From d62e40350ee34fcab599d2906b44616480d5402d Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Thu, 13 Mar 2025 09:27:39 +0100
Subject: [PATCH] ubuntu24.04 initial commit and several updates.

* The pip venv setup is skipped and passed by using "--break-system-packages"
and setting "ENV PIP_BREAK_SYSTEM_PACKAGES=1"
The pip upgrade is not necessary.
* libgmp is added to compile swtpm
* ubuntu18.04 fedora32-ossl3 ubuntu20.4 fedora-34-libressl removed
* switched to ibmtpm1682 for opensuse-leap
* ubuntu 22.04 use pip setuptools 62.0.0

Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
 .github/workflows/main.yml         |  6 +--
 .github/workflows/publish.yml      |  6 +--
 fedora-32.docker.m4                |  3 +-
 fedora-32.ppc64le.docker.m4        |  3 +-
 modules/ibmtpm1682.m4              | 13 +++++
 modules/pip3-withoutupgrade.m4     | 10 ++++
 modules/pip3.m4                    |  8 +--
 opensuse-leap-15.2.docker.m4       |  3 +-
 opensuse-leap.docker.m4            |  5 +-
 ubuntu-22.04-mbedtls-3.1.docker.m4 |  3 +-
 ubuntu-24.04.docker.m4             | 83 ++++++++++++++++++++++++++++++
 11 files changed, 126 insertions(+), 17 deletions(-)
 create mode 100644 modules/ibmtpm1682.m4
 create mode 100644 modules/pip3-withoutupgrade.m4
 create mode 100644 ubuntu-24.04.docker.m4

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e1ab57f..c45eb8f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,13 +12,11 @@ jobs:
       fail-fast: false
       matrix:
         distro: [
-          "fedora-32", "fedora-32-ossl3", "fedora-34", "fedora-34-libressl",
+          "fedora-32", "fedora-34",
           "opensuse-leap-15.2", "opensuse-leap", "opensuse-leap-ossl3",
-          "ubuntu-18.04", "ubuntu-20.04",
-          "ubuntu-20.04.arm32v7", "ubuntu-20.04.arm64v8",
           "fedora-32.ppc64le",
           "alpine-3.15",
-          "ubuntu-20.04-ossl3", "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1"
+          "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1", "ubuntu-24.04"
         ]
     steps:
       -
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 2b39ad8..a9bf633 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -13,13 +13,11 @@ jobs:
       fail-fast: false
       matrix:
         distro: [
-          "fedora-32", "fedora-32-ossl3", "fedora-34", "fedora-34-libressl",
+          "fedora-32", "fedora-34",
           "opensuse-leap-15.2", "opensuse-leap", "opensuse-leap-ossl3",
-          "ubuntu-18.04", "ubuntu-20.04",
-          "ubuntu-20.04.arm32v7", "ubuntu-20.04.arm64v8",
           "fedora-32.ppc64le",
           "alpine-3.15",
-          "ubuntu-20.04-ossl3", "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1"
+          "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1", "ubuntu-24.04"
         ]
     if: "github.repository_owner == 'tpm2-software'"
     steps:
diff --git a/fedora-32.docker.m4 b/fedora-32.docker.m4
index 3d89c25..359824f 100644
--- a/fedora-32.docker.m4
+++ b/fedora-32.docker.m4
@@ -62,7 +62,8 @@ RUN dnf -y install \
     acl \
     json-glib-devel \
     libusb-devel \
-    libftdi-devel
+    libftdi-devel \
+    gmp-devel
 
 include(`pip3.m4')
 include(`autoconf.m4')
diff --git a/fedora-32.ppc64le.docker.m4 b/fedora-32.ppc64le.docker.m4
index 6d87c72..8dc7259 100644
--- a/fedora-32.ppc64le.docker.m4
+++ b/fedora-32.ppc64le.docker.m4
@@ -63,7 +63,8 @@ RUN dnf -y install \
     acl \
     json-glib-devel \
     libusb-devel \
-    libftdi-devel
+    libftdi-devel \
+    gmp-devel
 
 # The last python cryptography version that allows no rust
 # per https://github.com/pyca/cryptography/blob/75be92de8e3bce9adcec42ef3967bed0d4500902/CHANGELOG.rst#3500---2021-09-29
diff --git a/modules/ibmtpm1682.m4 b/modules/ibmtpm1682.m4
new file mode 100644
index 0000000..bafd64d
--- /dev/null
+++ b/modules/ibmtpm1682.m4
@@ -0,0 +1,13 @@
+ARG ibmtpm_name=ibmtpm1682
+RUN cd /tmp \
+	&& wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \
+	&& sha1sum $ibmtpm_name.tar.gz | grep ^651800d0b87cfad55b004fbdace4e41dce800a61 \
+	&& mkdir -p $ibmtpm_name \
+	&& tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \
+	&& rm $ibmtpm_name.tar.gz \
+	&& cd $ibmtpm_name/src \
+	&& sed -i 's/0x300000ff/0x310000ff/' TpmToOsslMath.h \
+	&& sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \
+	&& CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \
+	&& cp tpm_server /usr/local/bin \
+	&& rm -fr /tmp/$ibmtpm_name
diff --git a/modules/pip3-withoutupgrade.m4 b/modules/pip3-withoutupgrade.m4
new file mode 100644
index 0000000..226934e
--- /dev/null
+++ b/modules/pip3-withoutupgrade.m4
@@ -0,0 +1,10 @@
+#
+# upgrade pip first so packages are not reinstalled using a version other than what may have been specified
+#
+ENV PIP_BREAK_SYSTEM_PACKAGES=1
+# install everything in one shot so we don't get a newer version of a package we specified. Ie if a module has dep on cryptogtraphy
+# and we install it in different phases pip will upgrade cryptography
+RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules python-pkcs11 \
+          bcrypt==$PYBCRYPT_VERSION setuptools"; \
+    pkgs=$(echo "$pkgs" | sed -E 's/==\s+/ /g'); \
+    python3 -m pip install $pkgs --break-system-packages
diff --git a/modules/pip3.m4 b/modules/pip3.m4
index 806a6f0..f14f413 100644
--- a/modules/pip3.m4
+++ b/modules/pip3.m4
@@ -4,7 +4,9 @@
 RUN python3 -m pip install --upgrade pip
 # install everything in one shot so we don't get a newer version of a package we specified. Ie if a module has dep on cryptogtraphy
 # and we install it in different phases pip will upgrade cryptography
-RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules python-pkcs11 \
-          bcrypt==$PYBCRYPT_VERSION setuptools"; \
+RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules \
+          bcrypt==$PYBCRYPT_VERSION setuptools==62.0.0"; \
+    echo $pkgs; \
     pkgs=$(echo "$pkgs" | sed -E 's/==\s+/ /g'); \
-    python3 -m pip install $pkgs
+    python3 -m pip install $pkgs; \
+    python3 -m pip install python-pkcs11
diff --git a/opensuse-leap-15.2.docker.m4 b/opensuse-leap-15.2.docker.m4
index a8aa7f9..7af5d58 100644
--- a/opensuse-leap-15.2.docker.m4
+++ b/opensuse-leap-15.2.docker.m4
@@ -55,7 +55,8 @@ RUN zypper -n in \
     python \
     python-pip \
     libusb-devel \
-    libftdi1-devel
+    libftdi1-devel \
+    gmp-devel
 
 include(`autoconf.m4')
 include(`python3.7.2.m4')
diff --git a/opensuse-leap.docker.m4 b/opensuse-leap.docker.m4
index 1238a3a..419383f 100644
--- a/opensuse-leap.docker.m4
+++ b/opensuse-leap.docker.m4
@@ -55,7 +55,8 @@ RUN zypper -n in \
     libftdi1-devel \
     libnettle-devel \
     p11-kit-devel \
-    openssh-common
+    openssh-common \
+    gmp-devel
 
 include(`autoconf.m4')
 include(`python3.7.2.m4')
@@ -74,7 +75,7 @@ RUN stat /usr/share/aclocal-1.15/python.m4
 RUN patch -d / -p1 < /tmp/python.patch
 RUN rm /tmp/python.patch
 
-include(`ibmtpm1637.m4')
+include(`ibmtpm1682.m4')
 
 ENV LIBTPMS_AUTOGEN_EXTRA="--libdir=/usr/lib64"
 ENV SWTPM_MAKE_EXTRA="CFLAGS=\"-I/usr/include/libseccomp/\""
diff --git a/ubuntu-22.04-mbedtls-3.1.docker.m4 b/ubuntu-22.04-mbedtls-3.1.docker.m4
index 1370fd2..b1d9067 100644
--- a/ubuntu-22.04-mbedtls-3.1.docker.m4
+++ b/ubuntu-22.04-mbedtls-3.1.docker.m4
@@ -56,7 +56,8 @@ RUN apt-get update && \
     acl \
     libjson-glib-dev \
     libusb-1.0-0-dev \
-    libftdi-dev
+    libftdi-dev \
+    libgmp-dev
 
 include(`pip3.m4')
 
diff --git a/ubuntu-24.04.docker.m4 b/ubuntu-24.04.docker.m4
new file mode 100644
index 0000000..9b47c35
--- /dev/null
+++ b/ubuntu-24.04.docker.m4
@@ -0,0 +1,83 @@
+FROM ubuntu:noble
+
+LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV PIP_REQUIRE_VIRTUALENV=0
+ENV PIP_BREAK_SYSTEM_PACKAGES=1
+RUN apt-get update && \
+    apt-get install -y \
+    autoconf-archive \
+    curl \
+    libcmocka0 \
+    libcmocka-dev \
+    net-tools \
+    build-essential \
+    git \
+    pkg-config \
+    gcc \
+    g++ \
+    m4 \
+    libtool \
+    automake \
+    libgcrypt20-dev \
+    libssl-dev \
+    autoconf \
+    gnulib \
+    wget \
+    doxygen \
+    libdbus-1-dev \
+    libglib2.0-dev \
+    clang \
+    clang-tools \
+    pandoc \
+    lcov \
+    libcurl4-openssl-dev \
+    dbus-x11 \
+    vim-common \
+    libsqlite3-dev \
+    iproute2 \
+    libtasn1-6-dev \
+    socat \
+    libseccomp-dev \
+    expect \
+    gawk \
+    libjson-c-dev \
+    libengine-pkcs11-openssl \
+    default-jre \
+    default-jdk \
+    sqlite3 \
+    libnss3-tools \
+    python3 \
+    python3-pip \
+    libyaml-dev \
+    libmbedtls-dev \
+    uuid-dev \
+    opensc \
+    gnutls-bin \
+    rustc \
+    acl \
+    libjson-glib-dev \
+    libusb-1.0-0-dev \
+    libftdi-dev \
+    uthash-dev
+
+include(`pip3-withoutupgrade.m4')
+
+ARG ibmtpm_name=ibmtpm1682
+RUN cd /tmp \
+        && wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \
+        && sha256sum $ibmtpm_name.tar.gz | grep ^3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f \
+        && mkdir -p $ibmtpm_name \
+        && tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \
+        && rm $ibmtpm_name.tar.gz \
+        && cd $ibmtpm_name/src \
+        && sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \
+        && CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \
+        && cp tpm_server /usr/local/bin \
+        && rm -fr /tmp/$ibmtpm_name
+
+include(`autoconf.m4')
+include(`junit.m4')
+
+WORKDIR /