ubuntu24.04 initial commit and several updates.

* The pip venv setup is skipped and passed by using "--break-system-packages"
and setting "ENV PIP_BREAK_SYSTEM_PACKAGES=1"
The pip upgrade is not necessary.
* libgmp is added to compile swtpm
* ubuntu18.04 fedora32-ossl3 ubuntu20.4 fedora-34-libressl removed
* switched to ibmtpm1682 for opensuse-leap
* ubuntu 22.04 use pip setuptools 62.0.0

Signed-off-by: Juergen Repp <[email protected]>

Author: JuergenReppSIT

.github/workflows/main.yml

@@ -12,13 +12,11 @@ jobs:
       fail-fast: false
       matrix:
         distro: [
-          "fedora-32", "fedora-32-ossl3", "fedora-34", "fedora-34-libressl",
+          "fedora-32", "fedora-34",
           "opensuse-leap-15.2", "opensuse-leap", "opensuse-leap-ossl3",
-          "ubuntu-18.04", "ubuntu-20.04",
-          "ubuntu-20.04.arm32v7", "ubuntu-20.04.arm64v8",
           "fedora-32.ppc64le",
           "alpine-3.15",
-          "ubuntu-20.04-ossl3", "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1"
+          "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1", "ubuntu-24.04"
         ]
     steps:
       -

.github/workflows/publish.yml

@@ -13,13 +13,11 @@ jobs:
       fail-fast: false
       matrix:
         distro: [
-          "fedora-32", "fedora-32-ossl3", "fedora-34", "fedora-34-libressl",
+          "fedora-32", "fedora-34",
           "opensuse-leap-15.2", "opensuse-leap", "opensuse-leap-ossl3",
-          "ubuntu-18.04", "ubuntu-20.04",
-          "ubuntu-20.04.arm32v7", "ubuntu-20.04.arm64v8",
           "fedora-32.ppc64le",
           "alpine-3.15",
-          "ubuntu-20.04-ossl3", "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1"
+          "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1", "ubuntu-24.04"
         ]
     if: "github.repository_owner == 'tpm2-software'"
     steps:

fedora-32.docker.m4

@@ -62,7 +62,8 @@ RUN dnf -y install \
     acl \
     json-glib-devel \
     libusb-devel \
-    libftdi-devel
+    libftdi-devel \
+    gmp-devel
 
 include(`pip3.m4')
 include(`autoconf.m4')

fedora-32.ppc64le.docker.m4

@@ -63,7 +63,8 @@ RUN dnf -y install \
     acl \
     json-glib-devel \
     libusb-devel \
-    libftdi-devel
+    libftdi-devel \
+    gmp-devel
 
 # The last python cryptography version that allows no rust
 # per https://github.com/pyca/cryptography/blob/75be92de8e3bce9adcec42ef3967bed0d4500902/CHANGELOG.rst#3500---2021-09-29

modules/ibmtpm1682.m4

@@ -0,0 +1,13 @@
+ARG ibmtpm_name=ibmtpm1682
+RUN cd /tmp \
+	&& wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \
+	&& sha1sum $ibmtpm_name.tar.gz | grep ^651800d0b87cfad55b004fbdace4e41dce800a61 \
+	&& mkdir -p $ibmtpm_name \
+	&& tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \
+	&& rm $ibmtpm_name.tar.gz \
+	&& cd $ibmtpm_name/src \
+	&& sed -i 's/0x300000ff/0x310000ff/' TpmToOsslMath.h \
+	&& sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \
+	&& CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \
+	&& cp tpm_server /usr/local/bin \
+	&& rm -fr /tmp/$ibmtpm_name

modules/pip3-withoutupgrade.m4

@@ -0,0 +1,10 @@
+#
+# upgrade pip first so packages are not reinstalled using a version other than what may have been specified
+#
+ENV PIP_BREAK_SYSTEM_PACKAGES=1
+# install everything in one shot so we don't get a newer version of a package we specified. Ie if a module has dep on cryptogtraphy
+# and we install it in different phases pip will upgrade cryptography
+RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules python-pkcs11 \
+          bcrypt==$PYBCRYPT_VERSION setuptools"; \
+    pkgs=$(echo "$pkgs" | sed -E 's/==\s+/ /g'); \
+    python3 -m pip install $pkgs --break-system-packages

modules/pip3.m4

@@ -4,7 +4,9 @@
 RUN python3 -m pip install --upgrade pip
 # install everything in one shot so we don't get a newer version of a package we specified. Ie if a module has dep on cryptogtraphy
 # and we install it in different phases pip will upgrade cryptography
-RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules python-pkcs11 \
-          bcrypt==$PYBCRYPT_VERSION setuptools"; \
+RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules \
+          bcrypt==$PYBCRYPT_VERSION setuptools==62.0.0"; \
+    echo $pkgs; \
     pkgs=$(echo "$pkgs" | sed -E 's/==\s+/ /g'); \
-    python3 -m pip install $pkgs
+    python3 -m pip install $pkgs; \
+    python3 -m pip install python-pkcs11

opensuse-leap-15.2.docker.m4

@@ -55,7 +55,8 @@ RUN zypper -n in \
     python \
     python-pip \
     libusb-devel \
-    libftdi1-devel
+    libftdi1-devel \
+    gmp-devel
 
 include(`autoconf.m4')
 include(`python3.7.2.m4')

opensuse-leap.docker.m4

@@ -55,7 +55,8 @@ RUN zypper -n in \
     libftdi1-devel \
     libnettle-devel \
     p11-kit-devel \
-    openssh-common
+    openssh-common \
+    gmp-devel
 
 include(`autoconf.m4')
 include(`python3.7.2.m4')
@@ -74,7 +75,7 @@ RUN stat /usr/share/aclocal-1.15/python.m4
 RUN patch -d / -p1 < /tmp/python.patch
 RUN rm /tmp/python.patch
 
-include(`ibmtpm1637.m4')
+include(`ibmtpm1682.m4')
 
 ENV LIBTPMS_AUTOGEN_EXTRA="--libdir=/usr/lib64"
 ENV SWTPM_MAKE_EXTRA="CFLAGS=\"-I/usr/include/libseccomp/\""

ubuntu-22.04-mbedtls-3.1.docker.m4

@@ -56,7 +56,8 @@ RUN apt-get update && \
     acl \
     libjson-glib-dev \
     libusb-1.0-0-dev \
-    libftdi-dev
+    libftdi-dev \
+    libgmp-dev
 
 include(`pip3.m4')