diff --git a/security/trousers/Makefile b/security/trousers/Makefile index 6c2cb841de65..ef15376beb24 100644 --- a/security/trousers/Makefile +++ b/security/trousers/Makefile @@ -1,49 +1,49 @@ PORTNAME= trousers PORTVERSION= 0.3.14 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= SF MAINTAINER= hrs@FreeBSD.org COMMENT= Open-source TCG Software Stack WWW= https://sourceforge.net/projects/trousers/ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= tpm-emulator>=0.7.4_1:emulators/tpm-emulator RUN_DEPENDS:= ${BUILD_DEPENDS} USES= cpe dos2unix alias autoreconf gmake iconv libtool pkgconfig ssl CPE_VENDOR= ${PORTNAME}_project DOS2UNIX_GLOB= *.h *.c NO_WRKSUBDIR= yes USE_LDCONFIG= YES USE_RC_SUBR= tcsd INSTALL_TARGET= install-strip GNU_CONFIGURE= YES CONFIGURE_ARGS= --with-gui=none --enable-static \ --localstatedir=${PREFIX}/var \ --with-tssuser=${USERS} \ --with-tssgroup=${GROUPS} \ --with-openssl=${OPENSSLBASE} \ RANLIB=: MAKE_ENV= ICONV_LIB=${ICONV_LIB} \ ICONV_PREFIX=${ICONV_PREFIX} CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} SUB_FILES= pkg-message SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _tss GROUPS= _tss OPTIONS_DEFINE= DEBUG DEBUG_CONFIGURE_ENABLE= debug post-install: ${INSTALL_DATA} \ ${WRKSRC}/dist/tcsd.conf ${STAGEDIR}${PREFIX}/etc/tcsd.conf.sample @${MKDIR} ${STAGEDIR}${PREFIX}/var/lib/tpm .include diff --git a/security/trousers/files/tcsd.in b/security/trousers/files/tcsd.in index eb36dfcbcd83..78b01750b5f3 100644 --- a/security/trousers/files/tcsd.in +++ b/security/trousers/files/tcsd.in @@ -1,50 +1,53 @@ #!/bin/sh # PROVIDE: tcsd # REQUIRE: SERVERS tpmd # BEFORE: named hastd kerberos # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # tcsd_enable (bool): Set to NO by default. # Set it to YES to enable tcsd. # tcsd_mode (string): Set to "native" by default. # Set it to "emulator" to use software TPM emulator. # "emulator" depends on tpmd (emulators/tpm-emulator). . /etc/rc.subr name=tcsd rcvar=tcsd_enable command="%%PREFIX%%/sbin/${name}" start_precmd="tcsd_precmd" required_files="%%PREFIX%%/etc/${name}.conf" tcsd_precmd() { /usr/bin/install -d -m 0700 -o %%USERS%% -g %%GROUPS%% \ /var/run/tpm /var/run/ima %%PREFIX%%/var/lib/tpm - /usr/sbin/chown %%USERS%%:%%GROUPS%% \ + # The configuration files must be owned by root so + # that the %%USERS%% user can only read (but not manipulate) + # the configuration file. + /usr/sbin/chown root:%%GROUPS%% \ %%PREFIX%%/etc/tcsd.conf - /bin/chmod 0600 \ + /bin/chmod 0640 \ %%PREFIX%%/etc/tcsd.conf } load_rc_config $name : ${tcsd_enable:="NO"} : ${tcsd_mode:="native"} case $tcsd_mode in emulator) if checkyesno tpmd_enable; then command="%%PREFIX%%/sbin/tcsd_emu" else err 1 "tcsd_mode=\"emulator\" requires tpmd_enable=\"YES\"." fi ;; esac run_rc_command "$1"