From: Juergen Borleis <jbe@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH] ima-evm-utils: version bump to 1.1
Date: Fri, 22 Feb 2019 09:29:10 +0100 [thread overview]
Message-ID: <20190222082910.32274-1-jbe@pengutronix.de> (raw)
This version bump also adds support for openssl-1.1.x.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
...ove-file-at-it-s-autogenerated-by-autotoo.patch | 0
...2-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch | 0
...tl-find-add-missing-closedir-dir-on-error.patch | 6 +-
...-add-missing-error-handling-and-propagate.patch | 6 +-
...d-fallback-definitions-for-XATTR_NAME_IMA.patch | 2 +-
...maevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch | 20 ++--
...se-SHA_DIGEST_LENGTH-instead-of-open-codi.patch | 8 +-
...mctl-add-parameter-e-to-set-evm-hash-algo.patch | 50 +++++-----
...add-support-for-offline-image-preparation.patch | 110 ++++++++++-----------
...ot-account-.-and-.-for-directory-hash-gen.patch | 4 +-
.../0011-HACK-don-t-generate-man-page.patch | 0
.../0012-Fix-warning-for-non-debug-use-case.patch | 28 ++++++
.../autogen.sh | 0
.../series | 3 +-
rules/ima-evm-utils.make | 6 +-
15 files changed, 136 insertions(+), 107 deletions(-)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch (100%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch (100%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0003-evmctl-find-add-missing-closedir-dir-on-error.patch (79%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0004-evmctl-find-add-missing-error-handling-and-propagate.patch (87%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch (94%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch (76%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch (77%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch (69%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0009-evmctl-add-support-for-offline-image-preparation.patch (68%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch (89%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0011-HACK-don-t-generate-man-page.patch (100%)
create mode 100644 patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/autogen.sh (100%)
rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/series (86%)
diff --git a/patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
similarity index 100%
rename from patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
rename to patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
diff --git a/patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
similarity index 100%
rename from patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
rename to patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
diff --git a/patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
similarity index 79%
rename from patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
rename to patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
index 77e9f5fc6..4b1c84584 100644
--- a/patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
+++ b/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
@@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
1 file changed, 2 insertions(+)
diff --git a/src/evmctl.c b/src/evmctl.c
-index c20cbfe80ab6..19f5f3bc87b0 100644
+index 2ffee786865b..20eccfa93b2b 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -1092,6 +1092,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
if (fchdir(dirfd(dir))) {
log_err("Failed to chdir %s\n", path);
@@ -21,7 +21,7 @@ index c20cbfe80ab6..19f5f3bc87b0 100644
return -1;
}
-@@ -1107,6 +1108,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func)
if (chdir("..")) {
log_err("Failed to chdir: %s\n", path);
diff --git a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
similarity index 87%
rename from patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
rename to patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
index 8a562b3e0..68660d95e 100644
--- a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
+++ b/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
@@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 19f5f3bc87b0..a5355f6c0ee1 100644
+index 20eccfa93b2b..55fc619f5990 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -1097,13 +1097,20 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func)
}
while ((de = readdir(dir))) {
@@ -38,7 +38,7 @@ index 19f5f3bc87b0..a5355f6c0ee1 100644
}
if (chdir("..")) {
-@@ -1112,8 +1119,13 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func)
return -1;
}
diff --git a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
similarity index 94%
rename from patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
rename to patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
index 7d229d3e2..69aadb377 100644
--- a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
+++ b/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
@@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
1 file changed, 5 insertions(+)
diff --git a/src/evmctl.c b/src/evmctl.c
-index a5355f6c0ee1..f120bf96b69d 100644
+index 55fc619f5990..de53be37b69b 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -62,6 +62,11 @@
diff --git a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
similarity index 76%
rename from patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
rename to patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
index a5de62dcc..a3cd597f8 100644
--- a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
+++ b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
@@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index f120bf96b69d..559e4cbf9176 100644
+index de53be37b69b..b0f3b6362528 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -446,7 +446,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
static int sign_evm(const char *file, const char *key)
{
@@ -22,7 +22,7 @@ index f120bf96b69d..559e4cbf9176 100644
unsigned char sig[1024];
int len, err;
-@@ -481,7 +481,7 @@ static int sign_evm(const char *file, const char *key)
+@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
static int hash_ima(const char *file)
{
@@ -31,7 +31,7 @@ index f120bf96b69d..559e4cbf9176 100644
int len, err, offset;
int algo = get_hash_algo(params.hash_algo);
-@@ -519,7 +519,7 @@ static int hash_ima(const char *file)
+@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
static int sign_ima(const char *file, const char *key)
{
@@ -40,7 +40,7 @@ index f120bf96b69d..559e4cbf9176 100644
unsigned char sig[1024];
int len, err;
-@@ -699,7 +699,7 @@ static int cmd_sign_evm(struct command *cmd)
+@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
static int verify_evm(const char *file)
{
@@ -49,7 +49,7 @@ index f120bf96b69d..559e4cbf9176 100644
unsigned char sig[1024];
int len;
-@@ -982,7 +982,7 @@ out:
+@@ -1119,7 +1119,7 @@ out:
static int hmac_evm(const char *file, const char *key)
{
@@ -59,12 +59,12 @@ index f120bf96b69d..559e4cbf9176 100644
int len, err;
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 575f0535fe07..32638e79ffdc 100644
+index 6fa0ed4a1c74..8fc23be08bd7 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
-@@ -517,7 +517,7 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
-
- int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
+@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
+ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
+ unsigned char *digest, int digestlen)
{
- unsigned char hash[64];
+ unsigned char hash[EVP_MAX_MD_SIZE];
diff --git a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
similarity index 77%
rename from patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
rename to patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
index 290d8adc7..2164c6238 100644
--- a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
+++ b/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
@@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 32638e79ffdc..1c5da965468c 100644
+index 8fc23be08bd7..b6c328801708 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
-@@ -370,7 +370,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
+@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size,
SHA_CTX ctx;
unsigned char out[1024];
RSA *key;
@@ -19,8 +19,8 @@ index 32638e79ffdc..1c5da965468c 100644
+ unsigned char sighash[SHA_DIGEST_LENGTH];
struct signature_hdr *hdr = (struct signature_hdr *)sig;
- log_info("hash: ");
-@@ -652,7 +652,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
+ log_info("hash-v1: ");
+@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
unsigned char pub[1024];
RSA *key;
char name[20];
diff --git a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
similarity index 69%
rename from patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
rename to patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
index 8165ed86d..488dfa822 100644
--- a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
+++ b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
@@ -14,33 +14,33 @@ Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
3 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 559e4cbf9176..d7352d87ef71 100644
+index b0f3b6362528..5d664005e915 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -319,6 +319,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- char uuid[16];
- struct h_misc_64 hmac_misc;
- int hmac_size;
+@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ #else
+ pctx = EVP_MD_CTX_new();
+ #endif
+ const EVP_MD *md;
if (lstat(file, &st)) {
log_err("Failed to stat: %s\n", file);
-@@ -350,7 +351,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
return -1;
}
-- err = EVP_DigestInit(&ctx, EVP_sha1());
+- err = EVP_DigestInit(pctx, EVP_sha1());
+ md = EVP_get_digestbyname(params.evm_hash_algo);
+ if (!md) {
+ log_err("EVP_get_digestbyname() failed\n");
+ return 1;
+ }
+
-+ err = EVP_DigestInit(&ctx, md);
++ err = EVP_DigestInit(pctx, md);
if (!err) {
log_err("EVP_DigestInit() failed\n");
return 1;
-@@ -454,7 +461,7 @@ static int sign_evm(const char *file, const char *key)
+@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
if (len <= 1)
return len;
@@ -49,30 +49,30 @@ index 559e4cbf9176..d7352d87ef71 100644
if (len <= 1)
return len;
-@@ -860,6 +867,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- ssize_t list_size;
- struct h_misc_64 hmac_misc;
- int hmac_size;
+@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ #else
+ pctx = HMAC_CTX_new();
+ #endif
+ const EVP_MD *md;
key = file2bin(keyfile, NULL, &keylen);
if (!key) {
-@@ -905,7 +913,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
goto out;
}
-- err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1());
+- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
+ md = EVP_get_digestbyname(params.evm_hash_algo);
+ if (!md) {
+ log_err("EVP_get_digestbyname() failed\n");
+ return 1;
+ }
+
-+ err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), md);
++ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
if (err) {
log_err("HMAC_Init() failed\n");
goto out;
-@@ -1464,6 +1478,7 @@ static void usage(void)
+@@ -1635,6 +1649,7 @@ static void usage(void)
printf(
"\n"
" -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n"
@@ -80,7 +80,7 @@ index 559e4cbf9176..d7352d87ef71 100644
" -s, --imasig make IMA signature\n"
" -d, --imahash make IMA hash\n"
" -f, --sigfile store IMA signature in .sig file instead of xattr\n"
-@@ -1508,6 +1523,7 @@ static struct option opts[] = {
+@@ -1691,6 +1706,7 @@ static struct option opts[] = {
{"imasig", 0, 0, 's'},
{"imahash", 0, 0, 'd'},
{"hashalgo", 1, 0, 'a'},
@@ -88,16 +88,16 @@ index 559e4cbf9176..d7352d87ef71 100644
{"pass", 2, 0, 'p'},
{"sigfile", 0, 0, 'f'},
{"uuid", 2, 0, 'u'},
-@@ -1565,7 +1581,7 @@ int main(int argc, char *argv[])
+@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
g_argc = argc;
while (1) {
-- c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:ri", opts, &lind);
-+ c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind);
+- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
++ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
if (c == -1)
break;
-@@ -1591,6 +1607,9 @@ int main(int argc, char *argv[])
+@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
case 'a':
params.hash_algo = optarg;
break;
@@ -108,10 +108,10 @@ index 559e4cbf9176..d7352d87ef71 100644
if (optarg)
params.keypass = optarg;
diff --git a/src/imaevm.h b/src/imaevm.h
-index 711596c3f3fa..ef7858b8faa0 100644
+index 1bafaad0f4ab..ed92e4d8981d 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
-@@ -178,6 +178,7 @@ struct libevm_params {
+@@ -179,6 +179,7 @@ struct libevm_params {
int verbose;
int x509;
const char *hash_algo;
@@ -120,7 +120,7 @@ index 711596c3f3fa..ef7858b8faa0 100644
const char *keypass;
};
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 1c5da965468c..595908395514 100644
+index b6c328801708..4c093a038b72 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -129,6 +129,7 @@ struct libevm_params params = {
diff --git a/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
similarity index 68%
rename from patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch
rename to patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
index 3467e1ec2..696528f75 100644
--- a/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch
+++ b/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
@@ -2,23 +2,23 @@ From: Sascha Hauer <s.hauer@pengutronix.de>
Date: Mon, 1 Dec 2014 15:23:21 +0100
Subject: [PATCH] evmctl: add support for offline image preparation
-With this patch it's possible to sign a directory hierarchy, so that a
-filesystem image (e.g. an ubifs) can be generated.
+With this change it's possible to sign a directory hierarchy, so that a
+filesystem image (e.g. a 'ubifs') can be generated.
-Creating the ima and evm signatues for an images with evmctl has to problems:
+Creating the ima and evm signatues for an image with 'evmctl' has two problems:
1) The inode-numbers of the files are different in the to be created image and
in the current filesystem.
2) The inode generation can be different, too.
These problems are solved in a 4-step process:
-1) evmctl generates signatures and writes them to the extended attributed
+1) 'evmctl' generates signatures and writes them to the extended attribute
(the usual process so far).
-2) The image, for example an ubifs image, is generted. mkfs.ubifs generates
+2) The image, for example a 'ubifs' image, is generated. 'mkfs.ubifs' generates
the image (including extended attributes) and stores the used inode number
- in an extended attribute "user.image-inode-number".
-3) evmct is started again to generate the signatures, this time with the
- additional paramter "--image". Instead of using an ioctl to get the inode
+ into an extended attribute "user.image-inode-number".
+3) 'evmct' is re-started to generate the signatures, this time with the
+ additional paramter "--image". Instead of using an 'ioctl' to get the inode
number and generation, the inode is read from the extended attribute
"user.image-inode-number", the generation is set to "0".
4) The image (omitting the exteneded attribute "user.image-inode-number") is
@@ -37,18 +37,18 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
3 files changed, 74 insertions(+), 9 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index d7352d87ef71..ec1fed395656 100644
+index 5d664005e915..9003f7640c0f 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -320,6 +320,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- struct h_misc_64 hmac_misc;
- int hmac_size;
+@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ pctx = EVP_MD_CTX_new();
+ #endif
const EVP_MD *md;
+ ino_t ino;
if (lstat(file, &st)) {
log_err("Failed to stat: %s\n", file);
-@@ -342,9 +343,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
}
close(fd);
}
@@ -75,42 +75,42 @@ index d7352d87ef71..ec1fed395656 100644
list_size = llistxattr(file, list, sizeof(list));
if (list_size < 0) {
log_err("llistxattr() failed\n");
-@@ -396,7 +413,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- struct h_misc *hmac = (struct h_misc *)&hmac_misc;
+@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
hmac_size = sizeof(*hmac);
-- hmac->ino = st.st_ino;
-+ hmac->ino = ino;
- hmac->generation = generation;
+ if (!evm_portable) {
+- hmac->ino = st.st_ino;
++ hmac->ino = ino;
+ hmac->generation = generation;
+ }
hmac->uid = st.st_uid;
- hmac->gid = st.st_gid;
-@@ -405,7 +422,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
+@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
hmac_size = sizeof(*hmac);
-- hmac->ino = st.st_ino;
-+ hmac->ino = ino;
- hmac->generation = generation;
+ if (!evm_portable) {
+- hmac->ino = st.st_ino;
++ hmac->ino = ino;
+ hmac->generation = generation;
+ }
hmac->uid = st.st_uid;
- hmac->gid = st.st_gid;
-@@ -414,7 +431,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
+@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
hmac_size = sizeof(*hmac);
-- hmac->ino = st.st_ino;
-+ hmac->ino = ino;
- hmac->generation = generation;
+ if (!evm_portable) {
+- hmac->ino = st.st_ino;
++ hmac->ino = ino;
+ hmac->generation = generation;
+ }
hmac->uid = st.st_uid;
- hmac->gid = st.st_gid;
-@@ -868,6 +885,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- struct h_misc_64 hmac_misc;
- int hmac_size;
+@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ pctx = HMAC_CTX_new();
+ #endif
const EVP_MD *md;
+ ino_t ino;
key = file2bin(keyfile, NULL, &keylen);
if (!key) {
-@@ -905,10 +923,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
close(fd);
}
@@ -137,7 +137,7 @@ index d7352d87ef71..ec1fed395656 100644
log_err("llistxattr() failed: %s\n", file);
goto out;
}
-@@ -951,7 +985,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
struct h_misc *hmac = (struct h_misc *)&hmac_misc;
hmac_size = sizeof(*hmac);
@@ -146,7 +146,7 @@ index d7352d87ef71..ec1fed395656 100644
hmac->generation = generation;
hmac->uid = st.st_uid;
hmac->gid = st.st_gid;
-@@ -960,7 +994,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
hmac_size = sizeof(*hmac);
@@ -155,7 +155,7 @@ index d7352d87ef71..ec1fed395656 100644
hmac->generation = generation;
hmac->uid = st.st_uid;
hmac->gid = st.st_gid;
-@@ -969,7 +1003,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
hmac_size = sizeof(*hmac);
@@ -164,48 +164,48 @@ index d7352d87ef71..ec1fed395656 100644
hmac->generation = generation;
hmac->uid = st.st_uid;
hmac->gid = st.st_gid;
-@@ -1494,6 +1528,9 @@ static void usage(void)
+@@ -1666,6 +1700,9 @@ static void usage(void)
" --smack use extra SMACK xattrs for EVM\n"
" --m32 force EVM hmac/signature for 32 bit target system\n"
" --m64 force EVM hmac/signature for 64 bit target system\n"
+ " -m, --image image generation mode:\n"
+ " Read inode number from xattr 'user.image-inode-number',\n"
+ " and force inode generation to 0.\n"
- " -v increase verbosity level\n"
- " -h, --help display this help and exit\n"
- "\n");
-@@ -1533,6 +1570,7 @@ static struct option opts[] = {
+ " --ino use custom inode for EVM\n"
+ " --uid use custom UID for EVM\n"
+ " --gid use custom GID for EVM\n"
+@@ -1716,6 +1753,7 @@ static struct option opts[] = {
{"recursive", 0, 0, 'r'},
{"m32", 0, 0, '3'},
{"m64", 0, 0, '6'},
+ {"image", 0, 0, 'm'},
- {"smack", 0, 0, 256},
- {"version", 0, 0, 257},
- {}
-@@ -1581,7 +1619,7 @@ int main(int argc, char *argv[])
+ {"portable", 0, 0, 'o'},
+ {"smack", 0, 0, 128},
+ {"version", 0, 0, 129},
+@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[])
g_argc = argc;
while (1) {
-- c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind);
-+ c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:rim", opts, &lind);
+- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
++ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind);
if (c == -1)
break;
-@@ -1648,6 +1686,9 @@ int main(int argc, char *argv[])
+@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[])
case '6':
msize = 64;
break;
+ case 'm':
+ params.image_mode = true;
+ break;
- case 256:
+ case 128:
evm_config_xattrnames = evm_extra_smack_xattrs;
break;
diff --git a/src/imaevm.h b/src/imaevm.h
-index ef7858b8faa0..79f70974015a 100644
+index ed92e4d8981d..7e32d09c6538 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
-@@ -181,6 +181,7 @@ struct libevm_params {
+@@ -182,6 +182,7 @@ struct libevm_params {
const char *evm_hash_algo;
const char *keyfile;
const char *keypass;
@@ -214,7 +214,7 @@ index ef7858b8faa0..79f70974015a 100644
struct RSA_ASN1_template {
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 595908395514..ea8e4f41488c 100644
+index 4c093a038b72..866f74b39b41 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -40,6 +40,7 @@
@@ -233,7 +233,7 @@ index 595908395514..ea8e4f41488c 100644
#include <openssl/pem.h>
#include <openssl/evp.h>
-@@ -223,7 +225,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
}
while ((de = readdir(dir))) {
diff --git a/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
similarity index 89%
rename from patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
rename to patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
index e90c5dcf2..12b77a132 100644
--- a/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
+++ b/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
@@ -15,10 +15,10 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
1 file changed, 3 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index ea8e4f41488c..29d50c99c733 100644
+index 866f74b39b41..834b738426bf 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
-@@ -225,6 +225,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
}
while ((de = readdir(dir))) {
diff --git a/patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
similarity index 100%
rename from patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch
rename to patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
new file mode 100644
index 000000000..80073f19a
--- /dev/null
+++ b/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
@@ -0,0 +1,28 @@
+From: Juergen Borleis <jbe@pengutronix.de>
+Date: Wed, 18 Nov 2015 15:15:15 +0100
+Subject: [PATCH] Fix warning for non-debug use case
+
+This change fixes:
+
+ evmctl.c:1194:12: warning: 'cmd_hmac_evm' defined but not used [-Wunused-function]
+
+Note: this change is GCC specific
+
+Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
+---
+ src/evmctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/evmctl.c b/src/evmctl.c
+index 9003f7640c0f..4422c0e84d4a 100644
+--- a/src/evmctl.c
++++ b/src/evmctl.c
+@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key)
+ return 0;
+ }
+
+-static int cmd_hmac_evm(struct command *cmd)
++static __attribute__((unused)) int cmd_hmac_evm(struct command *cmd)
+ {
+ const char *key, *file = g_argv[optind++];
+ int err;
diff --git a/patches/ima-evm-utils-1.0/autogen.sh b/patches/ima-evm-utils-1.1/autogen.sh
similarity index 100%
rename from patches/ima-evm-utils-1.0/autogen.sh
rename to patches/ima-evm-utils-1.1/autogen.sh
diff --git a/patches/ima-evm-utils-1.0/series b/patches/ima-evm-utils-1.1/series
similarity index 86%
rename from patches/ima-evm-utils-1.0/series
rename to patches/ima-evm-utils-1.1/series
index fcd6547a8..784fc0147 100644
--- a/patches/ima-evm-utils-1.0/series
+++ b/patches/ima-evm-utils-1.1/series
@@ -11,4 +11,5 @@
0009-evmctl-add-support-for-offline-image-preparation.patch
0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
0011-HACK-don-t-generate-man-page.patch
-# fd0c40bbcc8fc866030c326fe29b69aa - git-ptx-patches magic
+0012-Fix-warning-for-non-debug-use-case.patch
+# 25e6f60853e6b27e45f386bbca0730ab - git-ptx-patches magic
diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
index ed829a8c5..80964fc43 100644
--- a/rules/ima-evm-utils.make
+++ b/rules/ima-evm-utils.make
@@ -17,11 +17,11 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils
#
# Paths and names
#
-IMA_EVM_UTILS_VERSION := 1.0
-IMA_EVM_UTILS_MD5 := d0e4a4fb92b8fc7c22dfd092c50568ae
+IMA_EVM_UTILS_VERSION := 1.1
+IMA_EVM_UTILS_MD5 := 77455aeee54fdc7a70c733bcb65d33cc
IMA_EVM_UTILS := ima-evm-utils-$(IMA_EVM_UTILS_VERSION)
IMA_EVM_UTILS_SUFFIX := tar.gz
-IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
+IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
IMA_EVM_UTILS_SOURCE := $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)
IMA_EVM_UTILS_DIR := $(BUILDDIR)/$(IMA_EVM_UTILS)
IMA_EVM_UTILS_LICENSE := LGPL-2.0-or-later
--
2.11.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
reply other threads:[~2019-02-22 8:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190222082910.32274-1-jbe@pengutronix.de \
--to=jbe@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox