nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-08 05:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
8533286f7d
nixpkgs/pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch
Дамјан Георгиевски 575fddf25b systemd: 252.5 -> 253 
systemd v253 changelog/NEWS:
https://github.com/systemd/systemd/blob/v253/NEWS

NixOS changes:
0007-hostnamed-localed-timedated-disable-methods-that-cha.patch was
dropped, because systemd gained support to handle read-only /etc.

*-add-rootprefix-to-lookup-dir-paths.patch required some updates too,
as src/basic/def.h moved to src/basic/constants.h.

systemd/systemd#25771 switched p11kit to become
dlopen()'ed, so we need to patch that path.

added a note to the 23.05 release notes to recommend `nixos-rebuild boot`

Co-authored-by: Florian Klink <flokli@flokli.de>
2023-03-05 04:35:34 +01:00

42 lines
1.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Sun, 15 Jan 2023 20:15:55 +0800
Subject: [PATCH] tpm2_context_init: fix driver name checking
https://github.com/systemd/systemd/commit/542dbc623e introduced
additional checks for tpm2 driver names, namely ensuring the driver
name, when concated with "libtss2-tcti-" and ".so.0", generates a valid
filename (with no '/' inside).
For example, if the driver is name "device", the line
fn = strjoina("libtss2-tcti-", driver, ".so.0")
would yield "libtss2-tcti-device.so.0", passing the check. And the
filename is then passed to dlopen for loading the driver.
Our current approach for systemd to correctly locate these dynamically
loaded libraries is to patch the filenames to include their absolute
path. Thus the line mentioned above is patched into
fn = strjoina("/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-", driver, ".so.0")
yielding "/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-device.so.0",
tripping the check.
This patch relaxes the check to also accept absolute paths, by replacing
filename_is_valid with path_is_valid.
---
src/shared/tpm2-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 259f280e0f..142e70a740 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -176,7 +176,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
fn = strjoina("libtss2-tcti-", driver, ".so.0");
/* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */
- if (!filename_is_valid(fn))
+ if (!path_is_valid(fn))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver);
context->tcti_dl = dlopen(fn, RTLD_NOW);
Reference in New Issue View Git Blame Copy Permalink