update to 1.3.2

add-save-command-and-support-IMA-digest-list.patch

@@ -1,18 +1,20 @@
-From ec8d1b71adf2f1a68a0b464743f16002d8a79563 Mon Sep 17 00:00:00 2001
+From 84b07036e7d2b609a1fd1cad52b40de905778e86 Mon Sep 17 00:00:00 2001
 From: Roberto Sassu <roberto.sassu@huawei.com>
-Date: Thu, 2 Jul 2020 22:19:00 -0400
+Date: Fri, 15 Jan 2021 16:56:53 +0800
-Subject: [PATCH] add save command and support IMA digest list
+Subject: [PATCH] add save command to support IMA digest list
 
-Signed-off-by: zhangtianxing3 <zhangtianxing3@huawei.com>
+This patch adds save command to support IMA digest list.
+
+Signed-off-by: Tianxing Zhang <zhangtianxing3@huawei.com>
 ---
  src/evmctl.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++------
  1 file changed, 61 insertions(+), 7 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 3d2a10b..cea202d 100644
+index 1815f55..c8e749e 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -112,6 +112,7 @@ static int sigdump;
+@@ -115,6 +115,7 @@ static int sigdump;
  static int digest;
  static int digsig;
  static int sigfile;
@@ -20,9 +22,9 @@ index 3d2a10b..cea202d 100644
  static char *uuid_str;
  static char *ino_str;
  static char *uid_str;
-@@ -149,7 +150,8 @@ static void print_usage(struct command *cmd);
+@@ -165,7 +166,8 @@ struct tpm_bank_info {
- static const char *xattr_ima = "security.ima";
+ static char *pcrfile[MAX_PCRFILE];
- static const char *xattr_evm = "security.evm";
+ static unsigned npcrfile;
  
 -static int bin2file(const char *file, const char *ext, const unsigned char *data, int len)
 +static int _bin2file(const char *file, const char *ext,
@@ -30,7 +32,7 @@ index 3d2a10b..cea202d 100644
  {
  	FILE *fp;
  	char name[strlen(file) + (ext ? strlen(ext) : 0) + 2];
-@@ -162,7 +164,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
+@@ -178,7 +180,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
  
  	log_info("Writing to %s\n", name);
  
@@ -39,7 +41,7 @@ index 3d2a10b..cea202d 100644
  	if (!fp) {
  		log_err("Failed to open: %s\n", name);
  		return -1;
-@@ -172,6 +174,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
+@@ -188,6 +190,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
  	return err;
  }
  
@@ -58,7 +60,7 @@ index 3d2a10b..cea202d 100644
  static unsigned char *file2bin(const char *file, const char *ext, int *size)
  {
  	FILE *fp;
-@@ -366,6 +380,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -353,6 +367,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		return -1;
  	}
  
@@ -68,7 +70,7 @@ index 3d2a10b..cea202d 100644
  	if (generation_str)
  		generation = strtoul(generation_str, NULL, 10);
  	if (ino_str)
-@@ -377,7 +394,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -364,7 +381,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  	if (mode_str)
  		st.st_mode = strtoul(mode_str, NULL, 10);
  
@@ -77,7 +79,7 @@ index 3d2a10b..cea202d 100644
  		if ((S_ISREG(st.st_mode) || S_ISDIR(st.st_mode)) && !generation_str) {
  			/* we cannot at the momement to get generation of
  			   special files kernel API does not support it */
-@@ -457,7 +474,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -444,7 +461,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		/*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
  		log_info("name: %s, size: %d\n", *xattrname, err);
  		log_debug_dump(xattr_value, err);
@@ -90,7 +92,7 @@ index 3d2a10b..cea202d 100644
  		if (!err) {
  			log_err("EVP_DigestUpdate() failed\n");
  			return 1;
-@@ -511,7 +532,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -498,7 +519,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  	log_debug("hmac_misc (%d): ", hmac_size);
  	log_debug_dump(&hmac_misc, hmac_size);
  
@@ -103,7 +105,7 @@ index 3d2a10b..cea202d 100644
  	if (!err) {
  		log_err("EVP_DigestUpdate() failed\n");
  		return 1;
-@@ -568,6 +593,9 @@ static int sign_evm(const char *file, const char *key)
+@@ -555,6 +580,9 @@ static int sign_evm(const char *file, const char *key)
  	if (sigdump || imaevm_params.verbose >= LOG_INFO)
  		imaevm_hexdump(sig, len);
  
@@ -113,7 +115,7 @@ index 3d2a10b..cea202d 100644
  	if (xattr) {
  		err = lsetxattr(file, xattr_evm, sig, len, 0);
  		if (err < 0) {
-@@ -579,6 +607,21 @@ static int sign_evm(const char *file, const char *key)
+@@ -566,6 +594,21 @@ static int sign_evm(const char *file, const char *key)
  	return 0;
  }
  
@@ -135,7 +137,7 @@ index 3d2a10b..cea202d 100644
  static int hash_ima(const char *file)
  {
  	unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */
-@@ -691,7 +734,7 @@ static int get_file_type(const char *path, const char *search_type)
+@@ -678,7 +721,7 @@ static int get_file_type(const char *path, const char *search_type)
  
  static int do_cmd(struct command *cmd, find_cb_t func)
  {
@@ -144,7 +146,7 @@ index 3d2a10b..cea202d 100644
  	int err, dts = REG_MASK; /* only regular files by default */
  
  	if (!path) {
-@@ -700,6 +743,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
+@@ -687,6 +730,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
  		return -1;
  	}
  
@@ -155,7 +157,7 @@ index 3d2a10b..cea202d 100644
  	if (recursive) {
  		if (search_type) {
  			dts = get_file_type(path, search_type);
-@@ -806,6 +853,11 @@ static int cmd_sign_evm(struct command *cmd)
+@@ -793,6 +840,11 @@ static int cmd_sign_evm(struct command *cmd)
  	return do_cmd(cmd, sign_evm_path);
  }
  
@@ -167,7 +169,7 @@ index 3d2a10b..cea202d 100644
  static int verify_evm(const char *file)
  {
  	unsigned char hash[MAX_DIGEST_SIZE];
-@@ -824,7 +876,7 @@ static int verify_evm(const char *file)
+@@ -807,7 +859,7 @@ static int verify_evm(const char *file)
  		return len;
  	}
  
@@ -176,7 +178,7 @@ index 3d2a10b..cea202d 100644
  		log_err("%s has no signature\n", xattr_evm);
  		return -1;
  	}
-@@ -1861,6 +1913,7 @@ struct command cmds[] = {
+@@ -2479,6 +2531,7 @@ struct command cmds[] = {
  	{"import", cmd_import, 0, "[--rsa] pubkey keyring", "Import public key into the keyring.\n"},
  	{"convert", cmd_convert, 0, "key", "convert public key into the keyring.\n"},
  	{"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass [password] file", "Sign file metadata.\n"},
@@ -184,7 +186,7 @@ index 3d2a10b..cea202d 100644
  	{"verify", cmd_verify_evm, 0, "file", "Verify EVM signature (for debugging).\n"},
  	{"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass [password] file", "Make file content signature.\n"},
  	{"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"},
-@@ -1993,6 +2046,7 @@ int main(int argc, char *argv[])
+@@ -2614,6 +2667,7 @@ int main(int argc, char *argv[])
  				imaevm_params.keypass = get_password();
  			break;
  		case 'f':
@@ -193,5 +195,5 @@ index 3d2a10b..cea202d 100644
  			break;
  		case 'u':
 -- 
-2.19.1
+2.23.0.windows.1
 

ima-evm-utils.spec

@@ -1,6 +1,6 @@
 Name:         ima-evm-utils
-Version:      1.2.1
+Version:      1.3.2
-Release:      9
+Release:      1
 Summary:      IMA/EVM control utilities
 License:      GPLv2
 URL:          http://linux-ima.sourceforge.net/
@@ -78,6 +78,9 @@ make check
 %doc %{_mandir}/*/*
 
 %changelog
+* Fri Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.3.2-1
+- update to 1.3.2
+
 * Fri Jul 3 2020 Anakin Zhang <benjamin93@163.com> - 1.2.1-9
 - Type:enhancement
 - ID:NA