!88 dracut script support loading digest list with modsig

From: @HuaxinLuGitee 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001

allow-a-specified-algo-different-from-the-list-file.patch

@@ -0,0 +1,26 @@
+From 1b464cfc50f50439f95f8c38bcbcc26253bd8036 Mon Sep 17 00:00:00 2001
+From: Zhou Shuiqing <zhoushuiqing2@huawei.com>
+Date: Tue, 22 Aug 2023 10:24:23 +0800
+Subject: [PATCH] allow a specified algo different from the list file one
+
+Signed-off-by: Zhou Shuiqing <zhoushuiqing2@huawei.com>
+---
+ generators/compact.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/generators/compact.c b/generators/compact.c
+index 4107e44..b3df1fa 100644
+--- a/generators/compact.c
++++ b/generators/compact.c
+@@ -441,7 +441,7 @@ int generator(int dirfd, int pos, struct list_head *head_in,
+ 						NULL, 10)];
+ 			}
+ 			if (list_algo != algo)
+-				continue;
++				printf("list_algo != algo\n");
+ 		}
+ 
+ 		paths[0] = &cur->path[2];
+-- 
+2.33.0
+

digest-list-tools.spec

@@ -1,6 +1,6 @@
 name:           digest-list-tools
 Version:        0.3.95
-Release:        10
+Release:        15
 Summary:        Utilities for IMA Digest Lists extension
 
 Source0:        https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
@@ -16,15 +16,20 @@ Patch4:		Fix-sm3-algorithm-name.patch
 Patch5:         fix-faulty-code.patch
 Patch6:         fix-file-resource-leakage-and-memory-leakage.patch
 Patch7:         fix-error-exit-in-dracut-program.patch
+Patch8:         fix-cap_struct-to-adapter-libcap-2.61.patch
+Patch9:         fix-the-compilation-error.patch
+Patch10:        allow-a-specified-algo-different-from-the-list-file.patch
+Patch11:	dracut-script-support-loading-digest-list-with-modsi.patch
 
+Requires:	libcap >= 2.61
 BuildRequires:  autoconf automake libcurl-devel libtool rpm-devel dracut gzip
-BuildRequires:  libcap-devel libcmocka-devel libselinux-devel
+BuildRequires:  libcap-devel >= 2.61 libcmocka-devel libselinux-devel
 
 %if 0%{?suse_version}
 BuildRequires:  libopenssl-devel glibc-devel-static
 BuildRequires:  linux-glibc-devel keyutils-devel
 %else
-BuildRequires:  openssl-devel kernel-headers
+BuildRequires:  compat-openssl11-devel kernel-headers
 BuildRequires:  keyutils-libs-devel glibc-static
 %endif
 
@@ -127,6 +132,21 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
+* Fri Aug 16 2024 luhuaxin <luhuaxin1@huawei.com> - 0.3.95-15
+- dracut script support loading digest list with modsig
+
+* Tue Aug 22 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 0.3.95-14
+- Allowing a specified algorithm different from the list file.
+
+* Wed Jul 26 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 0.3.95-13
+- fix the compilation error caused by the -Werror=address compilation option in gcc.
+
+* Wed May 24 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 0.3.95-12
+- Fix cap_struct to adapter libcap 2.61
+
+* Fri Feb 3 2023 luhuaxin <luhuaxin1@huawei.com> - 0.3.95-11
+- build with compat openssl 1.1.1
+
 * Tue Dec 20 2022 gaoyusong <gaoyusong2@huawei.com> - 0.3.95-10
 - fix error exit in dracut program
 

dracut-script-support-loading-digest-list-with-modsi.patch

@@ -0,0 +1,29 @@
+From 1e46b6c1440b0aece5bb45ef8bc432a16d64248d Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Fri, 16 Aug 2024 10:57:33 +0800
+Subject: [PATCH] dracut script support loading digest list with modsig
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ initrd/dracut/load_digest_lists.sh | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh
+index 8cb3e84..fad24ed 100644
+--- a/initrd/dracut/load_digest_lists.sh
++++ b/initrd/dracut/load_digest_lists.sh
+@@ -10,7 +10,10 @@ if [  -f /sys/kernel/security/ima/digest_list_data ]; then
+ 							if ($1 ~ /security.ima=0x03/) ima=1; }
+ 							END{ if (evm || ima) print "1" }')
+ 				if [ -z "$process_digest_list" ]; then
+-					continue
++					tail -c 32 $f | grep -a "~Module signature appended~" &> /dev/null
++					if [ $? -ne 0 ]; then
++						continue
++					fi
+ 				fi
+ 
+ 				format=$(echo $f | cut -d - -f 3)
+-- 
+2.33.0
+

fix-cap_struct-to-adapter-libcap-2.61.patch

@@ -0,0 +1,37 @@
+From e063ba3535c35a6fb5f66c00d733b9bd7dffa8ff Mon Sep 17 00:00:00 2001
+From: luhuaxin <luhuaxin1@huawei.com>
+Date: Sun, 13 Mar 2022 12:03:34 +0800
+Subject: [PATCH] fix cap_struct to adapter libcap 2.61
+
+Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
+---
+ lib/cap.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cap.c b/lib/cap.c
+index f7a91fe..c21d025 100644
+--- a/lib/cap.c
++++ b/lib/cap.c
+@@ -28,15 +28,17 @@
+ #endif
+ 
+ #define NUMBER_OF_CAP_SETS      3   /* effective, inheritable, permitted */
+-#define __CAP_BLKS   (_LINUX_CAPABILITY_U32S)
++#define __CAP_BLKS   (_LINUX_CAPABILITY_U32S_3)
+ #define CAP_SET_SIZE (__CAP_BLKS * sizeof(__u32))
+ 
+ struct _cap_struct {
++	__u8 mutex;
+ 	struct __user_cap_header_struct head;
+ 	union {
+ 		struct __user_cap_data_struct set;
+ 		__u32 flat[NUMBER_OF_CAP_SETS];
+-	} u[_LINUX_CAPABILITY_U32S];
++	} u[_LINUX_CAPABILITY_U32S_3];
++	uid_t rootid;
+ };
+ 
+ cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result, int bytes)
+-- 
+2.33.0
+

fix-the-compilation-error.patch

@@ -0,0 +1,34 @@
+From b2bc3931f2dee4c5ef81fe3f6b5bdbca1ed4a6bf Mon Sep 17 00:00:00 2001
+From: zhoushuiqing <zhoushuiqing2@huawei.com>
+Date: Wed, 26 Jul 2023 11:44:14 +0800
+Subject: [PATCH] fix the compilation error caused by the -Werror=address compilation option in gcc.
+
+---
+ parsers/compact_tlv.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/parsers/compact_tlv.c b/parsers/compact_tlv.c
+index 3cd3b95..6b8ca99 100644
+--- a/parsers/compact_tlv.c
++++ b/parsers/compact_tlv.c
+@@ -115,7 +115,7 @@ int parser(int fd, struct list_head *head, loff_t size, void *buf,
+ 			modifiers = hdr.modifiers;
+ 
+ 			for (j = 0; j < 4; j++) {
+-				if (!items_data(ID_INODE_UID + j))
++				if (items_data(ID_INODE_UID + j) == NULL)
+ 					continue;
+ 
+ 				i_meta[j] =
+@@ -152,7 +152,7 @@ int parser(int fd, struct list_head *head, loff_t size, void *buf,
+ 				break;
+ 			case PARSER_OP_ADD_META_DIGEST:
+ 			case PARSER_OP_ADD_META_DIGEST_TO_HTABLE:
+-				if (!items_data(ID_EVM_DIGEST)) {
++				if (items_data(ID_EVM_DIGEST) == NULL) {
+ 					ret = calc_metadata_digest(fd, head,
+ 					   hdr.type, modifiers,
+ 					   hdr.algo, items_data(ID_DIGEST),
+-- 
+2.33.0
+