!20 update to 1.3.2

From: @nettingsisyphus Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
2021-01-25 09:26:52 +08:00 · 2021-01-25 09:26:52 +08:00 · fe5dc91d0e
commit fe5dc91d0e
parent 525353ba57 40f3d64283
4 changed files with 42 additions and 50 deletions
--- a/add-save-command-to-support-digest-list-building.patch
+++ b/add-save-command-to-support-digest-list-building.patch
@ -1,18 +1,20 @@
-From ec8d1b71adf2f1a68a0b464743f16002d8a79563 Mon Sep 17 00:00:00 2001
+From 6e607f4c5b3a608477bfc10405fb3c1f2ef93024 Mon Sep 17 00:00:00 2001
 From: Roberto Sassu <roberto.sassu@huawei.com>
-Date: Thu, 2 Jul 2020 22:19:00 -0400
+Date: Thu, 21 Jan 2021 08:16:34 +0800
-Subject: [PATCH] add save command and support IMA digest list
+Subject: [PATCH] add save command to support digest list building
-Signed-off-by: zhangtianxing3 <zhangtianxing3@huawei.com>
+This patch adds save command to support IMA digest list.
 Signed-off-by: Tianxing Zhang <benjamin93@163.com>
 ---
- src/evmctl.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++------
+ src/evmctl.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 61 insertions(+), 7 deletions(-)
+ 1 file changed, 60 insertions(+), 7 deletions(-)
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 3d2a10b..cea202d 100644
+index 1815f55..439713d 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -112,6 +112,7 @@ static int sigdump;
+@@ -115,6 +115,7 @@ static int sigdump;
 static int digest;
 static int digsig;
 static int sigfile;
@ -20,9 +22,9 @@ index 3d2a10b..cea202d 100644
 static char *uuid_str;
 static char *ino_str;
 static char *uid_str;
-@@ -149,7 +150,8 @@ static void print_usage(struct command *cmd);
+@@ -165,7 +166,8 @@ struct tpm_bank_info {
- static const char *xattr_ima = "security.ima";
+ static char *pcrfile[MAX_PCRFILE];
- static const char *xattr_evm = "security.evm";
+ static unsigned npcrfile;
 -static int bin2file(const char *file, const char *ext, const unsigned char *data, int len)
 +static int _bin2file(const char *file, const char *ext,
@ -30,7 +32,7 @@ index 3d2a10b..cea202d 100644
 {
 	FILE *fp;
 	char name[strlen(file) + (ext ? strlen(ext) : 0) + 2];
-@@ -162,7 +164,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
+@@ -178,7 +180,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
 	log_info("Writing to %s\n", name);
@ -39,7 +41,7 @@ index 3d2a10b..cea202d 100644
 	if (!fp) {
 		log_err("Failed to open: %s\n", name);
 		return -1;
-@@ -172,6 +174,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
+@@ -188,6 +190,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
 	return err;
 }
@ -58,7 +60,7 @@ index 3d2a10b..cea202d 100644
 static unsigned char *file2bin(const char *file, const char *ext, int *size)
 {
 	FILE *fp;
-@@ -366,6 +380,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -353,6 +367,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		return -1;
 	}
@ -68,7 +70,7 @@ index 3d2a10b..cea202d 100644
 	if (generation_str)
 		generation = strtoul(generation_str, NULL, 10);
 	if (ino_str)
-@@ -377,7 +394,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -364,7 +381,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 	if (mode_str)
 		st.st_mode = strtoul(mode_str, NULL, 10);
@ -77,7 +79,7 @@ index 3d2a10b..cea202d 100644
 		if ((S_ISREG(st.st_mode) || S_ISDIR(st.st_mode)) && !generation_str) {
 			/* we cannot at the momement to get generation of
 			   special files kernel API does not support it */
-@@ -457,7 +474,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -444,7 +461,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 		/*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
 		log_info("name: %s, size: %d\n", *xattrname, err);
 		log_debug_dump(xattr_value, err);
@ -90,7 +92,7 @@ index 3d2a10b..cea202d 100644
 		if (!err) {
 			log_err("EVP_DigestUpdate() failed\n");
 			return 1;
-@@ -511,7 +532,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -498,7 +519,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 	log_debug("hmac_misc (%d): ", hmac_size);
 	log_debug_dump(&hmac_misc, hmac_size);
@ -103,7 +105,7 @@ index 3d2a10b..cea202d 100644
 	if (!err) {
 		log_err("EVP_DigestUpdate() failed\n");
 		return 1;
-@@ -568,6 +593,9 @@ static int sign_evm(const char *file, const char *key)
+@@ -555,6 +580,9 @@ static int sign_evm(const char *file, const char *key)
 	if (sigdump || imaevm_params.verbose >= LOG_INFO)
 		imaevm_hexdump(sig, len);
@ -113,7 +115,7 @@ index 3d2a10b..cea202d 100644
 	if (xattr) {
 		err = lsetxattr(file, xattr_evm, sig, len, 0);
 		if (err < 0) {
-@@ -579,6 +607,21 @@ static int sign_evm(const char *file, const char *key)
+@@ -566,6 +594,21 @@ static int sign_evm(const char *file, const char *key)
 	return 0;
 }
@ -135,7 +137,7 @@ index 3d2a10b..cea202d 100644
 static int hash_ima(const char *file)
 {
 	unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */
-@@ -691,7 +734,7 @@ static int get_file_type(const char *path, const char *search_type)
+@@ -678,7 +721,7 @@ static int get_file_type(const char *path, const char *search_type)
 static int do_cmd(struct command *cmd, find_cb_t func)
 {
@ -144,7 +146,7 @@ index 3d2a10b..cea202d 100644
 	int err, dts = REG_MASK; /* only regular files by default */
 	if (!path) {
-@@ -700,6 +743,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
+@@ -687,6 +730,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
 		return -1;
 	}
@ -155,7 +157,7 @@ index 3d2a10b..cea202d 100644
 	if (recursive) {
 		if (search_type) {
 			dts = get_file_type(path, search_type);
-@@ -806,6 +853,11 @@ static int cmd_sign_evm(struct command *cmd)
+@@ -793,6 +840,11 @@ static int cmd_sign_evm(struct command *cmd)
 	return do_cmd(cmd, sign_evm_path);
 }
@ -167,7 +169,7 @@ index 3d2a10b..cea202d 100644
 static int verify_evm(const char *file)
 {
 	unsigned char hash[MAX_DIGEST_SIZE];
-@@ -824,7 +876,7 @@ static int verify_evm(const char *file)
+@@ -807,7 +859,7 @@ static int verify_evm(const char *file)
 		return len;
 	}
@ -176,7 +178,7 @@ index 3d2a10b..cea202d 100644
 		log_err("%s has no signature\n", xattr_evm);
 		return -1;
 	}
-@@ -1861,6 +1913,7 @@ struct command cmds[] = {
+@@ -2479,6 +2531,7 @@ struct command cmds[] = {
 	{"import", cmd_import, 0, "[--rsa] pubkey keyring", "Import public key into the keyring.\n"},
 	{"convert", cmd_convert, 0, "key", "convert public key into the keyring.\n"},
 	{"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass [password] file", "Sign file metadata.\n"},
@ -184,14 +186,6 @@ index 3d2a10b..cea202d 100644
 	{"verify", cmd_verify_evm, 0, "file", "Verify EVM signature (for debugging).\n"},
 	{"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass [password] file", "Make file content signature.\n"},
 	{"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"},
@@ -1993,6 +2046,7 @@ int main(int argc, char *argv[])
 				imaevm_params.keypass = get_password();
 			break;
 		case 'f':
 +			xattr = 0;
 			sigfile = 1;
 			break;
 		case 'u':
 -- 
-2.19.1
+2.25.1
--- a/ima-evm-utils-1.2.1.tar.gz
+++ b/ima-evm-utils-1.2.1.tar.gz
--- a/ima-evm-utils-1.3.2.tar.gz
+++ b/ima-evm-utils-1.3.2.tar.gz
--- a/ima-evm-utils.spec
+++ b/ima-evm-utils.spec
@ -1,14 +1,15 @@
 Name:         ima-evm-utils
-Version:      1.2.1
+Version:      1.3.2
-Release:      9
+Release:      1
 Summary:      IMA/EVM control utilities
 License:      GPLv2
 URL:          http://linux-ima.sourceforge.net/
 Source0:      http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
-Patch0:       add-save-command-and-support-IMA-digest-list.patch
+Patch9000:    add-save-command-to-support-digest-list-building.patch
-BuildRequires: autoconf automake libtool m4 asciidoc libxslt openssl-devel keyutils-libs-devel git
+BuildRequires: autoconf automake libtool asciidoc vim-common
 BuildRequires: libxslt openssl-devel keyutils-libs-devel ima-evm-utils
 Requires:     %{name}-libs = %{version}-%{release}
 %description
@ -17,14 +18,14 @@ and verifying digital signatures, which are used by Linux kernel integrity subsy
 It can be also used to import keys into the kernel keyring.
 %package libs
-Summary:      shared library for IMA/EVM
+Summary: shared library for IMA/EVM
 %description libs
 This package provides shared library for IMA/EVM.
 %package devel
 Requires: %{name}-libs = %{version}-%{release}
 Summary: Development files for %{name}
 Requires: %{name}-libs = %{version}-%{release}
 Provides: %{name}-static = %{version}-%{release}
 Obsoletes:%{name}-static < %{version}-%{release}
@ -34,10 +35,9 @@ This package provides the header files for %{name}
 %package_help
 %prep
-%autosetup -n %{name}-%{version} -p1 -Sgit
+%autosetup -n %{name}-%{version} -p1
 %build
 mkdir -p m4
 autoreconf -f -i
 %configure
 make %{?_smp_mflags}
@ -45,22 +45,17 @@ make %{?_smp_mflags}
 %install
 rm -rf %{buildroot}
 %make_install
 cp %{_libdir}/libimaevm.so.1* %{buildroot}/%{_libdir}
 %check
 make check
-%pre
+%ldconfig_scriptlets
 %preun
 %post libs -p /sbin/ldconfig
 %postun libs -p /sbin/ldconfig
 %files
 %defattr(-,root,root)
-%doc ChangeLog README
+%doc NEWS README AUTHORS
-%license COPYING AUTHORS
+%license COPYING
 %{_bindir}/*
 %files libs
@ -78,6 +73,9 @@ make check
 %doc %{_mandir}/*/*
 %changelog
 * Fri Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.3.2-1
 - update to 1.3.2
 * Fri Jul 3 2020 Anakin Zhang <benjamin93@163.com> - 1.2.1-9
 - Type:enhancement
 - ID:NA