Comment 10 for bug 1940079

Hi,

I built strongswan 5.9.1-1 with --enable-tss-trousers (extra Build-Dep: libtspi-dev) and --enable-tss-tss2 (extra B-D: libtss2-dev). The package built fine, the resulting libstrongswan-extra-plugins binary package has two extra dependencies:

 - libtss2-sys1
 - libtspi1 (not in main)

Note: I can't see the libtss2-esys runtime dependency that Tobias mentioned. @Tobias: is this expected, or am I missing some other flag?

Before moving forward in this direction I have a question. AIUI --enable-tss-trousers enables TPM1.2, while --enable-tss-tss2 enables TPM2, which is what --enable-tpm needs to do anything useful.

Do you think it makes sense to only enable TPM2 (--enable-tss-tss2), without TPM1.2 (--enable-tss-trousers)? This would be my proposal, as it has some advantages over enabling both:

1. TPM2 has been around for several years now, and improves on TPM1.2 in many ways. Nobody really complained of lack of TPM1.2 support before this bug was filed.
2. libtspi1 is not in main, so enabling TPM1.2 will require at least a MIR, increasing the overall maintenance work.
3. Supporting only TPM2 will save us from deprecating TPM1.2 support one day, with all the burden that such deprecations generate both on the maintainers side and users side. This is my main point.
4. We can always enable TPM1.2 later if we change our mind.

What do you think?