--r-- | core/modules/swtpm/module.build | 78 | ||||
-rw-r--r-- | core/modules/swtpm/module.conf | 9 | ||||
-rw-r--r-- | core/modules/swtpm/module.conf.ubuntu | 20 |
3 files changed, 107 insertions, 0 deletions
diff --git a/core/modules/swtpm/module.build b/core/modules/swtpm/module.build new file mode 100644 index 00000000..0d4264b4 --- /dev/null +++ b/core/modules/swtpm/module.build @@ -0,0 +1,78 @@ +#!/bin/bash +fetch_source() { + autoclone +} + +build() { + local SRCDIR_LIB="${MODULE_WORK_DIR}/src/libtpms" + local SRCDIR_BIN="${MODULE_WORK_DIR}/src/swtpm" + local DSTDIR="${MODULE_BUILD_DIR}" + + cde "${SRCDIR_LIB}" + + autoreconf --install --force + + ./configure \ + --prefix="/usr" \ + --with-openssl \ + --with-tpm2 || perror "'configure' failed." + make || perror "'make' failed." + DESTDIR="${DSTDIR}" make install || perror "'make install' failed." + + cde "${SRCDIR_BIN}" + + # save original path content before modifying path variable + local PATH_OLD="${PATH}" + + # set config paths for additional pkg-config files + export PKG_CONFIG_PATH="${DSTDIR}/usr/lib/pkgconfig" + # set system root directory for prebuilt headers and libraries, e.g. libvirt-glib + export PKG_CONFIG_SYSROOT_DIR="${DSTDIR}" + # enable output of all system include directories + export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + # enable output of all system library directories + export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 + + # create custom pkg-config program to patch paths from pkg-build config files in our build directory + cat > "${SRCDIR_BIN}/pkg-config" <<-EOF + #!/bin/bash + + # unset custom path to avoid call recursion of this custom pkg-config script + unset PATH + + # call patched pkg-config wrapper from mltk bin directory + exec "${ROOT_DIR}/core/bin/pkg-config.sh" "\${@}" + EOF + chmod +x "${SRCDIR_BIN}/pkg-config" + + # Remove usage of /usr/bin/env to avoid PATH manipulation attacks + sed -i 's/env //' samples/swtpm-create-tpmca samples/swtpm-create-user-config-files.in + + PATH="${SRCDIR}:${PATH}" \ + autoreconf --install --force + + # overwrite search path to inject custom pkg-config program + PATH="${SRCDIR}:${PATH}" \ + ./configure \ + --prefix="/usr" \ + --with-cuse \ + --with-gnutls \ + --with-seccomp || perror "'configure' failed." + make || perror "'make' failed." + DESTDIR="${DSTDIR}" make install || perror "'make install' failed." + + rm "${SRCDIR_BIN}/pkg-config" + + # restore old environment so that following pkg-config calls are not modified + unset PKG_CONFIG_PATH + unset PKG_CONFIG_SYSROOT_DIR + unset PKG_CONFIG_ALLOW_SYSTEM_CFLAGS + unset PKG_CONFIG_ALLOW_SYSTEM_LIBS + + # restore original path variable + export PATH="${PATH_OLD}" +} + +post_copy() { + : +} diff --git a/core/modules/swtpm/module.conf b/core/modules/swtpm/module.conf new file mode 100644 index 00000000..2378ebb4 --- /dev/null +++ b/core/modules/swtpm/module.conf @@ -0,0 +1,9 @@ +#!/bin/bash + +REQUIRED_GIT=" + https://github.com/stefanberger/libtpms.git||v0.9.0 + https://github.com/stefanberger/swtpm.git||v0.6.1 +" + +# copy everything since there is a clean installation done by 'make install' +REQUIRED_DIRECTORIES="/" diff --git a/core/modules/swtpm/module.conf.ubuntu b/core/modules/swtpm/module.conf.ubuntu new file mode 100644 index 00000000..a142e4d7 --- /dev/null +++ b/core/modules/swtpm/module.conf.ubuntu @@ -0,0 +1,20 @@ +#!/bin/bash +REQUIRED_INSTALLED_PACKAGES=" + gcc + debhelper + expect + gawk + gnutls-bin + gnutls-dev + openssl + libfuse-dev + libglib2.0-dev + libjson-glib-dev + libseccomp-dev + libssl-dev + libtasn1-dev + libtool + net-tools + socat + softhsm2 +" |