Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tpm2-pkcs11: 1.1.0 -> 1.2.0 #84030

Merged
merged 1 commit into from Apr 2, 2020
Merged

tpm2-pkcs11: 1.1.0 -> 1.2.0 #84030

merged 1 commit into from Apr 2, 2020

Conversation

r-ryantm
Copy link
Contributor

@r-ryantm r-ryantm commented Apr 1, 2020

Semi-automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/tpm2-software/tpm2-pkcs11/releases.

meta.description for tpm2-pkcs11 is: "A PKCS#11 interface for TPM2 hardware"

meta.homepage for tpm2-pkcs11 is: "https://github.com/tpm2-software/tpm2-pkcs11"

Updates performed:

  • Version update

Release on GitHub

Compare changes on GitHub

Checks done (click to expand)
Rebuild report (if merged into master) (click to expand)

3 total rebuild path(s)

1 package rebuild(s)

1 x86_64-linux rebuild(s)
1 i686-linux rebuild(s)
0 x86_64-darwin rebuild(s)
1 aarch64-linux rebuild(s)

First fifty rebuilds by attrpath
tpm2-pkcs11

Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/c3zl1l992jva0mpav5a9bs0p5sn8a1g9-tpm2-pkcs11-1.2.0 \
  --option binary-caches 'https://cache.nixos.org/ https://r-ryantm.cachix.org/' \
  --option trusted-public-keys '
  r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(r-ryantm's Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A tpm2-pkcs11 https://github.com/r-ryantm/nixpkgs/archive/1f6368792d0fccf2df3a518a0acfba1c527b3e86.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/c3zl1l992jva0mpav5a9bs0p5sn8a1g9-tpm2-pkcs11-1.2.0
ls -la /nix/store/c3zl1l992jva0mpav5a9bs0p5sn8a1g9-tpm2-pkcs11-1.2.0/bin

cc @lschuermann for testing.

@ofborg ofborg bot requested a review from lschuermann April 1, 2020 20:39
lschuermann
lschuermann suggested changes Apr 2, 2020
View reviewed changes
Copy link
Member

@lschuermann lschuermann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do not merge yet, I'll test whether this has breaking changes especially regarding database layout.

I promise I'll be faster than #82241.

jollheef
jollheef approved these changes Apr 2, 2020
View reviewed changes
Copy link
Member

@jollheef jollheef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Tested on NixOS.

// tpm_tis STM7304:00: 2.0 TPM (device-id 0x0, rev-id 78)

lschuermann
lschuermann approved these changes Apr 2, 2020
View reviewed changes
Copy link
Member

@lschuermann lschuermann left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Compiled and tested on NixOS, my ECC keypair works fine using the shared library with SSH and the database doesn't get corrupted. tpm2_ptool works too.

This is not a guarantee that it doesn't corrupt databases, but that can always happen. Making backup's is the user's responsibility.

Seeing as the release notes for this version don't specify anything out of the ordinary, this has my go.

Tagging merger of previous update PR @marsam.

@lschuermann
Copy link
Member

@jollheef Out of curiosity, are you using this and the tpm2 NixOS module? I should really finish my blogpost on this 😒.

@jollheef
Copy link
Member

jollheef commented Apr 2, 2020

@jollheef Out of curiosity, are you using this and the tpm2 NixOS module? I should really finish my blogpost on this .

I've not used this before, so I've tested it on an empty TPM.

@marsam marsam merged commit be85148 into NixOS:master Apr 2, 2020
@r-ryantm r-ryantm deleted the auto-update/tpm2-pkcs11 branch April 2, 2020 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jollheef jollheef jollheef approved these changes

@lschuermann lschuermann lschuermann approved these changes

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@r-ryantm @lschuermann @jollheef @marsam