Remove CentOS/OpenSUSE build support

StarlingX stopped supporting CentOS builds in the after release 7.0.
This update will strip CentOS from our code base.  It will also remove
references to the failed OpenSUSE feature as well.

Story: 2011110
Task: 49954
Change-Id: I2e9452c74c7f249ea61eea4a658bb6a4624e5957
Signed-off-by: Scott Little <scott.little@windriver.com>

security/libtpms/centos/build_srpm.data

@@ -1,2 +0,0 @@
-COPY_LIST="$CGCS_BASE/downloads/libtpms-0.6.0-4f0d59d.tar.gz"
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/libtpms/centos/libtpms.spec

@@ -1,218 +0,0 @@
-# --- libtpm rpm-spec ---
-
-%define name      libtpms
-%define version   0.6.0
-#WRS
-#%define release   1_dev1
-%define release   2%{?_tis_dist}.%{tis_patch_ver}
-
-# Valid crypto subsystems are 'freebl' and 'openssl'
-#WRS
-#%if "%{?crypto_subsystem}" == ""
-%define crypto_subsystem openssl
-#%endif
-
-# Valid build types are 'production' or 'debug'
-%define build_type  production
-
-Summary: Library providing Trusted Platform Module (TPM) functionality
-Name:           %{name}
-Version:        %{version}
-#WRS
-#Release:        %{release}%{?dist}
-Release:        %{release}
-License:        BSD
-Group:          Development/Libraries
-#WRS
-#Url:            http://sourceforge.net/projects/ibmswtpm
-#Source:         http://bergerstefan.users.sourceforge.net/libtpms/%{name}-%{version}.tar.gz
-Url:            https://github.com/stefanberger/libtpms
-Source:         %{name}-%{version}-4f0d59d.tar.gz
-Provides:       libtpms-%{crypto_subsystem}
-
-%if "%{crypto_subsystem}" == "openssl"
-BuildRequires:  openssl-devel
-%else
-BuildRequires:  nss-devel >= 3.12.9-2
-BuildRequires:  nss-softokn-freebl-devel >= 3.12.9-2
-%if 0%{?rhel} > 6 || 0%{?fedora} >= 13
-BuildRequires:  nss-softokn-freebl-static >= 3.12.9-2
-%endif
-BuildRequires:  nss-softokn-devel >= 3.12.9-2, gmp-devel
-%endif
-BuildRequires:  pkgconfig gawk sed
-BuildRequires:  automake autoconf libtool bash coreutils
-
-%if "%{crypto_subsystem}" == "openssl"
-Requires:       openssl
-%else
-Requires:       nss-softokn-freebl >= 3.12.9-2, nss-softokn >= 3.12.9-2
-%endif
-Requires:       gmp
-
-%description
-A library providing TPM functionality for VMs. Targeted for integration
-into Qemu.
-
-%package        devel
-Summary:        Include files for libtpms
-Group:          Development/Libraries
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-
-%description   devel
-Libtpms header files and documentation.
-
-%files
-%defattr(-, root, root, -)
-%{_libdir}/%{name}.so.%{version}
-%{_libdir}/%{name}.so.0
-%doc LICENSE README CHANGES
-
-%files devel
-%defattr(-, root, root, -)
-
-%{_libdir}/%{name}.so
-%dir %{_includedir}/%{name}
-%attr(644, root, root) %{_libdir}/pkgconfig/*.pc
-%attr(644, root, root) %{_includedir}/%{name}/*.h
-%attr(644, root, root) %{_mandir}/man3/*
-
-%prep
-%setup -q
-
-%build
-
-%if "%{crypto_subsystem}" == "openssl"
-%define _with_openssl --with-openssl
-%endif
-
-%if %{build_type} == debug
-%define _enable_debug --enable-debug
-%endif
-
-./bootstrap.sh
-%if %{build_type} == debug
-CFLAGS=-O0
-%endif
-%configure \
-	--with-tpm2 \
-        --disable-static \
-        --prefix=/usr \
-        --libdir=%{_libdir} \
-        %{?_with_openssl} \
-        %{?_enable_debug}
-
-make %{?_smp_mflags}
-
-%check
-make check
-
-%install
-install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}
-install -d -m 0755 $RPM_BUILD_ROOT%{_includedir}/libtpms
-install -d -m 0755 $RPM_BUILD_ROOT%{_mandir}/man3
-
-make %{?_smp_mflags} install DESTDIR=${RPM_BUILD_ROOT}
-
-rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la
-
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-
-%changelog
-* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
-- Updated to version 0.5.2
-- coverity fixes
-- fixes for ARM64 using __aarch64__
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-20.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-19
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Mon Mar 25 2013 Stefan Berger - 0.5.1-18
-- Ran autoreconf for support of aarch64
-- Checking for __arm64__ in code
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-17
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-16
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Fri Feb 17 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.1-15
-- Add dist tag as required by package guidelines
-
-* Fri Jan 27 2012 Stefan Berger - 0.5.1-14
-- fix gcc-4.7 compilation problem
-
-* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Tue Dec 20 2011 Dan Horák <dan[at]danny.cz> - 0.5.1-12
-- fix build on secondary arches
-
-* Wed Nov 2 2011 Stefan Berger - 0.5.1-11
-- added (lib)gmp as runtime dependency
-
-* Sat Oct 8 2011 Stefan Berger - 0.5.1-10
-- internal fixes; callback fixes
-
-* Tue Aug 30 2011 Stefan Berger - 0.5.1-9
-- new directory structure and build process
-
-* Tue Jul 12 2011 Stefan Berger - 0.5.1-8
-- added pkgconfig as build dependency
-- enabling __powerpc__ build following Bz 728220
-
-* Wed May 25 2011 Stefan Berger - 0.5.1-7
-- increasing NVRAM area space to have enough room for certificates
-
-* Wed May 25 2011 Stefan Berger - 0.5.1-6
-- adding libtpms.pc pkg-config file
-
-* Wed Apr 13 2011 Stefan Berger - 0.5.1-5
-- adding BuildRequires for nss-softokn-freebl-static
-- several libtpms-internal changes around state serialization and 
-  deserialization
-- fixes to libtpms makefile (makefile-libtpms)
-- adding build_type to generate a debug or production build
-- need nss-devel to have nss-config
-
-* Tue Mar 08 2011 Stefan Berger - 0.5.1-4
-- small fixes to libtpms makefile
-
-* Fri Feb 25 2011 Stefan Berger - 0.5.1-3
-- removing release from tar ball name
-- Use {?_smp_mflags} for make rather than hardcoding it
-- Fixing post and postun scripts; removing the scripts for devel package
-- Fixing usage of defattr
-- Adding version information into the changelog headers and spaces between the changelog entries
-- Adding LICENSE, README and CHANGELOG file into tar ball and main rpm
-- Removing clean section
-- removed command to clean the build root
-- adding library version to the libries required for building and during
-  runtime
-- Extended Requires in devel package with {?_isa}
-
-* Fri Feb 18 2011 Stefan Berger - 0.5.1-2
-- make rpmlint happy by replacing tabs with spaces
-- providing a valid URL for the tgz file
-- release is now 2 -> 0.5.1-2
-
-* Mon Jan 17 2011 Stefan Berger - 0.5.1-1
-- Update version to 0.5.1
-
-* Fri Jan 14 2011 Stefan Berger - 0.5.0-1
-- Changes following Fedora review comments
-
-* Thu Dec 2 2010 Stefan Berger
-- Small tweaks after reading the FedoreCore packaging requirements
-
-* Tue Nov 16 2010 Stefan Berger
-- Created initial version of rpm spec files
-- Version of library is now 0.5.0
-- Debuginfo rpm is built but empty -- seems to be a known problem
-  Check https://bugzilla.redhat.com/show_bug.cgi?id=209316

security/python-keyring/centos/build_srpm.data

@@ -1,2 +0,0 @@
-COPY_LIST="python-keyring/*"
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/python-keyring/centos/meta_patches/0001-move-package-from-tarball-to-srpm.patch

@@ -1,78 +0,0 @@
-From d7f5646de9ec990ed81489cc12d7942654bc017d Mon Sep 17 00:00:00 2001
-From: Kam Nasim <kam.nasim@windriver.com>
-Date: Fri, 23 Dec 2016 14:30:17 -0500
-Subject: [PATCH] first meta patch to move python-keyring package from download
- tarball to srpm. Also updated to add tis patch versioning
-
----
- SPECS/python-keyring.spec | 30 +++++++++++++++++++++++++++---
- 1 file changed, 27 insertions(+), 3 deletions(-)
-
-diff --git a/SPECS/python-keyring.spec b/SPECS/python-keyring.spec
-index 14e4e93..60d05ee 100644
---- a/SPECS/python-keyring.spec
-+++ b/SPECS/python-keyring.spec
-@@ -2,7 +2,7 @@
- 
- Name:           python-keyring
- Version:        5.7.1
--Release:        1%{?dist}
-+Release:        1%{?_tis_dist}.%{tis_patch_ver}
- Summary:        Python 2 library to store and access passwords safely
- License:        MIT and Python
- URL:            http://bitbucket.org/kang/python-keyring-lib/
-@@ -10,10 +10,21 @@ Source0:        https://pypi.io/packages/source/k/keyring/keyring-%{version}.tar
- BuildArch:      noarch
- BuildRequires:  python2-devel
- BuildRequires:  python-setuptools
--BuildRequires:  python-setuptools_scm
- Obsoletes:      %{name}-kwallet < %{version}-%{release}
- Obsoletes:      %{name}-gnome < %{version}-%{release}
- 
-+Patch0: no_keyring_password.patch
-+Patch1: lock_keyring_file.patch
-+Patch2: lock_keyring_file2.patch
-+Patch3: use_new_lock.patch
-+Patch4: fix_keyring_lockfile_location.patch
-+Patch5: use_temporary_file.patch
-+Patch6: chown_keyringlock_file.patch
-+Patch7: chmod_keyringlock2.patch
-+Patch8: keyring_path_change.patch
-+Patch9: remove-reader-lock.patch
-+Patch10: remove_others_perms_on_keyringcfg_file.patch
-+
- %description
- The Python keyring lib provides a easy way to access the system keyring
- service from python. It can be used in any application that needs safe
-@@ -39,7 +50,6 @@ Python keyring lib also provides following build-in keyrings.
- Summary:        Python 3 library to access the system keyring service
- BuildRequires:  python3-devel
- BuildRequires:  python3-setuptools
--BuildRequires:  python3-setuptools_scm
- 
- %description -n python3-keyring
- The Python keyring lib provides a easy way to access the system keyring
-@@ -64,6 +74,20 @@ Python keyring lib also provides following build-in keyrings.
- 
- %prep
- %setup -qn keyring-%{version}
-+
-+# WRS
-+%patch0 -p1
-+%patch1 -p1
-+%patch2 -p1
-+%patch3 -p1
-+%patch4 -p1
-+%patch5 -p1
-+%patch6 -p1
-+%patch7 -p1
-+%patch8 -p1
-+%patch9 -p1
-+%patch10 -p1
-+
- rm -frv keyring.egg-info
- # Drop redundant shebangs.
- sed -i '1{\@^#!/usr/bin/env python@d}' keyring/cli.py
--- 
-1.8.3.1
-

security/python-keyring/centos/meta_patches/0002-meta-buildrequires-python-setuptools_scm.patch

@@ -1,20 +0,0 @@
-diff --git a/SPECS/python-keyring.spec b/SPECS/python-keyring.spec
-index 60d05ee..a41f849 100644
---- a/SPECS/python-keyring.spec
-+++ b/SPECS/python-keyring.spec
-@@ -10,6 +10,7 @@ Source0:        https://pypi.io/packages/source/k/keyring/keyring-%{version}.tar
- BuildArch:      noarch
- BuildRequires:  python2-devel
- BuildRequires:  python-setuptools
-+BuildRequires:  python2-setuptools_scm
- Obsoletes:      %{name}-kwallet < %{version}-%{release}
- Obsoletes:      %{name}-gnome < %{version}-%{release}
- 
-@@ -50,6 +51,7 @@ Python keyring lib also provides following build-in keyrings.
- Summary:        Python 3 library to access the system keyring service
- BuildRequires:  python3-devel
- BuildRequires:  python3-setuptools
-+BuildRequires:  python3-setuptools_scm
- 
- %description -n python3-keyring
- The Python keyring lib provides a easy way to access the system keyring

security/python-keyring/centos/meta_patches/PATCH_ORDER

@@ -1,2 +0,0 @@
-0001-move-package-from-tarball-to-srpm.patch
-0002-meta-buildrequires-python-setuptools_scm.patch

security/python-keyring/centos/srpm_path

@@ -1 +0,0 @@
-mirror:Source/python-keyring-5.7.1-1.el7.src.rpm

security/shim-signed/centos/build_srpm.data

@@ -1 +0,0 @@
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/shim-signed/centos/meta_patches/0001-Titanium-release-info.patch

@@ -1,24 +0,0 @@
-From a19b16baa019609714fb741db4e3c73d67f2adf1 Mon Sep 17 00:00:00 2001
-From: jmckenna <jason.mckenna@windriver.com>
-Date: Tue, 16 Jan 2018 08:14:08 -0500
-Subject: [PATCH 1/2] Titanium release info
-
----
- SPECS/shim-signed.spec | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
-index d2a13b1..9cfcb2f 100644
---- a/SPECS/shim-signed.spec
-+++ b/SPECS/shim-signed.spec
-@@ -1,6 +1,6 @@
- Name:           shim-signed
- Version:        15
--Release:        1%{?dist}%{?buildid}
-+Release:        1%{?_tis_dist}.%{tis_patch_ver}
- Summary:        First-stage UEFI bootloader
- %define unsigned_release 1%{?dist}
- 
--- 
-1.8.3.1
-

security/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch

@@ -1,151 +0,0 @@
-diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
-old mode 100644
-new mode 100755
-index 9cfcb2f..f6ce87e
---- a/SPECS/shim-signed.spec
-+++ b/SPECS/shim-signed.spec
-@@ -2,18 +2,20 @@ Name:           shim-signed
- Version:        15
- Release:        1%{?_tis_dist}.%{tis_patch_ver}
- Summary:        First-stage UEFI bootloader
--%define unsigned_release 1%{?dist}
- 
- License:        BSD
- URL:            https://github.com/rhboot/shim/
- # incorporate mokutil for packaging simplicity
- %global mokutil_version 0.3.0
-+%global srcbasename shimx64
-+%global srcbasenameia32 shimia32
-+
- Source0:        https://github.com/lcp/mokutil/archive/mokutil-%{mokutil_version}.tar.gz
- Source1:	centossecureboot001.crt
- Source2:	centos-ca-secureboot.der
- %define pesign_name centossecureboot001
--Source10:       shimx64.efi
--Source11:       shimia32.efi
-+Source10:	%{srcbasename}.efi
-+Source11:	%{srcbasenameia32}.efi
- Source12:       shimaa64.efi
- Source20:       BOOTX64.CSV
- Source21:       BOOTIA32.CSV
-@@ -52,11 +54,17 @@ BuildRequires: git
- BuildRequires: openssl-devel openssl
- BuildRequires: pesign >= 0.106-5%{dist}
- BuildRequires: efivar-devel
--BuildRequires: shim-unsigned-%{efiarchlc} = %{version}-%{unsigned_release}
-+BuildRequires: shim-unsigned-%{efiarchlc}
- %ifarch x86_64
--BuildRequires: shim-unsigned-ia32 = %{version}-%{unsigned_release}
-+BuildRequires: shim-unsigned-ia32
- %endif
- 
-+# Rather than hardcode a release, we get the release from the installed shim-unsigned package
-+%define unsigned_release %(rpm -q shim-unsigned-x64 --info | grep Release | awk '{print $3}')
-+%define unsigned_dir "%{_datadir}/shim/%{efiarchlc}-%{version}-%{unsigned_release}/"
-+%define unsigned_release_ia32 %(rpm -q shim-unsigned-ia32 --info | grep Release | awk '{print $3}')
-+%define unsigned_dir_ia32 "%{_datadir}/shim/ia32-%{version}-%{unsigned_release_ia32}/"
-+
- # for mokutil's configure
- BuildRequires: autoconf automake
- 
-@@ -148,39 +156,34 @@ cd ..
- %define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
- 
- %ifarch %{ca_signed_arches}
--pesign -i %{shimsrc} -h -P > shim%{efiarchlc}.hash
--if ! cmp shim%{efiarchlc}.hash %{unsigned_dir}shim%{efiarchlc}.hash ; then
--  echo Invalid signature\! > /dev/stderr
--  echo saved hash is $(cat %{unsigned_dir}shim%{efiarchlc}.hash) > /dev/stderr
--  echo shim%{efiarchlc}.efi hash is $(cat shim%{efiarchlc}.hash) > /dev/stderr
--  exit 1
-+
-+# if we already have a presigned EFI image, then do not do signing -- just
-+# use the presigned one.
-+if  [ -e %{unsigned_dir}%{srcbasename}-presigned.efi ]; then
-+        cp %{unsigned_dir}%{srcbasename}-presigned.efi %{srcbasename}.efi
-+        cp %{unsigned_dir}%{srcbasename}-presigned.efi shim%{efiarchlc}.efi
-+else
-+        cp %{shimsrc} shim%{efiarchlc}.efi
- fi
--cp %{shimsrc} shim%{efiarchlc}.efi
- %ifarch x86_64
--pesign -i %{shimsrcia32} -h -P > shimia32.hash
--if ! cmp shimia32.hash %{unsigned_dir_ia32}shimia32.hash ; then
--  echo Invalid signature\! > /dev/stderr
--  echo saved hash is $(cat %{unsigned_dir_ia32}shimia32.hash) > /dev/stderr
--  echo shimia32.efi hash is $(cat shimia32.hash) > /dev/stderr
--  exit 1
-+if  [ -e %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi ]; then
-+        cp %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi %{srcbasenameia32}.efi
-+else
-+	cp %{shimsrcia32} %{srcbasenameia32}.efi
- fi
--cp %{shimsrcia32} shimia32.efi
--%endif
--%endif
--%ifarch %{rh_signed_arches}
--%pesign -s -i %{unsigned_dir}shim%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} -o shim%{efiarchlc}-%{efidir}.efi
--%ifarch x86_64
--%pesign -s -i %{unsigned_dir_ia32}shimia32.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} -o shimia32-%{efidir}.efi
--%endif
--%endif
--%ifarch %{rh_signed_arches}
--%ifnarch %{ca_signed_arches}
--cp shim%{efiarchlc}-%{efidir}.efi shim%{efiarchlc}.efi
- %endif
- %endif
- 
--%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name}
--%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name}
-+if  [ -e %{unsigned_dir}mm%{efiarchlc}-presigned.efi ]; then
-+	cp %{unsigned_dir}mm%{efiarchlc}-presigned.efi mm%{efiarchlc}.efi
-+else
-+	%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name}
-+fi
-+if  [ -e %{unsigned_dir}fb%{efiarchlc}-presigned.efi ]; then
-+	cp %{unsigned_dir}fb%{efiarchlc}-presigned.efi fb%{efiarchlc}.efi
-+else
-+	%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name}
-+fi
- 
- %ifarch x86_64
- %pesign -s -i %{unsigned_dir_ia32}mmia32.efi -o mmia32.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name}
-@@ -196,7 +199,7 @@ make %{?_smp_mflags}
- rm -rf $RPM_BUILD_ROOT
- install -D -d -m 0700 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
- install -m 0700 shim%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi
--install -m 0700 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
-+#install -m 0700 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
- install -m 0700 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi
- install -m 0700 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/MokManager.efi
- install -m 0700 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV
-@@ -218,7 +221,7 @@ install -m 0700 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV
- 
- install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi
- install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi
--install -m 0700 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
-+#install -m 0700 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
- install -m 0700 mmia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mmia32.efi
- install -m 0700 %{bootsrcia32} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOTIA32.CSV
- 
-@@ -232,7 +235,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
- %files -n shim-%{efiarchlc}
- %defattr(0700,root,root,-)
- /boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi
--/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
-+#/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
- /boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi
- /boot/efi/EFI/%{efidir}/MokManager.efi
- /boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV
-@@ -247,7 +250,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
- %files -n shim-ia32
- %defattr(0700,root,root,-)
- /boot/efi/EFI/%{efidir}/shimia32.efi
--/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
-+#/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
- /boot/efi/EFI/%{efidir}/mmia32.efi
- /boot/efi/EFI/%{efidir}/BOOTIA32.CSV
- /boot/efi/EFI/BOOT/BOOTIA32.EFI
--- 
-1.8.3.1
-

security/shim-signed/centos/meta_patches/0003-Support-pxeboot-secure-boot.patch

@@ -1,43 +0,0 @@
-From e8566efa702a88c1efe15daaf52b3a00446f1d8c Mon Sep 17 00:00:00 2001
-From: Don Penney <don.penney@windriver.com>
-Date: Thu, 6 May 2021 13:42:27 -0400
-Subject: [PATCH] Support pxeboot secure boot
-
-In order to support secure boot with pxeboot, we need to package the
-shim.efi file in /pxeboot/EFI, accessible to tftp for the UEFI
-install. As well, please note that while /boot/efi/EFI/centos/shim.efi
-and other files provided by the shim-x64 package are only accessible
-to root, the file under /pxeboot must have broader permissions so that
-the dnsmasq-tftp daemon is able to serve it to the requesting host.
-Therefore, its file permissions are set to be readable to all.
-
-Signed-off-by: Don Penney <don.penney@windriver.com>
----
- SPECS/shim-signed.spec | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
-index 20cdc80..978818a 100755
---- a/SPECS/shim-signed.spec
-+++ b/SPECS/shim-signed.spec
-@@ -227,6 +227,9 @@ install -m 0700 %{bootsrcia32} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOTIA32.C
- 
- install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/BOOTIA32.EFI
- install -m 0700 fbia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/fbia32.efi
-+
-+# pxeboot support
-+install -D -p -m 0755 shimx64.efi $RPM_BUILD_ROOT/pxeboot/EFI/shim.efi
- %endif
- 
- cd mokutil-%{mokutil_version}
-@@ -243,6 +246,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
- /boot/efi/EFI/BOOT/fb%{efiarchlc}.efi
- /boot/efi/EFI/BOOT/fallback.efi
- /boot/efi/EFI/%{efidir}/shim.efi
-+%attr(755,root,root) /pxeboot/EFI/shim.efi
- 
- %ifarch x86_64
- /boot/efi/EFI/%{efidir}/BOOT.CSV
--- 
-2.29.2
-

security/shim-signed/centos/meta_patches/0004-relocate-pxeboot-to-var-pxeboot.patch

@@ -1,34 +0,0 @@
-From 7d276fc48d468cc257bcfc7e957c18e3035f2503 Mon Sep 17 00:00:00 2001
-From: Bin Qian <bin.qian@windriver.com>
-Date: Wed, 29 Sep 2021 20:17:18 -0400
-Subject: [PATCH] relocate /pxeboot to /var/pxeboot
-
----
- SPECS/shim-signed.spec | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
-index c085104..6dd7b95 100755
---- a/SPECS/shim-signed.spec
-+++ b/SPECS/shim-signed.spec
-@@ -229,7 +229,7 @@ install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/BOOTIA32.EFI
- install -m 0700 fbia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/fbia32.efi
- 
- # pxeboot support
--install -D -p -m 0755 shimx64.efi $RPM_BUILD_ROOT/pxeboot/EFI/shim.efi
-+install -D -p -m 0755 shimx64.efi $RPM_BUILD_ROOT/var/pxeboot/EFI/shim.efi
- %endif
- 
- cd mokutil-%{mokutil_version}
-@@ -246,7 +246,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
- /boot/efi/EFI/BOOT/fb%{efiarchlc}.efi
- /boot/efi/EFI/BOOT/fallback.efi
- /boot/efi/EFI/%{efidir}/shim.efi
--%attr(755,root,root) /pxeboot/EFI/shim.efi
-+%attr(755,root,root) /var/pxeboot/EFI/shim.efi
- 
- %ifarch x86_64
- /boot/efi/EFI/%{efidir}/BOOT.CSV
--- 
-2.29.2
-

security/shim-signed/centos/meta_patches/PATCH_ORDER

@@ -1,4 +0,0 @@
-0001-Titanium-release-info.patch
-0002-Use-presigned-binaries.patch
-0003-Support-pxeboot-secure-boot.patch
-0004-relocate-pxeboot-to-var-pxeboot.patch

security/shim-signed/centos/srpm_path

@@ -1 +0,0 @@
-mirror:Source/shim-signed-15-1.el7.centos.src.rpm

security/shim-unsigned/centos/build_srpm.data

@@ -1,2 +0,0 @@
-TIS_PATCH_VER=PKG_GITREVCOUNT
-COPY_LIST="$PKG_BASE/files/tis-shim.crt"

security/shim-unsigned/centos/meta_patches/0001-Ti-version-string.patch

@@ -1,27 +0,0 @@
-From fc1f1853e99c5afaae334b0c37296e34e9cf19fd Mon Sep 17 00:00:00 2001
-From: root <root@yow-cgts4-lx.wrs.com>
-Date: Mon, 15 Jan 2018 13:09:41 -0500
-Subject: [PATCH 1/2] Ti version string
-
----
- SPECS/shim.spec | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
- mode change 100755 => 100644 SPECS/shim.spec
-
-diff --git a/SPECS/shim.spec b/SPECS/shim.spec
-old mode 100755
-new mode 100644
-index afd533b..de216b6
---- a/SPECS/shim.spec
-+++ b/SPECS/shim.spec
-@@ -1,6 +1,6 @@
- Name:           shim
- Version:        15
--Release:        1%{?dist}
-+Release:        1.el7%{?_tis_dist}.%{tis_patch_ver}
- Summary:        First-stage UEFI bootloader
- 
- License:        BSD
--- 
-1.8.3.1
-

security/shim-unsigned/centos/meta_patches/0002-Add-Ti-certificate.patch

@@ -1,46 +0,0 @@
-From fb4da7f4d7d8e8565371ed236150de2e4bb47b95 Mon Sep 17 00:00:00 2001
-From: root <root@yow-cgts4-lx.wrs.com>
-Date: Mon, 15 Jan 2018 13:22:09 -0500
-Subject: [PATCH 2/2] Add Ti certificate
-
----
- SPECS/shim.spec | 4 ++++
- 1 file changed, 4 insertions(+)
- mode change 100644 => 100755 SPECS/shim.spec
-
-diff --git a/SPECS/shim.spec b/SPECS/shim.spec
-old mode 100644
-new mode 100755
-index de216b6..83da6cd
---- a/SPECS/shim.spec
-+++ b/SPECS/shim.spec
-@@ -12,8 +12,10 @@ Source0:        https://github.com/mjg59/shim/releases/download/%{version}/shim-
- #Source3:       dbx-aa64.esl
- Source4:        shim-find-debuginfo.sh
- Source5:	centos.esl
-+Source1000:     tis-shim.crt
- 
- Patch0:		0001-Add-vendor-esl.patch
-+Patch1000:	0001-Use-Titanium-certificate.patch
- 
- BuildRequires: git openssl-devel openssl
- BuildRequires: pesign >= 0.106-1
-@@ -104,6 +106,7 @@ git commit -a -q -m "%{version} baseline."
- git am --ignore-whitespace %{patches} </dev/null
- git config --unset user.email
- git config --unset user.name
-+cp %{SOURCE1000} .
- 
- %ifarch x86_64
- cd ..
-@@ -118,6 +121,7 @@ git commit -a -q -m "%{version} baseline."
- git am --ignore-whitespace %{patches} </dev/null
- git config --unset user.email
- git config --unset user.name
-+cp %{SOURCE1000} .
- %endif
- 
- %build
--- 
-1.8.3.1
-

security/shim-unsigned/centos/meta_patches/PATCH_ORDER

@@ -1,2 +0,0 @@
-0001-Ti-version-string.patch
-0002-Add-Ti-certificate.patch

security/shim-unsigned/centos/patches/0001-Use-Titanium-certificate.patch

@@ -1,108 +0,0 @@
-From 7fc985a350f9f7f5abbd19cef7a1947a3e33e5c8 Mon Sep 17 00:00:00 2001
-From: root <root@yow-cgts4-lx.wrs.com>
-Date: Mon, 15 Jan 2018 13:25:04 -0500
-Subject: [PATCH] Use Titanium certificate
-
-Signed-off-by: Scott Little <scott.little@windriver.com>
----
- Make.defaults |  6 ++++++
- Makefile      | 29 ++++++++++++++++-------------
- 2 files changed, 22 insertions(+), 13 deletions(-)
-
-diff --git a/Make.defaults b/Make.defaults
-index e11ab5a..d16510c 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -51,6 +51,12 @@ CLANG_BUGS	= $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,)
- 
- COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
- 
-+# We compile a certificate into shim.  Usually this is a one-time generated
-+# certificate (make-certs script) however we want to include a custom
-+# certificate for which we have the key.  We use the key to sign the kernel and
-+# grub down the road
-+INTERNAL_CERT = tis-shim
-+
- ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
- 	CFLAGS	+= -DOVERRIDE_SECURITY_POLICY
- endif
-diff --git a/Makefile b/Makefile
-index 115e7f0..f2b37fa 100644
---- a/Makefile
-+++ b/Makefile
-@@ -32,9 +32,10 @@ TARGETS	+= $(MMNAME).signed $(FBNAME).signed
- CFLAGS += -DENABLE_SHIM_CERT
- else
- TARGETS += $(MMNAME) $(FBNAME)
-+CFLAGS += -DENABLE_SHIM_CERT
- endif
- OBJS	= shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o
--KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
-+KEYS    = shim_cert.h ocsp.* ca.* $(INTERNAL_CERT).crt $(INTERNAL_CERT).csr $(INTERNAL_CERT).p12 $(INTERNAL_CERT).pem $(INTERNAL_CERT).key $(INTERNAL_CERT).cer
- ORIG_SOURCES	= shim.c mok.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h)
- MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
- ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
-@@ -52,14 +53,18 @@ FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source))
- 
- all: $(TARGETS)
- 
--shim.crt:
--	$(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
-+# certificate is now provided in source.  To generate a random certificate,
-+# uncomment this rule
-+#$(INTERNAL_CERT).crt:
-+#	$(TOPDIR)/make-certs $(INTERNAL_CERT) shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
- 
--shim.cer: shim.crt
-+$(INTERNAL_CERT).cer: $(INTERNAL_CERT).crt
- 	$(OPENSSL) x509 -outform der -in $< -out $@
- 
- .NOTPARALLEL: shim_cert.h
--shim_cert.h: shim.cer
-+# name "shim_cert.h" rather than "$(INTERNAL_CERT).h" used so C files can just
-+# use a fixed name for #include
-+shim_cert.h: $(INTERNAL_CERT).cer
- 	echo "static UINT8 shim_cert[] __attribute__((__unused__)) = {" > $@
- 	$(HEXDUMP) -v -e '1/1 "0x%02x, "' $< >> $@
- 	echo "};" >> $@
-@@ -70,15 +75,13 @@ version.c : $(TOPDIR)/version.c.in
- 		-e "s,@@COMMIT@@,$(COMMIT_ID)," \
- 		< $< > $@
- 
--certdb/secmod.db: shim.crt
-+certdb/secmod.db: $(INTERNAL_CERT).crt
- 	-mkdir certdb
--	$(PK12UTIL) -d certdb/ -i shim.p12 -W "" -K ""
--	$(CERTUTIL) -d certdb/ -A -i shim.crt -n shim -t u
-+	$(PK12UTIL) -d certdb/ -i $(INTERNAL_CERT).p12 -W "" -K ""
-+	$(CERTUTIL) -d certdb/ -A -i $(INTERNAL_CERT).crt -n shim -t u
- 
- shim.o: $(SOURCES)
--ifneq ($(origin ENABLE_SHIM_CERT),undefined)
- shim.o: shim_cert.h
--endif
- shim.o: $(wildcard $(TOPDIR)/*.h)
- 
- cert.o : $(TOPDIR)/cert.S
-@@ -213,8 +216,8 @@ endif
- 		$^ $@
- 
- ifneq ($(origin ENABLE_SBSIGN),undefined)
--%.efi.signed: %.efi shim.key shim.crt
--	$(SBSIGN) --key shim.key --cert shim.crt --output $@ $<
-+%.efi.signed: %.efi $(INTERNAL_CERT).key $(INTERNAL_CERT).crt
-+	$(SBSIGN) --key $(INTERNAL_CERT).key --cert $(INTERNAL_CERT).crt --output $@ $<
- else
- %.efi.signed: %.efi certdb/secmod.db
- 	$(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f
-@@ -258,6 +261,6 @@ archive: tag
- 	@rm -rf /tmp/shim-$(VERSION)
- 	@echo "The archive is in shim-$(VERSION).tar.bz2"
- 
--.PHONY : install-deps shim.key
-+.PHONY : install-deps $(INTERNAL_CERT).key
- 
- export ARCH CC LD OBJCOPY EFI_INCLUDE
--- 
-1.8.3.1
-

security/shim-unsigned/centos/srpm_path

@@ -1 +0,0 @@
-mirror:Source/shim-15-1.el7.centos.src.rpm

security/spectre-meltdown-checker/centos/build_srpm.data

@@ -1,2 +0,0 @@
-COPY_LIST="$CGCS_BASE/downloads/spectre-meltdown-checker-0.37+-5cc77741.tar.gz"
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/spectre-meltdown-checker/centos/spectre-meltdown-checker.spec

@@ -1,35 +0,0 @@
-Name: spectre-meltdown-checker
-Version: 0.37+
-Release: %{tis_patch_ver}%{?_tis_dist}
-Summary: Checker script for spectre/meltdown
-
-Group: base
-License: GPLv3
-URL: https://github.com/speed47/spectre-meltdown-checker.git
-Source0: spectre-meltdown-checker-0.37+-5cc77741.tar.gz
-
-BuildArch: noarch
-Requires: bash
-
-%description
-Script to check whether kernel is susceptible to spectre/meltdown vulnerabilities.
-
-
-%prep
-tar xf %{SOURCE0}
-
-%build
-
-
-%install
-install -d -m 755 %{buildroot}/usr/sbin/
-install -m 744 spectre-meltdown-checker/spectre-meltdown-checker.sh %{buildroot}/usr/sbin/spectre-meltdown-checker.sh
-
-
-%files
-%license %{name}/LICENSE
-/usr/sbin/*
-
-
-%changelog
-

security/swtpm/centos/build_srpm.data

@@ -1,2 +0,0 @@
-COPY_LIST="$PKG_BASE/files/* $CGCS_BASE/downloads/swtpm-0.1.0-253eac5.tar.gz"
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/swtpm/centos/swtpm.spec

@@ -1,212 +0,0 @@
-# --- swtpm rpm-spec ---
-
-%define name      swtpm
-%define version   0.1.0
-#STX
-#%define release   1
-%define release   2%{?_tis_dist}.%{tis_patch_ver}
-
-# Valid crypto subsystems are 'freebl' and 'openssl'
-#STX
-#%if "%{crypto_subsystem}" == ""
-%define crypto_subsystem openssl
-#%endif
-
-Summary: TPM Emulator
-Name:           %{name}
-Version:        %{version}
-#STX
-#Release:        %{release}.dev2%{?dist}
-Release:        %{release}
-License:        BSD
-Group:          Applications/Emulators
-Source:         %{name}-%{version}-253eac5.tar.gz
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root
-
-#STX
-Source1: setup_vtpm
-
-
-# due to gnutls backlevel API:
-%if 0%{?rhel} >= 7 || 0%{?fedora} >= 19
-    %define with_gnutls    1
-%else
-    %define with_gnutls    0
-%endif
-
-BuildRequires:  automake autoconf bash coreutils libtool sed
-BuildRequires:  libtpms-devel >= 0.6.0 fuse-devel glib2-devel gmp-devel
-BuildRequires:  expect bash net-tools nss-devel socat python-twisted
-%if %{with_gnutls}
-BuildRequires:  gnutls >= 3.1.0 gnutls-devel gnutls-utils
-BuildRequires:  libtasn1-devel libtasn1
-%if 0%{?fedora}
-BuildRequires:  libtasn1-tools
-%endif
-%endif
-%if 0%{?fedora} > 16
-BuildRequires:  kernel-modules-extra
-%endif
-
-#STX
-BuildRequires:  openssl-devel
-Requires: openssl
-
-#STX
-Requires: seabios-bin >= 1.10.2-3
-
-Requires:       fuse expect libtpms >= 0.6.0
-%if 0%{?fedora} > 16
-Requires:       kernel-modules-extra
-%endif
-
-%description
-TPM emulator built on libtpms providing TPM functionality for QEMU VMs
-
-%package        libs
-Summary:        Common libraries for TPM emulators
-Group:          System Environment/Libraries
-License:        BSD
-
-%description    libs
-A library with callback functions for libtpms based TPM emulator
-
-%package        cuse
-Summary:        TPM emulator with CUSE interface
-Group:          Applications/Emulators
-License:        BSD
-BuildRequires:  selinux-policy-devel
-
-%description    cuse
-TPM Emulator with CUSE interface
-
-%package        devel
-Summary:        Include files for the TPM emulator's CUSE interface for usage by clients
-Group:          Development/Libraries
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-
-%description    devel
-Include files for the TPM emulator's CUSE interface.
-
-%package        tools
-Summary:        Tools for the TPM emulator
-License:        BSD
-Group:          Applications/Emulators
-Requires:       swtpm fuse
-#STX
-#Requires:       trousers >= 0.3.9 tpm-tools >= 1.3.8-6 expect bash net-tools gnutls-utils
-Requires:       trousers >= 0.3.9 expect bash net-tools gnutls-utils
-
-%description    tools
-Tools for the TPM emulator from the swtpm package
-
-%files
-%defattr(-,root,root,-)
-%attr( 755, root, root) %{_bindir}/swtpm
-%{_mandir}/man8/swtpm.8*
-
-#STX
-/etc/libvirt/setup_vtpm
-
-
-%files cuse
-%defattr(-,root,root,-)
-%attr( 755, root, root) %{_bindir}/swtpm_cuse
-%{_mandir}/man8/swtpm_cuse.8*
-%attr( 755, root, root) %{_datadir}/swtpm/*.pp
-
-%files libs
-%{_libdir}/libswtpm_libtpms.so.*
-
-%files devel
-%defattr(-, root, root, -)
-%{_libdir}/libswtpm_libtpms.so
-
-%dir %{_includedir}/%{name}
-%attr(644, root, root) %{_includedir}/%{name}/*.h
-%{_mandir}/man3/swtpm_ioctls.3*
-
-%files tools
-%defattr(-,root,root,-)
-%attr( 755, root, root) %{_bindir}/swtpm_bios
-%if %{with_gnutls}
-%attr( 755, root, root) %{_bindir}/swtpm_cert
-%endif
-%attr( 755, root, root) %{_bindir}/swtpm_setup
-%attr( 755, tss , tss)  %{_bindir}/swtpm_setup.sh
-%attr( 755, root, root) %{_bindir}/swtpm_ioctl
-%{_mandir}/man8/swtpm_bios.8*
-%{_mandir}/man8/swtpm_cert.8*
-%{_mandir}/man8/swtpm_ioctl.8*
-%{_mandir}/man8/swtpm-localca.conf.8*
-%{_mandir}/man8/swtpm-localca.options.8*
-%{_mandir}/man8/swtpm-localca.8*
-%{_mandir}/man8/swtpm_setup.8*
-%{_mandir}/man8/swtpm_setup.conf.8*
-%{_mandir}/man8/swtpm_setup.sh.8*
-%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
-%config(noreplace) %{_sysconfdir}/swtpm-localca.options
-%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
-%attr( 755, root, root) %{_datadir}/swtpm/swtpm-localca
-%attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca
-
-
-%prep
-%setup -q
-
-%build
-
-#STX
-./bootstrap.sh
-%configure \
-        --prefix=/usr \
-%if %{with_gnutls}
-        --with-gnutls \
-%endif
-%if "%{crypto_subsystem}" == "openssl"
-        --with-openssl \
-%endif
-        TPM_NVDEFINE=/bin/true
-
-make %{?_smp_mflags}
-
-%check
-make %{?_smp_mflags} check
-
-%install
-
-make %{?_smp_mflags} install DESTDIR=${RPM_BUILD_ROOT}
-rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.a ${RPM_BUILD_ROOT}%{_libdir}/*.la
-
-#STX
-mkdir -p $RPM_BUILD_ROOT/etc/libvirt
-
-install -m 0500 %{SOURCE1} $RPM_BUILD_ROOT/etc/libvirt/setup_vtpm
-
-# STX: Don't set (or remove on uninstall): SELINUX Policy and contexts
-#%post cuse
-#if [ -n "$(type -p semodule)" ]; then
-#  for pp in /usr/share/swtpm/*.pp ; do
-#    echo "Activating SELinux policy $pp"
-#    semodule -i $pp
-#  done
-#fi
-
-#if [ -n "$(type -p restorecon)" ]; then
-#  restorecon /usr/bin/swtpm_cuse
-#fi
-
-#%postun cuse
-#if [ $1 -eq  0 ]; then
-#  if [ -n "$(type -p semodule)" ]; then
-#    for p in swtpmcuse_svirt swtpmcuse ; do
-#      echo "Removing SELinux policy $p"
-#      semodule -r $p
-#    done
-#  fi
-#fi
-
-%post libs -p /sbin/ldconfig
-%postun libs -p /sbin/ldconfig
-
-%changelog

security/tboot/centos/build_srpm.data

@@ -1 +0,0 @@
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch

@@ -1,32 +0,0 @@
-From f7ac0c586ee46b67c7b5a541ee823f459e19c5c6 Mon Sep 17 00:00:00 2001
-From: Bin Qian <bin.qian@windriver.com>
-Date: Mon, 27 Nov 2017 08:35:10 -0500
-Subject: [PATCH 1/1] WRS: 8000-TiS-tboot.patch
-
----
- SPECS/tboot.spec | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
-index 2f6f0a8..c2d5eb7 100644
---- a/SPECS/tboot.spec
-+++ b/SPECS/tboot.spec
-@@ -1,13 +1,14 @@
- Summary:        Performs a verified launch using Intel TXT
- Name:           tboot
- Version:        1.9.6
--Release:        3%{?dist}
-+Release:        3.el7%{?_tis_dist}.%{tis_patch_ver}
- Epoch:          1
- 
- Group:          System Environment/Base
- License:        BSD
- URL:            http://sourceforge.net/projects/tboot/
- Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
-+
- BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
- 
- Patch01: ../patches/0001-Fix-a-logical-error-in-function-bool-evtlog_append.patch
--- 
-2.7.4
-

security/tboot/centos/meta_patches/0002-TiS-tboot.patch

@@ -1,32 +0,0 @@
-From 16a82ea84332a117c4524caaa4209b912e18e888 Mon Sep 17 00:00:00 2001
-From: Bin Qian <bin.qian@windriver.com>
-Date: Wed, 6 Dec 2017 08:47:12 -0500
-Subject: [PATCH 1/1] TiS tboot
-
----
- SPECS/tboot.spec | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
-index c2d5eb7..f04dd17 100644
---- a/SPECS/tboot.spec
-+++ b/SPECS/tboot.spec
-@@ -27,6 +27,7 @@ Patch13: ../patches/0013-Add-centos7-instructions-for-Use-in-EFI-boot-mode.patch
- Patch14: ../patches/0014-Ensure-tboot-log-is-available-even-when-measured-lau.patch
- Patch15: ../patches/0015-Add-support-for-appending-to-a-TPM2-TCG-style-event-.patch
- Patch16: ../patches/0016-Add-an-option-in-tboot-to-force-SINIT-to-use-the-leg.patch
-+Patch999: ../patches/1000-tboot-for-tis.patch
- 
- BuildRequires:  trousers-devel
- BuildRequires:  openssl-devel
-@@ -56,6 +57,7 @@ and verified launch of an OS kernel/VMM.
- %patch14 -p1 -b .0014
- %patch15 -p1 -b .0015
- %patch16 -p1 -b .0016
-+%patch999 -p1
- 
- %build
- CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
--- 
-2.7.4
-

security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch

@@ -1,53 +0,0 @@
-From 15d8e3a327bc4ee96845163f962837cfcb4699bb Mon Sep 17 00:00:00 2001
-From: Kam Nasim <kam.nasim@windriver.com>
-Date: Tue, 6 Feb 2018 15:25:00 -0500
-Subject: [PATCH] CGTS-8849: Security: Set immutable attribute and permissions
-
----
- SPECS/tboot.spec | 16 ++++++++++++++--
- 1 file changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
-index f04dd17..1673095 100644
---- a/SPECS/tboot.spec
-+++ b/SPECS/tboot.spec
-@@ -75,6 +75,13 @@ if [ -e "/sys/firmware/efi" ]; then
- 	exit 0;
- fi
- 
-+# On updating this package, we want to clear the immutable
-+# attribute so that the module files can get overwritten
-+if [ $1 -gt 1 ]; then
-+    chattr -i /boot/tboot.gz /boot/tboot-syms
-+fi
-+exit 0
-+
- %install
- rm -rf $RPM_BUILD_ROOT
- make debug=y DISTDIR=$RPM_BUILD_ROOT install
-@@ -82,6 +89,11 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
- %clean
- rm -rf $RPM_BUILD_ROOT
- 
-+%post
-+# Set immutable attribute on tboot modules
-+chattr +i /boot/tboot.gz /boot/tboot-syms
-+exit 0
-+
- %files
- %defattr(-,root,root,-)
- %doc README COPYING docs/* lcptools/lcptools2.txt lcptools/Linux_LCP_Tools_User_Manual.pdf
-@@ -118,8 +130,8 @@ rm -rf $RPM_BUILD_ROOT
- %{_mandir}/man8/lcp_writepol.8.gz
- %{_mandir}/man8/tb_polgen.8.gz
- %{_mandir}/man8/txt-stat.8.gz
--/boot/tboot.gz
--/boot/tboot-syms
-+%attr(0400,root,root) /boot/tboot.gz
-+%attr(0400,root,root) /boot/tboot-syms
- 
- %changelog
- * Mon Jul 16 2018 Tony Camuso <tcamuso@redhat.com> - 1:1.9.6-3
--- 
-2.7.4
-

security/tboot/centos/meta_patches/PATCH_ORDER

@@ -1,3 +0,0 @@
-0001-tboot-Update-package-versioning-for-TIS-format.patch
-0002-TiS-tboot.patch
-0003-security-set-immutable-attribute.patch

security/tboot/centos/patches/1000-tboot-for-tis.patch

@@ -1,188 +0,0 @@
-From c2edea1ff347242a70075808652fa1ad4c86037a Mon Sep 17 00:00:00 2001
-From: Bin Qian <bin.qian@windriver.com>
-Date: Mon, 27 Nov 2017 08:35:11 -0500
-Subject: [PATCH 1/1] WRS: Patch1: 9000-tboot-for-tis.patch
-
----
- tboot/20_linux_tboot     | 21 ++++++++++++---------
- tboot/20_linux_xen_tboot |  2 +-
- tboot/common/policy.c    | 16 +++++++++++-----
- tboot/common/tpm_20.c    |  7 ++++---
- 4 files changed, 28 insertions(+), 18 deletions(-)
-
-diff --git a/tboot/20_linux_tboot b/tboot/20_linux_tboot
-index 816d50a..eed512d 100644
---- a/tboot/20_linux_tboot
-+++ b/tboot/20_linux_tboot
-@@ -22,6 +22,13 @@ exec_prefix=${prefix}
- bindir=${exec_prefix}/bin
- libdir=${exec_prefix}/lib
- sysconfdir=/etc
-+
-+
-+tboot=`cat /proc/cmdline | xargs -n1 | grep '^tboot=true$'` || true
-+if [ -z "$tboot"  ]; then
-+  exit 0
-+fi
-+
- if test -e /usr/share/grub/grub-mkconfig_lib; then
-   . /usr/share/grub/grub-mkconfig_lib
- elif test -e ${libdir}/grub/grub-mkconfig_lib; then
-@@ -40,7 +47,7 @@ fi
- [ -z "${GRUB_CMDLINE_LINUX_TBOOT}" ] && unset GRUB_CMDLINE_LINUX_TBOOT
- [ -z "${GRUB_TBOOT_POLICY_DATA}" ] && unset GRUB_TBOOT_POLICY_DATA
- # Command line for tboot itself
--: ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
-+: ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga extpol=sha256'}
- # Linux kernel parameters to append for tboot
- : ${GRUB_CMDLINE_LINUX_TBOOT='intel_iommu=on'}
- # Base name of LCP policy data file for list policy
-@@ -69,10 +76,8 @@ export TEXTDOMAINDIR=${prefix}/share/locale
- 
- CLASS="--class gnu-linux --class gnu --class os --class tboot"
- 
--if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
--  OS=GNU/Linux
--else
--  OS="${GRUB_DISTRIBUTOR} GNU/Linux"
-+OS="CentOS GNU/Linux"
-+if [ -n "${GRUB_DISTRIBUTOR}" ] ; then
-   CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr '[A-Z]' '[a-z]' | cut -d' ' -f1) ${CLASS}"
- fi
- 
-@@ -109,9 +114,9 @@ linux_entry ()
-   iommu_args="$7"
-   
-   if ${recovery} ; then
--    title="$(gettext_quoted "%s, with tboot %s and Linux %s (recovery mode)")"
-+    title="$(gettext_quoted "%s, w/ tboot %s & Linux %s (recovery mode)")"
-   else
--    title="$(gettext_quoted "%s, with tboot %s and Linux %s")"
-+    title="$(gettext_quoted "%s, w/ tboot %s & Linux %s")"
-   fi
- 
-   if [ -d /sys/firmware/efi ] ; then
-@@ -202,7 +207,6 @@ while [ "x${tboot_list}" != "x" ] && [ "x$linux_list" != "x" ] ; do
-     rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
- #    tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"`
-     tboot_version="1.9.6"
--    echo "submenu \"tboot ${tboot_version}\" {"
-     while [ "x$list" != "x" ] ; do
- 	linux=`version_find_latest $list`
- 	echo "Found linux image: $linux" >&2
-@@ -243,6 +247,5 @@ while [ "x${tboot_list}" != "x" ] && [ "x$linux_list" != "x" ] ; do
- 
- 	list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
-     done
--    echo "}"
-     tboot_list=`echo $tboot_list | tr ' ' '\n' | grep -vx $current_tboot | tr '\n' ' '`
- done
-diff --git a/tboot/20_linux_xen_tboot b/tboot/20_linux_xen_tboot
-index a113a3c..b1e4b09 100644
---- a/tboot/20_linux_xen_tboot
-+++ b/tboot/20_linux_xen_tboot
-@@ -41,7 +41,7 @@ fi
- [ -z "${GRUB_CMDLINE_LINUX_XEN_TBOOT}" ] && unset GRUB_CMDLINE_LINUX_XEN_TBOOT
- [ -z "${GRUB_TBOOT_POLICY_DATA}" ] && unset GRUB_TBOOT_POLICY_DATA
- # Command line for tboot itself
--: ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
-+: ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga extpol=sha256'}
- # Xen parameters to append for tboot
- : ${GRUB_CMDLINE_XEN_TBOOT=''}
- # Linux kernel parameters to append for tboot + Xen
-diff --git a/tboot/common/policy.c b/tboot/common/policy.c
-index 9678b7c..5a16d81 100644
---- a/tboot/common/policy.c
-+++ b/tboot/common/policy.c
-@@ -353,6 +353,7 @@ tb_error_t set_policy(void)
-      * type is LCP_POLTYPE_LIST (since we could have been give a policy data
-      * file even though the policy was not a LIST */
-     printk(TBOOT_INFO"reading Launch Control Policy from TPM NV...\n");
-+
-     if ( read_policy_from_tpm(tpm->lcp_own_index,
-              _policy_index_buf, &policy_index_size) ) {
-         printk(TBOOT_DETA"\t:%lu bytes read\n", policy_index_size);
-@@ -412,6 +413,7 @@ bool hash_policy(tb_hash_t *hash, uint16_t hash_alg)
- 
- /* generate hash by hashing cmdline and module image */
- static bool hash_module(hash_list_t *hl,
-+                        u16 cur_alg,
-                         const char* cmdline, void *base,
-                         size_t size)
- {
-@@ -423,6 +425,7 @@ static bool hash_module(hash_list_t *hl,
-         return false;
-     }
- 
-+    printk(TBOOT_INFO"Using hash algorithm %d\n", cur_alg);
-     /* final hash is SHA-1( SHA-1(cmdline) | SHA-1(image) ) */
-     /* where cmdline is first stripped of leading spaces, file name, then */
-     /* any spaces until the next non-space char */
-@@ -437,16 +440,17 @@ static bool hash_module(hash_list_t *hl,
-     switch (tpm->extpol) {
-     case TB_EXTPOL_FIXED: 
-         hl->count = 1;
--        hl->entries[0].alg = tpm->cur_alg;
-+        // hl->entries[0].alg = tpm->cur_alg;
-+        hl->entries[0].alg = cur_alg;
- 
-         if ( !hash_buffer((const unsigned char *)cmdline, strlen(cmdline),
--                    &hl->entries[0].hash, tpm->cur_alg) )
-+                    &hl->entries[0].hash, cur_alg) )
-             return false;
-         /* hash image and extend into cmdline hash */
-         tb_hash_t img_hash;
--        if ( !hash_buffer(base, size, &img_hash, tpm->cur_alg) )
-+        if ( !hash_buffer(base, size, &img_hash, cur_alg) )
-             return false;
--        if ( !extend_hash(&hl->entries[0].hash, &img_hash, tpm->cur_alg) )
-+        if ( !extend_hash(&hl->entries[0].hash, &img_hash, cur_alg) )
-             return false;
- 
-         break;
-@@ -643,7 +647,7 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry,
-     }
- 
-     hash_list_t hl;
--    if ( !hash_module(&hl, cmdline, base, size) ) {
-+    if ( !hash_module(&hl, hash_alg, cmdline, base, size) ) {
-         printk(TBOOT_ERR"\t hash cannot be generated.\n");
-         return TB_ERR_MODULE_VERIFICATION_FAILED;
-     }
-@@ -667,6 +671,8 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry,
-     if ( pol_entry != NULL &&
-          !is_hash_in_policy_entry(pol_entry, &hl.entries[0].hash, hash_alg) ) {
-         printk(TBOOT_ERR"\t verification failed\n");
-+        print_hash(&hl.entries[0].hash, hash_alg);
-+        print_hash(&pol_entry->hashes[0], hash_alg);
-         return TB_ERR_MODULE_VERIFICATION_FAILED;
-     }
- 
-diff --git a/tboot/common/tpm_20.c b/tboot/common/tpm_20.c
-index b9b67c9..b7c5d62 100644
---- a/tboot/common/tpm_20.c
-+++ b/tboot/common/tpm_20.c
-@@ -2096,7 +2096,7 @@ static bool tpm20_nv_read(struct tpm_if *ti, uint32_t locality,
- 
-     ret = _tpm20_nv_read(locality, &read_in, &read_out);
-     if ( ret != TPM_RC_SUCCESS ) {
--        printk(TBOOT_WARN"TPM: read NV index %08x from offset %08x, return value = %08X\n",
-+        printk(TBOOT_WARN"TPM 2.0: read NV index %08x from offset %08x, return value = %08X\n",
-                 index, offset, ret);
-         ti->error = ret;
-         return false;
-@@ -2504,8 +2504,9 @@ static bool tpm20_init(struct tpm_if *ti)
-     get_tboot_extpol();
-     if (info_list->capabilities.tpm_nv_index_set == 0){
-         /* init NV index */
--        ti->tb_policy_index = 0x1200001;
--        ti->lcp_own_index = 0x1400001;
-+        ti->tb_policy_index = 0x1800001;
-+        // ti->lcp_own_index = 0x1400001;
-+        ti->lcp_own_index = 0x1c10131;
-         ti->tb_err_index = 0x1200002;
-         ti->sgx_svn_index = 0x01800004;
-     }
--- 
-2.7.4
-

security/tboot/centos/srpm_path

@@ -1 +0,0 @@
-mirror:Source/tboot-1.9.6-3.el7.src.rpm

security/tpm2-tools/centos/build_srpm.data

@@ -1,2 +0,0 @@
-#COPY_LIST="tpm2-tools/*"
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/tpm2-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch

@@ -1,25 +0,0 @@
-From 63375de22771a9384eb9c4a90abc8ee2143a7721 Mon Sep 17 00:00:00 2001
-From: Scott Little <scott.little@windriver.com>
-Date: Mon, 2 Oct 2017 17:30:57 -0400
-Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
-
-
----
- SPECS/tpm2-tools.spec | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec
-index 935580d..12aa6a0 100644
---- a/SPECS/tpm2-tools.spec
-+++ b/SPECS/tpm2-tools.spec
-@@ -1,6 +1,6 @@
- Name: tpm2-tools
- Version: 3.0.4
--Release: 2%{?dist}
-+Release: 2.el7%{?_tis_dist}.%{tis_patch_ver}
- Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
- 
- License: BSD
--- 
-2.7.4
-

security/tpm2-tools/centos/meta_patches/PATCH_ORDER

@@ -1,2 +0,0 @@
-disable-socket-mode-TCTI.patch
-0001-Update-package-versioning-for-TIS-format.patch

security/tpm2-tools/centos/meta_patches/disable-socket-mode-TCTI.patch

@@ -1,25 +0,0 @@
-From e54d19f53dcd78d0aaceb30d1fb89eebefc1c066 Mon Sep 17 00:00:00 2001
-From: Scott Little <scott.little@windriver.com>
-Date: Mon, 2 Oct 2017 17:30:56 -0400
-Subject: [PATCH 1/2] WRS: disable-socket-mode-TCTI.patch
-
----
- SPECS/tpm2-tools.spec | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec
-index 308ecfa..935580d 100644
---- a/SPECS/tpm2-tools.spec
-+++ b/SPECS/tpm2-tools.spec
-@@ -43,7 +43,7 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
- ./bootstrap
- 
- %build
--%configure --prefix=/usr --disable-static --disable-silent-rules
-+%configure --prefix=/usr --disable-static --disable-silent-rules --without-tcti-socket
- %make_build
- 
- %install
--- 
-2.7.4
-

security/tpm2-tools/centos/srpm_path

@@ -1 +0,0 @@
-mirror:Source/tpm2-tools-3.0.4-2.el7.src.rpm

security/tss2/centos/build_srpm.data

@@ -1,2 +0,0 @@
-COPY_LIST="$CGCS_BASE/downloads/tss2-930.tar.gz"
-TIS_PATCH_VER=PKG_GITREVCOUNT

security/tss2/centos/tss2.spec

@@ -1,81 +0,0 @@
-#
-# Spec file for IBM's TSS for the TPM 2.0
-#
-%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
-
-Name:		tss2
-Version:	930
-Release:	1%{?_tis_dist}.%{tis_patch_ver}
-Summary:	IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
-
-Group:		Applications/System	
-License:	BSD
-Source0:	%{name}-%{version}.tar.gz
-
-# tss2 does not work on Big Endian arch yet
-ExcludeArch:	ppc64 s390x
-BuildRequires:	openssl-devel
-Requires:	openssl
-
-%description
-TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for
-TPM 2.0.  It implements the functionality equivalent to the TCG TSS
-working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with
-a hopefully far simpler interface.
-
-It comes with about 80 "TPM tools" that can be used for rapid prototyping,
-education and debugging. 
-
-%package devel
-Summary:	Development libraries and headers for IBM's TSS 2.0
-Group:		Development/Libraries
-Requires:	%{name}%{?_isa} = %{version}-%{release}
-
-%description devel
-Development libraries and headers for IBM's TSS 2.0. You will need this in
-order to build TSS 2.0 applications.
-
-%prep
-%setup -q -c %{name}-%{version}
-
-%build
-# nonstandard variable names are used in place of CFLAGS and LDFLAGS
-pushd %{name}-%{version}/utils
-CCFLAGS="%{optflags}" \
-LNFLAGS="%{__global_ldflags}" \
-make %{?_smp_mflags} 
-popd
-
-%install
-# Prefix for namespacing
-BIN_PREFIX=tss2_
-mkdir -p %{buildroot}/%{_bindir}
-mkdir -p %{buildroot}/%{_libdir}
-mkdir -p %{buildroot}/%{_includedir}/%{name}/
-pushd %{name}-%{version}/utils
-# Pick out executables and copy with namespacing
-for f in *; do
-	if [[ -x $f && -f $f && ! $f =~ .*\..* ]]; then
-		cp -p $f %{buildroot}/%{_bindir}/${BIN_PREFIX}$f
-	fi;
-done
-cp -p *.so %{buildroot}/%{_libdir}
-cp -p %{name}/*.h %{buildroot}/%{_includedir}/%{name}/
-popd
-
-%post -p /sbin/ldconfig 
-%postun -p /sbin/ldconfig
-
-%files
-%license %{name}-%{version}/LICENSE
-%{_bindir}/tss2*
-%{_libdir}/libtss.so*
-
-%files devel
-%{_includedir}/%{name}
-%{_libdir}/libtss.so
-#%doc ibmtss.doc
-
-%changelog
-* Thu Feb 16 2017 Kam Nasim <kam.nasim@windriver.com>  - 930-1
-- initial RPM for tss v930 tarball (released: 2017-01-27)