diff --git a/add-save-command-to-support-digest-list-building.patch b/add-save-command-to-support-digest-list-building.patch index 13eec14..31febfd 100644 --- a/add-save-command-to-support-digest-list-building.patch +++ b/add-save-command-to-support-digest-list-building.patch @@ -1,4 +1,4 @@ -From 6e607f4c5b3a608477bfc10405fb3c1f2ef93024 Mon Sep 17 00:00:00 2001 +From b1c7340ed4b4233bfb480173f5dee1cb8a5becea Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Thu, 21 Jan 2021 08:16:34 +0800 Subject: [PATCH] add save command to support digest list building @@ -7,14 +7,14 @@ This patch adds save command to support IMA digest list. Signed-off-by: Tianxing Zhang --- - src/evmctl.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 60 insertions(+), 7 deletions(-) + src/evmctl.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 59 insertions(+), 6 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 1815f55..439713d 100644 +index 8bdd348..355d04d 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -115,6 +115,7 @@ static int sigdump; +@@ -118,6 +118,7 @@ static int sigdump; static int digest; static int digsig; static int sigfile; @@ -76,12 +76,12 @@ index 1815f55..439713d 100644 - if (!evm_immutable) { + if (!evm_immutable && !evm_portable) { - if ((S_ISREG(st.st_mode) || S_ISDIR(st.st_mode)) && !generation_str) { - /* we cannot at the momement to get generation of - special files kernel API does not support it */ -@@ -444,7 +461,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - /*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/ - log_info("name: %s, size: %d\n", *xattrname, err); + if (S_ISREG(st.st_mode) && !generation_str) { + int fd = open(file, 0); + +@@ -454,7 +471,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + log_info("name: %s, size: %d\n", + use_xattr_ima ? xattr_ima : *xattrname, err); log_debug_dump(xattr_value, err); - err = EVP_DigestUpdate(pctx, xattr_value, err); + if (datafile) @@ -92,7 +92,7 @@ index 1815f55..439713d 100644 if (!err) { log_err("EVP_DigestUpdate() failed\n"); return 1; -@@ -498,7 +519,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -508,7 +529,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) log_debug("hmac_misc (%d): ", hmac_size); log_debug_dump(&hmac_misc, hmac_size); @@ -105,7 +105,7 @@ index 1815f55..439713d 100644 if (!err) { log_err("EVP_DigestUpdate() failed\n"); return 1; -@@ -555,6 +580,9 @@ static int sign_evm(const char *file, const char *key) +@@ -565,6 +590,9 @@ static int sign_evm(const char *file, const char *key) if (sigdump || imaevm_params.verbose >= LOG_INFO) imaevm_hexdump(sig, len); @@ -115,7 +115,7 @@ index 1815f55..439713d 100644 if (xattr) { err = lsetxattr(file, xattr_evm, sig, len, 0); if (err < 0) { -@@ -566,6 +594,21 @@ static int sign_evm(const char *file, const char *key) +@@ -576,6 +604,21 @@ static int sign_evm(const char *file, const char *key) return 0; } @@ -137,7 +137,7 @@ index 1815f55..439713d 100644 static int hash_ima(const char *file) { unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */ -@@ -678,7 +721,7 @@ static int get_file_type(const char *path, const char *search_type) +@@ -684,7 +727,7 @@ static int get_file_type(const char *path, const char *search_type) static int do_cmd(struct command *cmd, find_cb_t func) { @@ -146,7 +146,7 @@ index 1815f55..439713d 100644 int err, dts = REG_MASK; /* only regular files by default */ if (!path) { -@@ -687,6 +730,10 @@ static int do_cmd(struct command *cmd, find_cb_t func) +@@ -693,6 +736,10 @@ static int do_cmd(struct command *cmd, find_cb_t func) return -1; } @@ -157,7 +157,7 @@ index 1815f55..439713d 100644 if (recursive) { if (search_type) { dts = get_file_type(path, search_type); -@@ -793,6 +840,11 @@ static int cmd_sign_evm(struct command *cmd) +@@ -799,6 +846,11 @@ static int cmd_sign_evm(struct command *cmd) return do_cmd(cmd, sign_evm_path); } @@ -169,16 +169,7 @@ index 1815f55..439713d 100644 static int verify_evm(const char *file) { unsigned char hash[MAX_DIGEST_SIZE]; -@@ -807,7 +859,7 @@ static int verify_evm(const char *file) - return len; - } - -- if (sig[0] != 0x03) { -+ if (sig[0] != 0x03 && sig[0] != 0x05) { - log_err("%s has no signature\n", xattr_evm); - return -1; - } -@@ -2479,6 +2531,7 @@ struct command cmds[] = { +@@ -2547,6 +2599,7 @@ struct command cmds[] = { {"import", cmd_import, 0, "[--rsa] pubkey keyring", "Import public key into the keyring.\n"}, {"convert", cmd_convert, 0, "key", "convert public key into the keyring.\n"}, {"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass [password] file", "Sign file metadata.\n"}, @@ -187,5 +178,5 @@ index 1815f55..439713d 100644 {"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass [password] file", "Make file content signature.\n"}, {"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"}, -- -2.25.1 +2.33.0 diff --git a/add-sm3-option.patch b/add-sm3-option.patch index 3f3423a..c2497f4 100644 --- a/add-sm3-option.patch +++ b/add-sm3-option.patch @@ -1,4 +1,4 @@ -From 3fe53a713f32c28841e7f5efd4afb397b6d7e154 Mon Sep 17 00:00:00 2001 +From 01cc9dee300fc78d827d70a647bb409579b29555 Mon Sep 17 00:00:00 2001 From: shenxiangwei Date: Wed, 24 Aug 2022 08:26:49 +0800 Subject: [PATCH] add sm3 option @@ -9,18 +9,18 @@ Signed-off-by: shenxiangwei 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 28f4b8d..bce4b91 100644 +index a8c31ed..5202e53 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -2489,7 +2489,7 @@ static void usage(void) +@@ -2552,7 +2552,7 @@ static void usage(void) printf( "\n" -- " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512, streebog256, streebog512\n" -+ " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512, streebog256, streebog512, sm3\n" +- " -a, --hashalgo sha1, sha224, sha256, sha384, sha512, streebog256, streebog512 (default: %s)\n" ++ " -a, --hashalgo sha1, sha224, sha256, sha384, sha512, streebog256, streebog512, sm3 (default: %s)\n" " -s, --imasig make IMA signature\n" " -d, --imahash make IMA hash\n" " -f, --sigfile store IMA signature in .sig file instead of xattr\n" -- -2.27.0 +2.33.0 diff --git a/ima-evm-utils-1.3.2.tar.gz b/ima-evm-utils-1.3.2.tar.gz deleted file mode 100644 index 7d2335e..0000000 Binary files a/ima-evm-utils-1.3.2.tar.gz and /dev/null differ diff --git a/ima-evm-utils-1.4.tar.gz b/ima-evm-utils-1.4.tar.gz new file mode 100644 index 0000000..7480b28 Binary files /dev/null and b/ima-evm-utils-1.4.tar.gz differ diff --git a/ima-evm-utils-Fix-incorrect-algorithm-name-in-hash_i.patch b/ima-evm-utils-Fix-incorrect-algorithm-name-in-hash_i.patch deleted file mode 100644 index 328368a..0000000 --- a/ima-evm-utils-Fix-incorrect-algorithm-name-in-hash_i.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 455a399c1f1605d3a96fa8b89b48f4c203a48951 Mon Sep 17 00:00:00 2001 -From: Tianjia Zhang -Date: Sat, 24 Jul 2021 17:56:47 +0800 -Subject: [PATCH 2/2] ima-evm-utils: Fix incorrect algorithm name in - hash_info.gen - -There is no such an algorithm name as sm3-256. This is an ambiguity -caused by the definition of the macro HASH_ALGO_SM3_256. The sed -command is only a special case of sm3, so sm3 is used to replace -the sm3-256 algorithm name. - -Signed-off-by: Tianjia Zhang -Reviewed-by: Petr Vorel -Signed-off-by: Mimi Zohar -Signed-off-by: luhuaxin ---- - src/.gitignore | 1 + - src/hash_info.gen | 7 ++++--- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/.gitignore b/src/.gitignore -index 38e8e3c..69d2988 100644 ---- a/src/.gitignore -+++ b/src/.gitignore -@@ -1 +1,2 @@ - hash_info.h -+tmp_hash_info.h -diff --git a/src/hash_info.gen b/src/hash_info.gen -index 5f7a97f..08d4a94 100755 ---- a/src/hash_info.gen -+++ b/src/hash_info.gen -@@ -84,9 +84,10 @@ echo "};" - echo "const char *const hash_algo_name[HASH_ALGO__LAST] = {" - sed -n 's/HASH_ALGO_\(.*\),/\1 \L\1\E/p' $HASH_INFO | \ - while read a b; do -- # Normalize text hash name: if it contains underscore between -- # digits replace it with a dash, other underscores are removed. -- b=$(echo "$b" | sed "s/\([0-9]\)_\([0-9]\)/\1-\2/g;s/_//g") -+ # Normalize text hash name: sm3 algorithm name is different from -+ # the macro definition, which is also the only special case of an -+ # underscore between digits. Remove all other underscores. -+ b=$(echo "$b" | sed "s/sm3_256/sm3/g;s/_//g") - printf '\t%-26s = "%s",\n' "[HASH_ALGO_$a]" "$b" - done - echo "};" --- -1.8.3.1 - diff --git a/ima-evm-utils-Support-SM2-3-algorithm-for-sign-and-v.patch b/ima-evm-utils-Support-SM2-3-algorithm-for-sign-and-v.patch deleted file mode 100644 index 480aaf6..0000000 --- a/ima-evm-utils-Support-SM2-3-algorithm-for-sign-and-v.patch +++ /dev/null @@ -1,209 +0,0 @@ -From 17b9fc3fdbc3545efe9be6482bd7cc0a9fe30791 Mon Sep 17 00:00:00 2001 -From: Tianjia Zhang -Date: Wed, 21 Jul 2021 11:16:59 +0800 -Subject: [PATCH 1/2] ima-evm-utils: Support SM2/3 algorithm for sign and - verify - -Keep in sync with the kernel IMA, IMA signature tool supports SM2/3 -algorithm combination. Because in the current version of OpenSSL 1.1.1, -the SM2 algorithm and the public key using the EC algorithm share the -same ID 'EVP_PKEY_EC', and the specific algorithm can only be -distinguished by the curve name used. This patch supports this feature. - -Secondly, the openssl 1.1.1 tool does not fully support the signature -of SM2/3 algorithm combination, so the openssl3 tool is used in the -test case, and there is no this problem with directly calling the -openssl 1.1.1 API in evmctl. - -Signed-off-by: Tianjia Zhang -[zohar@linux.ibm.com: "COMPILE_SSL: " -> "COMPILE_SSL=" in .travis.yml -Reviewed-by: Petr Vorel -Signed-off-by: Mimi Zohar - -Signed-off-by: luhuaxin ---- - .travis.yml | 6 +++--- - src/libimaevm.c | 20 ++++++++++++++++++++ - tests/gen-keys.sh | 25 +++++++++++++++++++++++++ - tests/ima_hash.test | 3 +-- - tests/install-openssl3.sh | 23 +++++++++++++++++++++++ - tests/sign_verify.test | 10 ++++++++++ - 6 files changed, 82 insertions(+), 5 deletions(-) - create mode 100755 tests/install-openssl3.sh - -diff --git a/.travis.yml b/.travis.yml -index 9bea5d1..9063b04 100644 ---- a/.travis.yml -+++ b/.travis.yml -@@ -7,7 +7,7 @@ matrix: - include: - # 32 bit build - - os: linux -- env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss -+ env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss COMPILE_SSL=openssl-3.0.0-beta1 - compiler: gcc - - # cross compilation builds -@@ -30,7 +30,7 @@ matrix: - - # glibc (gcc/clang) - - os: linux -- env: DISTRO=opensuse/tumbleweed TSS=ibmtss -+ env: DISTRO=opensuse/tumbleweed TSS=ibmtss COMPILE_SSL=openssl-3.0.0-beta1 - compiler: clang - - - os: linux -@@ -75,4 +75,4 @@ before_install: - script: - - INSTALL="${DISTRO%%:*}" - - INSTALL="${INSTALL%%/*}" -- - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" -+ - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" -diff --git a/src/libimaevm.c b/src/libimaevm.c -index fa6c278..423d9dc 100644 ---- a/src/libimaevm.c -+++ b/src/libimaevm.c -@@ -518,6 +518,16 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size, - return -1; - } - -+#if defined(EVP_PKEY_SM2) && OPENSSL_VERSION_NUMBER < 0x30000000 -+ /* If EC key are used, check whether it is SM2 key */ -+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { -+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); -+ int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); -+ if (curve == NID_sm2) -+ EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); -+ } -+#endif -+ - st = "EVP_PKEY_CTX_new"; - if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) - goto err; -@@ -932,6 +942,16 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash, - return -1; - } - -+#if defined(EVP_PKEY_SM2) && OPENSSL_VERSION_NUMBER < 0x30000000 -+ /* If EC key are used, check whether it is SM2 key */ -+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { -+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); -+ int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); -+ if (curve == NID_sm2) -+ EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); -+ } -+#endif -+ - calc_keyid_v2(&keyid, name, pkey); - hdr->keyid = keyid; - -diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh -index 407876b..ae72487 100755 ---- a/tests/gen-keys.sh -+++ b/tests/gen-keys.sh -@@ -92,6 +92,31 @@ for m in \ - fi - done - -+# SM2, If openssl 3.0 is installed, gen SM2 keys using -+if [ -x /opt/openssl3/bin/openssl ]; then -+ (PATH=/opt/openssl3/bin:$PATH LD_LIBRARY_PATH=/opt/openssl3/lib -+ for curve in sm2; do -+ if [ "$1" = clean ] || [ "$1" = force ]; then -+ rm -f test-$curve.cer test-$curve.key test-$curve.pub -+ fi -+ if [ "$1" = clean ]; then -+ continue -+ fi -+ if [ ! -e test-$curve.key ]; then -+ log openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 \ -+ -sm3 -sigopt "distid:1234567812345678" \ -+ -config test-ca.conf \ -+ -copy_extensions copyall \ -+ -newkey $curve \ -+ -out test-$curve.cer -outform DER \ -+ -keyout test-$curve.key -+ if [ -s test-$curve.key ]; then -+ log openssl pkey -in test-$curve.key -out test-$curve.pub -pubout -+ fi -+ fi -+ done) -+fi -+ - # This script leaves test-ca.conf, *.cer, *.pub, *.key files for sing/verify tests. - # They are never deleted except by `make distclean'. - -diff --git a/tests/ima_hash.test b/tests/ima_hash.test -index 8d66e59..6e0e463 100755 ---- a/tests/ima_hash.test -+++ b/tests/ima_hash.test -@@ -70,8 +70,7 @@ expect_pass check sha256 0x0404 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649 - expect_pass check sha384 0x0405 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b - expect_pass check sha512 0x0406 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e - expect_pass check rmd160 0x0403 9c1185a5c5e9fc54612808977ee8f548b2258d31 --expect_fail check sm3 0x01 --expect_fail check sm3-256 0x01 -+expect_pass check sm3 0x0411 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b - _enable_gost_engine - expect_pass check md_gost12_256 0x0412 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb - expect_pass check streebog256 0x0412 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb -diff --git a/tests/install-openssl3.sh b/tests/install-openssl3.sh -new file mode 100755 -index 0000000..1b63468 ---- /dev/null -+++ b/tests/install-openssl3.sh -@@ -0,0 +1,23 @@ -+#!/bin/bash -+ -+set -ex -+ -+if [ -z "$COMPILE_SSL" ]; then -+ echo "Missing \$COMPILE_SSL!" >&2 -+ exit 1 -+fi -+ -+version=${COMPILE_SSL} -+ -+wget --no-check-certificate https://github.com/openssl/openssl/archive/refs/tags/${version}.tar.gz -+tar --no-same-owner -xzf ${version}.tar.gz -+cd openssl-${version} -+ -+./Configure --prefix=/opt/openssl3 --openssldir=/opt/openssl3/ssl -+make -j$(nproc) -+# only install apps and library -+sudo make install_sw -+ -+cd .. -+rm -rf ${version}.tar.gz -+rm -rf openssl-${version} -diff --git a/tests/sign_verify.test b/tests/sign_verify.test -index 288e133..f716319 100755 ---- a/tests/sign_verify.test -+++ b/tests/sign_verify.test -@@ -198,6 +198,10 @@ check_sign() { - # This is all we can do for evm. - [[ "$TYPE" =~ evm ]] && return "$OK" - -+ # When using the SM2/3 algorithm, the openssl tool uses USERID for verify, -+ # which is incompatible with calling API directly, so skip it. -+ [[ "$ALG" == sm3 ]] && return "$OK" -+ - # Extract signature to a file - _extract_xattr "$FILE" "$(_xattr "$TYPE")" "$FILE.sig2" "$PREFIX" - -@@ -366,6 +370,12 @@ sign_verify rsa1024 sha384 0x030205:K:0080 - sign_verify rsa1024 sha512 0x030206:K:0080 - sign_verify rsa1024 rmd160 0x030203:K:0080 - -+# If openssl 3.0 is installed, test the SM2/3 algorithm combination -+if [ -x /opt/openssl3/bin/openssl ]; then -+ PATH=/opt/openssl3/bin:$PATH LD_LIBRARY_PATH=/opt/openssl3/lib \ -+ sign_verify sm2 sm3 0x030211:K:004[345678] -+fi -+ - # Test v2 signatures with EC-RDSA - _enable_gost_engine - sign_verify gost2012_256-A md_gost12_256 0x030212:K:0040 --- -1.8.3.1 - diff --git a/ima-evm-utils.spec b/ima-evm-utils.spec index cee27f8..4da8a6a 100644 --- a/ima-evm-utils.spec +++ b/ima-evm-utils.spec @@ -1,14 +1,11 @@ Name: ima-evm-utils -Version: 1.3.2 -Release: 7 +Version: 1.4 +Release: 1 Summary: IMA/EVM control utilities License: GPLv2 URL: http://linux-ima.sourceforge.net/ Source0: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz -Patch6000: ima-evm-utils-Support-SM2-3-algorithm-for-sign-and-v.patch -Patch6001: ima-evm-utils-Fix-incorrect-algorithm-name-in-hash_i.patch - Patch9000: add-save-command-to-support-digest-list-building.patch Patch9001: fix-caps-parameter-cannot-be-parsed.patch Patch9002: add-sm3-option.patch @@ -78,6 +75,9 @@ make check %doc %{_mandir}/*/* %changelog +* Thu Oct 27 2022 shenxiangwei - 1.4-1 +- update to 1.4 + * Mon Sep 26 2022 shenxiangwei - 1.3.2-7 - Skip test error in docker diff --git a/skip-test-error-in-docker.patch b/skip-test-error-in-docker.patch index 28d3fe3..6400252 100644 --- a/skip-test-error-in-docker.patch +++ b/skip-test-error-in-docker.patch @@ -1,46 +1,29 @@ -From d3a4e24f6a2bac023f7e7c0eda403f0d8e25996d Mon Sep 17 00:00:00 2001 +From 766139cabc2dfb2cb02f12dc8b1a4b783752494e Mon Sep 17 00:00:00 2001 From: shenxiangwei Date: Mon, 26 Sep 2022 19:36:25 +0800 Subject: [PATCH] Skip test error in docker --- - tests/ima_hash.test | 5 +++++ tests/sign_verify.test | 10 ++++++++++ - 2 files changed, 15 insertions(+) + 1 file changed, 10 insertions(+) -diff --git a/tests/ima_hash.test b/tests/ima_hash.test -index 8d66e59..cd97e1d 100644 ---- a/tests/ima_hash.test -+++ b/tests/ima_hash.test -@@ -24,6 +24,11 @@ trap _report_exit EXIT - set -f # disable globbing - - check() { -+ cat /proc/fs/ext4/sda1/options | grep xattr -+ if [ `echo $?` -ne 0 ];then -+ return "$SKIP" -+ fi -+ - local alg=$1 prefix=$2 chash=$3 hash - local file=$alg-hash.txt - diff --git a/tests/sign_verify.test b/tests/sign_verify.test -index 288e133..e1899df 100644 +index c56290a..d4eddc8 100755 --- a/tests/sign_verify.test +++ b/tests/sign_verify.test -@@ -130,6 +130,11 @@ check_sign() { +@@ -132,6 +132,11 @@ check_sign() { # PREFIX (signature header prefix in hex), # OPTS (additional options for evmctl), # FILE (working file to sign). + cat /proc/fs/ext4/sda1/options | grep xattr + if [ `echo $?` -ne 0 ];then -+ return "$SKIP" ++ return "$SKIP" + fi + local "$@" - local KEY=${KEY%.*}.key + local key verifykey local FILE=${FILE:-$ALG.txt} -@@ -225,6 +230,11 @@ check_verify() { +@@ -242,6 +247,11 @@ check_verify() { # ALG (hash algo), # OPTS (additional options for evmctl), # FILE (filename to verify). @@ -53,5 +36,5 @@ index 288e133..e1899df 100644 # shellcheck disable=SC2086 -- -2.37.3.windows.1 +2.33.0