diff options
| author | Jonas Witschel | 2019-05-07 09:45:30 +0200 |
|---|---|---|
| committer | Jonas Witschel | 2019-05-07 09:45:30 +0200 |
| commit | 336d0acd769cf85aa92f1c0f7508a6d351f792e0 (patch) | |
| tree | 7e39a727fee2d5003b082eae1825cc10e7db8a97 | |
| parent | ed86ed698f192fdc4d4138dd473bd978c4279f3c (diff) | |
| download | aur-336d0acd769cf85aa92f1c0f7508a6d351f792e0.tar.gz | |
upgpkg: tpm2-totp-git 0.1.0.r20.ac23908-1
The mkinitcpio hooks are now distributed upstream.
| -rw-r--r-- | .SRCINFO | 6 | ||||
| -rw-r--r-- | PKGBUILD | 14 | ||||
| -rw-r--r-- | initcpio_hooks_tpm2-totp | 8 | ||||
| -rw-r--r-- | initcpio_install_tpm2-totp | 55 |
4 files changed, 5 insertions, 78 deletions
@@ -1,6 +1,6 @@ pkgbase = tpm2-totp-git pkgdesc = Attest the trustworthiness of a device against a human using time-based one-time passwords - pkgver = 0.1.0.r13.7196820 + pkgver = 0.1.0.r20.ac23908 pkgrel = 1 url = https://github.com/tpm2-software/tpm2-totp arch = x86_64 @@ -19,11 +19,7 @@ pkgbase = tpm2-totp-git provides = tpm2-totp conflicts = tpm2-totp source = git+https://github.com/tpm2-software/tpm2-totp.git - source = initcpio_install_tpm2-totp - source = initcpio_hooks_tpm2-totp sha512sums = SKIP - sha512sums = 33738cb9d30d6ad338b6cf6bca538ba4f9b49b9ae799626efc7462bb2a31e386cd04d8298e8c2e3743f4c212866e864332869e4393871f22360edc2567fad163 - sha512sums = ebce4c738012dbcb82513b1f8148ee17deb088f80fa4f365d1b5f34b9c57f28b1995b4e6d04e003fd2ef6ed3393fb0c4496d182b02a7f5b2609b2ed4a160dac1 pkgname = tpm2-totp-git @@ -1,6 +1,6 @@ # Maintainer: Jonas Witschel <diabonas at gmx dot de> pkgname=tpm2-totp-git -pkgver=0.1.0.r13.7196820 +pkgver=0.1.0.r20.ac23908 pkgrel=1 pkgdesc='Attest the trustworthiness of a device against a human using time-based one-time passwords' arch=('x86_64') @@ -12,12 +12,8 @@ checkdepends=('ibm-sw-tpm2' 'iproute2' 'oath-toolkit' 'psmisc' 'tpm2-tools-git') optdepends=('mkinitcpio: hook to display the TOTP during boot') provides=("${pkgname%-git}") conflicts=("${pkgname%-git}") -source=("git+$url.git" - 'initcpio_install_tpm2-totp' - 'initcpio_hooks_tpm2-totp') -sha512sums=('SKIP' - '33738cb9d30d6ad338b6cf6bca538ba4f9b49b9ae799626efc7462bb2a31e386cd04d8298e8c2e3743f4c212866e864332869e4393871f22360edc2567fad163' - 'ebce4c738012dbcb82513b1f8148ee17deb088f80fa4f365d1b5f34b9c57f28b1995b4e6d04e003fd2ef6ed3393fb0c4496d182b02a7f5b2609b2ed4a160dac1') +source=("git+$url.git") +sha512sums=('SKIP') pkgver() { cd "${pkgname%-git}" @@ -32,7 +28,7 @@ prepare() { build() { cd "${pkgname%-git}" (( CHECKFUNC )) && _opts=('--enable-integration') - ./configure --prefix=/usr "${_opts[@]}" + ./configure --prefix=/usr --with-mkinitcpiodir=/usr/lib/initcpio "${_opts[@]}" make } @@ -45,6 +41,4 @@ package() { cd "${pkgname%-git}" make DESTDIR="$pkgdir" install install -Dm644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname" - install -Dm644 "$srcdir/initcpio_install_tpm2-totp" "$pkgdir/usr/lib/initcpio/install/tpm2-totp" - install -Dm644 "$srcdir/initcpio_hooks_tpm2-totp" "$pkgdir/usr/lib/initcpio/hooks/tpm2-totp" } diff --git a/initcpio_hooks_tpm2-totp b/initcpio_hooks_tpm2-totp deleted file mode 100644 index bbc3105f109f..000000000000 --- a/initcpio_hooks_tpm2-totp +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ash - -run_hook() { - echo 'Verification TOTP:' - tpm2-totp ${tpm2_totp_nvindex:+--nvindex "$tpm2_totp_nvindex"} --time calculate -} - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/initcpio_install_tpm2-totp b/initcpio_install_tpm2-totp deleted file mode 100644 index eb22958104d4..000000000000 --- a/initcpio_install_tpm2-totp +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -build() { - local mod - - if [[ $TPM_MODULES ]]; then - for mod in $TPM_MODULES; do - add_module "$mod" - done - else - add_all_modules /tpm/ - fi - - add_binary tpm2-totp - - # Force usage of device TCTI and suppress warnings issued by tpm2-tss - # when trying to load other TCTI libraries - add_file /usr/lib/libtss2-tcti-device.so /usr/lib/libtss2-tcti-default.so - - add_runscript -} - -help() { - cat <<HELPEOF -This hook displays a time-based one-time password (TOTP) sealed to a Trusted -Platform Module (TPM) to ensure that the boot process has not been tampered -with. To set this up, a secret needs to be generated first and sealed to the -TPM using - -tpm2-totp generate - -This stores the secret in the TPM and displays it to the user so that it can -be recorded on a different device (e.g. a TOTP app). When the hook is run, the -TOTP is calculated and displayed together with the current time so that it can -be compared with the output of the second device. This will only be successful -and show a matching output if the boot process has not changed (new UEFI -firmware, different boot loader, ...). - -When using a custom NV index with the '--nvindex index' option of tpm2-totp, -this index needs to be specified as 'tpm2_totp_nvindex=index' on the kernel -command line. - -Note that calculating the TOTP requires some entropy, which might be scarce -directly after startup. If the boot process appears to be stuck, it might help -to press some random keys to gather more entropy. A better alternative on modern -processors is to enable the use of the hardware random number generator (RNG) -by adding - -random.trust_cpu=on - -to the kernel command line. -HELPEOF -} - -# vim: set ft=sh ts=4 sw=4 et: |