!65 Upgrade to 1.5 with compatibility

From: @ZhouShuiQing 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

0001-add-save-command-to-support-digest-list-building.patch

@@ -1,4 +1,4 @@
-From b1c7340ed4b4233bfb480173f5dee1cb8a5becea Mon Sep 17 00:00:00 2001
+From bf460c8e2001ec1227ce5a9ecf44d24782d43871 Mon Sep 17 00:00:00 2001
 From: Roberto Sassu <roberto.sassu@huawei.com>
 Date: Thu, 21 Jan 2021 08:16:34 +0800
 Subject: [PATCH] add save command to support digest list building
@@ -6,15 +6,16 @@ Subject: [PATCH] add save command to support digest list building
 This patch adds save command to support IMA digest list.
 
 Signed-off-by: Tianxing Zhang <benjamin93@163.com>
+Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com>
 ---
  src/evmctl.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++-----
  1 file changed, 59 insertions(+), 6 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 8bdd348..355d04d 100644
+index 6d2bb67..70d07a5 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -118,6 +118,7 @@ static int sigdump;
+@@ -121,6 +121,7 @@ static int sigdump;
  static int digest;
  static int digsig;
  static int sigfile;
@@ -22,9 +23,9 @@ index 8bdd348..355d04d 100644
  static char *uuid_str;
  static char *ino_str;
  static char *uid_str;
-@@ -165,7 +166,8 @@ struct tpm_bank_info {
+@@ -173,7 +174,8 @@ static unsigned npcrfile;
- static char *pcrfile[MAX_PCRFILE];
+ #define log_errno_reset(level, fmt, args...) \
- static unsigned npcrfile;
+ 	{do_log(level, fmt " (errno: %s)\n", ##args, strerror(errno)); errno = 0; }
  
 -static int bin2file(const char *file, const char *ext, const unsigned char *data, int len)
 +static int _bin2file(const char *file, const char *ext,
@@ -32,7 +33,7 @@ index 8bdd348..355d04d 100644
  {
  	FILE *fp;
  	char name[strlen(file) + (ext ? strlen(ext) : 0) + 2];
-@@ -178,7 +180,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
+@@ -186,7 +188,7 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
  
  	log_info("Writing to %s\n", name);
  
@@ -41,7 +42,7 @@ index 8bdd348..355d04d 100644
  	if (!fp) {
  		log_err("Failed to open: %s\n", name);
  		return -1;
-@@ -188,6 +190,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
+@@ -196,6 +198,18 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
  	return err;
  }
  
@@ -60,7 +61,7 @@ index 8bdd348..355d04d 100644
  static unsigned char *file2bin(const char *file, const char *ext, int *size)
  {
  	FILE *fp;
-@@ -353,6 +367,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -365,6 +379,9 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		return -1;
  	}
  
@@ -70,7 +71,7 @@ index 8bdd348..355d04d 100644
  	if (generation_str)
  		generation = strtoul(generation_str, NULL, 10);
  	if (ino_str)
-@@ -364,7 +381,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -376,7 +393,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  	if (mode_str)
  		st.st_mode = strtoul(mode_str, NULL, 10);
  
@@ -79,7 +80,7 @@ index 8bdd348..355d04d 100644
  		if (S_ISREG(st.st_mode) && !generation_str) {
  			int fd = open(file, 0);
  
-@@ -454,7 +471,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -478,7 +495,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		log_info("name: %s, size: %d\n",
  			 use_xattr_ima ? xattr_ima : *xattrname, err);
  		log_debug_dump(xattr_value, err);
@@ -91,8 +92,8 @@ index 8bdd348..355d04d 100644
 +			err = EVP_DigestUpdate(pctx, xattr_value, err);
  		if (!err) {
  			log_err("EVP_DigestUpdate() failed\n");
- 			return 1;
+ 			goto out;
-@@ -508,7 +529,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -532,7 +553,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  	log_debug("hmac_misc (%d): ", hmac_size);
  	log_debug_dump(&hmac_misc, hmac_size);
  
@@ -104,8 +105,8 @@ index 8bdd348..355d04d 100644
 +		err = EVP_DigestUpdate(pctx, &hmac_misc, hmac_size);
  	if (!err) {
  		log_err("EVP_DigestUpdate() failed\n");
- 		return 1;
+ 		goto out;
-@@ -565,6 +590,9 @@ static int sign_evm(const char *file, const char *key)
+@@ -593,6 +618,9 @@ static int sign_evm(const char *file, const char *key)
  	if (sigdump || imaevm_params.verbose >= LOG_INFO)
  		imaevm_hexdump(sig, len);
  
@@ -115,7 +116,7 @@ index 8bdd348..355d04d 100644
  	if (xattr) {
  		err = lsetxattr(file, xattr_evm, sig, len, 0);
  		if (err < 0) {
-@@ -576,6 +604,21 @@ static int sign_evm(const char *file, const char *key)
+@@ -605,6 +633,21 @@ static int sign_evm(const char *file, const char *key)
  	return 0;
  }
  
@@ -137,7 +138,7 @@ index 8bdd348..355d04d 100644
  static int hash_ima(const char *file)
  {
  	unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */
-@@ -684,7 +727,7 @@ static int get_file_type(const char *path, const char *search_type)
+@@ -717,7 +760,7 @@ static int get_file_type(const char *path, const char *search_type)
  
  static int do_cmd(struct command *cmd, find_cb_t func)
  {
@@ -146,7 +147,7 @@ index 8bdd348..355d04d 100644
  	int err, dts = REG_MASK; /* only regular files by default */
  
  	if (!path) {
-@@ -693,6 +736,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
+@@ -726,6 +769,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
  		return -1;
  	}
  
@@ -157,7 +158,7 @@ index 8bdd348..355d04d 100644
  	if (recursive) {
  		if (search_type) {
  			dts = get_file_type(path, search_type);
-@@ -799,6 +846,11 @@ static int cmd_sign_evm(struct command *cmd)
+@@ -905,6 +952,11 @@ static int cmd_sign_evm(struct command *cmd)
  	return do_cmd(cmd, sign_evm_path);
  }
  
@@ -169,13 +170,13 @@ index 8bdd348..355d04d 100644
  static int verify_evm(const char *file)
  {
  	unsigned char hash[MAX_DIGEST_SIZE];
-@@ -2547,6 +2599,7 @@ struct command cmds[] = {
+@@ -2874,6 +2926,7 @@ struct command cmds[] = {
- 	{"import", cmd_import, 0, "[--rsa] pubkey keyring", "Import public key into the keyring.\n"},
+ 	{"import", cmd_import, 0, "pubkey keyring", "Import public key into the keyring.\n"},
- 	{"convert", cmd_convert, 0, "key", "convert public key into the keyring.\n"},
+ #endif
- 	{"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass [password] file", "Sign file metadata.\n"},
+ 	{"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass[=<password>]] file", "Sign file metadata.\n"},
 +	{"save", cmd_save_evm, 0, "[-r] [--imahash | --imasig ] file", "Save file metadata.\n"},
  	{"verify", cmd_verify_evm, 0, "file", "Verify EVM signature (for debugging).\n"},
- 	{"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass [password] file", "Make file content signature.\n"},
+ 	{"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass[=<password>]] file", "Make file content signature.\n"},
  	{"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"},
 -- 
 2.33.0

0002-fix-caps-parameter-cannot-be-parsed.patch

@@ -1,18 +1,19 @@
-From 40602a7926ec13819a5926d4ac451becb44b7d98 Mon Sep 17 00:00:00 2001
+From 24c9623f563646695f6d219b2414b23f36378b42 Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Fri, 19 Aug 2022 12:05:11 +0800
 Subject: [PATCH] fix caps parameter cannot be parsed
 
 Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
+Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com>
 ---
  src/evmctl.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 28f4b8d..6ef2f68 100644
+index 70d07a5..19175b8 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -440,13 +440,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -472,14 +472,14 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		} else if (!strcmp(*xattrname, XATTR_NAME_CAPS) && (hmac_flags & HMAC_FLAG_CAPS_SET)) {
  			if (!caps_str)
  				continue;
@@ -22,12 +23,13 @@ index 28f4b8d..6ef2f68 100644
  			if (err >= sizeof(xattr_value)) {
  				log_err("caps[%u] value is too long to fit into xattr[%zu]\n",
  					err + 1, sizeof(xattr_value));
- 				return -1;
+ 				err = -1;
+ 				goto out;
  			}
 -			strcpy(xattr_value, caps_str);
  		} else {
  			err = lgetxattr(file, *xattrname, xattr_value, sizeof(xattr_value));
  			if (err < 0) {
 -- 
-2.27.0
+2.33.0
 

0003-add-sm3-option.patch

@@ -1,26 +1,27 @@
-From 01cc9dee300fc78d827d70a647bb409579b29555 Mon Sep 17 00:00:00 2001
+From 41073a60e1857b1a7fe6ef455c72c6d4458f79cc Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Wed, 24 Aug 2022 08:26:49 +0800
 Subject: [PATCH] add sm3 option
 
 Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
+Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com>
 ---
  src/evmctl.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index a8c31ed..5202e53 100644
+index 19175b8..fcfa2e4 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -2552,7 +2552,7 @@ static void usage(void)
+@@ -2870,7 +2870,7 @@ static void usage(void)
  
  	printf(
  		"\n"
 -		"  -a, --hashalgo     sha1, sha224, sha256, sha384, sha512, streebog256, streebog512 (default: %s)\n"
 +		"  -a, --hashalgo     sha1, sha224, sha256, sha384, sha512, streebog256, streebog512, sm3 (default: %s)\n"
  		"  -s, --imasig       make IMA signature\n"
+ 		"      --veritysig    sign an fs-verity file digest hash\n"
  		"  -d, --imahash      make IMA hash\n"
- 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
 -- 
 2.33.0
 

0004-Skip-test-error-in-docker.patch

@@ -1,17 +1,35 @@
-From 766139cabc2dfb2cb02f12dc8b1a4b783752494e Mon Sep 17 00:00:00 2001
+From c152f534a661e9f2cb0ee125e1087df3c389dcd9 Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Mon, 26 Sep 2022 19:36:25 +0800
 Subject: [PATCH] Skip test error in docker
 
+Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com>
 ---
+ tests/ima_hash.test    |  5 +++++
  tests/sign_verify.test | 10 ++++++++++
- 1 file changed, 10 insertions(+)
+ 2 files changed, 15 insertions(+)
+
+diff --git a/tests/ima_hash.test b/tests/ima_hash.test
+index e88fd59..abf544a 100755
+--- a/tests/ima_hash.test
++++ b/tests/ima_hash.test
+@@ -24,6 +24,11 @@ trap _report_exit_and_cleanup EXIT
+ set -f # disable globbing
+ 
+ check() {
++  cat /proc/fs/ext4/sda1/options | grep xattr
++  if [ `echo $?` -ne 0 ];then
++          return "$SKIP"
++  fi
++
+   local alg=$1 prefix=$2 chash=$3 hash
+   local file=$alg-hash.txt
  
 diff --git a/tests/sign_verify.test b/tests/sign_verify.test
-index c56290a..d4eddc8 100755
+index 2bc365a..eeb75ef 100755
 --- a/tests/sign_verify.test
 +++ b/tests/sign_verify.test
-@@ -132,6 +132,11 @@ check_sign() {
+@@ -136,6 +136,11 @@ check_sign() {
    # PREFIX (signature header prefix in hex),
    # OPTS (additional options for evmctl),
    # FILE (working file to sign).
@@ -23,7 +41,7 @@ index c56290a..d4eddc8 100755
    local "$@"
    local key verifykey
    local FILE=${FILE:-$ALG.txt}
-@@ -242,6 +247,11 @@ check_verify() {
+@@ -246,6 +251,11 @@ check_verify() {
    # ALG (hash algo),
    # OPTS (additional options for evmctl),
    # FILE (filename to verify).

ima-evm-utils.spec

@@ -1,15 +1,15 @@
 Name:         ima-evm-utils
-Version:      1.4
+Version:      1.5
 Release:      1
 Summary:      IMA/EVM control utilities
 License:      GPLv2
 URL:          http://linux-ima.sourceforge.net/
-Source0:      http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
+Source0:      https://github.com/mimizohar/ima-evm-utils/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
-Patch9000:    add-save-command-to-support-digest-list-building.patch
+Patch9000:    0001-add-save-command-to-support-digest-list-building.patch
-Patch9001:    fix-caps-parameter-cannot-be-parsed.patch
+Patch9001:    0002-fix-caps-parameter-cannot-be-parsed.patch
-Patch9002:    add-sm3-option.patch
+Patch9002:    0003-add-sm3-option.patch
-Patch9003:    skip-test-error-in-docker.patch
+Patch9003:    0004-Skip-test-error-in-docker.patch
 
 BuildRequires: autoconf automake libtool asciidoc vim-common
 BuildRequires: libxslt openssl openssl-devel keyutils-libs-devel tpm2-tss-devel
@@ -51,6 +51,9 @@ rm -rf %{buildroot}
 %make_install
 find %{buildroot} -type f -name "*.la" -delete -print
 
+cp -a %{_libdir}/libimaevm.so.2.0.0 %{buildroot}%{_libdir}/libimaevm.so.2.0.0
+ln -s -f %{buildroot}%{_libdir}/libimaevm.so.2.0.0 %{buildroot}%{_libdir}/libimaevm.so.2
+
 %check
 make check
 
@@ -72,9 +75,26 @@ make check
 %{_libdir}/*.so
 
 %files help
+%ifnarch i686
 %doc %{_mandir}/*/*
+%endif
 
 %changelog
+* Fri Jul 28 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 1.5-1
+- Upgrade to 1.5 with compatibility
+
+* Thu Jul 27 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 1.3.2-10
+- Revert "Upgrade to 1.5"
+
+* Thu Jul 20 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 1.5-1
+- Upgrade to 1.5
+
+* Mon Feb 6 2023 gaoyusong <gaoyusong2@huawei.com> - 1.3.2-9
+- fix i686 build issue
+
+* Sat Oct 29 2022 shenxiangwei <shenxiangwei1@huawei.com> - 1.3.2-8
+- revert "update to 1.4"
+
 * Thu Oct 27 2022 shenxiangwei <shenxiangwei1@huawei.com> - 1.4-1
 - update to 1.4
 

ima-evm-utils.yaml

@@ -1,4 +1,4 @@
 version_control: git
-src_repo: https://git.code.sf.net/p/linux-ima/ima-evm-utils
+src_repo: https://github.com/mimizohar/ima-evm-utils.git
 tag_prefix: ^v
 seperator: .