Adds the bundled feature.

The bundled feature is ment to make the process of building and managing the tpm2-tss depedency of the tss-esapi-sys crate much easier by downloading the source code and compiling it automatically. This feature was originally developed in \parallaxsecond#523 and then updated in \parallaxsecond#531. Co-authored-by: William Brown <[email protected]> Co-authored-by: Thomas Epperson <[email protected]> Signed-off-by: Jesper Brynolf <[email protected]>
Superhepper · Jan 19, 2025 · d6eee25 · d6eee25
1 parent 2dd2308
commit d6eee25
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 5 deletions.
diff --git a/tss-esapi-sys/Cargo.toml b/tss-esapi-sys/Cargo.toml
@@ -19,6 +19,12 @@ pkg-config = "0.3.18"
 target-lexicon = "0.12.0"
 cfg-if = "1.0.0"
 semver = "1.0.7"
+autotools = { version = "0.2.6", optional = true }
+
+[target.'cfg(windows)'.build-dependencies]
+msbuild = { version = "0.1.0", optional = true }
+winreg = { version = "0.52", optional = true }
 
 [features]
 generate-bindings = ["bindgen"]
+bundled = ["dep:autotools", "dep:msbuild", "dep:winreg"]
diff --git a/tss-esapi-sys/README.md b/tss-esapi-sys/README.md
@@ -13,12 +13,12 @@ interface to Rust to [TSS](https://github.com/tpm2-software/tpm2-tss).
 
 This crate exposes an interface for the TSS Enhanced System API and thus
 links to libraries that expose this interface. In order to allow proper use
-of the ESAPI, this FFI layer includes bindings to TCTI and MU headers, and 
+of the ESAPI, this FFI layer includes bindings to TCTI and MU headers, and
 must therefore link to all of them at build time.
 
 The paths to the libraries are discovered using `pkg-config` - make sure they
-are discoverable in this way on your system. Our build script looks for 
-`tss2-esys`, `tss2-tctildr` and `tss2-mu`. A minimum version of `4.0.1` is 
+are discoverable in this way on your system. Our build script looks for
+`tss2-esys`, `tss2-tctildr` and `tss2-mu`. A minimum version of `4.0.1` is
 required for all of them.
 
 Having installed the open-source implementation libraries at `/usr/local/lib` (by default), it
@@ -41,9 +41,63 @@ available, feel free to raise a Pull Request to add it or to use build-time
 generation of bindings. All the committed bindings **MUST** be generated from
 the library version found under the `vendor` submodule.
 
+## Bundling TPM-TSS
+
+tpm-tss is used by this library to communicate with TPMs. If this library
+is not available on your system you may optionally bundle (vendor) tpm-tss
+during builds. tpm-tss can be provided from a local source path with the
+environment variable `TPM_TSS_SOURCE_PATH` or it will be retrieved from
+github during the build.
+
+To enable this feature:
+
+```bash
+cargo build --features=bundled
+```
+
+```bash
+TPM_TSS_SOURCE_PATH=/path/to/tpm-tss cargo build --features=bundled
+```
+
+If using this feature from an external project
+
+```
+tss-esapi-sys = { version = "...", features = "bundled" }
+```
+
+### Windows
+
+Compiling for windows requires a bit of setup to work with the bundled feature.
+
+* Openssl must be installed to a non-standard location at C:\OpenSSL-v11-Win64
+* Visual studio 2019 must be installed with the Clang/C2 experimental component,
+  and windows sdk 10.0 (Other versions of Visual Studio may work but are untested 
+  at this point).
+
+### MacOS
+
+Compiling on MacOS requires the bundling feature. This requires dependencies
+from brew.
+
+```bashbre
+brew install autoconf autoconf-archive automake json-c libtool m4 pkg-config
+```
+
+Optionally you may require these libraries for certain classes of TPM transport
+
+```
+brew install libftdi
+```
+
+### OpenSUSE / SUSE
+
+```
+sudo zypper in autoconf autoconf-archive automake libjson-c-devel libtool libtpms-devel gawk make
+```
+
 ## Cross compiling
 
-Cross-compilation can be done as long as you have on your build system the TSS 
+Cross-compilation can be done as long as you have on your build system the TSS
 libraries compiled for your target system of choice. We rely on `pkg-config` to
 identify the libraries which we link against. Installing `tpm2-tss` does yield
 `.pc` files which can be used for this purpose, but depending on the exact build

diff --git a/tss-esapi-sys/build.rs b/tss-esapi-sys/build.rs
@@ -8,11 +8,28 @@ fn main() {
     }
 
     cfg_if::cfg_if! {
-        if #[cfg(feature = "generate-bindings")] {
+        if #[cfg(all(feature = "bundled", feature = "generate-bindings"))] {
+            // Bundled and generate bindings for the case when
+            // it should be bundled with a non minimal version
+            // of tpm2-tss.
+            let installation = tpm2_tss::Installation::bundled();
+            let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap());
+            installation.generate_bindings(&out_dir.join("tss_esapi_bindings.rs"));
+            installation.output_linker_arguments();
+        } else if #[cfg(all(feature = "bundled", not(feature = "generate-bindings")))] {
+            // Bundled with the minimum version of tpm2-tss and the pre generated
+            // bindings will be used.
+            target::ensure_supported();
+            let installation = tpm2_tss::Installation::bundled();
+            installation.pkg_config();
+        } else if #[cfg(all(not(feature = "bundled"), feature = "generate-bindings"))] {
+            // Not bundled only generate the bindings and build against them.
             let installation = tpm2_tss::Installation::probe(true);
             let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap());
             installation.generate_bindings(&out_dir.join("tss_esapi_bindings.rs"));
+            installation.output_linker_arguments();
         } else {
+            // Not bundled and using the pre generated bindings and build against them.
             target::ensure_supported();
             let _ = tpm2_tss::Installation::probe(false);
         }

diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml
@@ -61,3 +61,4 @@ default = ["abstraction"]
 generate-bindings = ["tss-esapi-sys/generate-bindings"]
 abstraction = ["oid", "picky-asn1", "picky-asn1-x509"]
 integration-tests = ["strum", "strum_macros"]
+bundled = ["tss-esapi-sys/bundled"]
diff --git a/tss-esapi/README.md b/tss-esapi/README.md
@@ -17,6 +17,10 @@ time using the headers identified on the system.
 
 Our end-goal is to achieve a fully Rust-native interface that offers strong safety and security guarantees. Check out our [documentation](https://docs.rs/tss-esapi/*/tss_esapi/#notes-on-code-safety) for an overview of our code safety approach.
 
+## Integration Tests
+
+See the [integration tests](https://github.com/parallaxsecond/rust-tss-esapi/tree/main/tss-esapi/tests)
+
 ## Cargo Features
 
 The crate currently offers the following features: