Last active
June 3, 2021 09:52
-
-
Save dongsupark/5716f464cf04b977faa15d3056504cbf to your computer and use it in GitHub Desktop.
Build vTPM rpm packages. Based on Debian-based one by @vbatts : https://gist.github.com/vbatts/184a570663d3a24881741007be0784cb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eux | |
# FROM fedora 34 | |
sudo dnf install -y automake autoconf curl expect gcc git glib2-devel gnutls-devel \ | |
gnutls-utils json-glib-devel gmp-devel gnutls-devel libseccomp-devel \ | |
libtasn1-devel libtool libtpms-devel net-tools openssl-devel \ | |
rpm-build python3-twisted selinux-policy-devel socat softhsm tpm2-pkcs11 \ | |
tpm2-pkcs11-tools tpm2-tools tpm2-abrmd trousers vim wget | |
EMAIL="${EMAIL:[email protected]}" | |
NAME="${NAME:-Dongsu Park}" | |
git config --global user.email "${EMAIL}" | |
git config --global user.name "${NAME}" | |
OUTPUT=${OUTPUT:-/tmp} | |
libtpms_ver="0.8.2" | |
swtpm_ver="0.5.2" | |
swtpm_url="${SWTPM_URL:-https://github.com/stefanberger/swtpm}" | |
wget -O ${HOME}/rpmbuild/SOURCES/libtpms-${libtpms_ver}.tar.gz \ | |
https://github.com/stefanberger/libtpms/archive/v${libtpms_ver}.tar.gz | |
# build libtpms | |
[ -d libtpms ] || git clone https://github.com/stefanberger/libtpms.git | |
cd libtpms | |
git checkout v${libtpms_ver} | |
rpmbuild -ba ./dist/libtpms.spec | |
cd .. | |
# build swtpm | |
wget -O ${HOME}/rpmbuild/SOURCES/swtpm-${swtpm_ver}.tar.gz \ | |
${swtpm_url}/archive/v${swtpm_ver}.tar.gz | |
[ -d swtpm ] || git clone ${swtpm_url} | |
cd swtpm | |
git checkout v${swtpm_ver} | |
# need to replace "enter_commit_here" with an actual version number | |
sed -i -e "s/enter_commit_here/${swtpm_ver}/" ./dist/swtpm.spec | |
rpmbuild -ba ./dist/swtpm.spec | |
cd .. | |
cp ${HOME}/rpmbuild/RPMS/x86_64/{libtpms,swtpm}*.rpm "${OUTPUT}"/ | |
# vim:set sts=2 sw=2 et: |
I tried the following:
sudo mkdir -p /root/rpmbuild/SOURCES/
sudo cp libtpms_0.7.7.orig.tar.gz /root/rpmbuild/SOURCES/libtpms-0.7.7.tar.gz
But then I get:
error: bare words are no longer supported, please use "...": production == debug
error: ^
error: /home/alban/programs/windows-vm/libtpms/dist/libtpms.spec:81: bad %if condition: production == debug
So I had to patch like this:
--- a/dist/libtpms.spec
+++ b/dist/libtpms.spec
@@ -78,11 +78,11 @@ Libtpms header files and documentation.
%define _with_openssl --with-openssl
%endif
-%if %{build_type} == debug
+%if "%{build_type}" == "debug"
%define _enable_debug --enable-debug
%endif
-%if %{build_type} == debug
+%if "%{build_type}" == "debug"
CFLAGS=-O0
%endif
./autogen.sh \
Then, I got the error:
+ rpmbuild -ba ./dist/swtpm.spec
error: Bad source: /root/rpmbuild/SOURCES/swtpm-enter_c.tar.gz: No such file or directory
Right, I updated the gist again.
It is about replacing "enter_commit_here" with an actual version, like:
sed -i -e "s/enter_commit_here/0.5.2/" ./dist/swtpm.spec
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for testing!
Oops, I fixed the issue today, but forgot about updating the gist.
Even with the current version, rpmbuild could fail because of syntax issues in the spec file of libtpms.
I locally fixed that, an upstream PR is to-do.