diff --git a/Add-license-to-digest_list.c.patch b/Add-license-to-digest_list.c.patch new file mode 100644 index 0000000..fe07b05 --- /dev/null +++ b/Add-license-to-digest_list.c.patch @@ -0,0 +1,34 @@ +From 676cd4c0b90043b745a39b43446e42e80948c643 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Fri, 12 Mar 2021 10:57:24 +0100 +Subject: [PATCH 5/5] Add license to digest_list.c + +--- + plugins/digest_list.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/plugins/digest_list.c b/plugins/digest_list.c +index cfde5cd1d..992a7e81a 100644 +--- a/plugins/digest_list.c ++++ b/plugins/digest_list.c +@@ -1,3 +1,17 @@ ++/* ++ * Copyright (C) 2020-2021 Huawei Technologies Duesseldorf GmbH ++ * ++ * Author: Roberto Sassu ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation, version 2 of the ++ * License. ++ * ++ * File: digest_list.c ++ * Plugin to load digest lists in the Linux kernel. ++ */ ++ + #include "system.h" + #include "errno.h" + +-- +2.26.2 + diff --git a/Add-loongarch-architecture-support.patch b/Add-loongarch-architecture-support.patch new file mode 100644 index 0000000..80c9c41 --- /dev/null +++ b/Add-loongarch-architecture-support.patch @@ -0,0 +1,99 @@ +From 3100da59abd272fc3f301a30ebabedf86b0b4a00 Mon Sep 17 00:00:00 2001 +From: Sun Haiyong +Date: Tue, 21 Dec 2021 20:40:27 +0800 +Subject: [PATCH] Add loongarch architecture support. + +--- + installplatform | 12 ++++++++++++ + rpmrc.in | 17 +++++++++++++++++ + 2 files changed, 29 insertions(+) + +diff --git a/installplatform b/installplatform +index 12339fc..74c50a2 100755 +--- a/installplatform ++++ b/installplatform +@@ -168,6 +168,18 @@ for ARCH in noarch `grep ^arch_canon $RPMRC | cut -d: -f2`; do + CANONARCH=mips64r6el + CANONCOLOR=3 + ;; ++ loongarch32) ++ ISANAME=loongarch ++ ISABITS=32 ++ CANONARCH=loongarch32 ++ CANONCOLOR=0 ++ ;; ++ loongarch64) ++ ISANAME=loongarch ++ ISABITS=64 ++ CANONARCH=loongarch64 ++ CANONCOLOR=3 ++ ;; + m68k) + ISANAME=m68k + ISABITS=32 +diff --git a/rpmrc.in b/rpmrc.in +index 5bd9ba3..fc2932a 100644 +--- a/rpmrc.in ++++ b/rpmrc.in +@@ -67,6 +67,8 @@ optflags: mipsr6el -O2 -g + optflags: mips64r6 -O2 -g + optflags: mips64r6el -O2 -g + ++optflags: loongarch64 -O2 -g ++ + optflags: armv3l -O2 -g -march=armv3 + optflags: armv4b -O2 -g -march=armv4 + optflags: armv4l -O2 -g -march=armv4 +@@ -137,6 +139,9 @@ archcolor: mipsr6el 1 + archcolor: mips64r6 2 + archcolor: mips64r6el 2 + ++archcolor: loongarch32 1 ++archcolor: loongarch64 2 ++ + archcolor: m68k 1 + + archcolor: m68kmint 1 +@@ -257,6 +262,9 @@ arch_canon: mips64r6el: mips64r6el 21 + arch_canon: riscv: riscv64 22 + arch_canon: riscv64: riscv64 22 + ++arch_canon: loongarch32: loongarch32 25 ++arch_canon: loongarch64: loongarch64 26 ++ + ############################################################# + # Canonical OS names and numbers + +@@ -360,6 +368,9 @@ buildarchtranslate: mipsr6el: mipsr6el + buildarchtranslate: mips64r6: mips64r6 + buildarchtranslate: mips64r6el: mips64r6el + ++buildarchtranslate: loongarch32: loongarch32 ++buildarchtranslate: loongarch64: loongarch64 ++ + buildarchtranslate: m68k: m68k + + buildarchtranslate: atarist: m68kmint +@@ -449,6 +460,9 @@ arch_compat: mipsr6el: noarch + arch_compat: mips64r6: mipsr6 + arch_compat: mips64r6el: mipsr6el + ++arch_compat: loongarch32: noarch ++arch_compat: loongarch64: loongarch32 ++ + arch_compat: hppa2.0: hppa1.2 + arch_compat: hppa1.2: hppa1.1 + arch_compat: hppa1.1: hppa1.0 +@@ -586,6 +600,9 @@ buildarch_compat: mipsr6el: noarch + buildarch_compat: mips64r6: noarch + buildarch_compat: mips64r6el: noarch + ++buildarch_compat: loongarch32: noarch ++buildarch_compat: loongarch64: noarch ++ + buildarch_compat: armv4b: noarch + buildarch_compat: armv8l: armv7l + buildarch_compat: armv7l: armv6l +-- +2.30.0 + diff --git a/Avoid-generating-digest-lists-if-they-are-already-pa.patch b/Avoid-generating-digest-lists-if-they-are-already-pa.patch new file mode 100644 index 0000000..ecfedb9 --- /dev/null +++ b/Avoid-generating-digest-lists-if-they-are-already-pa.patch @@ -0,0 +1,50 @@ +From d0b01bb4366ca467bfd1386820fe17ae58aa3c8c Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 17 Mar 2021 17:25:46 +0100 +Subject: [PATCH] Avoid generating digest lists if they are already packaged + +--- + build/files.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/build/files.c b/build/files.c +index d5c83a094..a30828e1c 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -51,6 +51,7 @@ + #define DEBUG_ID_DIR "/usr/lib/debug/.build-id" + #define DEBUG_DWZ_DIR "/usr/lib/debug/.dwz" + #define DIGEST_LIST_DIR "/.digest_lists" ++#define DEST_DIGEST_LIST_DIR "/etc/ima/digest_lists" + + #undef HASHTYPE + #undef HTKEYTYPE +@@ -993,7 +994,7 @@ static void genDigestListInput(FileList fl, Package pkg, int isSrc) + char buf[BUFSIZ]; + char file_info[BUFSIZ]; + char file_digest[128 * 2 + 1]; +- int i; ++ int i, gen_digest_lists = 1; + uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo; + Header h = pkg->header; /* just a shortcut */ + +@@ -1100,9 +1101,15 @@ static void genDigestListInput(FileList fl, Package pkg, int isSrc) + strlen(flp->caps) ? flp->caps : ""); + appendStringBuf(check_fileList_bin_pkg, file_info); + } ++ ++ if (S_ISREG(flp->fl_mode) && ++ !strncmp(flp->cpioPath, DEST_DIGEST_LIST_DIR, ++ sizeof(DEST_DIGEST_LIST_DIR) - 1)) ++ gen_digest_lists = 0; + } + +- if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0) ++ if (gen_digest_lists && ++ genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0) + fl->processingFailed = 1; + } + +-- +2.26.2 + diff --git a/Check-rpm-parser.patch b/Check-rpm-parser.patch new file mode 100644 index 0000000..43052a2 --- /dev/null +++ b/Check-rpm-parser.patch @@ -0,0 +1,29 @@ +From 18df7feaf512cf4d7548121e1f04d4e7066fb324 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 10 Mar 2021 12:23:32 +0100 +Subject: [PATCH 2/5] Check rpm parser + +--- + plugins/digest_list.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/plugins/digest_list.c b/plugins/digest_list.c +index bb778c57f..c62f8c22f 100644 +--- a/plugins/digest_list.c ++++ b/plugins/digest_list.c +@@ -131,6 +131,12 @@ static int upload_digest_list(char *path, int type, int digest_list_signed) + + /* If the digest list is not signed, execute the RPM parser */ + if (!digest_list_signed) { ++ if (stat(RPM_PARSER, &st) == -1) { ++ rpmlog(RPMLOG_DEBUG, "digest_list: %s not found, " ++ "not uploading digest list\n", RPM_PARSER); ++ return 0; ++ } ++ + if ((pid = fork()) == 0) { + execlp(RPM_PARSER, RPM_PARSER, (type == TR_ADDED) ? + "add" : "del", path, NULL); +-- +2.26.2 + diff --git a/Fix-digest_list_counter.patch b/Fix-digest_list_counter.patch new file mode 100644 index 0000000..b9a3cd9 --- /dev/null +++ b/Fix-digest_list_counter.patch @@ -0,0 +1,81 @@ +From 8ecd5fc6884ae165e38e16b900cc4da90665b9db Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 10 Mar 2021 12:22:39 +0100 +Subject: [PATCH 1/5] Fix digest_list_counter + +--- + plugins/digest_list.c | 38 +++++++++++++++++++++++--------------- + 1 file changed, 23 insertions(+), 15 deletions(-) + +diff --git a/plugins/digest_list.c b/plugins/digest_list.c +index 2dfa21e35..bb778c57f 100644 +--- a/plugins/digest_list.c ++++ b/plugins/digest_list.c +@@ -477,8 +477,8 @@ int digest_list_counter; + static rpmRC digest_list_psm_pre(rpmPlugin plugin, rpmte te) + { + Header rpm = rpmteHeader(te); +- rpmtd dirnames; +- int i; ++ rpmtd dirnames, dirindexes; ++ int i = -1; + + digest_list_counter = 0; + +@@ -487,13 +487,26 @@ static rpmRC digest_list_psm_pre(rpmPlugin plugin, rpmte te) + + while ((i = rpmtdNext(dirnames)) >= 0) { + char *dirname = (char *) rpmtdGetString(dirnames); ++ + if (!strncmp(dirname, DIGEST_LIST_DEFAULT_PATH, +- sizeof(DIGEST_LIST_DEFAULT_PATH) - 1)) +- digest_list_counter++; ++ sizeof(DIGEST_LIST_DEFAULT_PATH) - 1) && ++ dirname[sizeof(DIGEST_LIST_DEFAULT_PATH) - 1] == '/') ++ break; + } + + rpmtdFree(dirnames); + ++ if (i == -1) ++ return RPMRC_OK; ++ ++ dirindexes = rpmtdNew(); ++ headerGet(rpm, RPMTAG_DIRINDEXES, dirindexes, 0); ++ while (rpmtdNext(dirindexes) >= 0) ++ if (rpmtdGetNumber(dirindexes) == i) ++ digest_list_counter++; ++ ++ rpmtdFree(dirindexes); ++ + cur_te = te; + return RPMRC_OK; + } +@@ -517,18 +530,13 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi, + (!pre && action != FA_CREATE)) + return RPMRC_OK; + +- if (digest_list_counter) { +- if (!pre) { +- if (!strncmp(path, DIGEST_LIST_DEFAULT_PATH, +- sizeof(DIGEST_LIST_DEFAULT_PATH) - 1)) +- digest_list_counter--; +- } else { +- digest_list_counter = 0; +- } ++ if (strncmp(path, DIGEST_LIST_DEFAULT_PATH, ++ sizeof(DIGEST_LIST_DEFAULT_PATH) - 1) || ++ path[sizeof(DIGEST_LIST_DEFAULT_PATH) - 1] != '/') ++ return RPMRC_OK; + +- if (digest_list_counter) +- return RPMRC_OK; +- } ++ if (!pre && --digest_list_counter) ++ return RPMRC_OK; + + process_digest_list(cur_te, 0); + if (!strcmp(rpmteN(cur_te), "digest-list-tools")) +-- +2.26.2 + diff --git a/Generate-digest-lists-before-calling-genCpioListAndH.patch b/Generate-digest-lists-before-calling-genCpioListAndH.patch new file mode 100644 index 0000000..bc85a01 --- /dev/null +++ b/Generate-digest-lists-before-calling-genCpioListAndH.patch @@ -0,0 +1,255 @@ +From 2b0cab0ed63e77582b047f723b69a0e3dd647566 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 12 Aug 2020 18:23:42 +0200 +Subject: [PATCH] Generate digest lists before calling genCpioListAndHeader() + +Signed-off-by: luhuaxin +--- + build/files.c | 182 ++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 147 insertions(+), 35 deletions(-) + +diff --git a/build/files.c b/build/files.c +index d1e56c0..5358ead 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -1000,20 +1000,149 @@ static int seenHardLink(FileRecords files, FileListRec flp, rpm_ino_t *fileid) + * @param pkg (sub) package + * @param isSrc pass 1 for source packages 0 otherwise + */ +-static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc) ++static void genDigestListInput(FileList fl, Package pkg, int isSrc) + { + FileListRec flp; + char buf[BUFSIZ]; + char file_info[BUFSIZ]; + char file_digest[128 * 2 + 1]; ++ int i; ++ uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo; ++ Header h = pkg->header; /* just a shortcut */ ++ ++ /* ++ * See if non-md5 file digest algorithm is requested. If not ++ * specified, quietly assume md5. Otherwise check if supported type. ++ */ ++ digestalgo = rpmExpandNumeric(isSrc ? "%{_source_filedigest_algorithm}" : ++ "%{_binary_filedigest_algorithm}"); ++ if (digestalgo == 0) { ++ digestalgo = defaultalgo; ++ } ++ ++ if (rpmDigestLength(digestalgo) == 0) { ++ rpmlog(RPMLOG_WARNING, ++ _("Unknown file digest algorithm %u, falling back to MD5\n"), ++ digestalgo); ++ digestalgo = defaultalgo; ++ } ++ ++ /* Sort the big list */ ++ if (fl->files.recs) { ++ qsort(fl->files.recs, fl->files.used, ++ sizeof(*(fl->files.recs)), compareFileListRecs); ++ } ++ ++ /* Generate the header. */ ++ for (i = 0, flp = fl->files.recs; i < fl->files.used; i++, flp++) { ++ /* Merge duplicate entries. */ ++ while (i < (fl->files.used - 1) && ++ rstreq(flp->cpioPath, flp[1].cpioPath)) { ++ ++ /* Two entries for the same file found, merge the entries. */ ++ /* Note that an %exclude is a duplication of a file reference */ ++ ++ /* file flags */ ++ flp[1].flags |= flp->flags; ++ ++ if (!(flp[1].flags & RPMFILE_EXCLUDE)) ++ rpmlog(RPMLOG_WARNING, _("File listed twice: %s\n"), ++ flp->cpioPath); ++ ++ /* file mode */ ++ if (S_ISDIR(flp->fl_mode)) { ++ if ((flp[1].specdFlags & (SPECD_DIRMODE | SPECD_DEFDIRMODE)) < ++ (flp->specdFlags & (SPECD_DIRMODE | SPECD_DEFDIRMODE))) ++ flp[1].fl_mode = flp->fl_mode; ++ } else { ++ if ((flp[1].specdFlags & (SPECD_FILEMODE | SPECD_DEFFILEMODE)) < ++ (flp->specdFlags & (SPECD_FILEMODE | SPECD_DEFFILEMODE))) ++ flp[1].fl_mode = flp->fl_mode; ++ } ++ ++ /* uid */ ++ if ((flp[1].specdFlags & (SPECD_UID | SPECD_DEFUID)) < ++ (flp->specdFlags & (SPECD_UID | SPECD_DEFUID))) ++ { ++ flp[1].fl_uid = flp->fl_uid; ++ flp[1].uname = flp->uname; ++ } ++ ++ /* gid */ ++ if ((flp[1].specdFlags & (SPECD_GID | SPECD_DEFGID)) < ++ (flp->specdFlags & (SPECD_GID | SPECD_DEFGID))) ++ { ++ flp[1].fl_gid = flp->fl_gid; ++ flp[1].gname = flp->gname; ++ } ++ ++ /* verify flags */ ++ if ((flp[1].specdFlags & (SPECD_VERIFY | SPECD_DEFVERIFY)) < ++ (flp->specdFlags & (SPECD_VERIFY | SPECD_DEFVERIFY))) ++ flp[1].verifyFlags = flp->verifyFlags; ++ ++ /* XXX to-do: language */ ++ ++ flp++; i++; ++ } ++ ++ /* Skip files that were marked with %exclude. */ ++ if (flp->flags & RPMFILE_EXCLUDE) ++ { ++ argvAdd(&pkg->fileExcludeList, flp->cpioPath); ++ continue; ++ } ++ ++ buf[0] = '\0'; ++ if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST)) ++ (void) rpmDoDigest(digestalgo, flp->diskPath, 1, ++ (unsigned char *)buf); ++ headerPutString(h, RPMTAG_FILEDIGESTS, buf); ++ snprintf(file_digest, sizeof(file_digest), "%s", buf); ++ ++ if (check_fileList_bin_pkg && S_ISREG(flp->fl_mode) && ++ !(flp->flags & RPMFILE_GHOST)) { ++ appendStringBuf(check_fileList_bin_pkg, "path="); ++ appendStringBuf(check_fileList_bin_pkg, flp->diskPath); ++ snprintf(file_info, sizeof(file_info), ++ "|digestalgopgp=%d|digest=%s|mode=%d" ++ "|uname=%s|gname=%s|caps=%s\n", ++ digestalgo, file_digest, flp->fl_mode, ++ rpmstrPoolStr(fl->pool, flp->uname), ++ rpmstrPoolStr(fl->pool, flp->gname), flp->caps && ++ strlen(flp->caps) ? flp->caps : ""); ++ appendStringBuf(check_fileList_bin_pkg, file_info); ++ } ++ } ++ ++ if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0) ++ fl->processingFailed = 1; ++} ++ ++/** ++ * Add file entries to header. ++ * @todo Should directories have %doc/%config attributes? (#14531) ++ * @todo Remove RPMTAG_OLDFILENAMES, add dirname/basename instead. ++ * @param fl package file tree walk data ++ * @param pkg (sub) package ++ * @param isSrc pass 1 for source packages 0 otherwise ++ */ ++static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc) ++{ ++ FileListRec flp; ++ char buf[BUFSIZ]; + int i, npaths = 0; + int fail_on_dupes = rpmExpandNumeric("%{?_duplicate_files_terminate_build}") > 0; + uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo; + rpm_loff_t totalFileSize = 0; + Header h = pkg->header; /* just a shortcut */ +- int processed = 0; + time_t source_date_epoch = 0; + char *srcdate = getenv("SOURCE_DATE_EPOCH"); ++ struct rpmtd_s oldfiledigests; ++ ++ headerGet(h, RPMTAG_FILEDIGESTS, &oldfiledigests, HEADERGET_ALLOC); ++ headerDel(h, RPMTAG_FILEDIGESTS); ++ rpmtdInit(&oldfiledigests); + + /* Limit the maximum date to SOURCE_DATE_EPOCH if defined + * similar to the tar --clamp-mtime option +@@ -1080,9 +1209,8 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc) + + pkg->dpaths = xmalloc((fl->files.used + 1) * sizeof(*pkg->dpaths)); + +-process_files: + /* Generate the header. */ +- for (i = processed, flp = fl->files.recs + processed; i < fl->files.used; i++, flp++) { ++ for (i = 0, flp = fl->files.recs; i < fl->files.used; i++, flp++) { + rpm_ino_t fileid = flp - fl->files.recs; + + /* Merge duplicate entries. */ +@@ -1212,13 +1340,17 @@ process_files: + if (fl->haveCaps) { + headerPutString(h, RPMTAG_FILECAPS, flp->caps); + } +- ++ + buf[0] = '\0'; +- if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST)) +- (void) rpmDoDigest(digestalgo, flp->diskPath, 1, +- (unsigned char *)buf); +- headerPutString(h, RPMTAG_FILEDIGESTS, buf); +- snprintf(file_digest, sizeof(file_digest), "%s", buf); ++ if (strstr(flp->diskPath, DIGEST_LIST_DIR) || !oldfiledigests.count) { ++ if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST)) ++ (void) rpmDoDigest(digestalgo, flp->diskPath, 1, ++ (unsigned char *)buf); ++ headerPutString(h, RPMTAG_FILEDIGESTS, buf); ++ } else { ++ headerPutString(h, RPMTAG_FILEDIGESTS, ++ rpmtdNextString(&oldfiledigests)); ++ } + + buf[0] = '\0'; + if (S_ISLNK(flp->fl_mode)) { +@@ -1259,31 +1391,6 @@ process_files: + flp->flags &= PARSEATTR_MASK; + + headerPutUint32(h, RPMTAG_FILEFLAGS, &(flp->flags) ,1); +- +- if (!processed && check_fileList_bin_pkg && S_ISREG(flp->fl_mode) && +- !(flp->flags & RPMFILE_GHOST)) { +- appendStringBuf(check_fileList_bin_pkg, "path="); +- appendStringBuf(check_fileList_bin_pkg, flp->diskPath); +- snprintf(file_info, sizeof(file_info), +- "|digestalgopgp=%d|digest=%s|mode=%d" +- "|uname=%s|gname=%s|caps=%s\n", +- digestalgo, file_digest, flp->fl_mode, +- rpmstrPoolStr(fl->pool, flp->uname), +- rpmstrPoolStr(fl->pool, flp->gname), flp->caps && +- strlen(flp->caps) ? flp->caps : ""); +- appendStringBuf(check_fileList_bin_pkg, file_info); +- } +- } +- +- if (!processed) { +- if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0) { +- fl->processingFailed = 1; +- } else if (i < fl->files.used) { +- pkg->dpaths = xrealloc(pkg->dpaths, +- (fl->files.used + 1) * sizeof(*pkg->dpaths)); +- processed = i; +- goto process_files; +- } + } + + pkg->dpaths[npaths] = NULL; +@@ -1324,6 +1431,7 @@ process_files: + /* Binary packages with dirNames cannot be installed by legacy rpm. */ + (void) rpmlibNeedsFeature(pkg, "CompressedFileNames", "3.0.4-1"); + } ++ rpmtdFreeData(&oldfiledigests); + } + + static FileRecords FileRecordsFree(FileRecords files) +@@ -2808,6 +2916,10 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags, + if (checkHardLinks(&fl.files)) + (void) rpmlibNeedsFeature(pkg, "PartialHardlinkSets", "4.0.4-1"); + ++ genDigestListInput(&fl, pkg, 0); ++ if (fl.processingFailed) ++ goto exit; ++ + genCpioListAndHeader(&fl, pkg, 0); + + exit: +-- +2.33.0 + diff --git a/Remove-digest-list-from-the-kernel-during-package-re.patch b/Remove-digest-list-from-the-kernel-during-package-re.patch new file mode 100644 index 0000000..2bd6caa --- /dev/null +++ b/Remove-digest-list-from-the-kernel-during-package-re.patch @@ -0,0 +1,106 @@ +From 0f088c5c9efa8ab877455bc273d7e536c763f824 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Thu, 11 Mar 2021 11:59:45 +0100 +Subject: [PATCH] Remove digest list from the kernel during package + reinstallation + +Signed-off-by: luhuaxin +--- + plugins/digest_list.c | 36 +++++++++++++++++------------------- + 1 file changed, 17 insertions(+), 19 deletions(-) + +diff --git a/plugins/digest_list.c b/plugins/digest_list.c +index ca77282..63f8f1c 100644 +--- a/plugins/digest_list.c ++++ b/plugins/digest_list.c +@@ -27,9 +27,6 @@ + #define DIGEST_LIST_DEFAULT_PATH "/etc/ima/digest_lists" + #define RPM_PARSER "/usr/libexec/rpm_parser" + +-#define DIGEST_LIST_OP_ADD 0 +-#define DIGEST_LIST_OP_DEL 1 +- + enum hash_algo { + HASH_ALGO_MD4, + HASH_ALGO_MD5, +@@ -372,12 +369,13 @@ out: + return ret; + } + +-static int process_digest_list(rpmte te, int parser) ++static int process_digest_list(rpmte te, int parser, int pre) + { + char *path = NULL, *path_sig = NULL; + int digest_list_signed = 0; + struct stat st; + ssize_t size; ++ int type = rpmteType(te); + struct __user_cap_header_struct cap_header_data; + cap_user_header_t cap_header = &cap_header_data; + struct __user_cap_data_struct cap_data_data; +@@ -431,15 +429,7 @@ static int process_digest_list(rpmte te, int parser) + + size = lgetxattr(path, XATTR_NAME_IMA, NULL, 0); + +- /* Don't upload again if digest list was already processed */ +- if ((rpmteType(te) == TR_ADDED && size > 0) || +- (rpmteType(te) == TR_REMOVED && size < 0)) { +- rpmlog(RPMLOG_DEBUG, "digest_list: '%s' already processed, " +- "nothing to do\n", path); +- goto out; +- } +- +- if (rpmteType(te) == TR_ADDED) { ++ if (type == TR_ADDED && !pre && size < 0) { + if (!digest_list_signed) { + /* Write RPM header to the disk */ + ret = write_rpm_digest_list(te, path); +@@ -472,12 +462,18 @@ static int process_digest_list(rpmte te, int parser) + ret = RPMRC_FAIL; + goto out; + } ++ } else if (type == TR_ADDED && pre) { ++ if (size < 0) ++ goto out; ++ ++ /* rpm is overwriting the digest list, remove from the kernel */ ++ type = TR_REMOVED; + } + + /* Upload digest list to securityfs */ +- upload_digest_list(path, rpmteType(te), digest_list_signed); ++ upload_digest_list(path, type, digest_list_signed); + +- if (rpmteType(te) == TR_REMOVED) { ++ if (type == TR_REMOVED) { + if (!digest_list_signed) { + unlink(path); + goto out; +@@ -552,8 +548,10 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi, + if (!pre && res != RPMRC_OK) + return res; + +- if ((pre && action != FA_ERASE) || +- (!pre && action != FA_CREATE)) ++ if (!pre && rpmteType(cur_te) != TR_ADDED) ++ return RPMRC_OK; ++ ++ if (pre && action == FA_SKIP) + return RPMRC_OK; + + if (strncmp(path, DIGEST_LIST_DEFAULT_PATH, +@@ -564,9 +562,9 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi, + if (!pre && --digest_list_counter) + return RPMRC_OK; + +- process_digest_list(cur_te, 0); ++ process_digest_list(cur_te, 0, pre); + if (!strcmp(rpmteN(cur_te), "digest-list-tools")) +- process_digest_list(cur_te, 1); ++ process_digest_list(cur_te, 1, pre); + + return RPMRC_OK; + } +-- +2.33.0 + diff --git a/Use-user.digest_list-to-avoid-duplicate-processing-o.patch b/Use-user.digest_list-to-avoid-duplicate-processing-o.patch deleted file mode 100644 index 4c1ade3..0000000 --- a/Use-user.digest_list-to-avoid-duplicate-processing-o.patch +++ /dev/null @@ -1,57 +0,0 @@ -From e07cef55252fddf45ff39e264097c04a726d0d79 Mon Sep 17 00:00:00 2001 -From: Roberto Sassu -Date: Fri, 7 Aug 2020 09:32:27 +0200 -Subject: [PATCH] Use user.digest_list to avoid duplicate processing of the - digest lists - ---- - plugins/digest_list.c | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - -diff --git a/plugins/digest_list.c b/plugins/digest_list.c -index beb397309..9fcb5c4c5 100644 ---- a/plugins/digest_list.c -+++ b/plugins/digest_list.c -@@ -417,7 +417,7 @@ static int process_digest_list(rpmte te, int parser) - DIGEST_LIST_DEFAULT_PATH, rpmteN(te), rpmteV(te), - rpmteR(te), rpmteA(te)); - -- size = lgetxattr(path, XATTR_NAME_IMA, NULL, 0); -+ size = lgetxattr(path, "user.digest_list", NULL, 0); - - /* Don't upload again if digest list was already processed */ - if ((rpmteType(te) == TR_ADDED && size > 0) || -@@ -446,6 +446,14 @@ static int process_digest_list(rpmte te, int parser) - ret = RPMRC_FAIL; - goto out; - } -+ -+ ret = lsetxattr(path, "user.digest_list", "1", 1, 0); -+ if (ret < 0) -+ rpmlog(RPMLOG_ERR, "digest_list: cannot add " -+ "user.digest_list to '%s'\n", path); -+ else -+ rpmlog(RPMLOG_DEBUG, "digest_list: user.digest_list " -+ "successfully added to '%s'\n", path); - } - - /* Upload digest list to securityfs */ -@@ -457,12 +465,12 @@ static int process_digest_list(rpmte te, int parser) - goto out; - } - -- ret = lremovexattr(path, XATTR_NAME_IMA); -+ ret = lremovexattr(path, "user.digest_list"); - if (ret < 0) - rpmlog(RPMLOG_ERR, "digest_list: cannot remove " -- "security.ima from '%s'\n", path); -+ "user.digest_list from '%s'\n", path); - else -- rpmlog(RPMLOG_DEBUG, "digest_list: security.ima " -+ rpmlog(RPMLOG_DEBUG, "digest_list: user.digest_list " - "successfully removed from '%s'\n", path); - } - out: --- -2.27.GIT - diff --git a/dont-remove-ima-xattr-of-parser-when-upgrading.patch b/dont-remove-ima-xattr-of-parser-when-upgrading.patch new file mode 100644 index 0000000..b2e0424 --- /dev/null +++ b/dont-remove-ima-xattr-of-parser-when-upgrading.patch @@ -0,0 +1,35 @@ +From 2c27c71952ce3ac61afeabd3ef4e1d182574e905 Mon Sep 17 00:00:00 2001 +From: luhuaxin +Date: Tue, 15 Mar 2022 20:54:06 +0800 +Subject: [PATCH] dont remove ima xattr of parser when upgrading + +Signed-off-by: luhuaxin +--- + plugins/digest_list.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/plugins/digest_list.c b/plugins/digest_list.c +index 0692b5b..1d7ef92 100644 +--- a/plugins/digest_list.c ++++ b/plugins/digest_list.c +@@ -576,9 +576,16 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi, + if (!pre && --digest_list_counter) + return RPMRC_OK; + ++ rpmlog(RPMLOG_DEBUG, "process ima digest, pre: %d, action: %d, teType: %d\n", ++ pre, action, rpmteType(cur_te)); + process_digest_list(cur_te, 0, pre); +- if (!strcmp(rpmteN(cur_te), "digest-list-tools")) ++ if (!strcmp(rpmteN(cur_te), "digest-list-tools")) { ++ if (pre && rpmteType(cur_te) == TR_REMOVED) ++ return RPMRC_OK; ++ ++ rpmlog(RPMLOG_DEBUG, "process parser digest\n"); + process_digest_list(cur_te, 1, pre); ++ } + + return RPMRC_OK; + } +-- +2.33.0 + diff --git a/rpm-selinux-plugin-check-context-file-exist.patch b/rpm-selinux-plugin-check-context-file-exist.patch index cf3dc0d..56d7982 100644 --- a/rpm-selinux-plugin-check-context-file-exist.patch +++ b/rpm-selinux-plugin-check-context-file-exist.patch @@ -1,15 +1,14 @@ -From 91d2535bb150a4e98ac72f87896f4acadda293d0 Mon Sep 17 00:00:00 2001 +From 55708fd5822a3e4bf5537002a648f32cb0a6e07e Mon Sep 17 00:00:00 2001 From: luhuaxin <1539327763@qq.com> Date: Tue, 26 Oct 2021 18:39:46 +0800 Subject: [PATCH] rpm selinux plugin check context file exist -Signed-off-by: lujie54 --- plugins/selinux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/selinux.c b/plugins/selinux.c -index 7c1a0da..c909d18 100644 +index 1254517..fb8b7a2 100644 --- a/plugins/selinux.c +++ b/plugins/selinux.c @@ -63,7 +63,8 @@ static rpmRC selinux_tsm_pre(rpmPlugin plugin, rpmts ts) @@ -23,5 +22,5 @@ index 7c1a0da..c909d18 100644 } -- -1.8.3.1 +2.23.0 diff --git a/rpm.spec b/rpm.spec index 61cd1cf..55d5e72 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.17.0 -Release: 4 +Release: 5 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -15,20 +15,28 @@ Patch6: bugfix-rpm-4.14.2-wait-once-get-rpmlock-fail.patch Patch7: Generate-digest-lists.patch Patch8: Add-digest-list-plugin.patch Patch9: Don-t-add-dist-to-release-if-it-is-already-there.patch -Patch10: Use-user.digest_list-to-avoid-duplicate-processing-o.patch +Patch10: Generate-digest-lists-before-calling-genCpioListAndH.patch Patch11: call-process_digest_list-after-files-are-added.patch Patch12: fix-lsetxattr-error-in-container.patch -Patch13: get-in-use-of-ndb.patch -Patch14: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch +Patch13: rpm-selinux-plugin-check-context-file-exist.patch +Patch14: get-in-use-of-ndb.patch Patch15: still-in-use-of-python-scripts-from-old-version.patch -Patch16: rpm-selinux-plugin-check-context-file-exist.patch +Patch16: Add-loongarch-architecture-support.patch +Patch17: Fix-digest_list_counter.patch +Patch18: Check-rpm-parser.patch +Patch19: Remove-digest-list-from-the-kernel-during-package-re.patch +Patch20: Add-license-to-digest_list.c.patch +Patch21: Avoid-generating-digest-lists-if-they-are-already-pa.patch +Patch22: dont-remove-ima-xattr-of-parser-when-upgrading.patch + +Patch6000: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel BuildRequires: dbus-devel fakechroot elfutils-devel elfutils-libelf-devel ima-evm-utils BuildRequires: lua-devel libcap-devel libacl-devel libselinux-devel file-devel gettext-devel ncurses-devel BuildRequires: system-rpm-config dwz gnupg2 debugedit -Requires: coreutils popt curl zstd libcap crontabs logrotate +Requires: coreutils popt curl zstd >= 1.5.0-1 libcap crontabs logrotate Obsoletes: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron Provides: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron Obsoletes: %{name}-plugin-selinux %{name}-plugin-syslog %{name}-plugin-systemd-inhibit < 4.15.1-28 %{name}-plugin-ima %{name}-plugin-prioreset @@ -261,9 +269,9 @@ make check || (cat tests/rpmtests.log; exit 0) %{_rpmconfigdir}/*deps* %{_rpmconfigdir}/*.prov %{_rpmconfigdir}/*.req -%{_rpmconfigdir}/config.* %{_rpmconfigdir}/mkinstalldirs %{_rpmconfigdir}/fileattrs/* +%{_rpmconfigdir}/config.* %files -n python3-%{name} %defattr(-,root,root) @@ -291,6 +299,12 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Tue Aug 09 2022 renhongxun - 4.17.0-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync changes from openEuler-22.03-LTS + *Sat Jun 25 2022 lujie - 4.17.0-4 - Type:bugfix - ID:NA