things_to_build.yaml

# Handy substitutions:
# --------------
# %{PROJECT_DIR}  = the project directory (containing the spec file)
# %{DOWNLOAD_DIR} = the directory that Source0 is downloaded into before tarring (dist/<name>-<version>/)
# %{SOURCES_DIR}  = directory to stage "extra" source files/archive beyond Source0
# %{VERSION}      = the value of :version
#
# Notes:
#   :version
#      Used to name the tarball and as the git tag
#
# TODO: Use :sources array for downloads instead of assuming DOWLOAD_DIR for Source0 and SOURCES_DIR for others
#   :sources
#     :type: :gitrepo
#     :url:  xxxxx
simp-tpm2-tss:
  :type: :gitrepo
  :version: 1.3.0
  :url: https://github.com/tpm2-software/tpm2-tss
  :extras:
    # Fedora fixed the udev rules in a later version of tpm2-tss
    # - Nothing is tagged in that repo, so we check out the commit hash
    :post_dl:
    - 'rm -rf pagure-tpm-tss;:'
    - git clone -- https://src.fedoraproject.org/rpms/tpm2-tss.git pagure-tpm2-tss
    - cd pagure-tpm2-tss && git checkout 075fc2f0d3cc476d7ecc99483c1e28c2e0855535
    - cp -rv pagure-tpm2-tss/*.rules "%{SOURCES_DIR}/"

simp-tpm2-abrmd-selinux:
  :type: :gitrepo
  :version: 1.2.0
  :url: https://github.com/tpm2-software/tpm2-abrmd
  :extras:
    # maintaing a separate tpm2-abrmd 1.2.0 package for long
    #
    # Update the SELinux policy to permit TCTI socket connections
    # (required for testing with the IBM TPM 2.0 simulator)
    :post_dl:
    - rm -f '%{SOURCES_DIR}/selinux/tabrmd.te'
    - cp -v '%{PROJECT_DIR}/tabrmd.te' '%{DOWNLOAD_DIR}/selinux/'

simp-tpm2-abrmd:
  :type: :gitrepo
  :version: 1.2.0
  :url: https://github.com/tpm2-software/tpm2-abrmd

simp-tpm2-tools:
  :type: :gitrepo
  :version: 3.0.2
  :url: https://github.com/tpm2-software/tpm2-tools

# TPM2.0 simulator
# ----------------
#
# * The tpm2-tools group specifically recommend AGAINST risking a hardware TPM
#   for development, testing, or learning―instead, they recommend using the
#   TCG's reference TPM 2.0 simulator.
# * IBM maintains a project that modifies the TCG's simulator source code
#   (embedded in the TPM 2.0 specification docs) to build under Linux.
# * The tpm2-tools project uses the IBM simulator to test their code.
#
# Build 974:
#   * Is what tpm2-tools 3.0.* is tested against
#   * TPM specification draft revision 142, with errata to revision 138.
#
# Build 1119 supports:
#   * Nuvoton TPM vendor-specific commands
#   * Support for OpenSSL 1.1.x
#   * The TPM starts powered up, so the initial power up command is not necessary.
#   * An update to TPM specification draft revision 146, which is avalable for
#     public review, including changes to TPM2_CreateLoaded and
#     TPM2_EncryptDecrypt.
#
# See:
#   * https://sourceforge.net/p/ibmswtpm2/wiki/Home/ (changelog)
#   * https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#tpm-dependency
#
simp-tpm2-simulator:
  :type: :targz
  :build: 'yes'
  :version: '1119'
  :url: https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{VERSION}.tar.gz/download
  :extras:
    :post_dl:
      - cp -v '%{PROJECT_DIR}/simp-tpm2-simulator.service' '%{SOURCES_DIR}/'

# TPM 2.0 simulator with character device support
# -----------------------------------------------
#
# * Stephan Berger maintains a "Libtpms-based TPM emulator with socket,
#   character device, and Linux CUSE interface."
# * According to a discussion with the IBM sim devs, this includes a customized
#   version of the IBM TPM 2.0 simulator **with additional character device support**
# * That could allow us to automate testing against a simluated /dev/tpm0
#
# TODO: Evaluate the TPM 2.0 character device support for automated testing
#
# See:
#   * https://github.com/stefanberger/swtpm
#   * https://github.com/stefanberger/swtpm/issues/4 (we've been interested in this before)
#
### simp-tpm2-swtpm
###   :type: :gitrepo
###   :url: https://github.com/stefanberger/swtpm.git