third_party: add boringssl, libtpms, swtpm
This isn't yet used, but will soon be used as the main swtpm
implementation (instead of whatever is provided by the ambient
environment and/or sandbox).
Change-Id: I8c8cc7fd7841f10e14d6390595805a8b905d4f4e
Reviewed-on: https://review.monogon.dev/c/monogon/+/3127
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/third_party/swtpm/patches/0004-bazel-support-implement.patch b/third_party/swtpm/patches/0004-bazel-support-implement.patch
new file mode 100644
index 0000000..15245c6
--- /dev/null
+++ b/third_party/swtpm/patches/0004-bazel-support-implement.patch
@@ -0,0 +1,212 @@
+From 3b2ea39444bf97d7847fdb1a3ca70f9d58ffe22a Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 15:10:02 +0200
+Subject: [PATCH 4/4] bazel support: implement
+
+---
+ .gitignore | 2 -
+ BUILD.bazel | 94 ++++++++++++++++++++++++++++++++++++++++++
+ WORKSPACE | 0
+ include/config.h | 8 ++++
+ include/swtpm.h | 5 +++
+ src/swtpm/main.c | 2 +-
+ src/utils/swtpm_conf.h | 22 ++++++++++
+ 7 files changed, 130 insertions(+), 3 deletions(-)
+ create mode 100644 BUILD.bazel
+ create mode 100644 WORKSPACE
+ create mode 100644 include/config.h
+ create mode 100644 include/swtpm.h
+ create mode 100644 src/utils/swtpm_conf.h
+
+diff --git a/.gitignore b/.gitignore
+index c669f06..9982dd0 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -35,7 +35,6 @@ Makefile
+ /m4/*
+ /.pc/*
+ /patches/*
+-/include/swtpm.h
+ /man/man3/*.3
+ /man/man5/*.5
+ /man/man8/*.8
+@@ -60,7 +59,6 @@ Makefile
+ /src/swtpm_ioctl/swtpm_ioctl
+ /src/swtpm_localca/swtpm_localca
+ /src/swtpm_setup/swtpm_setup
+-/src/utils/swtpm_conf.h
+ /test-driver
+ tests/*.log
+ tests/*.trs
+diff --git a/BUILD.bazel b/BUILD.bazel
+new file mode 100644
+index 0000000..acddc0e
+--- /dev/null
++++ b/BUILD.bazel
+@@ -0,0 +1,94 @@
++cc_binary(
++ name = "swtpm",
++ deps = [
++ "@libtpms//:libtpms_tpm2",
++ "@glib//glib",
++ ],
++ srcs = glob([
++ "src/swtpm/*.h",
++ "src/swtpm/*.c",
++ "src/utils/*.h",
++ "src/utils/*.c",
++ "include/*.h",
++ "include/swtpm/*.h",
++ ], [
++ # No CUSE support.
++ "src/swtpm/cuse_tpm.c",
++ # Only used in utils.
++ "src/utils/swtpm_utils.c",
++ ]),
++ copts = [
++ "-Iexternal/swtpm/include",
++ "-Iexternal/swtpm/include/swtpm",
++ "-Iexternal/swtpm/src/utils",
++ ],
++ visibility = [
++ "//visibility:public",
++ ],
++)
++
++cc_binary(
++ name = "swtpm_localca",
++ deps = [
++ "@libtpms//:libtpms_tpm2",
++ "@glib//glib",
++ ],
++ srcs = glob([
++ "src/swtpm_localca/*.h",
++ "src/swtpm_localca/*.c",
++ "include/*.h",
++ "include/swtpm/*.h",
++ "src/utils/*.h",
++ "src/utils/*.c",
++ ], []),
++ copts = [
++ "-Iexternal/swtpm/include",
++ "-Iexternal/swtpm/include/swtpm",
++ "-Iexternal/swtpm/src/utils",
++ ],
++ visibility = [
++ "//visibility:public",
++ ],
++)
++
++cc_binary(
++ name = "swtpm_setup",
++ deps = [
++ "@libtpms//:libtpms_tpm2",
++ "@glib//glib",
++ ],
++ srcs = glob([
++ "src/swtpm_setup/*.h",
++ "src/swtpm_setup/*.c",
++ "include/*.h",
++ "include/swtpm/*.h",
++ "src/utils/*.h",
++ "src/utils/*.c",
++ ], []),
++ copts = [
++ "-Iexternal/swtpm/include",
++ "-Iexternal/swtpm/include/swtpm",
++ "-Iexternal/swtpm/src/utils",
++ ],
++ visibility = [
++ "//visibility:public",
++ ],
++)
++
++cc_binary(
++ name = "swtpm_cert",
++ deps = [
++ "@boringssl//:ssl",
++ ],
++ srcs = glob([
++ "src/swtpm_cert/*.h",
++ "src/swtpm_cert/*.c",
++ "include/*.h",
++ ], []),
++ copts = [
++ "-Iexternal/swtpm/include",
++ ],
++ visibility = [
++ "//visibility:public",
++ ],
++)
+diff --git a/WORKSPACE b/WORKSPACE
+new file mode 100644
+index 0000000..e69de29
+diff --git a/include/config.h b/include/config.h
+new file mode 100644
+index 0000000..d3829d6
+--- /dev/null
++++ b/include/config.h
+@@ -0,0 +1,8 @@
++#pragma once
++#define _GNU_SOURCE
++
++#define VERSION "0.8.2-monogon"
++
++// A bunch of files in swtpm depend on stdint types but never include them.
++// Just inject them through here.
++#include <stdint.h>
+diff --git a/include/swtpm.h b/include/swtpm.h
+new file mode 100644
+index 0000000..2eddeec
+--- /dev/null
++++ b/include/swtpm.h
+@@ -0,0 +1,5 @@
++#pragma once
++
++#define SWTPM_VER_MAJOR 0
++#define SWTPM_VER_MINOR 8
++#define SWTPM_VER_MICRO 2
+diff --git a/src/swtpm/main.c b/src/swtpm/main.c
+index 4864e85..633ca33 100644
+--- a/src/swtpm/main.c
++++ b/src/swtpm/main.c
+@@ -83,7 +83,7 @@ int main(int argc, char **argv)
+ } else if (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")) {
+ usage(stdout, argv[0]);
+ } else if (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version")) {
+- fprintf(stdout, "TPM emulator version %d.%d.%d, "
++ fprintf(stdout, "TPM emulator version %d.%d.%d-monogon, "
+ "Copyright (c) 2014-2022 IBM Corp. and others\n",
+ SWTPM_VER_MAJOR,
+ SWTPM_VER_MINOR,
+diff --git a/src/utils/swtpm_conf.h b/src/utils/swtpm_conf.h
+new file mode 100644
+index 0000000..de8afdb
+--- /dev/null
++++ b/src/utils/swtpm_conf.h
+@@ -0,0 +1,22 @@
++/* SPDX-License-Identifier: BSD-3-Clause */
++/*
++ * swtpm_conf.h: Compile-time constants
++ *
++ * Author: Stefan Berger, stefanb@linux.ibm.com
++ *
++ * Copyright (c) IBM Corporation, 2021,2023
++ */
++
++#ifndef SWTPM_SETUP_CONF_H
++#define SWTPM_SETUP_CONF_H
++
++#define SWTPM_VER_MAJOR 0
++#define SWTPM_VER_MINOR 8
++#define SWTPM_VER_MICRO 2
++
++#define SYSCONFDIR "/unused"
++#define BINDIR "/unused"
++
++#define DEFAULT_PCR_BANKS "sha256"
++
++#endif /* SWTPM_SETUP_CONF_H */
+--
+2.42.0
+