dev-libs/libtpms: new package, add 0.9.6

Signed-off-by: orbea <orbea@riseup.net>

7 files changed, 190 insertions, 0 deletions

diff --git a/dev-libs/libtpms/Manifest b/dev-libs/libtpms/Manifest
new file mode 100644
index 0000000..b253048
--- /dev/null
+++ b/dev-libs/libtpms/Manifest
@@ -0,0 +1 @@
+DIST libtpms-0.9.6.tar.gz 1264338 BLAKE2B 7b127ef370a48214814bb9ad0e8461ed0af21f32ab84f243945980c5e36ba5e374b4de7a83bf9c67c29264609063d48eae2dae83832daed70170bb1ed39eafea SHA512 35f26e4849eb98cd73461aff439c19f77bbbcde9b7661402e3d419354c4dcddd057349c4f7178573f1ceea2e95326498eb9afea3bd48064bbff534fc7f6939c3
diff --git a/dev-libs/libtpms/files/407.patch b/dev-libs/libtpms/files/407.patch
new file mode 100644
index 0000000..2c7aecf
--- /dev/null
+++ b/dev-libs/libtpms/files/407.patch
@@ -0,0 +1,27 @@
+From 96cf3dede02cbf58134115603209d863fc82a06c Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Wed, 13 Mar 2024 10:01:49 -0700
+Subject: [PATCH] tpm_crypto: add missing openssl includes
+
+This fixes the build with LibreSSL 3.9.0 where many implicit
+declarations for BN_, EVP_ and RSA_ functions occur which were
+implicitly included before.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/tpm12/tpm_crypto.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tpm12/tpm_crypto.c b/src/tpm12/tpm_crypto.c
+index bcbaa7fc2..628e27cc2 100644
+--- a/src/tpm12/tpm_crypto.c
++++ b/src/tpm12/tpm_crypto.c
+@@ -48,6 +48,8 @@
+ #include <openssl/rand.h>
+ #include <openssl/sha.h>
+ #include <openssl/engine.h>
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
+ 
+ #include "tpm_cryptoh.h"
+ #include "tpm_debug.h"
diff --git a/dev-libs/libtpms/files/libtpms-0.9.0-Remove-WError.patch b/dev-libs/libtpms/files/libtpms-0.9.0-Remove-WError.patch
new file mode 100644
index 0000000..14fe4c5
--- /dev/null
+++ b/dev-libs/libtpms/files/libtpms-0.9.0-Remove-WError.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index 5f995a8..957c461 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -321,7 +321,7 @@ if test "x$enable_hardening" != "xno"; then
+ 	AC_SUBST([HARDENING_LDFLAGS])
+ fi
+ 
+-AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes"
++AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes"
+ AM_CFLAGS="$AM_CFLAGS"
+ AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
+ 
diff --git a/dev-libs/libtpms/files/libtpms-0.9.5-slibtool.patch b/dev-libs/libtpms/files/libtpms-0.9.5-slibtool.patch
new file mode 100644
index 0000000..7e83434
--- /dev/null
+++ b/dev-libs/libtpms/files/libtpms-0.9.5-slibtool.patch
@@ -0,0 +1,52 @@
+Bug: https://bugs.gentoo.org/858671
+Upstream-PR: https://github.com/stefanberger/libtpms/pull/344
+Upstream-Commit: https://github.com/stefanberger/libtpms/commit/0c2bc32a21e2c7218faa8cd6d5cf31b13835e6d5
+
+From 343f1b21b36fe98daf31c355ebc12902ba7e162a Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Fri, 15 Jul 2022 17:02:43 -0700
+Subject: [PATCH] tests: Fix the build with slibtool
+
+When building the tests with `make check` and slibtool the tests will
+then all fail to load libtpms.so.0.
+
+  $ ./base64decode
+  /tmp/libtpms/tests/.libs/base64decode: error while loading shared libraries: libtpms.so.0: cannot open shared object file: No such file or directory
+
+This happens because they are linked with -ltpms rather than the
+libtpms.la file which has unexpected results with slibtool. GNU libtool
+does some magic to make this work while slibtool fails to link the
+dependency.
+
+The correct way to link internal dependencies is directly with the
+libtool archive (.la) files where the -lfoo linker flags should be only
+used with external dependencies. Additionally -no-undefined is added to
+the LDFLAGS to ensure there aren't undefined references in the future.
+
+Note:
+
+* This doesn't happen if libtpms is installed to the system and the tests
+  find the already installs libtpms rather than the newly built library.
+
+* GNU libtool silently ignores -no-undefined, but slibtool will respect
+  it.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ tests/Makefile.am | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index eb23c59a4..d3d831938 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -10,7 +10,8 @@ TESTS_ENVIRONMENT = \
+   abs_top_srcdir=`cd '$(top_srcdir)'; pwd`
+ 
+ AM_CFLAGS = -I$(top_srcdir)/include $(SANITIZERS)
+-AM_LDFLAGS = -ltpms -L$(top_builddir)/src/.libs $(SANITIZERS)
++AM_LDFLAGS = -no-undefined $(SANITIZERS)
++LDADD = $(top_builddir)/src/libtpms.la
+ 
+ check_PROGRAMS = \
+ 	base64decode
diff --git a/dev-libs/libtpms/files/libtpms-0.9.6-libressl.patch b/dev-libs/libtpms/files/libtpms-0.9.6-libressl.patch
new file mode 100644
index 0000000..8b7041c
--- /dev/null
+++ b/dev-libs/libtpms/files/libtpms-0.9.6-libressl.patch
@@ -0,0 +1,29 @@
+https://github.com/stefanberger/libtpms/pull/407
+
+From 96cf3dede02cbf58134115603209d863fc82a06c Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Wed, 13 Mar 2024 10:01:49 -0700
+Subject: [PATCH] tpm_crypto: add missing openssl includes
+
+This fixes the build with LibreSSL 3.9.0 where many implicit
+declarations for BN_, EVP_ and RSA_ functions occur which were
+implicitly included before.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/tpm12/tpm_crypto.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tpm12/tpm_crypto.c b/src/tpm12/tpm_crypto.c
+index bcbaa7fc2..628e27cc2 100644
+--- a/src/tpm12/tpm_crypto.c
++++ b/src/tpm12/tpm_crypto.c
+@@ -48,6 +48,8 @@
+ #include <openssl/rand.h>
+ #include <openssl/sha.h>
+ #include <openssl/engine.h>
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
+ 
+ #include "tpm_cryptoh.h"
+ #include "tpm_debug.h"
diff --git a/dev-libs/libtpms/libtpms-0.9.6.ebuild b/dev-libs/libtpms/libtpms-0.9.6.ebuild
new file mode 100644
index 0000000..10f0bf4
--- /dev/null
+++ b/dev-libs/libtpms/libtpms-0.9.6.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="Library providing software emultion of a TPM"
+HOMEPAGE="https://github.com/stefanberger/libtpms"
+SRC_URI="https://github.com/stefanberger/libtpms/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~loong ~ppc ppc64 ~riscv x86"
+
+DEPEND="dev-libs/openssl:="
+RDEPEND="${DEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.9.0-Remove-WError.patch"
+	"${FILESDIR}/${PN}-0.9.5-slibtool.patch" # 858671
+	"${FILESDIR}/${PN}-0.9.6-libressl.patch"
+)
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		--with-openssl
+}
+
+src_install() {
+	default
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	if [[ ${REPLACING_VERSIONS} ]] && ver_test ${REPLACING_VERSIONS} -lt 0.8.0; then
+		elog "Versions of libtpms prior to 0.8.0 generate weaker than expected TPM 2.0 RSA"
+		elog "keys due to a flawed key creation algorithm. Because fixing this would render"
+		elog "existing sealed data inaccessible, to use the corrected algorithm, the old"
+		elog "TPM state file must be deleted and a new TPM state file created. Data still"
+		elog "sealed using the old state file will be permanently inaccessible. For the"
+		elog "details see https://github.com/stefanberger/libtpms/issues/183"
+	fi
+}
diff --git a/dev-libs/libtpms/metadata.xml b/dev-libs/libtpms/metadata.xml
new file mode 100644
index 0000000..655ec18
--- /dev/null
+++ b/dev-libs/libtpms/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>salah.coronya@gmail.com</email>
+		<name>Christopher Byrne</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>virtualization@gentoo.org</email>
+		<name>Gentoo Virtualization Project</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">stefanberger/libtpms</remote-id>
+	</upstream>
+</pkgmetadata>