swtpm: Update to v0.10.0, make stateless

Release notes available [here](https://github.com/stefanberger/swtpm/releases/tag/v0.10.0) Signed-off-by: Reilly Brogan <reilly@reillybrogan.com>
2025-04-26 04:40:17 +03:00 · 2024-12-07 17:42:25 -06:00 · 2024-12-07 17:42:25 -06:00 · 678358248d
commit 678358248d
parent f484dcfb17
7 changed files with 252 additions and 39 deletions
--- a/packages/s/swtpm/abi_symbols
+++ b/packages/s/swtpm/abi_symbols
@ -26,6 +26,9 @@ libswtpm_libtpms.so.0:SWTPM_SymmetricKeyData_Decrypt
 libswtpm_libtpms.so.0:SWTPM_SymmetricKeyData_Encrypt
 libswtpm_libtpms.so.0:capabilities_print_json
 libswtpm_libtpms.so.0:change_process_owner
+libswtpm_libtpms.so.0:check_ossl_algorithms_are_disabled
+libswtpm_libtpms.so.0:check_ossl_fips_disabled_remove_algorithms
+libswtpm_libtpms.so.0:check_ossl_fips_disabled_set_attributes
 libswtpm_libtpms.so.0:create_seccomp_profile
 libswtpm_libtpms.so.0:ctrlchannel_free
 libswtpm_libtpms.so.0:ctrlchannel_get_client_fd
@ -38,6 +41,7 @@ libswtpm_libtpms.so.0:encryption_mode_from_string
 libswtpm_libtpms.so.0:fd_to_filename
 libswtpm_libtpms.so.0:fips_mode_disable
 libswtpm_libtpms.so.0:fips_mode_enabled
+libswtpm_libtpms.so.0:g_mainloop_terminate
 libswtpm_libtpms.so.0:handle_ctrlchannel_options
 libswtpm_libtpms.so.0:handle_flags_options
 libswtpm_libtpms.so.0:handle_key_options
@ -46,10 +50,14 @@ libswtpm_libtpms.so.0:handle_log_options
 libswtpm_libtpms.so.0:handle_migration_key_options
 libswtpm_libtpms.so.0:handle_migration_options
 libswtpm_libtpms.so.0:handle_pid_options
+libswtpm_libtpms.so.0:handle_profile_options
 libswtpm_libtpms.so.0:handle_seccomp_options
 libswtpm_libtpms.so.0:handle_server_options
 libswtpm_libtpms.so.0:handle_tpmstate_options
 libswtpm_libtpms.so.0:install_sighandlers
+libswtpm_libtpms.so.0:json_get_map_key_value
+libswtpm_libtpms.so.0:json_get_submap_value
+libswtpm_libtpms.so.0:json_set_map_key_value
 libswtpm_libtpms.so.0:kdf_identifier_from_string
 libswtpm_libtpms.so.0:key_format_from_string
 libswtpm_libtpms.so.0:key_from_pwdfile
@ -67,7 +75,6 @@ libswtpm_libtpms.so.0:logprintfA
 libswtpm_libtpms.so.0:mainLoop
 libswtpm_libtpms.so.0:mainloop_cb_get_locality
 libswtpm_libtpms.so.0:mainloop_ensure_locked_storage
-libswtpm_libtpms.so.0:mainloop_terminate
 libswtpm_libtpms.so.0:mainloop_unlock_nvram
 libswtpm_libtpms.so.0:nvram_dir_ops
 libswtpm_libtpms.so.0:nvram_linear_file_ops
@ -86,18 +93,25 @@ libswtpm_libtpms.so.0:pidfile_set
 libswtpm_libtpms.so.0:pidfile_set_fd
 libswtpm_libtpms.so.0:pidfile_write
 libswtpm_libtpms.so.0:pool
+libswtpm_libtpms.so.0:print_profiles
+libswtpm_libtpms.so.0:profile_remove_fips_disabled_algorithms
 libswtpm_libtpms.so.0:read_eintr
+libswtpm_libtpms.so.0:rsa1024_der
 libswtpm_libtpms.so.0:server_free
 libswtpm_libtpms.so.0:server_get_fd
 libswtpm_libtpms.so.0:server_get_flags
 libswtpm_libtpms.so.0:server_new
 libswtpm_libtpms.so.0:server_set_fd
+libswtpm_libtpms.so.0:strv_contains_all
+libswtpm_libtpms.so.0:strv_dedup
+libswtpm_libtpms.so.0:strv_extend
+libswtpm_libtpms.so.0:strv_remove
+libswtpm_libtpms.so.0:strv_strncmp
 libswtpm_libtpms.so.0:thread_busy_lock
 libswtpm_libtpms.so.0:thread_busy_signal
 libswtpm_libtpms.so.0:tlv_data_append
 libswtpm_libtpms.so.0:tlv_data_find_tag
 libswtpm_libtpms.so.0:tlv_data_free
-libswtpm_libtpms.so.0:tpm_running
 libswtpm_libtpms.so.0:tpmlib_blobtype_to_statetype
 libswtpm_libtpms.so.0:tpmlib_choose_tpm_version
 libswtpm_libtpms.so.0:tpmlib_create_startup_cmd
@ -115,10 +129,12 @@ libswtpm_libtpms.so.0:tpmlib_write_fatal_error_response
 libswtpm_libtpms.so.0:tpmlib_write_locality_error_response
 libswtpm_libtpms.so.0:tpmlib_write_success_response
 libswtpm_libtpms.so.0:tpmstate_get_backend_uri
+libswtpm_libtpms.so.0:tpmstate_get_locking
 libswtpm_libtpms.so.0:tpmstate_get_mode
 libswtpm_libtpms.so.0:tpmstate_get_version
 libswtpm_libtpms.so.0:tpmstate_global_free
 libswtpm_libtpms.so.0:tpmstate_set_backend_uri
+libswtpm_libtpms.so.0:tpmstate_set_locking
 libswtpm_libtpms.so.0:tpmstate_set_mode
 libswtpm_libtpms.so.0:tpmstate_set_version
 libswtpm_libtpms.so.0:uninstall_sighandlers
--- a/packages/s/swtpm/abi_used_symbols
+++ b/packages/s/swtpm/abi_used_symbols
@ -1,19 +1,25 @@
-libc.so.6:__asprintf_chk
 libc.so.6:__assert_fail
 libc.so.6:__ctype_b_loc
 libc.so.6:__errno_location
 libc.so.6:__fdelt_chk
-libc.so.6:__fprintf_chk
 libc.so.6:__isoc23_sscanf
 libc.so.6:__isoc23_strtol
 libc.so.6:__isoc23_strtoul
 libc.so.6:__isoc99_sscanf
 libc.so.6:__libc_start_main
 libc.so.6:__memcpy_chk
-libc.so.6:__printf_chk
-libc.so.6:__snprintf_chk
+libc.so.6:__memmove_chk
+libc.so.6:__memset_chk
+libc.so.6:__open64_2
+libc.so.6:__open_2
+libc.so.6:__poll_chk
+libc.so.6:__read_chk
 libc.so.6:__stack_chk_fail
+libc.so.6:__strncpy_chk
 libc.so.6:__vasprintf_chk
+libc.so.6:__vfprintf_chk
+libc.so.6:__vprintf_chk
+libc.so.6:__vsnprintf_chk
 libc.so.6:_exit
 libc.so.6:accept
 libc.so.6:access
@ -37,14 +43,11 @@ libc.so.6:fgetc
 libc.so.6:flock
 libc.so.6:fopen
 libc.so.6:fork
-libc.so.6:fputs
 libc.so.6:free
 libc.so.6:freeaddrinfo
 libc.so.6:fstat
 libc.so.6:fstat64
-libc.so.6:fsync
 libc.so.6:ftruncate
-libc.so.6:fwrite
 libc.so.6:gai_strerror
 libc.so.6:getaddrinfo
 libc.so.6:getenv
@ -78,14 +81,10 @@ libc.so.6:mmap
 libc.so.6:msync
 libc.so.6:munmap
 libc.so.6:open
-libc.so.6:open64
 libc.so.6:opendir
 libc.so.6:optarg
 libc.so.6:optind
 libc.so.6:pipe
-libc.so.6:poll
-libc.so.6:putchar
-libc.so.6:puts
 libc.so.6:read
 libc.so.6:realloc
 libc.so.6:realpath
@ -103,7 +102,6 @@ libc.so.6:setsockopt
 libc.so.6:setuid
 libc.so.6:setvbuf
 libc.so.6:signal
-libc.so.6:snprintf
 libc.so.6:socket
 libc.so.6:socketpair
 libc.so.6:stat
@ -111,6 +109,8 @@ libc.so.6:stderr
 libc.so.6:stdin
 libc.so.6:stdout
 libc.so.6:strcasecmp
+libc.so.6:strcat
+libc.so.6:strchr
 libc.so.6:strcmp
 libc.so.6:strcpy
 libc.so.6:strdup
@ -122,7 +122,6 @@ libc.so.6:strncpy
 libc.so.6:strndup
 libc.so.6:strrchr
 libc.so.6:strstr
-libc.so.6:strtok_r
 libc.so.6:strtol
 libc.so.6:strtoul
 libc.so.6:strtoull
@ -142,6 +141,8 @@ libcrypto.so.3:BN_new
 libcrypto.so.3:EVP_CIPHER_CTX_free
 libcrypto.so.3:EVP_CIPHER_CTX_new
 libcrypto.so.3:EVP_CIPHER_CTX_set_padding
+libcrypto.so.3:EVP_CIPHER_fetch
+libcrypto.so.3:EVP_CIPHER_free
 libcrypto.so.3:EVP_DecryptFinal_ex
 libcrypto.so.3:EVP_DecryptInit_ex
 libcrypto.so.3:EVP_DecryptUpdate
@ -157,19 +158,25 @@ libcrypto.so.3:EVP_MAC_init
 libcrypto.so.3:EVP_MAC_update
 libcrypto.so.3:EVP_MD_get_size
 libcrypto.so.3:EVP_PKEY_CTX_free
+libcrypto.so.3:EVP_PKEY_CTX_new
 libcrypto.so.3:EVP_PKEY_CTX_new_from_name
 libcrypto.so.3:EVP_PKEY_CTX_new_from_pkey
 libcrypto.so.3:EVP_PKEY_CTX_set0_rsa_oaep_label
 libcrypto.so.3:EVP_PKEY_CTX_set_rsa_mgf1_md
 libcrypto.so.3:EVP_PKEY_CTX_set_rsa_oaep_md
 libcrypto.so.3:EVP_PKEY_CTX_set_rsa_padding
+libcrypto.so.3:EVP_PKEY_CTX_set_signature_md
 libcrypto.so.3:EVP_PKEY_encrypt
 libcrypto.so.3:EVP_PKEY_encrypt_init
 libcrypto.so.3:EVP_PKEY_free
 libcrypto.so.3:EVP_PKEY_fromdata
 libcrypto.so.3:EVP_PKEY_fromdata_init
+libcrypto.so.3:EVP_PKEY_sign
+libcrypto.so.3:EVP_PKEY_sign_init
+libcrypto.so.3:EVP_PKEY_verify_init
 libcrypto.so.3:EVP_aes_128_cbc
 libcrypto.so.3:EVP_aes_256_cbc
+libcrypto.so.3:EVP_get_digestbyname
 libcrypto.so.3:EVP_sha1
 libcrypto.so.3:EVP_sha256
 libcrypto.so.3:EVP_sha512
@ -183,9 +190,11 @@ libcrypto.so.3:OSSL_PARAM_construct_utf8_string
 libcrypto.so.3:OSSL_PARAM_free
 libcrypto.so.3:PKCS5_PBKDF2_HMAC
 libcrypto.so.3:RAND_bytes
+libcrypto.so.3:RAND_status
 libcrypto.so.3:SHA1
 libcrypto.so.3:SHA256
 libcrypto.so.3:SHA512
+libcrypto.so.3:d2i_PrivateKey
 libfuse.so.2:cuse_lowlevel_setup
 libfuse.so.2:cuse_lowlevel_teardown
 libfuse.so.2:fuse_reply_buf
@ -197,6 +206,7 @@ libfuse.so.2:fuse_reply_write
 libfuse.so.2:fuse_session_exit
 libfuse.so.2:fuse_session_loop
 libfuse.so.2:fuse_session_loop_mt
+libglib-2.0.so.0:g_access
 libglib-2.0.so.0:g_build_filename
 libglib-2.0.so.0:g_cond_init
 libglib-2.0.so.0:g_cond_signal
@ -219,6 +229,8 @@ libglib-2.0.so.0:g_get_user_config_dir
 libglib-2.0.so.0:g_getenv
 libglib-2.0.so.0:g_malloc
 libglib-2.0.so.0:g_malloc0
+libglib-2.0.so.0:g_match_info_free
+libglib-2.0.so.0:g_match_info_matches
 libglib-2.0.so.0:g_mkdir_with_parents
 libglib-2.0.so.0:g_mkstemp_full
 libglib-2.0.so.0:g_mutex_init
@ -229,16 +241,24 @@ libglib-2.0.so.0:g_rand_free
 libglib-2.0.so.0:g_rand_int_range
 libglib-2.0.so.0:g_rand_new
 libglib-2.0.so.0:g_realloc
+libglib-2.0.so.0:g_regex_match
+libglib-2.0.so.0:g_regex_new
+libglib-2.0.so.0:g_regex_unref
 libglib-2.0.so.0:g_rmdir
+libglib-2.0.so.0:g_setenv
 libglib-2.0.so.0:g_snprintf
-libglib-2.0.so.0:g_spawn_async
+libglib-2.0.so.0:g_spawn_async_with_pipes
 libglib-2.0.so.0:g_spawn_sync
 libglib-2.0.so.0:g_strchomp
 libglib-2.0.so.0:g_strchug
 libglib-2.0.so.0:g_strconcat
 libglib-2.0.so.0:g_strdup
 libglib-2.0.so.0:g_strdup_printf
+libglib-2.0.so.0:g_strdupv
 libglib-2.0.so.0:g_strfreev
+libglib-2.0.so.0:g_string_append_printf
+libglib-2.0.so.0:g_string_free_and_steal
+libglib-2.0.so.0:g_string_new
 libglib-2.0.so.0:g_strjoin
 libglib-2.0.so.0:g_strjoinv
 libglib-2.0.so.0:g_strndup
@ -247,6 +267,7 @@ libglib-2.0.so.0:g_strsplit
 libglib-2.0.so.0:g_strsplit_set
 libglib-2.0.so.0:g_strstr_len
 libglib-2.0.so.0:g_strv_contains
+libglib-2.0.so.0:g_strv_length
 libglib-2.0.so.0:g_thread_pool_free
 libglib-2.0.so.0:g_thread_pool_new
 libglib-2.0.so.0:g_thread_pool_push
@ -297,12 +318,34 @@ libgnutls.so.30:gnutls_x509_privkey_import
 libgnutls.so.30:gnutls_x509_privkey_import2
 libgnutls.so.30:gnutls_x509_privkey_init
 libgobject-2.0.so.0:g_object_unref
+libjson-glib-1.0.so.0:json_array_add_object_element
+libjson-glib-1.0.so.0:json_array_new
+libjson-glib-1.0.so.0:json_generator_new
+libjson-glib-1.0.so.0:json_generator_set_root
+libjson-glib-1.0.so.0:json_generator_to_data
+libjson-glib-1.0.so.0:json_node_dup_array
+libjson-glib-1.0.so.0:json_node_dup_object
+libjson-glib-1.0.so.0:json_node_get_node_type
+libjson-glib-1.0.so.0:json_node_get_object
+libjson-glib-1.0.so.0:json_node_new
+libjson-glib-1.0.so.0:json_node_set_object
+libjson-glib-1.0.so.0:json_node_unref
+libjson-glib-1.0.so.0:json_object_get_member
+libjson-glib-1.0.so.0:json_object_new
+libjson-glib-1.0.so.0:json_object_set_array_member
+libjson-glib-1.0.so.0:json_object_set_string_member
+libjson-glib-1.0.so.0:json_object_unref
 libjson-glib-1.0.so.0:json_parser_get_root
 libjson-glib-1.0.so.0:json_parser_load_from_data
+libjson-glib-1.0.so.0:json_parser_load_from_file
 libjson-glib-1.0.so.0:json_parser_new
+libjson-glib-1.0.so.0:json_reader_count_elements
+libjson-glib-1.0.so.0:json_reader_end_element
+libjson-glib-1.0.so.0:json_reader_end_member
 libjson-glib-1.0.so.0:json_reader_get_int_value
 libjson-glib-1.0.so.0:json_reader_get_string_value
 libjson-glib-1.0.so.0:json_reader_new
+libjson-glib-1.0.so.0:json_reader_read_element
 libjson-glib-1.0.so.0:json_reader_read_member
 libseccomp.so.2:seccomp_init
 libseccomp.so.2:seccomp_load
@ -325,9 +368,11 @@ libtpms.so.0:TPMLIB_SetBufferSize
 libtpms.so.0:TPMLIB_SetDebugFD
 libtpms.so.0:TPMLIB_SetDebugLevel
 libtpms.so.0:TPMLIB_SetDebugPrefix
+libtpms.so.0:TPMLIB_SetProfile
 libtpms.so.0:TPMLIB_SetState
 libtpms.so.0:TPMLIB_Terminate
 libtpms.so.0:TPMLIB_VolatileAll_Store
+libtpms.so.0:TPMLIB_WasManufactured
 libtpms.so.0:TPM_IO_Hash_Data
 libtpms.so.0:TPM_IO_Hash_End
 libtpms.so.0:TPM_IO_Hash_Start
--- a/packages/s/swtpm/files/0001-Stateless.patch
+++ b/packages/s/swtpm/files/0001-Stateless.patch
@ -0,0 +1,154 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Reilly Brogan <reilly@reillybrogan.com>
+Date: Sat, 7 Dec 2024 17:17:31 -0600
+Subject: [PATCH] Stateless
+
+Signed-off-by: Reilly Brogan <reilly@reillybrogan.com>
+---
+ man/man5/swtpm_setup.conf.pod     |  3 +++
+ man/man8/swtpm_localca.pod        | 11 +++++++----
+ man/man8/swtpm_setup.pod          |  3 ++-
+ samples/Makefile.am               |  4 ++--
+ samples/swtpm_setup.conf.in       |  6 ++++--
+ src/swtpm_localca/swtpm_localca.c |  8 ++++++++
+ src/swtpm_setup/swtpm_setup.c     |  4 ++++
+ 7 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/man/man5/swtpm_setup.conf.pod b/man/man5/swtpm_setup.conf.pod
+index 7903e7b..11be42e 100644
+--- a/man/man5/swtpm_setup.conf.pod
+++ b/man/man5/swtpm_setup.conf.pod
+@@ -14,6 +14,9 @@ Users may write their own configuration into
+ I<${XDG_CONFIG_HOME}/swtpm_setup.conf> or if XDG_CONFIG_HOME
+ is not set it may be in I<${HOME}/.config/swtpm_setup.conf>.
+ 
+If neither of these is available then the config at
+I</usr/share/defaults/swtpm/swtpm_setup.conf> will be used.
+
+ The following keywords are recognized:
+ 
+ =over 4
+diff --git a/man/man8/swtpm_localca.pod b/man/man8/swtpm_localca.pod
+index e9771ad..33c6899 100644
+--- a/man/man8/swtpm_localca.pod
+++ b/man/man8/swtpm_localca.pod
+@@ -14,8 +14,9 @@ the certificates.
+ 
+ The program will typically be invoked by the I<swtpm_setup> program
+ that uses the I</etc/swtpm_setup.conf> configuration file where
+-a variable needs to be set that points to this program.
+-It implements command line options that the I<swtpm_setup>
+a variable needs to be set that points to this program. If that file is not
+available then the fallback at I</usr/share/defaults/swtpm/swtpm_setup.conf>
+will be used instead. It implements command line options that the I<swtpm_setup>
+ program uses to provide the necessary parameters to it.
+ 
+ B<swtpm_localca> will automatically try to create the signing key and
+@@ -74,12 +75,14 @@ on the console.
+ =item B<--configfile <configuration file>>
+ 
+ The configuration file to use. If omitted, the default configuration
+-file I</etc/swtpm-localca.conf> will be used.
+file I</etc/swtpm-localca.conf> will be used. If that file isn't present
+I</usr/share/defaults/swtpm/swtpm-localca.conf> will be used
+ 
+ =item B<--optsfile <options file>>
+ 
+ The options file to use. If omitted, the default options file
+-I</etc/swtpm-localca.options> will be used.
+I</etc/swtpm-localca.options> will be used. If that file isn't present
+I</usr/share/defaults/swtpm/swtpm-localca.options> will be used
+ 
+ =item B<--tpm-spec-family>, B<--tpm-spec-revision>, B<--tpm-spec-level>
+ 
+diff --git a/man/man8/swtpm_setup.pod b/man/man8/swtpm_setup.pod
+index a8595ba..ae89e64 100644
+--- a/man/man8/swtpm_setup.pod
+++ b/man/man8/swtpm_setup.pod
+@@ -30,7 +30,8 @@ as follows. If the environment variable XDG_CONFIG_HOME is set,
+ ${XDG_CONFIG_HOME}/swtpm_setup.conf will be used if available, otherwise if
+ the environment variable HOME is set, ${HOME}/.config/swtpm_setup.conf
+ will be used if available. If none of the previous ones are available, /etc/swtpm_setup.conf
+-will be used.
+will be used. Finally, I</usr/share/defaults/swtpm/swtpm_setup.conf> will be used as the
+final fallback.
+ 
+ =item B<--tpm-state <dir>> or B<--tpmstate <dir>>
+ 
+diff --git a/samples/Makefile.am b/samples/Makefile.am
+index 86be504..b3adba4 100644
+--- a/samples/Makefile.am
+++ b/samples/Makefile.am
+@@ -5,14 +5,14 @@
+ #
+ 
+ samplesconfdir = $(datadir)/@PACKAGE@
+-samplessysconfdir = $(sysconfdir)
+samplesvendordir = $(datadir)/defaults/@PACKAGE@
+ 
+ samplesconf_SCRIPTS = \
+ 	swtpm-create-tpmca \
+ 	swtpm-create-user-config-files \
+ 	swtpm-localca
+ 
+-samplessysconf_DATA = \
+samplesvendor_DATA = \
+ 	swtpm-localca.conf \
+ 	swtpm-localca.options \
+ 	swtpm_setup.conf
+diff --git a/samples/swtpm_setup.conf.in b/samples/swtpm_setup.conf.in
+index dd03609..1fa85c5 100644
+--- a/samples/swtpm_setup.conf.in
+++ b/samples/swtpm_setup.conf.in
+@@ -1,7 +1,9 @@
+ # Program invoked for creating certificates
+ create_certs_tool= @BINDIR@/swtpm_localca
+-create_certs_tool_config = @SYSCONFDIR@/swtpm-localca.conf
+-create_certs_tool_options = @SYSCONFDIR@/swtpm-localca.options
+# Do not modify these files. Copy these files to /etc/ and modify these variables to point to the new
+# versions if you want to modify the system versions
+create_certs_tool_config =  /usr/share/defaults/swtpm/swtpm-localca.conf
+create_certs_tool_options = /usr/share/defaults/swtpm/swtpm-localca.options
+ # Comma-separated list (no spaces) of PCR banks to activate by default
+ active_pcr_banks = @DEFAULT_PCR_BANKS@
+ rsa_keysize = 2048
+diff --git a/src/swtpm_localca/swtpm_localca.c b/src/swtpm_localca/swtpm_localca.c
+index 920c3e6..a6a69f6 100644
+--- a/src/swtpm_localca/swtpm_localca.c
+++ b/src/swtpm_localca/swtpm_localca.c
+@@ -56,12 +56,20 @@ static int init(gchar **options_file, gchar **config_file)
+     if (access(*options_file, R_OK) != 0) {
+         g_free(*options_file);
+         *options_file = g_build_filename(SYSCONFDIR, LOCALCA_OPTIONS, NULL);
+        if (access(*options_file, R_OK) != 0) {
+            g_free(*options_file);
+            *options_file = g_build_filename("/usr/share/defaults/swtpm", LOCALCA_OPTIONS, NULL);
+        }
+     }
+ 
+     *config_file = g_build_filename(configdir, LOCALCA_CONFIG, NULL);
+     if (access(*config_file, R_OK) != 0) {
+         g_free(*config_file);
+         *config_file = g_build_filename(SYSCONFDIR, LOCALCA_CONFIG, NULL);
+        if (access(*config_file, R_OK) != 0) {
+            g_free(*config_file);
+            *config_file = g_build_filename("/usr/share/defaults/swtpm", LOCALCA_CONFIG, NULL);
+        }
+     }
+ 
+     return 0;
+diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
+index 4068915..25be8f4 100644
+--- a/src/swtpm_setup/swtpm_setup.c
+++ b/src/swtpm_setup/swtpm_setup.c
+@@ -91,6 +91,10 @@ static int init(gchar **config_file)
+     if (access(*config_file, R_OK) != 0) {
+         g_free(*config_file);
+         *config_file = g_build_filename(SYSCONFDIR, SWTPM_SETUP_CONF, NULL);
+        if (access(*config_file, R_OK) != 0) {
+            g_free(*config_file);
+            *config_file = g_build_filename("/usr/share/defaults/swtpm", SWTPM_SETUP_CONF, NULL);
+        }
+     }
+ 
+     return 0;
--- a/packages/s/swtpm/package.yml
+++ b/packages/s/swtpm/package.yml
@ -1,8 +1,8 @@
 name       : swtpm
-version    : 0.9.0
-release    : 11
+version    : 0.10.0
+release    : 12
 source     :
-    - https://github.com/stefanberger/swtpm/archive/refs/tags/v0.9.0.tar.gz : 9679ca171e8aaa3c4e4053e8bc1d10c8dabf0220bd4b16aba78743511c25f731
+    - https://github.com/stefanberger/swtpm/archive/refs/tags/v0.10.0.tar.gz : 9f10ae0d3123ab05c3808f8c8d39f633cf1a0cf142d6ac9b87b8364a682ac842
 homepage   : https://github.com/stefanberger/swtpm
 license    :
    - BSD-3-Clause
@ -22,14 +22,22 @@ builddeps  :
    - socat
 rundeps    :
    - libgnutls-utils
+clang      : yes
 setup      : |
+    %patch -p1 -i $pkgfiles/0001-Stateless.patch
    %reconfigure --with-gnutls --disable-static
 build      : |
    %make
 install    : |
    %make_install

+    # Nothing currently builds against this, so let's just delete the development files
+    # The installed tests are also similarly useless
+    rm -rfv $installdir/usr/include $installdir/usr/share/man/man3 $installdir/usr/lib64/swtpm/installed-tests
+
    # Don't ship /var/lib/swtpm-localca, create it with tmpfiles instead
    rm -rfv $installdir/var/
    install -Dm00644 $pkgfiles/swtpm.sysusers $installdir/%libdir%/sysusers.d/swtpm.conf
    install -Dm00644 $pkgfiles/swtpm.tmpfiles $installdir/%libdir%/tmpfiles.d/swtpm.conf
+check      : |
+    %make check
--- a/packages/s/swtpm/pspec_x86_64.xml
+++ b/packages/s/swtpm/pspec_x86_64.xml
@ -21,9 +21,6 @@
 </Description>
        <PartOf>virt</PartOf>
        <Files>
-            <Path fileType="config">/etc/swtpm-localca.conf</Path>
-            <Path fileType="config">/etc/swtpm-localca.options</Path>
-            <Path fileType="config">/etc/swtpm_setup.conf</Path>
            <Path fileType="executable">/usr/bin/swtpm</Path>
            <Path fileType="executable">/usr/bin/swtpm_bios</Path>
            <Path fileType="executable">/usr/bin/swtpm_cert</Path>
@ -36,6 +33,9 @@
            <Path fileType="library">/usr/lib64/swtpm/libswtpm_libtpms.so.0.0.0</Path>
            <Path fileType="library">/usr/lib64/sysusers.d/swtpm.conf</Path>
            <Path fileType="library">/usr/lib64/tmpfiles.d/swtpm.conf</Path>
+            <Path fileType="data">/usr/share/defaults/swtpm/swtpm-localca.conf</Path>
+            <Path fileType="data">/usr/share/defaults/swtpm/swtpm-localca.options</Path>
+            <Path fileType="data">/usr/share/defaults/swtpm/swtpm_setup.conf</Path>
            <Path fileType="man">/usr/share/man/man5/swtpm-localca.conf.5</Path>
            <Path fileType="man">/usr/share/man/man5/swtpm-localca.options.5</Path>
            <Path fileType="man">/usr/share/man/man5/swtpm_setup.conf.5</Path>
@ -53,24 +53,10 @@
            <Path fileType="data">/usr/share/swtpm/swtpm-localca</Path>
        </Files>
    </Package>
-    <Package>
-        <Name>swtpm-devel</Name>
-        <Summary xml:lang="en">Development files for swtpm</Summary>
-        <Description xml:lang="en">TPM emulator built on libtpms providing TPM functionality for QEMU VMs.
-</Description>
-        <PartOf>programming.devel</PartOf>
-        <RuntimeDependencies>
-            <Dependency release="11">swtpm</Dependency>
-        </RuntimeDependencies>
-        <Files>
-            <Path fileType="header">/usr/include/swtpm/tpm_ioctl.h</Path>
-            <Path fileType="man">/usr/share/man/man3/swtpm_ioctls.3</Path>
-        </Files>
-    </Package>
    <History>
-        <Update release="11">
-            <Date>2024-06-26</Date>
-            <Version>0.9.0</Version>
+        <Update release="12">
+            <Date>2024-12-07</Date>
+            <Version>0.10.0</Version>
            <Comment>Packaging update</Comment>
            <Name>Reilly Brogan</Name>
            <Email>solus@reillybrogan.com</Email>
--- a/repo_data/distribution.xml
+++ b/repo_data/distribution.xml
@ -2769,5 +2769,6 @@
 		<Package>python-pafy</Package>
 		<Package>nodejs-18</Package>
 		<Package>nodejs-18-dbginfo</Package>
+		<Package>swtpm-devel</Package>
 	</Obsoletes>
 </PISI>
--- a/repo_data/distribution.xml.in
+++ b/repo_data/distribution.xml.in
@ -3709,6 +3709,9 @@
 		<!-- Replaced by newer versions -->
 		<Package>nodejs-18</Package>
 		<Package>nodejs-18-dbginfo</Package>
+
+		<!-- Unnecessary, can be readded later if needed -->
+		<Package>swtpm-devel</Package>
 	</Obsoletes>
 </PISI>