diff options
-rw-r--r-- | core/modules/libvirt/module.conf | 1 | ||||
-rw-r--r-- | core/modules/qemu-src/module.build | 1 | ||||
-rw-r--r-- | core/modules/swtpm/module.build | 78 | ||||
-rw-r--r-- | core/modules/swtpm/module.conf | 9 | ||||
-rw-r--r-- | core/modules/swtpm/module.conf.ubuntu | 20 | ||||
l--------- | core/targets/qemu/swtpm | 1 |
6 files changed, 110 insertions, 0 deletions
diff --git a/core/modules/libvirt/module.conf b/core/modules/libvirt/module.conf index 11090887..68ca993a 100644 --- a/core/modules/libvirt/module.conf +++ b/core/modules/libvirt/module.conf @@ -2,6 +2,7 @@ REQUIRED_MODULES=" libvirt-src + swtpm " REQUIRED_BINARIES="" diff --git a/core/modules/qemu-src/module.build b/core/modules/qemu-src/module.build index 5f3fce34..a5d8ce4b 100644 --- a/core/modules/qemu-src/module.build +++ b/core/modules/qemu-src/module.build @@ -41,6 +41,7 @@ build() { --enable-vhost-user \ --enable-libudev \ --enable-brlapi \ + --enable-tpm \ --audio-drv-list="pa alsa" \ --enable-modules || perror "'configure' failed." make || perror "'make' failed." diff --git a/core/modules/swtpm/module.build b/core/modules/swtpm/module.build new file mode 100644 index 00000000..0d4264b4 --- /dev/null +++ b/core/modules/swtpm/module.build @@ -0,0 +1,78 @@ +#!/bin/bash +fetch_source() { + autoclone +} + +build() { + local SRCDIR_LIB="${MODULE_WORK_DIR}/src/libtpms" + local SRCDIR_BIN="${MODULE_WORK_DIR}/src/swtpm" + local DSTDIR="${MODULE_BUILD_DIR}" + + cde "${SRCDIR_LIB}" + + autoreconf --install --force + + ./configure \ + --prefix="/usr" \ + --with-openssl \ + --with-tpm2 || perror "'configure' failed." + make || perror "'make' failed." + DESTDIR="${DSTDIR}" make install || perror "'make install' failed." + + cde "${SRCDIR_BIN}" + + # save original path content before modifying path variable + local PATH_OLD="${PATH}" + + # set config paths for additional pkg-config files + export PKG_CONFIG_PATH="${DSTDIR}/usr/lib/pkgconfig" + # set system root directory for prebuilt headers and libraries, e.g. libvirt-glib + export PKG_CONFIG_SYSROOT_DIR="${DSTDIR}" + # enable output of all system include directories + export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + # enable output of all system library directories + export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 + + # create custom pkg-config program to patch paths from pkg-build config files in our build directory + cat > "${SRCDIR_BIN}/pkg-config" <<-EOF + #!/bin/bash + + # unset custom path to avoid call recursion of this custom pkg-config script + unset PATH + + # call patched pkg-config wrapper from mltk bin directory + exec "${ROOT_DIR}/core/bin/pkg-config.sh" "\${@}" + EOF + chmod +x "${SRCDIR_BIN}/pkg-config" + + # Remove usage of /usr/bin/env to avoid PATH manipulation attacks + sed -i 's/env //' samples/swtpm-create-tpmca samples/swtpm-create-user-config-files.in + + PATH="${SRCDIR}:${PATH}" \ + autoreconf --install --force + + # overwrite search path to inject custom pkg-config program + PATH="${SRCDIR}:${PATH}" \ + ./configure \ + --prefix="/usr" \ + --with-cuse \ + --with-gnutls \ + --with-seccomp || perror "'configure' failed." + make || perror "'make' failed." + DESTDIR="${DSTDIR}" make install || perror "'make install' failed." + + rm "${SRCDIR_BIN}/pkg-config" + + # restore old environment so that following pkg-config calls are not modified + unset PKG_CONFIG_PATH + unset PKG_CONFIG_SYSROOT_DIR + unset PKG_CONFIG_ALLOW_SYSTEM_CFLAGS + unset PKG_CONFIG_ALLOW_SYSTEM_LIBS + + # restore original path variable + export PATH="${PATH_OLD}" +} + +post_copy() { + : +} diff --git a/core/modules/swtpm/module.conf b/core/modules/swtpm/module.conf new file mode 100644 index 00000000..2378ebb4 --- /dev/null +++ b/core/modules/swtpm/module.conf @@ -0,0 +1,9 @@ +#!/bin/bash + +REQUIRED_GIT=" + https://github.com/stefanberger/libtpms.git||v0.9.0 + https://github.com/stefanberger/swtpm.git||v0.6.1 +" + +# copy everything since there is a clean installation done by 'make install' +REQUIRED_DIRECTORIES="/" diff --git a/core/modules/swtpm/module.conf.ubuntu b/core/modules/swtpm/module.conf.ubuntu new file mode 100644 index 00000000..a142e4d7 --- /dev/null +++ b/core/modules/swtpm/module.conf.ubuntu @@ -0,0 +1,20 @@ +#!/bin/bash +REQUIRED_INSTALLED_PACKAGES=" + gcc + debhelper + expect + gawk + gnutls-bin + gnutls-dev + openssl + libfuse-dev + libglib2.0-dev + libjson-glib-dev + libseccomp-dev + libssl-dev + libtasn1-dev + libtool + net-tools + socat + softhsm2 +" diff --git a/core/targets/qemu/swtpm b/core/targets/qemu/swtpm new file mode 120000 index 00000000..0fe707b0 --- /dev/null +++ b/core/targets/qemu/swtpm @@ -0,0 +1 @@ +../../modules/swtpm
\ No newline at end of file |