azl3: NEW: swtpm tpm2-pkcs11 tpm2-pytss. UPGRADE: tpm2-tools tpm2-tss (#7381)

2024-01-31 10:25:54 -08:00 · 2024-01-31 10:25:54 -08:00 · 751d0b1b4b
--- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
+++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
--- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json
+++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json
@ -1970,6 +1970,7 @@
                "SuperLU",
                "supermin",
                "switcheroo-control",
+                "swtpm",
                "symlinks",
                "sympy",
                "sysfsutils",
@ -3006,6 +3007,8 @@
                "texinfo",
                "tmux",
                "tpm2-abrmd",
+                "tpm2-pkcs11",
+                "tpm2-pytss",
                "tpm2-tools",
                "tpm2-tss",
                "traceroute",
--- a/SPECS/swtpm/swtpm.signatures.json
+++ b/SPECS/swtpm/swtpm.signatures.json
@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "swtpm-d2849a9.tar.gz": "8760292610f602195d89bd5e532562ddaab37d2e6d69a2b15494bb3dabe710e8"
+ }
+}
--- a/SPECS/swtpm/swtpm.spec
+++ b/SPECS/swtpm/swtpm.spec
@ -0,0 +1,361 @@
+%bcond_without gnutls
+
+%global gitdate     20230815
+%global gitcommit   d2849a9f5ced70438d67036693438344b47b4161
+%global gitshortcommit  %(c=%{gitcommit}; echo ${c:0:7})
+
+# Macros needed by SELinux
+%global selinuxtype targeted
+%global moduletype  contrib
+%global modulename  swtpm
+
+Summary: TPM Emulator
+Name:           swtpm
+Version:        0.8.1
+Release:        4%{?dist}
+License:        BSD-3-Clause
+Url:            http://github.com/stefanberger/swtpm
+Source0:        %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
+
+BuildRequires:  make
+BuildRequires:  git-core
+BuildRequires:  automake
+BuildRequires:  autoconf
+BuildRequires:  libtool
+BuildRequires:  libtpms-devel >= 0.6.0
+BuildRequires:  expect
+BuildRequires:  net-tools
+BuildRequires:  openssl-devel
+BuildRequires:  socat
+BuildRequires:  softhsm
+BuildRequires:  json-glib-devel
+%if %{with gnutls}
+BuildRequires:  gnutls >= 3.4.0
+BuildRequires:  gnutls-devel
+BuildRequires:  gnutls-utils
+BuildRequires:  libtasn1-devel
+BuildRequires:  libtasn1
+%endif
+BuildRequires:  selinux-policy-devel
+BuildRequires:  gcc
+BuildRequires:  libseccomp-devel
+BuildRequires:  tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
+BuildRequires:  python3-devel
+
+Requires:       %{name}-libs = %{version}-%{release}
+Requires:       libtpms >= 0.6.0
+Requires:       (%{name}-selinux if selinux-policy-targeted)
+
+%description
+TPM emulator built on libtpms providing TPM functionality for QEMU VMs
+
+%package        libs
+Summary:        Private libraries for swtpm TPM emulators
+License:        BSD-3-Clause
+
+%description    libs
+A private library with callback functions for libtpms based swtpm TPM emulator
+
+%package        devel
+Summary:        Include files for the TPM emulator's CUSE interface for usage by clients
+License:        BSD-3-Clause
+Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description    devel
+Include files for the TPM emulator's CUSE interface.
+
+%package        tools
+Summary:        Tools for the TPM emulator
+License:        BSD-3-Clause
+Requires:       swtpm = %{version}-%{release}
+Requires:       bash gnutls-utils
+
+%description    tools
+Tools for the TPM emulator from the swtpm package
+
+%package        tools-pkcs11
+Summary:        Tools for creating a local CA based on a TPM pkcs11 device
+License:        BSD-3-Clause
+Requires:       swtpm-tools = %{version}-%{release}
+Requires:       tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
+Requires:       expect gnutls-utils
+
+%description   tools-pkcs11
+Tools for creating a local CA based on a pkcs11 device
+
+%package        selinux
+Summary:        SELinux security policy for swtpm
+Requires(post): swtpm = %{version}-%{release}
+BuildArch:      noarch
+%if ! 0%{?flatpak}
+%{?selinux_requires}
+%endif
+
+%description    selinux
+SELinux security policy for swtpm.
+
+%prep
+%autosetup -S git -n %{name}-%{gitcommit} -p1
+
+%build
+
+NOCONFIGURE=1 ./autogen.sh
+%configure \
+%if %{with gnutls}
+        --with-gnutls \
+%endif
+        --without-cuse
+
+%make_build
+
+%check
+make %{?_smp_mflags} check VERBOSE=1
+
+%install
+
+%make_install
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
+
+%post selinux
+for pp in /usr/share/selinux/packages/swtpm.pp \
+          /usr/share/selinux/packages/swtpm_svirt.pp; do
+  %selinux_modules_install -s %{selinuxtype} ${pp}
+done
+restorecon %{_bindir}/swtpm
+
+%postun selinux
+if [ $1 -eq  0 ]; then
+  for p in swtpm swtpm_svirt; do
+    %selinux_modules_uninstall -s %{selinuxtype} $p
+  done
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
+
+%ldconfig_post libs
+%ldconfig_postun libs
+
+%files
+%license LICENSE
+%doc README
+%{_bindir}/swtpm
+%{_mandir}/man8/swtpm.8*
+
+%files selinux
+%{_datadir}/selinux/packages/swtpm.pp
+%{_datadir}/selinux/packages/swtpm_svirt.pp
+
+%files libs
+%license LICENSE
+%doc README
+
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/libswtpm_libtpms.so.0
+%{_libdir}/%{name}/libswtpm_libtpms.so.0.0.0
+
+%files devel
+%dir %{_includedir}/%{name}
+%{_includedir}/%{name}/*.h
+%{_mandir}/man3/swtpm_ioctls.3*
+
+%files tools
+%doc README
+%{_bindir}/swtpm_bios
+%if %{with gnutls}
+%{_bindir}/swtpm_cert
+%endif
+%{_bindir}/swtpm_setup
+%{_bindir}/swtpm_ioctl
+%{_bindir}/swtpm_localca
+%{_mandir}/man5/swtpm-localca.conf.5*
+%{_mandir}/man5/swtpm-localca.options.5*
+%{_mandir}/man5/swtpm_setup.conf.5*
+%{_mandir}/man8/swtpm_bios.8*
+%{_mandir}/man8/swtpm_cert.8*
+%{_mandir}/man8/swtpm_ioctl.8*
+%{_mandir}/man8/swtpm-localca.8*
+%{_mandir}/man8/swtpm_localca.8*
+%{_mandir}/man8/swtpm_setup.8*
+%exclude %{_mandir}/man8/swtpm_cuse.8.gz
+%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
+%config(noreplace) %{_sysconfdir}/swtpm-localca.options
+%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
+%dir %{_datadir}/swtpm
+%{_datadir}/swtpm/swtpm-localca
+%{_datadir}/swtpm/swtpm-create-user-config-files
+%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca
+
+%files tools-pkcs11
+%{_mandir}/man8/swtpm-create-tpmca.8*
+%{_datadir}/swtpm/swtpm-create-tpmca
+
+%changelog
+* Mon Jan 22 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 0.8.1-4
+- Initial CBL-Mariner import from Fedora 39 (license: MIT).  License verified.
+
+* Wed Aug 16 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-3
+- Build for i686 again since dependency issue resolved
+
+* Tue Aug 15 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-2
+- Don't build tools-pkcs11 for i686 since python-tpm2-pytss is not built for it
+- Set license to BSD-3-Clause for all packages
+
+* Tue Aug 15 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-1
+- Update to v0.8.1 release
+
+* Sat Jul 22 2023 Adam Williamson <awilliam@redhat.com> - 0.8.0-7
+- Make swtpm-selinux Requires(post) swtpm (#2223276)
+
+* Thu Jul 20 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-6
+- Added a 'Requires' on swtpm for swtpm-selinux package
+
+* Wed Jul 19 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-4
+- Split off SELinux policy into swtpm-selinux
+
+* Mon May 15 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 0.8.0-4
+- Remove trousers dependency from RHEL builds
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Nov 10 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-2
+- Adding patch needed on Rawhide build servers only
+
+* Thu Nov 10 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-1
+- Update to v0.8.0 release
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.3-2.20220427gitf2268ee
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Apr 27 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-1.20220427gitf2268ee
+- Update to v0.7.3 release
+
+* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-1.20220307git21c90c1
+- Update to v0.7.2 release
+
+* Fri Feb 18 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-1.20220218git92a7035
+- Update to v0.7.1 release
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-2.20211109gitb79fd91
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Nov 09 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-1.20211109gitb79fd91
+- Update to v0.7.0 release
+
+* Tue Sep 21 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-1.20210921git98187d2
+- Update to v0.6.1 release
+
+* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210916gita0ca7c3
+- Build upcoming v0.6.1 that has patch to build with OpenSSL 3.0.0
+
+* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com.> - 0.6.0-5.20210607gitea627b3
+- Applied patch with -Wno-deprecated-declarations for build with OpenSSL 3.0.0
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.6.0-4.20210607gitea627b3
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-3.20210607gitea627b3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jul 13 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 0.6.0-2.20210706gitea627b
+- Add an explicit BuildRequires for python3-devel
+
+* Mon Jun 07 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-1.20210706gitea627b
+- Update to v0.6.0 release
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.5.2-4.20201226gite59c0c1
+- Rebuilt for Python 3.10
+
+* Wed Apr 07 2021 Marc-AndrĂ© Lureau <marcandre.lureau@redhat.com> - 0.5.2-3.20201226gite59c0c1
+- Remove unnecessary python3-twisted dependency
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-2.20201226gite59c0c1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Dec 26 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.2-1.20201226gite59c0c1a
+- Bugfixes for stable release
+
+* Mon Dec 07 2020 Jeff Law <law@redhat.com> - 0.5.1-3.20201117git96f5a04c
+- Avoid diagnostic from gcc-11
+
+* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.1-2.20201117git96f5a04c
+- Another build of v0.5.1 after more fixes
+
+* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.1-1.20201007git390f5bd4
+- Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407)
+
+* Wed Oct 7 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.5.0-1.20201007gitb931e109
+- Update to v0.5.0 release
+
+* Fri Aug 28 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.4.0-1.20200828git0c238a2
+- Update to v0.4.0 release
+
+* Thu Aug 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-2.20200711git80f0418
+- Disable pkcs11 related test case running into GnuTLS locking bug
+
+* Tue Aug 11 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.3.4-1.20200711git80f0418
+- Update to v0.3.4 release
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3.20200218git74ae43b
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-2.20200218git74ae43b
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Feb 24 2020 Marc-AndrĂ© Lureau <marcandre.lureau@redhat.com> - 0.3.0-1.20200218git74ae43b
+- Update to v0.3.0 release
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-7.20191115git8dae4b3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Nov 15 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-6.20191018git8dae4b3
+- follow stable-0.2.0 branch with fix of GnuTLS API call to get subject key ID
+
+* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-5.20191018git9227cf4
+- follow stable-0.2.0 branch with swtpm_cert OID bugfix for TPM 2
+
+* Tue Aug 13 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-4.20190801git13536aa
+- run 'restorecon' on swtpm in post to get SELinux label on first install
+
+* Thu Aug 01 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-3.20190801git13536aa
+- follow stable-0.2.0 branch with some bug fixes
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-2.20190723gitf0b4137
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jul 23 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-1.20190723gitf0b4137
+- follow stable-0.2.0 branch with some bug fixes
+
+* Tue Jul 16 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.2.0-0.20190716git374b669
+- (tentative) v0.2.0 release of swtpm
+
+* Thu Apr 25 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20190425gitca85606
+- pick up bug fixes
+
+* Mon Feb 04 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20190204git2c25d13.1
+- v0.1.0 release of swtpm
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.0-0.20181212git8b9484a.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Dec 12 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181212git8b9484a
+- Follow improvements in swtpm repo primarily related to fixes for 'ubsan'
+
+* Tue Nov 06 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181106git05d8160
+- Follow improvements in swtpm repo
+- Remove ownership change of swtpm_setup.sh; have root own the file as required
+
+* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.1.0-0.20181031gitc782a85
+- Follow improvements and fixes in swtpm
+
+* Tue Oct 02 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20181002git0143c41
+- Fixes to SELinux policy
+- Improvements on various other parts
+* Tue Sep 25 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20180924gitce13edf
+- Initial Fedora build
+* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com> - 0.1.0-0.20180918git67d7ea3
+- Created initial version of rpm spec files
+- Version is now 0.1.0
+- Bugzilla for this spec: https://bugzilla.redhat.com/show_bug.cgi?id=1611829
--- a/SPECS/tpm2-abrmd/tpm2-abrmd.spec
+++ b/SPECS/tpm2-abrmd/tpm2-abrmd.spec
@ -1,7 +1,7 @@
 Summary:        TPM2 Access Broker & Resource Management Daemon implementing the TCG spec
 Name:           tpm2-abrmd
 Version:        3.0.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD 2-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -65,6 +65,9 @@ make DESTDIR=%{buildroot} install
 %{_mandir}/man7

 %changelog
+* Thu Jan 25 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 3.0.0-2
+- Increment version to rebuild with new tpm2-tss
+
 * Mon Nov 06 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0.0-1
 - Auto-upgrade to 3.0.0 - Azure Linux 3.0 - package upgrades

--- a/SPECS/tpm2-pkcs11/tpm2-pkcs11.signatures.json
+++ b/SPECS/tpm2-pkcs11/tpm2-pkcs11.signatures.json
@ -0,0 +1,5 @@
+{
+  "Signatures": {
+    "tpm2-pkcs11-1.9.0.tar.gz": "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b"
+  }
+}
--- a/SPECS/tpm2-pkcs11/tpm2-pkcs11.spec
+++ b/SPECS/tpm2-pkcs11/tpm2-pkcs11.spec
@ -0,0 +1,122 @@
+Summary:        OSS implementation of the TCG TPM2 Software Stack (TSS2)
+Name:           tpm2-pkcs11
+Version:        1.9.0
+Release:        1%{?dist}
+License:        BSD 2-Clause
+URL:            https://github.com/tpm2-software/tpm2-pkcs11
+Group:          System Environment/Security
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+
+Source0: https://github.com/tpm2-software/tpm2-pkcs11/releases/download/%{version}/%{name}-%{version}.tar.gz
+
+BuildRequires:  make
+BuildRequires:  gcc
+BuildRequires:  openssl-devel
+BuildRequires:  tpm2-tools
+BuildRequires:  tpm2-tss-devel
+BuildRequires:  tpm2-abrmd-devel
+BuildRequires:  libyaml-devel
+BuildRequires:  libgcrypt-devel
+BuildRequires:  sqlite-devel
+BuildRequires:  autoconf-archive
+BuildRequires:  python3-devel
+BuildRequires:  python3-cryptography
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-PyYAML
+BuildRequires:  python3-pyasn1-modules
+BuildRequires:  libcmocka-devel
+BuildRequires:  dbus
+BuildRequires:  tpm2-pytss
+
+%if 0%{?with_check}
+BuildRequires: python3-pip
+%endif
+
+Requires:   openssl
+Requires:   tpm2-tools
+Requires:   tpm2-tss
+Requires:   tpm2-abrmd
+Requires:   libyaml
+Requires:   sqlite-libs
+Requires:   tpm2-pytss
+
+%description
+OSS implementation of the TCG TPM2 PKCSv11 Software Stack
+
+%package          tools
+Summary:          The tools required to setup and configure TPM2 for PKCSv11
+Requires:         %{name} = %{version}-%{release}
+Requires:         python3
+Requires:         python3-cryptography
+Requires:         python3-setuptools
+Requires:         python3-pyasn1-modules
+Requires:         python3-PyYAML
+
+%description tools
+Tools for TCG TPM2 PKCSv11 Software Stack
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+
+%build
+
+%configure \
+    --enable-unit
+
+%make_build PACKAGE_VERSION=%{version}
+
+cd tools
+%py3_build
+
+%install
+%make_install %{?_smp_mflags}
+find %{buildroot}%{_libdir} -type f -name \*.la -delete
+rm %{buildroot}%{_libdir}/pkgconfig/tpm2-pkcs11.pc
+
+cd tools
+%py3_install
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%if 0%{?with_check}
+%check
+make %{?_smp_mflags} check
+cd tools
+python3 setup.py test
+%endif
+
+%files
+%defattr(-,root,root,-)
+%license LICENSE
+%{_libdir}/libtpm2_pkcs11.so
+%{_libdir}/libtpm2_pkcs11.so.0*
+
+%files tools
+%defattr(-,root,root,-)
+%{_bindir}/tpm2_ptool
+%{python3_sitelib}/*
+
+%changelog
+* Mon Jan 22 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 1.9.0-1
+- Initial CBL-Mariner import from Photon (license: Apache2).
+- Verified license
+* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 1.8.0-5
+- Bump version as a part of openssl upgrade
+* Wed Jan 11 2023 Oliver Kurth <okurth@vmware.com> 1.8.0-4
+- bump release as part of sqlite update
+* Tue Dec 06 2022 Prashant S Chauhan <psinghchauha@vmware.com> 1.8.0-3
+- Update release to compile with python 3.11
+* Sun Nov 13 2022 Shreenidhi Shedi <sshedi@vmware.com> 1.8.0-2
+- Bump version as a part of autoconf-archive upgrade
+* Tue Oct 04 2022 Shreenidhi Shedi <sshedi@vmware.com>  1.8.0-1
+- Upgrade to v1.8.0
+* Sat Jul 30 2022 Shreenidhi Shedi <sshedi@vmware.com> 1.6.0-4
+- Bump version as a part of sqlite upgrade
+* Mon Jun 20 2022 Shreenidhi Shedi <sshedi@vmware.com> 1.6.0-3
+- Fix cmocka dependency
+* Thu Sep 02 2021 Satya Naga Vasamsetty <svasamsetty@vmware.com> 1.6.0-2
+- openssl 3.0.0 compatibility
+* Sun Aug 8 2021 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 1.6.0-1
+- Initial build. First version
--- a/SPECS/tpm2-pytss/tpm2-pytss.signatures.json
+++ b/SPECS/tpm2-pytss/tpm2-pytss.signatures.json
@ -0,0 +1,5 @@
+{
+  "Signatures": {
+    "tpm2-pytss-1.2.0.tar.gz": "2072133020952bfd8c7113edfe744480470fa1846d0277882aad89b2cdf32c78"
+  }
+}
--- a/SPECS/tpm2-pytss/tpm2-pytss.spec
+++ b/SPECS/tpm2-pytss/tpm2-pytss.spec
@ -0,0 +1,68 @@
+Name:       tpm2-pytss
+Version:    1.2.0
+Release:    3%{?dist}
+Summary:    Python bindings for tpm2-tss
+License:    BSD
+URL:        https://github.com/tpm2-software/tpm2-pytss
+Group:      System Environment/Security
+Vendor:     Microsoft Corporation
+Distribution: Mariner
+
+Source0: https://github.com/tpm2-software/tpm2-pytss/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+
+BuildRequires: git
+BuildRequires: python3-devel
+BuildRequires: python3-pip
+BuildRequires: python3-pkgconfig
+BuildRequires: python3-pycparser
+BuildRequires: python3-setuptools
+BuildRequires: tpm2-tss-devel
+
+# packaging, asn1crypto, cryptography, and setuptools_scm are required in
+# Mariner build system, so these are additions to the photon spec
+BuildRequires: python3-asn1crypto
+BuildRequires: python3-cryptography
+BuildRequires: python3-packaging
+BuildRequires: python3-setuptools_scm
+
+%if 0%{?with_check}
+BuildRequires: python3-pytest
+BuildRequires: python3-cffi
+BuildRequires: python3-PyYAML
+%endif
+
+Requires: python3
+Requires: tpm2-tss
+
+%description
+TPM2 TSS Python bindings for Enhanced System API (ESYS).
+This package primarily exposes the TPM 2.0 Enhanced System API.
+
+%prep
+%autosetup -p1 -Sgit
+
+%build
+%py3_build
+
+%install
+%py3_install
+
+%if 0%{?with_check}
+%check
+export PYTHONPATH=%{buildroot}%{python3_sitelib}
+%pytest
+%endif
+
+%files
+%defattr(-,root,root)
+%{python3_sitelib}/*
+
+%changelog
+* Mon Jan 22 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 1.2.0-3
+- Initial CBL-Mariner import from Photon (license: Apache2).
+- Verified license
+* Mon Oct 31 2022 Prashant S Chauhan <psinghchauha@vmware.com> 1.2.0-2
+- Update release to compile with python 3.11
+* Wed Oct 05 2022 Shreenidhi Shedi <sshedi@vmware.com> 1.2.0-1
+- First build. Needed for tpm2-pkcs11.
--- a/SPECS/tpm2-tools/tpm2-tools.signatures.json
+++ b/SPECS/tpm2-tools/tpm2-tools.signatures.json
@ -1,5 +1,5 @@
 {
 "Signatures": {
-  "tpm2-tools-4.3.2.tar.gz": "e2802d4093a24b2c65b1f913d0f4c68eadde9b8fd8a9b7a3b17a6e50765e8350"
+  "tpm2-tools-5.5.tar.gz": "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123"
 }
 }
--- a/SPECS/tpm2-tools/tpm2-tools.spec
+++ b/SPECS/tpm2-tools/tpm2-tools.spec
@ -1,20 +1,26 @@
 Summary:        The source repository for the TPM (Trusted Platform Module) 2 tools
 Name:           tpm2-tools
-Version:        4.3.2
+Version:        5.5
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Security
 URL:            https://github.com/tpm2-software/tpm2-tools
+
 Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz
+
 BuildRequires: curl-devel
 BuildRequires: openssl-devel
-BuildRequires:  tpm2-tss-devel >= 2.3.0
-Requires:       /bin/awk
+BuildRequires: tpm2-tss-devel
+
+%if 0%{?with_check}
+BuildRequires:  swtpm-tools
+%endif
+
 Requires: curl
 Requires: openssl
-Requires:       tpm2-tss >= 2.3.0
+Requires: tpm2-tss

 %description
 The source repository for the TPM (Trusted Platform Module) 2 tools
@ -23,23 +29,37 @@ The source repository for the TPM (Trusted Platform Module) 2 tools
 %autosetup -p1

 %build
-%configure \
-    --disable-static
-
-make %{?_smp_mflags}
+sed -i "/compatibility/a extern int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);" lib/tpm2_openssl.c
+%configure --disable-static
+%make_build

 %install
-make DESTDIR=%{buildroot} install
+%make_install %{?_smp_mflags}
+
+%if 0%{?with_check}
+%check
+if [ ! -f /dev/tpm0 ];then
+   mkdir /tmp/swtpm
+   swtpm_setup --tpm-state /tmp/swtpm --tpm2
+   swtpm socket --server type=unixio,path=/tmp/swtpm/socket --ctrl type=unixio,path=/tmp/swtpm/socket.ctrl --tpmstate dir=/tmp/swtpm --flags startup-clear --tpm2 --daemon
+   export TPM2TOOLS_TCTI=swtpm:path=/tmp/swtpm/socket
+   %{buildroot}/%{_bindir}/tpm2_startup -c
+   %{buildroot}/%{_bindir}/tpm2_pcrread
+
+fi
+make %{?_smp_mflags} check
+%endif

 %files
 %defattr(-,root,root)
-%license doc/LICENSE
 %{_bindir}/*
 %{_mandir}/man1
-%{_datarootdir}/bash-completion/completions/tpm2_*
-%{_datarootdir}/bash-completion/completions/tss2_*
+%{_datadir}/bash-completion/*

 %changelog
+* Mon Jan 22 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 5.5-1
+- Updated to 5.5
+
 * Tue Jan 18 2022 Daniel McIlvaney <damcilva@microsoft.com> - 4.3.2-1
 - Update to 4.3.2.
 - Verified license
--- a/SPECS/tpm2-tss/tpm2-tss.signatures.json
+++ b/SPECS/tpm2-tss/tpm2-tss.signatures.json
@ -1,5 +1,6 @@
 {
 "Signatures": {
-  "tpm2-tss-2.4.6.tar.gz": "20e6da532a7ef90c8e50cca51f276053ec505eee0167c18e2b07c1e747118b58"
+  "tpm2-tss-4.0.1.tar.gz": "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950",
+  "tpm2-tss.sysusers": "14c0854c73c51bbcd6764fdafa29401f8292f5eaa8abac23899209a63fe2ed4c"
 }
 }
--- a/SPECS/tpm2-tss/tpm2-tss.spec
+++ b/SPECS/tpm2-tss/tpm2-tss.spec
@ -1,22 +1,25 @@
 Summary:        OSS implementation of the TCG TPM2 Software Stack (TSS2)
 Name:           tpm2-tss
-Version:        2.4.6
-Release:        3%{?dist}
+Version:        4.0.1
+Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Security
 URL:            https://github.com/tpm2-software/tpm2-tss
+
 Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
-Patch0:         CVE-2023-22745.patch
-BuildRequires:  json-c-devel
+Source1: %{name}.sysusers
+
 BuildRequires:  openssl-devel
-Requires:       json-c
+BuildRequires:  shadow-utils
+BuildRequires:  systemd-devel
+
+# Between tpm2-tss 3.2.0 and 4.0.1, json-c became a requirement.
+BuildRequires:  json-c-devel
+
 Requires: openssl
-Requires(postun): %{_sbindir}/groupdel
-Requires(postun): %{_sbindir}/userdel
-Requires(pre):  %{_sbindir}/groupadd
-Requires(pre):  %{_sbindir}/useradd
+Requires: systemd-rpm-macros

 %description
 OSS implementation of the TCG TPM2 Software Stack (TSS2)
@ -35,60 +38,40 @@ The libraries and header files needed for TSS2 development.
 %configure \
  --disable-static \
  --disable-doxygen-doc \
+  --enable-fapi=no \
  --with-udevrulesdir=%{_sysconfdir}/udev/rules.d

-make %{?_smp_mflags}
+%make_build

 %install
-make DESTDIR=%{buildroot} install
-find %{buildroot} -type f -name "*.la" -delete -print
+%make_install %{?_smp_mflags}
+find %{buildroot}%{_libdir} -type f -name \*.la -delete
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers

 %post
+%sysusers_create_compat %{SOURCE1}
+mkdir -p /var/lib/tpm
+chown -R tss:tss /var/lib/tpm
 /sbin/ldconfig
-mkdir -p %{_sharedstatedir}/tpm
-if [ $1 -eq 1 ]; then
-    # this is initial installation
-    if ! getent group tss >/dev/null; then
-        groupadd tss
-    fi
-    if ! getent passwd tss >/dev/null; then
-        useradd -c "TCG Software Stack" -d %{_sharedstatedir}/tpm -g tss \
-            -s /bin/false tss
-    fi
-fi
-
-%postun
-/sbin/ldconfig
-if [ $1 -eq 0 ]; then
-    # this is delete operation
-    if getent passwd tss >/dev/null; then
-        userdel tss
-    fi
-    if getent group tss >/dev/null; then
-        groupdel tss
-    fi
-fi

 %files
 %defattr(-,root,root)
-%license LICENSE
 %{_sysconfdir}/udev/rules.d/tpm-udev.rules
-%{_sysconfdir}/tmpfiles.d/tpm2-tss-fapi.conf
-%{_sysconfdir}/tpm2-tss/*
-%{_libdir}/*.so.0.0.0
-%exclude %{_sysconfdir}/sysusers.d/tpm2-tss.conf
+%{_libdir}/*.so.*
+%{_sysusersdir}/%{name}.sysusers

 %files devel
 %defattr(-,root,root)
 %{_includedir}/tss2/*
 %{_libdir}/pkgconfig/*
 %{_libdir}/*.so
-%{_libdir}/*.so.0
-%{_mandir}/man3/*
-%{_mandir}/man5/*
-%{_mandir}/man7/*
+%{_mandir}/man3
+%{_mandir}/man7

 %changelog
+* Mon Jan 22 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 4.0.1-1
+- Updated to 4.0.1
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 2.4.6-3
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)

--- a/SPECS/tpm2-tss/tpm2-tss.sysusers
+++ b/SPECS/tpm2-tss/tpm2-tss.sysusers
@ -0,0 +1,2 @@
+g tss 59
+u tss 59 "TCG Software Stack" /var/lib/tpm /bin/false
--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -27892,6 +27892,16 @@
        }
      }
    },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "swtpm",
+          "version": "0.8.1",
+          "downloadUrl": "http://github.com/stefanberger/swtpm/archive/d2849a9f5ced70438d67036693438344b47b4161/swtpm-d2849a9.tar.gz"
+        }
+      }
+    },
    {
      "component": {
        "type": "other",
@ -28402,13 +28412,33 @@
        }
      }
    },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "tpm2-pkcs11",
+          "version": "1.9.0",
+          "downloadUrl": "https://github.com/tpm2-software/tpm2-pkcs11/releases/download/1.9.0/tpm2-pkcs11-1.9.0.tar.gz"
+        }
+      }
+    },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "tpm2-pytss",
+          "version": "1.2.0",
+          "downloadUrl": "https://github.com/tpm2-software/tpm2-pytss/archive/refs/tags/1.2.0.tar.gz"
+        }
+      }
+    },
    {
      "component": {
        "type": "other",
        "other": {
          "name": "tpm2-tools",
-          "version": "4.3.2",
-          "downloadUrl": "https://github.com/tpm2-software/tpm2-tools/releases/download/4.3.2/tpm2-tools-4.3.2.tar.gz"
+          "version": "5.5",
+          "downloadUrl": "https://github.com/tpm2-software/tpm2-tools/releases/download/5.5/tpm2-tools-5.5.tar.gz"
        }
      }
    },
@ -28417,8 +28447,8 @@
        "type": "other",
        "other": {
          "name": "tpm2-tss",
-          "version": "2.4.6",
-          "downloadUrl": "https://github.com/tpm2-software/tpm2-tss/releases/download/2.4.6/tpm2-tss-2.4.6.tar.gz"
+          "version": "4.0.1",
+          "downloadUrl": "https://github.com/tpm2-software/tpm2-tss/releases/download/4.0.1/tpm2-tss-4.0.1.tar.gz"
        }
      }
    },