| Summary: | app-crypt/swtpm can no longer build swtpm_cert with gnutls USE flag removed | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Nick Bastin <nbastin> |
| Component: | Current packages | Assignee: | Christopher Byrne <salah.coronya> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | proxy-maint, tamiko, virtualization |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=909754 https://github.com/gentoo/gentoo/pull/32704 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Nick Bastin
2023-09-03 19:31:23 UTC
Looking at what packages in portage are using swtpm for, its probably better the dependency on gnutls be unconditional. Without swtpm_cert, its impossible to provision a TPM. The primary consumer, app-emulation/libvirt needs to provision new vTPMs, and other packages use it for tests and need the vTPM provisioned for that.. I see no program that would not require swtpm[gnutls]. swtpm_cert spawns certtool (and thus needs "tools") and upstream expects PKCS11 support to be present in gnutls: https://github.com/stefanberger/swtpm/issues/477 . The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e470d198cc9fe863a54e392fb7e8bf963b5be5e9 commit e470d198cc9fe863a54e392fb7e8bf963b5be5e9 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2023-09-14 15:04:21 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2023-09-14 15:05:50 +0000 app-crypt/swtpm: add back support for swtpm_cert, improve description Bug: https://bugs.gentoo.org/909754 Closes: https://bugs.gentoo.org/913586 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-crypt/swtpm/metadata.xml | 2 +- app-crypt/swtpm/{swtpm-0.8.0.ebuild => swtpm-0.8.0-r1.ebuild} | 5 +++-- app-crypt/swtpm/{swtpm-0.8.1.ebuild => swtpm-0.8.1-r1.ebuild} | 7 ++++++- 3 files changed, 10 insertions(+), 4 deletions(-) I think https://github.com/gentoo/gentoo/pull/32704 may have been a better approach. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=385cf751b98496cf4e297b0f1cbf3e1ba9e26d80 commit 385cf751b98496cf4e297b0f1cbf3e1ba9e26d80 Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2023-09-16 15:51:13 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2023-09-16 15:54:02 +0000 app-crypt/swtpm: Add gnutls dependency back for swtpm_cert RDEPEND=net-libs/gnutls[tools,pkcs11] is essentiallly required for app-crypt/swtpm. New vTPMs cannot be provisioned without it, and upstream expects gnutls to have PKCS11 support: https://github.com/stefanberger/swtpm/issues/477 . Closes: https://github.com/gentoo/gentoo/pull/32704 Closes: https://bugs.gentoo.org/913586 Bug: https://bugs.gentoo.org/909754 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-crypt/swtpm/metadata.xml | 1 - ...swtpm-0.8.0-r1.ebuild => swtpm-0.8.0-r2.ebuild} | 22 ++++++++++++---------- ...swtpm-0.8.1-r1.ebuild => swtpm-0.8.1-r2.ebuild} | 22 ++++++++++++---------- 3 files changed, 24 insertions(+), 21 deletions(-) Just to be clear - it is possible to provision a TPM without swtpm_cert. It is a convenient tool but it is not a required tool (as stated in the original ticket). (In reply to Nick Bastin from comment #5) > Just to be clear - it is possible to provision a TPM without swtpm_cert. It > is a convenient tool but it is not a required tool (as stated in the > original ticket). Yes, this is correct. We could have worded the commit and justification a bit more carefully. For the time being we have settled on simply building swtpm_cert unconditionally. We will make USE=+tools the default for gnutls which hopefully closes this chapter. |
