tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
151 stars 100 forks source link

Discrepancies between Fedora package and built library #162

Closed dnoliver closed 4 years ago

dnoliver commented 4 years ago

Hello!

As today, there is a tpm2-tss-engine package available for Fedora Rawhide (soon to be 32) https://src.fedoraproject.org/rpms/tpm2-tss-engine.

I tested the package, and was able to get the basic workflow working, creating keys with tpms_tools and generating a CSR with openssl (https://gist.github.com/dnoliver/04364e72d8b81368f72ad4e6896f688d#file-enrollment-sh-L121)

The problem I found is that, in the installed package, the engine is installed as libtpm2tss, instead of tpm2tss, that is provided when you compile the package.

The information on how this package was created is here https://bugzilla.redhat.com/show_bug.cgi?id=1773855. The impact is that, the documentation provided by this repo is not accurate.

The SPEC file is here https://src.fedoraproject.org/rpms/tpm2-tss-engine/blob/master/f/tpm2-tss-engine.spec

Functionality is not impacted as far as I know.

Is this an rpm package creation error, or the make install command is doing something special?

diabonas commented 4 years ago

OpenSSL 1.1 changed the file name it looks for for when trying to load the engine name from libname.so to just name.so, see https://github.com/openssl/openssl/commit/9ee0ed3de66678a15db126d10b3e4226e835b8f5. For this reason, tpm2-tss-engine creates a symlink from libtpm2tss.so to tpm2tss.so during installation so that the given example code works with OpenSSL 1.0 and OpenSSL 1.1. It seems like a packaging error if the Fedora package does not create this symlink as well.

dnoliver commented 4 years ago

Make sense! and seems like a easy fix. Will post the request in RedHat Bugzilla

dnoliver commented 4 years ago

https://bugzilla.redhat.com/show_bug.cgi?id=1808136

AndreasFuchsTPM commented 4 years ago

@diabonas explained it already. Please notify when fixed downstream. I'll keep this open until then so people with the same issue find a hint here.

AndreasFuchsTPM commented 4 years ago

@dnoliver I think I found the issue in the spec file https://copr-be.cloud.fedoraproject.org/results/mzavalavz/tpm2-tss-engine/fedora-31-x86_64/01138511-tpm2-tss-engine/tpm2-tss-engine.spec

tpm2tss.so is listed under %files devel for the devel package instead of the main package. Hope this helps.

zavalamathias commented 4 years ago

Hello! I'm the maintainer of the tpm2-tss-engine package for fedora, I've already updated the spec file, so this should be fixed by now

AndreasFuchsTPM commented 4 years ago

Thanks !