Merge branch 'docker-travis'

Support docker based travis to test on different distro releases.

.travis.yml

@@ -0,0 +1,78 @@
+dist: bionic
+language: C
+services:
+    - docker
+
+matrix:
+    include:
+        # 32 bit build
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss
+          compiler: gcc
+
+        # cross compilation builds
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=ppc64el TSS=ibmtss
+          compiler: powerpc64le-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=arm64 TSS=tpm2-tss
+          compiler: aarch64-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=s390x TSS=ibmtss
+          compiler: s390x-linux-gnu-gcc
+
+        # musl
+        - os: linux
+          env: DISTRO=alpine:latest TSS=tpm2-tss
+          compiler: gcc
+
+        # glibc (gcc/clang)
+        - os: linux
+          env: DISTRO=opensuse/tumbleweed TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=opensuse/leap TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:eoan TSS=ibmtss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:xenial TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=fedora:latest TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=centos:7 TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=centos:latest TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:testing TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:stable TSS=ibmtss
+          compiler: gcc
+
+before_install:
+    - df -hT
+    - DIR="/usr/src/ima-evm-utils"
+    - printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile
+    - cat Dockerfile
+    - docker build -t ima-evm-utils .
+
+script:
+    - INSTALL="${DISTRO%%:*}"
+    - INSTALL="${INSTALL%%/*}"
+    - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"

Makefile.am

@@ -1,5 +1,7 @@
 SUBDIRS = src tests
+if MANPAGE_DOCBOOK_XSL
 dist_man_MANS = evmctl.1
+endif
 
 doc_DATA =  examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
 EXTRA_DIST = autogen.sh $(doc_DATA)
@@ -23,6 +25,7 @@ rpm: $(tarname)
 	cp $(tarname) $(SRCS)/
 	rpmbuild -ba --nodeps $(SPEC)
 
+if MANPAGE_DOCBOOK_XSL
 evmctl.1.html: README
 	@asciidoc -o $@ $<
 
@@ -35,5 +38,6 @@ rmman:
 	rm -f evmctl.1
 
 doc: evmctl.1.html rmman evmctl.1
+endif
 
 .PHONY: $(tarname)

README

@@ -28,6 +28,7 @@ COMMANDS
  import [--rsa] pubkey keyring
  sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] file
  verify file
+ ima_boot_aggregate [--pcrs hash-algorithm,file] [TPM 1.2 BIOS event log]
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
  ima_hash file

autogen.sh

@@ -1,16 +1,4 @@
 #! /bin/sh
-
 set -e
 
-# new way
+autoreconf -i
-# strange, but need this for Makefile.am, because it has -I m4
-test -d m4 || mkdir m4
-autoreconf -f -i
-
-# old way
-#libtoolize --automake --copy --force
-#aclocal
-#autoconf --force
-#autoheader --force
-#automake --add-missing --copy --force-missing --gnu
-

build.sh

@@ -0,0 +1,97 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+
+set -e
+
+CC="${CC:-gcc}"
+CFLAGS="${CFLAGS:--Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=return-type -fno-common}"
+PREFIX="${PREFIX:-$HOME/ima-evm-utils-install}"
+
+export LD_LIBRARY_PATH="$PREFIX/lib64:$PREFIX/lib:/usr/local/lib64:/usr/local/lib"
+export PATH="$PREFIX/bin:/usr/local/bin:$PATH"
+
+title()
+{
+	echo "===== $1 ====="
+}
+
+log_exit()
+{
+	local ret="${3:-$?}"
+	local log="$1"
+	local msg="$2"
+	local prefix
+
+	echo "=== $log ==="
+	[ $ret -eq 0 ] || prefix="FAIL: "
+	cat $log
+	echo
+	echo "$prefix$msg, see output of $log above"
+	exit $ret
+}
+
+cd `dirname $0`
+
+case "$VARIANT" in
+	i386)
+		echo "32-bit compilation"
+		export CFLAGS="-m32 $CFLAGS" LDFLAGS="-m32 $LDFLAGS"
+		export PKG_CONFIG_LIBDIR=/usr/lib/i386-linux-gnu/pkgconfig
+		;;
+	cross-compile)
+		host="${CC%-gcc}"
+		export CROSS_COMPILE="${host}-"
+		host="--host=$host"
+		echo "cross compilation: $host"
+		echo "CROSS_COMPILE: '$CROSS_COMPILE'"
+		;;
+	*)
+		if [ "$VARIANT" ]; then
+			echo "Wrong VARIANT: '$VARIANT'" >&2
+			exit 1
+		fi
+		echo "native build"
+		;;
+esac
+
+title "compiler version"
+$CC --version
+echo "CFLAGS: '$CFLAGS'"
+echo "LDFLAGS: '$LDFLAGS'"
+echo "PREFIX: '$PREFIX'"
+
+title "configure"
+./autogen.sh
+./configure --prefix=$PREFIX $host || log_exit config.log "configure failed"
+
+title "make"
+make -j$(nproc)
+make install
+
+title "test"
+if [ "$VARIANT" = "cross-compile" ]; then
+	echo "skip make check on cross compilation"
+	exit 0
+fi
+
+ret=0
+VERBOSE=1 make check || ret=$?
+
+title "logs"
+if [ $ret -eq 0 ]; then
+	tail -3 tests/ima_hash.log
+	tail -3 tests/sign_verify.log
+	tail -20 tests/boot_aggregate.log
+	exit 0
+fi
+
+cat tests/test-suite.log
+
+if [ $ret -eq 77 ]; then
+	msg="WARN: some tests skipped"
+	ret=0
+else
+	msg="FAIL: tests exited: $ret"
+fi
+
+log_exit tests/test-suite.log "$msg" $ret

configure.ac

@@ -30,9 +30,9 @@ AC_SUBST(KERNEL_HEADERS)
 AC_CHECK_HEADER(unistd.h)
 AC_CHECK_HEADERS(openssl/conf.h)
 
-AC_CHECK_LIB([tss2-esys], [Esys_PCR_Read])
+AC_CHECK_LIB([tss2-esys], [Esys_Free])
 AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])
-AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_PCR_Read" = "xyes"])
+AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_Free" = "xyes"])
 
 AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
 AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
@@ -77,6 +77,7 @@ echo
 echo	"Configuration:"
 echo	"          debug: $pkg_cv_enable_debug"
 echo	"   openssl-conf: $enable_openssl_conf"
-echo	"      tss2-esys: $ac_cv_lib_tss2_esys_Esys_PCR_Read"
+echo	"      tss2-esys: $ac_cv_lib_tss2_esys_Esys_Free"
 echo	" tss2-rc-decode: $ac_cv_lib_tss2_rc_Tss2_RC_Decode"
+echo	"            doc: $have_doc"
 echo

m4/manpage-docbook-xsl.m4

@@ -1,7 +1,10 @@
-dnl Copyright (c) 2018 Petr Vorel <pvorel@suse.cz>
+dnl Copyright (c) 2018-2020 Petr Vorel <pvorel@suse.cz>
 dnl Find docbook manpage stylesheet
 
 AC_DEFUN([EVMCTL_MANPAGE_DOCBOOK_XSL], [
+	DOCBOOK_XSL_URI="http://docbook.sourceforge.net/release/xsl/current"
+	DOCBOOK_XSL_PATH="manpages/docbook.xsl"
+
 	AC_PATH_PROGS(XMLCATALOG, xmlcatalog)
 	AC_ARG_WITH([xml-catalog],
 		AC_HELP_STRING([--with-xml-catalog=CATALOG],
@@ -9,20 +12,37 @@ AC_DEFUN([EVMCTL_MANPAGE_DOCBOOK_XSL], [
 				[with_xml_catalog=/etc/xml/catalog])
 	XML_CATALOG_FILE="$with_xml_catalog"
 	AC_SUBST([XML_CATALOG_FILE])
-	AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)])
+
-	if test -f "$XML_CATALOG_FILE"; then
+	if test "x${XMLCATALOG}" = "x"; then
-		have_xmlcatalog_file=yes
+		AC_MSG_WARN([xmlcatalog not found, cannot search for $DOCBOOK_XSL_PATH])
-		AC_MSG_RESULT([found])
 	else
-		AC_MSG_RESULT([not found])
+		AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)])
+		if test -f "$XML_CATALOG_FILE"; then
+			have_xmlcatalog_file=yes
+			AC_MSG_RESULT([found])
+		else
+			AC_MSG_RESULT([not found, cannot search for $DOCBOOK_XSL_PATH])
+		fi
 	fi
+
 	if test "x${XMLCATALOG}" != "x" -a "x$have_xmlcatalog_file" = "xyes"; then
-		DOCBOOK_XSL_URI="http://docbook.sourceforge.net/release/xsl/current"
+		MANPAGE_DOCBOOK_XSL=$(${XMLCATALOG} ${XML_CATALOG_FILE} ${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH} | sed 's|^file:/\+|/|')
-		DOCBOOK_XSL_PATH="manpages/docbook.xsl"
-		MANPAGE_DOCBOOK_XSL=$(${XMLCATALOG} ${XML_CATALOG_FILE} ${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH} | sed -n 's|^file:/\+|/|p;q')
 	fi
+
 	if test "x${MANPAGE_DOCBOOK_XSL}" = "x"; then
 		MANPAGE_DOCBOOK_XSL="/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl"
+		AC_MSG_WARN([trying a default path for $DOCBOOK_XSL_PATH])
 	fi
+
+	if test -f "$MANPAGE_DOCBOOK_XSL"; then
+		have_doc=yes
+		AC_MSG_NOTICE([using $MANPAGE_DOCBOOK_XSL for generating doc])
+	else
+		AC_MSG_WARN([$DOCBOOK_XSL_PATH not found, generating doc will be skipped])
+		MANPAGE_DOCBOOK_XSL=
+		have_doc=no
+	fi
+	AM_CONDITIONAL(MANPAGE_DOCBOOK_XSL, test "x$have_doc" = xyes)
+
 	AC_SUBST(MANPAGE_DOCBOOK_XSL)
 ])

src/evmctl.c

@@ -2485,7 +2485,7 @@ struct command cmds[] = {
 	{"ima_setxattr", cmd_setxattr_ima, 0, "[--sigfile file]", "Set IMA signature from sigfile\n"},
 	{"ima_hash", cmd_hash_ima, 0, "file", "Make file content hash.\n"},
 	{"ima_measurement", cmd_ima_measurement, 0, "[--ignore-violations] [--verify-sig [--key key1, key2, ...]] [--pcrs [hash-algorithm,]file [--pcrs hash-algorithm,file] ...] file", "Verify measurement list (experimental).\n"},
-	{"ima_boot_aggregate", cmd_ima_bootaggr, 0, "[file]", "Calculate per TPM bank boot_aggregate digests\n"},
+	{"ima_boot_aggregate", cmd_ima_bootaggr, 0, "[--pcrs hash-algorithm,file] [TPM 1.2 BIOS event log]", "Calculate per TPM bank boot_aggregate digests\n"},
 	{"ima_fix", cmd_ima_fix, 0, "[-t fdsxm] path", "Recursively fix IMA/EVM xattrs in fix mode.\n"},
 	{"ima_clear", cmd_ima_clear, 0, "[-t fdsxm] path", "Recursively remove IMA/EVM xattrs.\n"},
 	{"sign_hash", cmd_sign_hash, 0, "[--key key] [--pass [password]", "Sign hashes from shaXsum output.\n"},

tests/boot_aggregate.test

@@ -33,11 +33,15 @@ else
 	ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"
 	export TPM_INTERFACE_TYPE="socsim"
 	export TPM_COMMAND_PORT=2321
+	export TPM_PLATFORM_PORT=2322
+	export TPM_SERVER_NAME="localhost"
+	export TPM_SERVER_TYPE="raw"
+
 fi
 
 # Only stop this test's software TPM.  Preferred method: "tsstpmcmd -stop"
 cleanup() {
-	if [ ! -z "${SWTPM_PPID}" ]; then
+	if [ -n "${SWTPM_PPID}" ]; then
 		if [ -f "${TSSDIR}/tsstpmcmd" ]; then
 			"${TSSDIR}/tsstpmcmd" -stop
 		else
@@ -48,22 +52,36 @@ cleanup() {
 
 # Try to start a software TPM if needed.
 swtpm_start() {
-	local swtpm
+	local swtpm swtpm1
 
 	swtpm="$(which tpm_server)"
-	if [ -z "${swtpm}" ]; then
+	swtpm1="$(which swtpm)"
-		echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}"
+	if [ -z "${swtpm}" ] && [ -z "${swtpm1}" ]; then
+		echo "${CYAN}SKIP: Softare TPM (tpm_server and swtpm) not found${NORM}"
 		return "$SKIP"
 	fi
 
-	pgrep tpm_server
+	if [ -n "${swtpm1}" ]; then
-	if [ $? -eq 0 ]; then
+		pgrep swtpm1
-		echo "INFO: Software TPM (tpm_server) already running"
+		if [ $? -eq 0 ]; then
-		return 114
+			echo "INFO: Software TPM (swtpm) already running"
-	else
+			return 114
-		echo "INFO: Starting software TPM: ${swtpm}"
+		else
-		${swtpm} > /dev/null 2>&1 &
+			echo "INFO: Starting software TPM: ${swtpm1}"
-		SWTPM_PPID=$!
+			mkdir ./myvtpm
+			${swtpm1} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 &
+			SWTPM_PPID=$!
+		fi
+	elif [ -n "${swtpm}" ]; then
+		pgrep swtpm
+		if [ $? -eq 0 ]; then
+			echo "INFO: Software TPM (tpm_server) already running"
+			return 114
+		else
+			echo "INFO: Starting software TPM: ${swtpm}"
+			${swtpm} > /dev/null 2>&1 &
+			SWTPM_PPID=$!
+		fi
 	fi
 	return 0
 }

tests/install-swtpm.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -ex
+
+version=1637
+
+wget --no-check-certificate https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${version}.tar.gz/download
+mkdir ibmtpm$version
+cd ibmtpm$version
+tar -xvzf ../download
+cd src
+make -j$(nproc)
+sudo cp tpm_server /usr/local/bin/
+cd ../..

tests/install-tss.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -ex
+git clone https://git.code.sf.net/p/ibmtpm20tss/tss
+cd tss
+autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j$(nproc) && sudo make install
+cd ..
+rm -rf tss

tests/sign_verify.test

@@ -18,7 +18,14 @@
 cd "$(dirname "$0")" || exit 1
 PATH=../src:$PATH
 source ./functions.sh
-_require evmctl openssl xxd getfattr
+
+_require cmp evmctl getfattr openssl xxd
+
+if cmp -b 2>&1 | grep -q "invalid option"; then
+	echo "cmp does not support -b (cmp from busybox?) Use cmp from diffutils"
+	exit "$HARDFAIL"
+fi
+
 ./gen-keys.sh >/dev/null 2>&1
 
 trap _report_exit EXIT

travis/alpine.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) echo "No IBM TSS package, will be installed from git" >&2; TSS=;;
+tpm2-tss) TSS="tpm2-tss-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+apk update
+
+apk add \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	attr-dev \
+	autoconf \
+	automake \
+	diffutils \
+	docbook-xml \
+	docbook-xsl \
+	keyutils-dev \
+	libtool \
+	libxslt \
+	linux-headers \
+	make \
+	musl-dev \
+	openssl \
+	openssl-dev \
+	pkgconfig \
+	procps \
+	sudo \
+	wget \
+	which \
+	xxd
+
+if [ ! "$TSS" ]; then
+	apk add git
+	../tests/install-tss.sh
+fi

travis/centos.sh

@@ -0,0 +1 @@
+fedora.sh

travis/debian.cross-compile.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$ARCH" ]; then
+	echo "missing \$ARCH!" >&2
+	exit 1
+fi
+
+case "$ARCH" in
+arm64) gcc_arch="aarch64";;
+ppc64el) gcc_arch="powerpc64le";;
+s390x) gcc_arch="$ARCH";;
+*) echo "unsupported arch: '$ARCH'!" >&2; exit 1;;
+esac
+
+dpkg --add-architecture $ARCH
+apt update
+
+apt install -y --no-install-recommends \
+	dpkg-dev \
+	gcc-${gcc_arch}-linux-gnu \
+	libc6-dev-${ARCH}-cross

travis/debian.i386.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+dpkg --add-architecture i386
+apt update
+
+apt install -y --no-install-recommends \
+	linux-libc-dev:i386 \
+	gcc-multilib \
+	pkg-config:i386

travis/debian.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+# debian.*.sh must be run first
+if [ "$ARCH" ]; then
+	ARCH=":$ARCH"
+	unset CC
+else
+	apt update
+fi
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+case "$TSS" in
+ibmtss) TSS="libtss-dev";;
+tpm2-tss) TSS="libtss2-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) [ "$TSS" ] && echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+apt="apt install -y --no-install-recommends"
+
+$apt \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	debianutils \
+	docbook-xml \
+	docbook-xsl \
+	gzip \
+	libattr1-dev$ARCH \
+	libkeyutils-dev$ARCH \
+	libssl-dev$ARCH \
+	libtool \
+	make \
+	openssl \
+	pkg-config \
+	procps \
+	sudo \
+	wget \
+	xsltproc \
+
+$apt xxd || $apt vim-common
+$apt libengine-gost-openssl1.1$ARCH || true

travis/fedora.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -e
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="tss2-devel";;
+tpm2-tss) TSS="tpm2-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+yum -y install \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	docbook-xsl \
+	gzip \
+	keyutils-libs-devel \
+	libattr-devel \
+	libtool \
+	libxslt \
+	make \
+	openssl \
+	openssl-devel \
+	pkg-config \
+	procps \
+	sudo \
+	vim-common \
+	wget \
+	which
+
+yum -y install docbook5-style-xsl || true
+yum -y install swtpm || true

travis/opensuse.sh

@@ -0,0 +1 @@
+tumbleweed.sh

travis/tumbleweed.sh

@@ -0,0 +1,45 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="ibmtss-devel";;
+tpm2-tss) TSS="tpm2-0-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# clang has some gcc dependency
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+zypper --non-interactive install --force-resolution --no-recommends \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	docbook_5 \
+	docbook5-xsl-stylesheets \
+	gzip \
+	ibmswtpm2 \
+	keyutils-devel \
+	libattr-devel \
+	libopenssl-devel \
+	libtool \
+	make \
+	openssl \
+	pkg-config \
+	procps \
+	sudo \
+	vim \
+	wget \
+	which \
+	xsltproc
+
+[ -f /usr/lib/ibmtss/tpm_server ] && ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin

travis/ubuntu.sh

@@ -0,0 +1 @@
+debian.sh