diff options
| author | Gary Guo <gary@garyguo.net> | 2023-11-10 02:10:43 +0000 |
|---|---|---|
| committer | Gary Guo <gary@garyguo.net> | 2023-11-10 02:22:11 +0000 |
| commit | 9aa795690a4c6d572beb94e70cfbbcde06474c9b (patch) | |
| tree | 59fe500956f0a5c218afca4301f5a2457b44dab5 /pkgs/misc | |
| parent | 6037b4dfcf67d28147edf5f7554131ef24313f2c (diff) | |
| download | nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.tar nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.tar.gz nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.tar.bz2 nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.tar.lz nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.tar.xz nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.tar.zst nixpkgs-9aa795690a4c6d572beb94e70cfbbcde06474c9b.zip | |
tpm2-pkcs11: allow fapi support to be disabled
Diffstat (limited to 'pkgs/misc')
| -rw-r--r-- | pkgs/misc/tpm2-pkcs11/default.nix | 11 | ||||
| -rw-r--r-- | pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch | 51 |
2 files changed, 61 insertions, 1 deletions
diff --git a/pkgs/misc/tpm2-pkcs11/default.nix b/pkgs/misc/tpm2-pkcs11/default.nix index faf2bdd5570..91b7c31eb32 100644 --- a/pkgs/misc/tpm2-pkcs11/default.nix +++ b/pkgs/misc/tpm2-pkcs11/default.nix @@ -2,6 +2,7 @@ , pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf , tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml , abrmdSupport ? true, tpm2-abrmd ? null +, fapiSupport ? true }: stdenv.mkDerivation rec { @@ -15,7 +16,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk="; }; - patches = [ ./version.patch ]; + patches = [ + ./version.patch + ./graceful-fapi-fail.patch + ]; # The preConfigure phase doesn't seem to be working here # ./bootstrap MUST be executed as the first step, before all @@ -25,6 +29,11 @@ stdenv.mkDerivation rec { ./bootstrap ''; + configureFlags = lib.optionals (!fapiSupport) [ + # Note: this will be renamed to with-fapi in next release. + "--enable-fapi=no" + ]; + nativeBuildInputs = [ pkg-config autoreconfHook autoconf-archive makeWrapper patchelf ]; diff --git a/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch b/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch new file mode 100644 index 00000000000..26712e9830c --- /dev/null +++ b/pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch @@ -0,0 +1,51 @@ +From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001 +From: Jonathan McDowell <noodles@earth.li> +Date: Wed, 1 Feb 2023 09:29:58 +0000 +Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in + +Instead of emitting: + + WARNING: Getting tokens from fapi backend failed. + +errors when FAPI support is not compiled in gracefully fail the FAPI +init and don't log any warnings. We'll still produce a message +indicating this is what's happened in verbose mode, but normal operation +no longer gets an unnecessary message. + +Fixes #792 + +Signed-off-by: Jonathan McDowell <noodles@earth.li> +--- + src/lib/backend.c | 4 +++- + src/lib/backend_fapi.c | 3 ++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/lib/backend.c b/src/lib/backend.c +index ca5e2ccf..128f58b9 100644 +--- a/src/lib/backend.c ++++ b/src/lib/backend.c +@@ -53,7 +53,9 @@ CK_RV backend_init(void) { + LOGE(msg); + return rv; + } +- LOGW(msg); ++ if (rv != CKR_FUNCTION_NOT_SUPPORTED) { ++ LOGW(msg); ++ } + } else { + fapi_init = true; + } +diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c +index fe594f0e..3a203632 100644 +--- a/src/lib/backend_fapi.c ++++ b/src/lib/backend_fapi.c +@@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist + + CK_RV backend_fapi_init(void) { + +- return CKR_OK; ++ LOGV("FAPI not enabled, failing init"); ++ return CKR_FUNCTION_NOT_SUPPORTED; + } + + CK_RV backend_fapi_destroy(void) { |