nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-16 18:03:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
8ecc133024
nixpkgs/pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch
Artturin 40eff710af Revert "Systemd package rewrite" 
Reverts NixOS/nixpkgs#269620

- eab0837b68 caused a mass-rebuild on master

- self-merge on a critical package without review and not waiting for the active owner team

Below are the reverts of the commits from that PR

Revert "systemd: migrate to by-name"

This reverts commit 33d2a40d67.

Revert "systemd: add meta.longDescription"

This reverts commit 7c588d141d.

Revert "systemd: cosmetic rewording of code"

This reverts commit d91b8d9fcb.

Revert "systemd: cosmetic rewording of comments"

This reverts commit bc563998c0.

Revert "systemd: remove some redundancy on mesonFlags"

This reverts commit eab0837b68.

Revert "systemd: use  lib.meson* functions"

This reverts commit 1129756b1a.
2023-11-26 03:12:04 +02:00

42 lines
1.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Sun, 15 Jan 2023 20:15:55 +0800
Subject: [PATCH] tpm2_context_init: fix driver name checking
https://github.com/systemd/systemd/commit/542dbc623e introduced
additional checks for tpm2 driver names, namely ensuring the driver
name, when concated with "libtss2-tcti-" and ".so.0", generates a valid
filename (with no '/' inside).
For example, if the driver is name "device", the line
fn = strjoina("libtss2-tcti-", driver, ".so.0")
would yield "libtss2-tcti-device.so.0", passing the check. And the
filename is then passed to dlopen for loading the driver.
Our current approach for systemd to correctly locate these dynamically
loaded libraries is to patch the filenames to include their absolute
path. Thus the line mentioned above is patched into
fn = strjoina("/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-", driver, ".so.0")
yielding "/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-device.so.0",
tripping the check.
This patch relaxes the check to also accept absolute paths, by replacing
filename_is_valid with path_is_valid.
---
src/shared/tpm2-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index ae8a8bc073..c284b244f8 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -582,7 +582,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
fn = strjoina("libtss2-tcti-", driver, ".so.0");
/* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */
- if (!filename_is_valid(fn))
+ if (!path_is_valid(fn))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver);
context->tcti_dl = dlopen(fn, RTLD_NOW);
Reference in New Issue View Git Blame Copy Permalink