[arch-commits] Commit in swtpm/trunk (PKGBUILD)

Jonas Witschel diabonas at archlinux.org
Sat Aug 29 11:10:49 UTC 2020 

    Date: Saturday, August 29, 2020 @ 11:10:49
  Author: diabonas
Revision: 692187

upgpkg: swtpm 0.4.0-1: upstream release

The directory permissions for /var/lib/swtpm-localca have been changed upstream in
https://github.com/stefanberger/swtpm/commit/5d613001c1948edcd7b2a268b71f093858b559f8

Modified:
  swtpm/trunk/PKGBUILD

----------+
 PKGBUILD |   28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-08-29 09:18:49 UTC (rev 692186)
+++ PKGBUILD	2020-08-29 11:10:49 UTC (rev 692187)
@@ -1,7 +1,7 @@
 # Maintainer: Jonas Witschel <diabonas at archlinux.org>
 pkgname=swtpm
-pkgver=0.3.4
-_tag=ce0efb8e5aa1cd255fdad91c5e18835786eff9c0 # git rev-parse "v$pkgver"
+pkgver=0.4.0
+_tag=72ee136b1b3aa4c8f9b431ba11253352f4783808 # git rev-parse "v$pkgver"
 pkgrel=1
 pkgdesc='Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface'
 arch=('x86_64')
@@ -8,9 +8,10 @@
 url='https://github.com/stefanberger/swtpm'
 license=('BSD')
 depends=('fuse2' 'glib2' 'libseccomp' 'libtpms' 'libseccomp.so')
-makedepends=('git' 'expect' 'gnutls' 'libtasn1' 'python' 'socat')
-checkdepends=('softhsm')
-optdepends=('gnutls: swtpm_cert support') 
+makedepends=('git' 'gnutls' 'libtasn1' 'python' 'python-cryptography' 'python-setuptools' 'socat')
+checkdepends=('net-tools' 'softhsm')
+optdepends=('gnutls: swtpm_cert support'
+            'python-cryptography: swtpm_setup.sh support') 
 source=("git+$url.git?signed#tag=$_tag")
 sha512sums=('SKIP')
 validpgpkeys=('B818B9CADF9089C2D5CEC66B75AD65802A0B4211') # Stefan Berger <stefanb at linux.vnet.ibm.com>
@@ -23,16 +24,25 @@
 prepare() {
 	cd "$pkgname"
 
-	# Remove make dependency on netstat (https://github.com/stefanberger/swtpm/pull/290)
-	git cherry-pick --no-commit 609dfd873a31fc0402752c50d1d5cfa58949507f
+	# Build Python module according to the Python package guidelines
+	sed -i 's/--install-layout deb/--optimize=1 --skip-build/' src/swtpm_setup/Makefile.am
 
+	# Remove usage of /usr/bin/env to avoid PATH manipulation attacks
+	sed -i 's/env //' samples/swtpm-create-tpmca samples/swtpm-create-user-config-files.in \
+	                  samples/swtpm-localca.in src/swtpm_setup/py_swtpm_setup/swtpm_setup.py \
+	                  src/swtpm_setup/swtpm_setup.sh
+
 	autoreconf --install --force
 }
 
 build() {
 	cd "$pkgname"
-	./configure --prefix=/usr --with-tss-user=tss --with-tss-group=tss --with-cuse --with-gnutls --with-seccomp
+	./configure --prefix=/usr --with-cuse --with-gnutls --with-seccomp \
+	            EXPECT=/usr/bin/false PIP3=/usr/bin/false # pass checks for unused dependencies 
 	make
+
+	cd src/swtpm_setup
+	python setup.py build
 }
 
 check() {
@@ -45,5 +55,5 @@
 	make DESTDIR="$pkgdir" install
 	install -Dm644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname"
 	echo 'u tss - "tss user for tpm2"' | install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
-	echo 'z /var/lib/swtpm-localca - tss tss' | install -Dm644 /dev/stdin "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+	echo 'z /var/lib/swtpm-localca 0750 tss root' | install -Dm644 /dev/stdin "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
 }

More information about the arch-commits mailing list