[Bug 2143669] Re: [FFE] Please merge 4.1.3-6 into resolute
Skia
2143669 at bugs.launchpad.net
Tue Mar 10 11:10:45 UTC 2026
Yeah, keeping that in sync with Debian would help future SRUs to be
applied more cleanly. FFe granted.
** Changed in: tpm2-tss (Ubuntu Resolute)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tpm2-tss in Ubuntu.
https://bugs.launchpad.net/bugs/2143669
Title:
[FFE] Please merge 4.1.3-6 into resolute
Status in tpm2-tss package in Ubuntu:
Triaged
Status in tpm2-tss source package in Resolute:
Triaged
Bug description:
## FFE ##
Packaging changes only from Debian. Following https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/2142535 we have done more package structure cleanups that will benefit Resolute too.
The main change is migrating the tpm-udev binary package from src:tpm-
udev. This was a separate source package for historic reasons that are
no longer relevant, and it now makes it harder to manage for no
reason, as it can be seen in
https://bugs.launchpad.net/ubuntu/+source/tpm-udev/+bug/2142534 that
needed to be synchronized as an upload.
The added advantage is that other config files, that are currently
shipped in a library package (ibtss2-fapi1t64) making things a bit
awkward, are now moved to tpm-udev, so that the latter ships all
config files needed for TPM usage (udev rules, sysusers.d, tmpfiles.d,
units,etc ), and the library packages just ship libraries.
The old src:tpm-udev can then be retired.
Given the Ubuntu delta has been merged, this can be synced from
Unstable with no changes.
Debdiff between Resolute and Unstable:
diff -Nru tpm2-tss-4.1.3/debian/changelog tpm2-tss-4.1.3/debian/changelog
--- tpm2-tss-4.1.3/debian/changelog 2026-02-25 05:52:20.000000000 +0000
+++ tpm2-tss-4.1.3/debian/changelog 2026-02-25 15:12:45.000000000 +0000
@@ -1,3 +1,12 @@
+tpm2-tss (4.1.3-6) unstable; urgency=medium
+
+ * Import tpm-udev binary package from standalone source package
+ * Move config files (sysusers/tmpfiles/etc) from libtss2-fapi1t64 to
+ tpm-udev
+ * tpm-udev: ensure udev rules are reloaded after sysusers.d has ran
+
+ -- Luca Boccassi <bluca at debian.org> Wed, 25 Feb 2026 15:12:45 +0000
+
tpm2-tss (4.1.3-5) unstable; urgency=medium
[ Luca Boccassi ]
diff -Nru tpm2-tss-4.1.3/debian/control tpm2-tss-4.1.3/debian/control
--- tpm2-tss-4.1.3/debian/control 2026-02-25 05:52:15.000000000 +0000
+++ tpm2-tss-4.1.3/debian/control 2026-02-25 15:12:45.000000000 +0000
@@ -42,7 +42,7 @@
libtss2-tcti-device0t64,
libtss2-tcti-mssim0t64,
libtss2-tcti-swtpm0t64,
- tpm-udev,
+ tpm-udev (>= ${source:Version}),
${misc:Depends},
${shlibs:Depends}
Multi-Arch: same
@@ -64,7 +64,7 @@
Package: libtss2-fapi1t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-fapi1 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-fapi1
@@ -84,7 +84,7 @@
Package: libtss2-mu-4.0.1-0t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-mu-4.0.1-0 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2),
@@ -107,7 +107,7 @@
Package: libtss2-rc0t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-rc0 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-rc0
@@ -127,7 +127,7 @@
Package: libtss2-sys1t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-sys1 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-sys1
@@ -147,7 +147,7 @@
Package: libtss2-tcti-cmd0t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-cmd0 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-cmd0
@@ -167,7 +167,7 @@
Package: libtss2-tcti-device0t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-device0 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-device0
@@ -187,7 +187,7 @@
Package: libtss2-tcti-mssim0t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-mssim0 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-mssim0
@@ -207,7 +207,7 @@
Package: libtss2-tcti-swtpm0t64
Provides: ${t64:Provides}
Architecture: any
-Depends: tpm-udev, ${misc:Depends}, ${shlibs:Depends}
+Depends: tpm-udev (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
Multi-Arch: same
Breaks: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-swtpm0 (<< ${source:Version})
Replaces: libtss2-esys0 (<< 3.0.1-2), libtss2-tcti-swtpm0
@@ -378,7 +378,7 @@
libtss2-tcti-mssim0t64,
libtss2-tcti-spi-helper0t64,
libtss2-tcti-swtpm0t64,
- tpm-udev,
+ tpm-udev (>= ${source:Version}),
${misc:Depends},
${shlibs:Depends}
Multi-Arch: same
@@ -458,6 +458,17 @@
facilitate installing all libraries at once, independently of the changing
SONAMEs.
+Package: tpm-udev
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}
+Breaks: libtss2-fapi1t64 (<< 4.1.3-6)
+Replaces: libtss2-fapi1t64 (<< 4.1.3-6)
+Enhances: udev
+Description: TPM2 Software stack library - udev rules for TPM modules
+ This package provides udev rules for the TPM modules. Both TPM1 or TPM2 need
+ this package to be installed to provide proper permissions of the TPM.
+
Package: libtss2-doc
Architecture: all
Section: doc
diff -Nru tpm2-tss-4.1.3/debian/copyright tpm2-tss-4.1.3/debian/copyright
--- tpm2-tss-4.1.3/debian/copyright 2026-02-16 20:28:32.000000000 +0000
+++ tpm2-tss-4.1.3/debian/copyright 2026-02-25 15:12:45.000000000 +0000
@@ -14,7 +14,9 @@
License: GPL-3
Files: debian/patches/*
+ debian/tpm-udev*
Copyright: Intel Corporation and individual contributors
+ 2019 Ying-Chun Liu (PaulLiu) <paulliu at debian.org>
License: BSD-2-clause
Files: debian/patches/0001_disable_fapi_io_test.patch
diff -Nru tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install
--- tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install 2026-02-16 20:28:32.000000000 +0000
+++ tpm2-tss-4.1.3/debian/libtss2-fapi1t64.install 2026-02-25 15:12:45.000000000 +0000
@@ -1,5 +1 @@
-etc/tmpfiles.d/tpm2-tss-fapi.conf usr/lib/tmpfiles.d/
-etc/sysusers.d/tpm2-tss.conf usr/lib/sysusers.d/
-etc/tpm2-tss/fapi-config.json
-etc/tpm2-tss/fapi-profiles/P_*.json
usr/lib/*/libtss2-fapi.so.*
diff -Nru tpm2-tss-4.1.3/debian/rules tpm2-tss-4.1.3/debian/rules
--- tpm2-tss-4.1.3/debian/rules 2026-02-25 05:52:15.000000000 +0000
+++ tpm2-tss-4.1.3/debian/rules 2026-02-25 15:12:45.000000000 +0000
@@ -43,3 +43,7 @@
# automatically at build time.
tsslibs=$$(grep -E 'libtss2-*' ./debian/files | grep -v -e 'dbgsym' -e 'libtss2-dev' -e 'libtss2-meta' -e 'libtss2-doc' | tr '_' ' ' | awk '{ print $$1,"(=",$$2 ")" }' | paste -sd ',' - | sed -e 's/,/, /g'); \
dh_gencontrol -p libtss2-dev -p tpm2-tss -- -V"libtss2:All=$${tsslibs}"
+
+override_dh_installsystemd:
+ dh_installsystemd -X tpm-udev.path --no-start --no-stop-on-upgrade
+ dh_installsystemd -X tpm-udev.service
diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.install tpm2-tss-4.1.3/debian/tpm-udev.install
--- tpm2-tss-4.1.3/debian/tpm-udev.install 1970-01-01 01:00:00.000000000 +0100
+++ tpm2-tss-4.1.3/debian/tpm-udev.install 2026-02-25 15:12:45.000000000 +0000
@@ -0,0 +1,4 @@
+etc/tmpfiles.d/tpm2-tss-fapi.conf usr/lib/tmpfiles.d/
+etc/sysusers.d/tpm2-tss.conf usr/lib/sysusers.d/
+etc/tpm2-tss/fapi-config.json
+etc/tpm2-tss/fapi-profiles/P_*.json
diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.path tpm2-tss-4.1.3/debian/tpm-udev.path
--- tpm2-tss-4.1.3/debian/tpm-udev.path 1970-01-01 01:00:00.000000000 +0100
+++ tpm2-tss-4.1.3/debian/tpm-udev.path 2026-02-25 15:12:45.000000000 +0000
@@ -0,0 +1,9 @@
+[Unit]
+ConditionVirtualization=container
+Description=Handle dynamically added tpm devices
+
+[Path]
+PathChanged=/dev
+
+[Install]
+WantedBy=paths.target
diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.postinst tpm2-tss-4.1.3/debian/tpm-udev.postinst
--- tpm2-tss-4.1.3/debian/tpm-udev.postinst 1970-01-01 01:00:00.000000000 +0100
+++ tpm2-tss-4.1.3/debian/tpm-udev.postinst 2026-02-25 15:12:45.000000000 +0000
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+case "$1" in
+ configure)
+ # ask udev to check for new udev rules (and fix device permissions)
+ if udevadm --version > /dev/null; then
+ udevadm control --reload-rules ||:
+ udevadm trigger --sysname-match="tpm[0-9]*" ||:
+ udevadm trigger --action=add --subsystem-match=tpm ||:
+ udevadm trigger --action=add --subsystem-match=tpmrm ||:
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.service tpm2-tss-4.1.3/debian/tpm-udev.service
--- tpm2-tss-4.1.3/debian/tpm-udev.service 1970-01-01 01:00:00.000000000 +0100
+++ tpm2-tss-4.1.3/debian/tpm-udev.service 2026-02-25 15:12:45.000000000 +0000
@@ -0,0 +1,5 @@
+[Unit]
+Description=Handle dynamically added tpm devices
+
+[Service]
+ExecStart=systemd-tmpfiles --create tpm-udev.conf
diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles
--- tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles 1970-01-01 01:00:00.000000000 +0100
+++ tpm2-tss-4.1.3/debian/tpm-udev.tmpfiles 2026-02-25 15:12:45.000000000 +0000
@@ -0,0 +1,4 @@
+# Handle tpm mode and owers in containers
+z /dev/tpm[0-9]* 0660 tss root
+z /dev/tpmrm[0-9]* 0660 tss tss
+d /var/lib/tpm 0755 tss tss
diff -Nru tpm2-tss-4.1.3/debian/tpm-udev.udev tpm2-tss-4.1.3/debian/tpm-udev.udev
--- tpm2-tss-4.1.3/debian/tpm-udev.udev 1970-01-01 01:00:00.000000000 +0100
+++ tpm2-tss-4.1.3/debian/tpm-udev.udev 2026-02-25 15:12:45.000000000 +0000
@@ -0,0 +1,4 @@
+# tpm devices can only be accessed by the tss user but the tss
+# group members can access tpmrm devices
+KERNEL=="tpm[0-9]*", TAG+="systemd", MODE="0660", OWNER="tss"
+KERNEL=="tpmrm[0-9]*", TAG+="systemd", MODE="0660", OWNER="tss", GROUP="tss"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/2143669/+subscriptions
More information about the foundations-bugs
mailing list