diff --git a/add-save-command-and-support-IMA-digest-list.patch b/add-save-command-to-support-digest-list-building.patch similarity index 75% rename from add-save-command-and-support-IMA-digest-list.patch rename to add-save-command-to-support-digest-list-building.patch index d1ffdf9..13eec14 100644 --- a/add-save-command-and-support-IMA-digest-list.patch +++ b/add-save-command-to-support-digest-list-building.patch @@ -1,18 +1,20 @@ -From ec8d1b71adf2f1a68a0b464743f16002d8a79563 Mon Sep 17 00:00:00 2001 +From 6e607f4c5b3a608477bfc10405fb3c1f2ef93024 Mon Sep 17 00:00:00 2001 From: Roberto Sassu -Date: Thu, 2 Jul 2020 22:19:00 -0400 -Subject: [PATCH] add save command and support IMA digest list +Date: Thu, 21 Jan 2021 08:16:34 +0800 +Subject: [PATCH] add save command to support digest list building -Signed-off-by: zhangtianxing3 +This patch adds save command to support IMA digest list. + +Signed-off-by: Tianxing Zhang --- - src/evmctl.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 61 insertions(+), 7 deletions(-) + src/evmctl.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 60 insertions(+), 7 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 3d2a10b..cea202d 100644 +index 1815f55..439713d 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -112,6 +112,7 @@ static int sigdump; +@@ -115,6 +115,7 @@ static int sigdump; static int digest; static int digsig; static int sigfile; @@ -20,9 +22,9 @@ index 3d2a10b..cea202d 100644 static char *uuid_str; static char *ino_str; static char *uid_str; -@@ -149,7 +150,8 @@ static void print_usage(struct command *cmd); - static const char *xattr_ima = "security.ima"; - static const char *xattr_evm = "security.evm"; +@@ -165,7 +166,8 @@ struct tpm_bank_info { + static char *pcrfile[MAX_PCRFILE]; + static unsigned npcrfile; -static int bin2file(const char *file, const char *ext, const unsigned char *data, int len) +static int _bin2file(const char *file, const char *ext, @@ -30,7 +32,7 @@ index 3d2a10b..cea202d 100644 { FILE *fp; char name[strlen(file) + (ext ? strlen(ext) : 0) + 2]; -@@ -162,7 +164,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data +@@ -178,7 +180,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data log_info("Writing to %s\n", name); @@ -39,7 +41,7 @@ index 3d2a10b..cea202d 100644 if (!fp) { log_err("Failed to open: %s\n", name); return -1; -@@ -172,6 +174,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data +@@ -188,6 +190,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data return err; } @@ -58,7 +60,7 @@ index 3d2a10b..cea202d 100644 static unsigned char *file2bin(const char *file, const char *ext, int *size) { FILE *fp; -@@ -366,6 +380,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -353,6 +367,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash) return -1; } @@ -68,7 +70,7 @@ index 3d2a10b..cea202d 100644 if (generation_str) generation = strtoul(generation_str, NULL, 10); if (ino_str) -@@ -377,7 +394,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -364,7 +381,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) if (mode_str) st.st_mode = strtoul(mode_str, NULL, 10); @@ -77,7 +79,7 @@ index 3d2a10b..cea202d 100644 if ((S_ISREG(st.st_mode) || S_ISDIR(st.st_mode)) && !generation_str) { /* we cannot at the momement to get generation of special files kernel API does not support it */ -@@ -457,7 +474,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -444,7 +461,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) /*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/ log_info("name: %s, size: %d\n", *xattrname, err); log_debug_dump(xattr_value, err); @@ -90,7 +92,7 @@ index 3d2a10b..cea202d 100644 if (!err) { log_err("EVP_DigestUpdate() failed\n"); return 1; -@@ -511,7 +532,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -498,7 +519,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash) log_debug("hmac_misc (%d): ", hmac_size); log_debug_dump(&hmac_misc, hmac_size); @@ -103,7 +105,7 @@ index 3d2a10b..cea202d 100644 if (!err) { log_err("EVP_DigestUpdate() failed\n"); return 1; -@@ -568,6 +593,9 @@ static int sign_evm(const char *file, const char *key) +@@ -555,6 +580,9 @@ static int sign_evm(const char *file, const char *key) if (sigdump || imaevm_params.verbose >= LOG_INFO) imaevm_hexdump(sig, len); @@ -113,7 +115,7 @@ index 3d2a10b..cea202d 100644 if (xattr) { err = lsetxattr(file, xattr_evm, sig, len, 0); if (err < 0) { -@@ -579,6 +607,21 @@ static int sign_evm(const char *file, const char *key) +@@ -566,6 +594,21 @@ static int sign_evm(const char *file, const char *key) return 0; } @@ -135,7 +137,7 @@ index 3d2a10b..cea202d 100644 static int hash_ima(const char *file) { unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */ -@@ -691,7 +734,7 @@ static int get_file_type(const char *path, const char *search_type) +@@ -678,7 +721,7 @@ static int get_file_type(const char *path, const char *search_type) static int do_cmd(struct command *cmd, find_cb_t func) { @@ -144,7 +146,7 @@ index 3d2a10b..cea202d 100644 int err, dts = REG_MASK; /* only regular files by default */ if (!path) { -@@ -700,6 +743,10 @@ static int do_cmd(struct command *cmd, find_cb_t func) +@@ -687,6 +730,10 @@ static int do_cmd(struct command *cmd, find_cb_t func) return -1; } @@ -155,7 +157,7 @@ index 3d2a10b..cea202d 100644 if (recursive) { if (search_type) { dts = get_file_type(path, search_type); -@@ -806,6 +853,11 @@ static int cmd_sign_evm(struct command *cmd) +@@ -793,6 +840,11 @@ static int cmd_sign_evm(struct command *cmd) return do_cmd(cmd, sign_evm_path); } @@ -167,7 +169,7 @@ index 3d2a10b..cea202d 100644 static int verify_evm(const char *file) { unsigned char hash[MAX_DIGEST_SIZE]; -@@ -824,7 +876,7 @@ static int verify_evm(const char *file) +@@ -807,7 +859,7 @@ static int verify_evm(const char *file) return len; } @@ -176,7 +178,7 @@ index 3d2a10b..cea202d 100644 log_err("%s has no signature\n", xattr_evm); return -1; } -@@ -1861,6 +1913,7 @@ struct command cmds[] = { +@@ -2479,6 +2531,7 @@ struct command cmds[] = { {"import", cmd_import, 0, "[--rsa] pubkey keyring", "Import public key into the keyring.\n"}, {"convert", cmd_convert, 0, "key", "convert public key into the keyring.\n"}, {"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass [password] file", "Sign file metadata.\n"}, @@ -184,14 +186,6 @@ index 3d2a10b..cea202d 100644 {"verify", cmd_verify_evm, 0, "file", "Verify EVM signature (for debugging).\n"}, {"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass [password] file", "Make file content signature.\n"}, {"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"}, -@@ -1993,6 +2046,7 @@ int main(int argc, char *argv[]) - imaevm_params.keypass = get_password(); - break; - case 'f': -+ xattr = 0; - sigfile = 1; - break; - case 'u': -- -2.19.1 +2.25.1 diff --git a/ima-evm-utils-1.2.1.tar.gz b/ima-evm-utils-1.2.1.tar.gz deleted file mode 100644 index cbca2cd..0000000 Binary files a/ima-evm-utils-1.2.1.tar.gz and /dev/null differ diff --git a/ima-evm-utils-1.3.2.tar.gz b/ima-evm-utils-1.3.2.tar.gz new file mode 100644 index 0000000..7d2335e Binary files /dev/null and b/ima-evm-utils-1.3.2.tar.gz differ diff --git a/ima-evm-utils.spec b/ima-evm-utils.spec index abcf90e..a237c75 100644 --- a/ima-evm-utils.spec +++ b/ima-evm-utils.spec @@ -1,14 +1,15 @@ Name: ima-evm-utils -Version: 1.2.1 -Release: 9 +Version: 1.3.2 +Release: 1 Summary: IMA/EVM control utilities License: GPLv2 URL: http://linux-ima.sourceforge.net/ Source0: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz -Patch0: add-save-command-and-support-IMA-digest-list.patch +Patch9000: add-save-command-to-support-digest-list-building.patch -BuildRequires: autoconf automake libtool m4 asciidoc libxslt openssl-devel keyutils-libs-devel git +BuildRequires: autoconf automake libtool asciidoc vim-common +BuildRequires: libxslt openssl-devel keyutils-libs-devel ima-evm-utils Requires: %{name}-libs = %{version}-%{release} %description @@ -17,14 +18,14 @@ and verifying digital signatures, which are used by Linux kernel integrity subsy It can be also used to import keys into the kernel keyring. %package libs -Summary: shared library for IMA/EVM +Summary: shared library for IMA/EVM %description libs This package provides shared library for IMA/EVM. %package devel -Requires: %{name}-libs = %{version}-%{release} Summary: Development files for %{name} +Requires: %{name}-libs = %{version}-%{release} Provides: %{name}-static = %{version}-%{release} Obsoletes:%{name}-static < %{version}-%{release} @@ -34,10 +35,9 @@ This package provides the header files for %{name} %package_help %prep -%autosetup -n %{name}-%{version} -p1 -Sgit +%autosetup -n %{name}-%{version} -p1 %build -mkdir -p m4 autoreconf -f -i %configure make %{?_smp_mflags} @@ -45,22 +45,17 @@ make %{?_smp_mflags} %install rm -rf %{buildroot} %make_install +cp %{_libdir}/libimaevm.so.1* %{buildroot}/%{_libdir} %check make check -%pre - -%preun - -%post libs -p /sbin/ldconfig - -%postun libs -p /sbin/ldconfig +%ldconfig_scriptlets %files %defattr(-,root,root) -%doc ChangeLog README -%license COPYING AUTHORS +%doc NEWS README AUTHORS +%license COPYING %{_bindir}/* %files libs @@ -78,6 +73,9 @@ make check %doc %{_mandir}/*/* %changelog +* Fri Jan 15 2020 openEuler Buildteam - 1.3.2-1 +- update to 1.3.2 + * Fri Jul 3 2020 Anakin Zhang - 1.2.1-9 - Type:enhancement - ID:NA