* [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement
@ 2021-06-16 16:16 Roland Hieber
2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v1 -> v2:
* fix unknown-exception -> custom-exception
PATCH v1: https://lore.ptxdist.org/ptxdist/20210611121842.GH839947@pengutronix.de
---
rules/ima-evm-utils.make | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
index 1c5e15b1415f..3a0ce4660c87 100644
--- a/rules/ima-evm-utils.make
+++ b/rules/ima-evm-utils.make
@@ -2,6 +2,7 @@
#
# Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
# 2015 by Marc Kleine-Budde <mkl@pengutronix.de>
+# 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
#
# For further information about the PTXdist project and license conditions
# see the README file.
@@ -22,7 +23,10 @@ IMA_EVM_UTILS_SUFFIX := tar.gz
IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
IMA_EVM_UTILS_SOURCE := $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)
IMA_EVM_UTILS_DIR := $(BUILDDIR)/$(IMA_EVM_UTILS)
-IMA_EVM_UTILS_LICENSE := LGPL-2.0-or-later
+IMA_EVM_UTILS_LICENSE := GPL-2.0-only WITH custom-exception
+IMA_EVM_UTILS_LICENSE_FILES := \
+ file://src/evmctl.c;startline=13;endline=35;md5=1e6e51503ab04045269a92c0bc5d5b55 \
+ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
# ----------------------------------------------------------------------------
# Prepare
--
2.29.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2
2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
@ 2021-06-16 16:16 ` Roland Hieber
2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich
2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
2021-06-29 5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich
2 siblings, 1 reply; 6+ messages in thread
From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Changes to the patch queue:
* (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS":
replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES
with AM_CPPFLAGS")
* (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …":
replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig
buffer sizes and add asserts")
* (old 0008) "evmctl: add parameter -e to set evm hash algo":
replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding
of SHA1 in EVM signatures"), which uses the already existing -a
parameter for this functionality now too.
* (old 0009) "evmctl: add support for offline image preparation":
port the refactoring from upstream commit c317d4618f92d4dd65
("Namespace some too generic object names"). Also _GNU_SOURCE is now
already defined by configure, and will generate a warning when
redefined, so drop its definition here.
* (old 0011, new 0009) "HACK: don't generate the man page":
expand patch to make sure the manpages are really not built and
generate an error looking for "asciidoc", even when the XSL stylesheet
is detected on the build host
* (old 0013) "evmctl: use correct include for xattr.h":
replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct
include for xattr.h")
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v1 -> v2:
* update to version 1.3.2
* port existing patches
PATCH v1: https://lore.ptxdist.org/ptxdist/20210607130909.4836-5-rhi@pengutronix.de
---
...efile.am-rename-INCLUDES-AM_CPPFLAGS.patch | 40 ------
...-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch | 73 ----------
...add-parameter-e-to-set-evm-hash-algo.patch | 133 ------------------
.../0011-HACK-don-t-generate-man-page.patch | 19 ---
...mctl-use-correct-include-for-xattr.h.patch | 80 -----------
patches/ima-evm-utils-1.1/series | 16 ---
...ile-at-it-s-autogenerated-by-autotoo.patch | 0
...d-add-missing-closedir-dir-on-error.patch} | 6 +-
...issing-error-handling-and-propagate.patch} | 6 +-
...back-definitions-for-XATTR_NAME_IMA.patch} | 8 +-
..._DIGEST_LENGTH-instead-of-open-codi.patch} | 6 +-
...pport-for-offline-image-preparation.patch} | 76 +++++-----
...ount-.-and-.-for-directory-hash-gen.patch} | 6 +-
...-Fix-warning-for-non-debug-use-case.patch} | 4 +-
...009-HACK-don-t-generate-the-man-page.patch | 60 ++++++++
.../autogen.sh | 0
patches/ima-evm-utils-1.3.2/series | 12 ++
rules/ima-evm-utils.make | 7 +-
18 files changed, 128 insertions(+), 424 deletions(-)
delete mode 100644 patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
delete mode 100644 patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
delete mode 100644 patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
delete mode 100644 patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
delete mode 100644 patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
delete mode 100644 patches/ima-evm-utils-1.1/series
rename patches/{ima-evm-utils-1.1 => ima-evm-utils-1.3.2}/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch (100%)
rename patches/{ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch => ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch} (79%)
rename patches/{ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch => ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch} (87%)
rename patches/{ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch => ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch} (80%)
rename patches/{ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch => ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch} (76%)
rename patches/{ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch => ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch} (78%)
rename patches/{ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch => ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch} (86%)
rename patches/{ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch => ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch} (86%)
create mode 100644 patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch
rename patches/{ima-evm-utils-1.1 => ima-evm-utils-1.3.2}/autogen.sh (100%)
create mode 100644 patches/ima-evm-utils-1.3.2/series
diff --git a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
deleted file mode 100644
index cb09b8d78f8a..000000000000
--- a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Marc Kleine-Budde <mkl@pengutronix.de>
-Date: Wed, 27 May 2015 10:41:27 +0200
-Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS
-
-This patch fixes the following warning during autoreconf:
-
-| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
-
-Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
----
- src/Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index deb18fb09dc7..9f547283d535 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -1,7 +1,7 @@
- lib_LTLIBRARIES = libimaevm.la
-
- libimaevm_la_SOURCES = libimaevm.c
--libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
-+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
- # current[:revision[:age]]
- # result: [current-age].age.revision
- libimaevm_la_LDFLAGS = -version-info 0:0:0
-@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h
- bin_PROGRAMS = evmctl
-
- evmctl_SOURCES = evmctl.c
--evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
-+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
- evmctl_LDFLAGS = $(LDFLAGS_READLINE)
- evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la
-
--INCLUDES = -I$(top_srcdir) -include config.h
-+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
-
- DISTCLEANFILES = @DISTCLEANFILES@
-
diff --git a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
deleted file mode 100644
index a3cd597f82d6..000000000000
--- a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From: Marc Kleine-Budde <mkl@pengutronix.de>
-Date: Sat, 26 Mar 2016 22:58:07 +0100
-Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead
- of open coding it
-
-Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
----
- src/evmctl.c | 10 +++++-----
- src/libimaevm.c | 2 +-
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/evmctl.c b/src/evmctl.c
-index de53be37b69b..b0f3b6362528 100644
---- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
-
- static int sign_evm(const char *file, const char *key)
- {
-- unsigned char hash[20];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- unsigned char sig[1024];
- int len, err;
-
-@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
-
- static int hash_ima(const char *file)
- {
-- unsigned char hash[66]; /* MAX hash size + 2 */
-+ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */
- int len, err, offset;
- int algo = get_hash_algo(params.hash_algo);
-
-@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
-
- static int sign_ima(const char *file, const char *key)
- {
-- unsigned char hash[64];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- unsigned char sig[1024];
- int len, err;
-
-@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
-
- static int verify_evm(const char *file)
- {
-- unsigned char hash[20];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- unsigned char sig[1024];
- int len;
-
-@@ -1119,7 +1119,7 @@ out:
-
- static int hmac_evm(const char *file, const char *key)
- {
-- unsigned char hash[20];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- unsigned char sig[1024];
- int len, err;
-
-diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 6fa0ed4a1c74..8fc23be08bd7 100644
---- a/src/libimaevm.c
-+++ b/src/libimaevm.c
-@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
- int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
- unsigned char *digest, int digestlen)
- {
-- unsigned char hash[64];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- int hashlen, sig_hash_algo;
-
- if (sig[0] != 0x03) {
diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
deleted file mode 100644
index 488dfa822286..000000000000
--- a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
-Date: Tue, 8 Mar 2016 13:46:14 +0100
-Subject: [PATCH] evmctl: add parameter -e to set evm hash algo
-
-The paramter -a sets the hash algorithm only for IMA. To not break
-anything, add a new parameter -e to be able to change the hash for
-EVM, too.
-
-Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
----
- src/evmctl.c | 27 +++++++++++++++++++++++----
- src/imaevm.h | 1 +
- src/libimaevm.c | 1 +
- 3 files changed, 25 insertions(+), 4 deletions(-)
-
-diff --git a/src/evmctl.c b/src/evmctl.c
-index b0f3b6362528..5d664005e915 100644
---- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- #else
- pctx = EVP_MD_CTX_new();
- #endif
-+ const EVP_MD *md;
-
- if (lstat(file, &st)) {
- log_err("Failed to stat: %s\n", file);
-@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- return -1;
- }
-
-- err = EVP_DigestInit(pctx, EVP_sha1());
-+ md = EVP_get_digestbyname(params.evm_hash_algo);
-+ if (!md) {
-+ log_err("EVP_get_digestbyname() failed\n");
-+ return 1;
-+ }
-+
-+ err = EVP_DigestInit(pctx, md);
- if (!err) {
- log_err("EVP_DigestInit() failed\n");
- return 1;
-@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
- if (len <= 1)
- return len;
-
-- len = sign_hash("sha1", hash, len, key, NULL, sig + 1);
-+ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1);
- if (len <= 1)
- return len;
-
-@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- #else
- pctx = HMAC_CTX_new();
- #endif
-+ const EVP_MD *md;
-
- key = file2bin(keyfile, NULL, &keylen);
- if (!key) {
-@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- goto out;
- }
-
-- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
-+ md = EVP_get_digestbyname(params.evm_hash_algo);
-+ if (!md) {
-+ log_err("EVP_get_digestbyname() failed\n");
-+ return 1;
-+ }
-+
-+ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
- if (err) {
- log_err("HMAC_Init() failed\n");
- goto out;
-@@ -1635,6 +1649,7 @@ static void usage(void)
- printf(
- "\n"
- " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n"
-+ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, sha512\n"
- " -s, --imasig make IMA signature\n"
- " -d, --imahash make IMA hash\n"
- " -f, --sigfile store IMA signature in .sig file instead of xattr\n"
-@@ -1691,6 +1706,7 @@ static struct option opts[] = {
- {"imasig", 0, 0, 's'},
- {"imahash", 0, 0, 'd'},
- {"hashalgo", 1, 0, 'a'},
-+ {"evmhashalgo", 1, 0, 'e'},
- {"pass", 2, 0, 'p'},
- {"sigfile", 0, 0, 'f'},
- {"uuid", 2, 0, 'u'},
-@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
- g_argc = argc;
-
- while (1) {
-- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
-+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
- if (c == -1)
- break;
-
-@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
- case 'a':
- params.hash_algo = optarg;
- break;
-+ case 'e':
-+ params.evm_hash_algo = optarg;
-+ break;
- case 'p':
- if (optarg)
- params.keypass = optarg;
-diff --git a/src/imaevm.h b/src/imaevm.h
-index 1bafaad0f4ab..ed92e4d8981d 100644
---- a/src/imaevm.h
-+++ b/src/imaevm.h
-@@ -179,6 +179,7 @@ struct libevm_params {
- int verbose;
- int x509;
- const char *hash_algo;
-+ const char *evm_hash_algo;
- const char *keyfile;
- const char *keypass;
- };
-diff --git a/src/libimaevm.c b/src/libimaevm.c
-index b6c328801708..4c093a038b72 100644
---- a/src/libimaevm.c
-+++ b/src/libimaevm.c
-@@ -129,6 +129,7 @@ struct libevm_params params = {
- .verbose = LOG_INFO - 1,
- .x509 = 1,
- .hash_algo = "sha1",
-+ .evm_hash_algo = "sha1",
- };
-
- static void __attribute__ ((constructor)) libinit(void);
diff --git a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
deleted file mode 100644
index bb44e8d6c2be..000000000000
--- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Wed, 3 Jun 2015 16:08:51 +0200
-Subject: [PATCH] HACK: don't generate man page
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Makefile.am | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 06ebf59ea4aa..e527f34f1faa 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1,5 +1,4 @@
- SUBDIRS = src
--dist_man_MANS = evmctl.1
-
- doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
- EXTRA_DIST = autogen.sh $(doc_DATA)
diff --git a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
deleted file mode 100644
index 3157c711a065..000000000000
--- a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net>
-Date: Mon, 17 Oct 2016 12:45:32 +0100
-Subject: [PATCH] evmctl: use correct include for xattr.h
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The xattr API/ABI is provided by both the c-library, as well as by the
-libattr package. The c-library's header file is sys/xattr.h, whereas
-libattr's header file can be found in attr/xattr.h.
-
-Given none of the code here *links* against the libattr.so shared library, it
-is wrong to *compile* against libattr's API (header file).
-
-Doing so avoids confusion as to which xattr.h is used as the least problem,
-and potential ABI differences as the worst problem due the mismatching header
-file used.
-
-So make sure we compile and link against the same thing, the c-library in
-both cases.
-
-Signed-off-by: André Draszik <git@andred.net>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
----
- configure.ac | 2 +-
- packaging/ima-evm-utils.spec | 1 -
- packaging/ima-evm-utils.spec.in | 1 -
- src/evmctl.c | 2 +-
- 4 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 6822f39cff69..06d061bc94ea 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS)
- AC_CHECK_HEADER(unistd.h)
- AC_CHECK_HEADERS(openssl/conf.h)
-
--AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])])
-+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
- AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
-
- #debug support - yes for a while
-diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec
-index a11a27a18815..63388d2b444b 100644
---- a/packaging/ima-evm-utils.spec
-+++ b/packaging/ima-evm-utils.spec
-@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
- BuildRequires: autoconf
- BuildRequires: automake
- BuildRequires: openssl-devel
--BuildRequires: libattr-devel
- BuildRequires: keyutils-libs-devel
-
- %description
-diff --git a/packaging/ima-evm-utils.spec.in b/packaging/ima-evm-utils.spec.in
-index 7ca6c6fb3b0d..65c32f9e6445 100644
---- a/packaging/ima-evm-utils.spec.in
-+++ b/packaging/ima-evm-utils.spec.in
-@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
- BuildRequires: autoconf
- BuildRequires: automake
- BuildRequires: openssl-devel
--BuildRequires: libattr-devel
- BuildRequires: keyutils-libs-devel
-
- %description
-diff --git a/src/evmctl.c b/src/evmctl.c
-index 4422c0e84d4a..02eb84d4c341 100644
---- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -49,7 +49,7 @@
- #include <stdint.h>
- #include <string.h>
- #include <dirent.h>
--#include <attr/xattr.h>
-+#include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <getopt.h>
- #include <keyutils.h>
diff --git a/patches/ima-evm-utils-1.1/series b/patches/ima-evm-utils-1.1/series
deleted file mode 100644
index 6fb042465042..000000000000
--- a/patches/ima-evm-utils-1.1/series
+++ /dev/null
@@ -1,16 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
-0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
-0003-evmctl-find-add-missing-closedir-dir-on-error.patch
-0004-evmctl-find-add-missing-error-handling-and-propagate.patch
-0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
-0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
-0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
-0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
-0009-evmctl-add-support-for-offline-image-preparation.patch
-0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
-0011-HACK-don-t-generate-man-page.patch
-0012-Fix-warning-for-non-debug-use-case.patch
-0013-evmctl-use-correct-include-for-xattr.h.patch
-# 5032e96fb6da7cb77f053c2b5a6edc44 - git-ptx-patches magic
diff --git a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.3.2/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
similarity index 100%
rename from patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
rename to patches/ima-evm-utils-1.3.2/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
diff --git a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch
similarity index 79%
rename from patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
rename to patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch
index 4b1c84584479..5c91c4621a76 100644
--- a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
+++ b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch
@@ -10,10 +10,10 @@
1 file changed, 2 insertions(+)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 2ffee786865b..20eccfa93b2b 100644
+index 1815f55d73e0..cca2fabdb2a6 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t func)
if (fchdir(dirfd(dir))) {
log_err("Failed to chdir %s\n", path);
@@ -21,7 +21,7 @@ @@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
return -1;
}
-@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t func)
if (chdir("..")) {
log_err("Failed to chdir: %s\n", path);
diff --git a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch
similarity index 87%
rename from patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
rename to patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch
index 68660d95eda0..62471489a9f2 100644
--- a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
+++ b/patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch
@@ -12,10 +12,10 @@
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 20eccfa93b2b..55fc619f5990 100644
+index cca2fabdb2a6..e6761f2ae5e4 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t func)
}
while ((de = readdir(dir))) {
@@ -38,7 +38,7 @@ @@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t fun
}
if (chdir("..")) {
-@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t func)
return -1;
}
diff --git a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
similarity index 80%
rename from patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
rename to patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
index 69aadb377668..0de24af6a0e7 100644
--- a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
+++ b/patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
@@ -10,12 +10,12 @@
1 file changed, 5 insertions(+)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 55fc619f5990..de53be37b69b 100644
+index e6761f2ae5e4..a1fd9feaea78 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -62,6 +62,11 @@
- #include <openssl/err.h>
- #include <openssl/rsa.h>
+@@ -72,6 +72,11 @@
+ #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX
+ #endif
+#ifndef XATTR_NAME_IMA
+#define XATTR_IMA_SUFFIX "ima"
diff --git a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
similarity index 76%
rename from patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
rename to patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
index 2164c6238e78..e20cfaa826df 100644
--- a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
+++ b/patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
@@ -8,10 +8,10 @@
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 8fc23be08bd7..b6c328801708 100644
+index fa6c27858d0f..002b0657337c 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
-@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size,
+@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
SHA_CTX ctx;
unsigned char out[1024];
RSA *key;
@@ -20,7 +20,7 @@ @@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *ha
struct signature_hdr *hdr = (struct signature_hdr *)sig;
log_info("hash-v1: ");
-@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
+@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash,
unsigned char pub[1024];
RSA *key;
char name[20];
diff --git a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch
similarity index 78%
rename from patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
rename to patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch
index 6d9b40fc5b43..75d92734190c 100644
--- a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
+++ b/patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch
@@ -33,29 +33,29 @@
---
src/evmctl.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++--------
src/imaevm.h | 1 +
- src/libimaevm.c | 25 ++++++++++++++++++++++++-
- 3 files changed, 74 insertions(+), 9 deletions(-)
+ src/libimaevm.c | 24 +++++++++++++++++++++++-
+ 3 files changed, 73 insertions(+), 9 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 5d664005e915..9003f7640c0f 100644
+index a1fd9feaea78..a4d784a5bfb6 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ #else
pctx = EVP_MD_CTX_new();
#endif
- const EVP_MD *md;
+ ino_t ino;
if (lstat(file, &st)) {
log_err("Failed to stat: %s\n", file);
-@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
}
close(fd);
}
- log_info("generation: %u\n", generation);
}
-+ if (params.image_mode) {
++ if (imaevm_params.image_mode) {
+ char buf[128] = { };
+
+ err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
@@ -75,7 +75,7 @@ @@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *h
list_size = llistxattr(file, list, sizeof(list));
if (list_size < 0) {
log_err("llistxattr() failed\n");
-@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
hmac_size = sizeof(*hmac);
if (!evm_portable) {
@@ -84,7 +84,7 @@ @@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha
hmac->generation = generation;
}
hmac->uid = st.st_uid;
-@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
hmac_size = sizeof(*hmac);
if (!evm_portable) {
@@ -93,7 +93,7 @@ @@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha
hmac->generation = generation;
}
hmac->uid = st.st_uid;
-@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
hmac_size = sizeof(*hmac);
if (!evm_portable) {
@@ -102,19 +102,19 @@ @@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha
hmac->generation = generation;
}
hmac->uid = st.st_uid;
-@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ #else
pctx = HMAC_CTX_new();
#endif
- const EVP_MD *md;
+ ino_t ino;
key = file2bin(keyfile, NULL, &keylen);
if (!key) {
-@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
close(fd);
}
-+ if (params.image_mode) {
++ if (imaevm_params.image_mode) {
+ char buf[128] = { };
+
+ err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
@@ -137,7 +137,7 @@ @@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *k
log_err("llistxattr() failed: %s\n", file);
goto out;
}
-@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
struct h_misc *hmac = (struct h_misc *)&hmac_misc;
hmac_size = sizeof(*hmac);
@@ -146,7 +146,7 @@ @@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *key
hmac->generation = generation;
hmac->uid = st.st_uid;
hmac->gid = st.st_gid;
-@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
hmac_size = sizeof(*hmac);
@@ -155,7 +155,7 @@ @@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *key
hmac->generation = generation;
hmac->uid = st.st_uid;
hmac->gid = st.st_gid;
-@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
hmac_size = sizeof(*hmac);
@@ -164,7 +164,7 @@ @@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *key
hmac->generation = generation;
hmac->uid = st.st_uid;
hmac->gid = st.st_gid;
-@@ -1666,6 +1700,9 @@ static void usage(void)
+@@ -2476,6 +2510,9 @@ static void usage(void)
" --smack use extra SMACK xattrs for EVM\n"
" --m32 force EVM hmac/signature for 32 bit target system\n"
" --m64 force EVM hmac/signature for 64 bit target system\n"
@@ -174,7 +174,7 @@ @@ -1666,6 +1700,9 @@ static void usage(void)
" --ino use custom inode for EVM\n"
" --uid use custom UID for EVM\n"
" --gid use custom GID for EVM\n"
-@@ -1716,6 +1753,7 @@ static struct option opts[] = {
+@@ -2528,6 +2565,7 @@ static struct option opts[] = {
{"recursive", 0, 0, 'r'},
{"m32", 0, 0, '3'},
{"m64", 0, 0, '6'},
@@ -182,31 +182,31 @@ @@ -1716,6 +1753,7 @@ static struct option opts[] = {
{"portable", 0, 0, 'o'},
{"smack", 0, 0, 128},
{"version", 0, 0, 129},
-@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[])
+@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[])
g_argc = argc;
while (1) {
-- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
-+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind);
+- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
++ c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, &lind);
if (c == -1)
break;
-@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[])
+@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[])
case '6':
msize = 64;
break;
+ case 'm':
-+ params.image_mode = true;
++ imaevm_params.image_mode = true;
+ break;
case 128:
evm_config_xattrnames = evm_extra_smack_xattrs;
break;
diff --git a/src/imaevm.h b/src/imaevm.h
-index ed92e4d8981d..7e32d09c6538 100644
+index 45039199ab31..2f78a31ab438 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
-@@ -182,6 +182,7 @@ struct libevm_params {
- const char *evm_hash_algo;
+@@ -196,6 +196,7 @@ struct libimaevm_params {
+ const char *hash_algo;
const char *keyfile;
const char *keypass;
+ bool image_mode;
@@ -214,31 +214,23 @@ @@ -182,6 +182,7 @@ struct libevm_params {
struct RSA_ASN1_template {
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 4c093a038b72..866f74b39b41 100644
+index 002b0657337c..1cdf1dc590cc 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
-@@ -40,6 +40,7 @@
-
- /* should we use logger instead for library? */
- #define USE_FPRINTF
-+#define _GNU_SOURCE
-
- #include <sys/types.h>
- #include <sys/param.h>
-@@ -49,6 +50,7 @@
- #include <dirent.h>
- #include <string.h>
+@@ -51,6 +51,7 @@
#include <stdio.h>
+ #include <assert.h>
+ #include <ctype.h>
+#include <sys/xattr.h>
+ #include <openssl/crypto.h>
#include <openssl/pem.h>
- #include <openssl/evp.h>
-@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
}
while ((de = readdir(dir))) {
- ino = de->d_ino;
-+ if (params.image_mode) {
++ if (imaevm_params.image_mode) {
+ char *name;
+ char buf[128] = { };
+
diff --git a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
similarity index 86%
rename from patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
rename to patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
index 12b77a132002..251f7136b42b 100644
--- a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
+++ b/patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
@@ -15,16 +15,16 @@
1 file changed, 3 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 866f74b39b41..834b738426bf 100644
+index 1cdf1dc590cc..6bb0b0757c42 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
-@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
}
while ((de = readdir(dir))) {
+ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
+ continue;
+
- if (params.image_mode) {
+ if (imaevm_params.image_mode) {
char *name;
char buf[128] = { };
diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch
similarity index 86%
rename from patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
rename to patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch
index 80073f19aaf5..2cddf569a91d 100644
--- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
+++ b/patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch
@@ -14,10 +14,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
-index 9003f7640c0f..4422c0e84d4a 100644
+index a4d784a5bfb6..7c1f15082615 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key)
+@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key)
return 0;
}
diff --git a/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch b/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch
new file mode 100644
index 000000000000..b0c39f6ee75a
--- /dev/null
+++ b/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch
@@ -0,0 +1,60 @@
+From: Roland Hieber <rhi@pengutronix.de>
+Date: Mon, 14 Jun 2021 01:52:53 +0200
+Subject: [PATCH] HACK: don't generate the man page
+
+Also prevent host path leakage for
+/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl,
+which is autodetected by EVMCTL_MANPAGE_DOCBOOK_XSL when it exists on
+the build host.
+
+Signed-off-by: Roland Hieber <rhi@pengutronix.de>
+---
+ Makefile.am | 18 ------------------
+ configure.ac | 2 --
+ 2 files changed, 20 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 17fd478eff2f..26e3d4843d0e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,7 +1,4 @@
+ SUBDIRS = src tests
+-if MANPAGE_DOCBOOK_XSL
+-dist_man_MANS = evmctl.1
+-endif
+
+ doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
+ EXTRA_DIST = autogen.sh $(doc_DATA)
+@@ -25,19 +22,4 @@ rpm: $(tarname)
+ cp $(tarname) $(SRCS)/
+ rpmbuild -ba --nodeps $(SPEC)
+
+-if MANPAGE_DOCBOOK_XSL
+-evmctl.1.html: README
+- @asciidoc -o $@ $<
+-
+-evmctl.1:
+- asciidoc -d manpage -b docbook -o evmctl.1.xsl README
+- xsltproc --nonet -o $@ $(MANPAGE_DOCBOOK_XSL) evmctl.1.xsl
+- rm -f evmctl.1.xsl
+-
+-rmman:
+- rm -f evmctl.1
+-
+-doc: evmctl.1.html rmman evmctl.1
+-endif
+-
+ .PHONY: $(tarname)
+diff --git a/configure.ac b/configure.ac
+index e1ed1000858c..6cc076713453 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -56,8 +56,6 @@ else
+ CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
+ fi
+
+-EVMCTL_MANPAGE_DOCBOOK_XSL
+-
+ # for gcov
+ #CFLAGS="$CFLAGS -Wall -fprofile-arcs -ftest-coverage"
+ #CXXFLAGS="$CXXFLAGS -Wall -fprofile-arcs -ftest-coverage"
diff --git a/patches/ima-evm-utils-1.1/autogen.sh b/patches/ima-evm-utils-1.3.2/autogen.sh
similarity index 100%
rename from patches/ima-evm-utils-1.1/autogen.sh
rename to patches/ima-evm-utils-1.3.2/autogen.sh
diff --git a/patches/ima-evm-utils-1.3.2/series b/patches/ima-evm-utils-1.3.2/series
new file mode 100644
index 000000000000..0ff0d9aef8e1
--- /dev/null
+++ b/patches/ima-evm-utils-1.3.2/series
@@ -0,0 +1,12 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
+0002-evmctl-find-add-missing-closedir-dir-on-error.patch
+0003-evmctl-find-add-missing-error-handling-and-propagate.patch
+0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
+0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
+0006-evmctl-add-support-for-offline-image-preparation.patch
+0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
+0008-Fix-warning-for-non-debug-use-case.patch
+0009-HACK-don-t-generate-the-man-page.patch
+# 537ff71d727921132bf8bd9102e3a3e3 - git-ptx-patches magic
diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
index 3a0ce4660c87..6f483ec8c935 100644
--- a/rules/ima-evm-utils.make
+++ b/rules/ima-evm-utils.make
@@ -1,7 +1,7 @@
# -*-makefile-*-
#
# Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
-# 2015 by Marc Kleine-Budde <mkl@pengutronix.de>
+# 2015, 2020 by Marc Kleine-Budde <mkl@pengutronix.de>
# 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
#
# For further information about the PTXdist project and license conditions
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils
#
# Paths and names
#
-IMA_EVM_UTILS_VERSION := 1.1
-IMA_EVM_UTILS_MD5 := 77455aeee54fdc7a70c733bcb65d33cc
+IMA_EVM_UTILS_VERSION := 1.3.2
+IMA_EVM_UTILS_MD5 := 55cc0e2c77a725f722833c3b4a36038c
IMA_EVM_UTILS := ima-evm-utils-$(IMA_EVM_UTILS_VERSION)
IMA_EVM_UTILS_SUFFIX := tar.gz
IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
@@ -35,6 +35,7 @@ IMA_EVM_UTILS_LICENSE_FILES := \
IMA_EVM_UTILS_CONF_TOOL := autoconf
IMA_EVM_UTILS_AUTOCONF := \
$(CROSS_AUTOCONF_USR) \
+ --enable-openssl-conf \
--disable-debug
# ----------------------------------------------------------------------------
--
2.29.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional
2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
@ 2021-06-16 16:16 ` Roland Hieber
2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich
2021-06-29 5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich
2 siblings, 1 reply; 6+ messages in thread
From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
This reduces the dependency graph and can therefore decrease boot time
on systems that are configured with a static hostname, and which do not
use quota. With this, /usr/share/dbus-1/system-services/ may no longer
contain any service definitions, so add an empty kconfig option for it.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v1 -> v2:
* order the new promptable options next to the other promptable options
* set "default y" for both new options to keep compatibility
PATCH v1: https://lore.ptxdist.org/ptxdist/20210607130909.4836-7-rhi@pengutronix.de
---
rules/systemd.in | 23 +++++++++++++++++++++++
rules/systemd.make | 12 ++++++++----
2 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/rules/systemd.in b/rules/systemd.in
index 854c344d5441..0c6dcb317613 100644
--- a/rules/systemd.in
+++ b/rules/systemd.in
@@ -56,11 +56,15 @@ comment "D-Bus is needed for the enabled features"
config SYSTEMD_DBUS
bool
+config SYSTEMD_DBUS_SERVICES
+ bool
+
config SYSTEMD_MICROHTTPD
bool
config SYSTEMD_LOCALES
bool
+ select SYSTEMD_DBUS_SERVICES
default LOCALES
config SYSTEMD_VCONSOLE
@@ -77,9 +81,19 @@ config SYSTEMD_DISABLE_RANDOM_SEED
the random seed is not possible.
Warning: enabling this option may be insecure.
+config SYSTEMD_HOSTNAMED
+ bool
+ default y
+ select SYSTEMD_DBUS_SERVICES
+ prompt "hostname daemon"
+ help
+ A tiny daemon that can be used to control the hostname and related
+ machine meta data from user programs.
+
config SYSTEMD_LOGIND
bool
select SYSTEMD_DBUS
+ select SYSTEMD_DBUS_SERVICES
prompt "login daemon"
config SYSTEMD_UNITS_USER
@@ -89,6 +103,7 @@ config SYSTEMD_UNITS_USER
config SYSTEMD_NETWORK
bool
+ select SYSTEMD_DBUS_SERVICES
prompt "network configuration with systemd"
config SYSTEMD_IPMASQUERADE
@@ -102,6 +117,7 @@ config SYSTEMD_TIMEDATE
bool
default y
select SYSTEMD_DBUS
+ select SYSTEMD_DBUS_SERVICES
prompt "date/time handling"
help
NTP client for time synchronization and local timezone handling.
@@ -122,6 +138,13 @@ config SYSTEMD_POLKIT
bool
default POLKIT
+config SYSTEMD_QUOTACHECK
+ bool
+ default y
+ prompt "disk quota support"
+ help
+ File system quota checker logic
+
menu "journald "
config SYSTEMD_XZ
diff --git a/rules/systemd.make b/rules/systemd.make
index 3a3621fe767e..929a76dd423e 100644
--- a/rules/systemd.make
+++ b/rules/systemd.make
@@ -95,7 +95,7 @@ SYSTEMD_CONF_OPT := \
-Dgshadow=false \
-Dhibernate=false \
-Dhomed=false \
- -Dhostnamed=true \
+ -Dhostnamed=$(call ptx/truefalse,PTXCONF_SYSTEMD_HOSTNAMED) \
-Dhtml=false \
-Dhwdb=$(call ptx/truefalse,PTXCONF_SYSTEMD_UDEV_HWDB) \
-Didn=false \
@@ -152,7 +152,7 @@ SYSTEMD_CONF_OPT := \
-Dpstore=false \
-Dpwquality=false \
-Dqrencode=false \
- -Dquotacheck=true \
+ -Dquotacheck=$(call ptx/truefalse,PTXCONF_SYSTEMD_QUOTACHECK) \
-Dquotacheck-path=/usr/sbin/quotacheck \
-Dquotaon-path=/usr/sbin/quotaon \
-Drandomseed=$(call ptx/falsetrue,PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED) \
@@ -248,7 +248,7 @@ SYSTEMD_HELPER := \
$(call ptx/ifdef, PTXCONF_SYSTEMD_COREDUMP,systemd-coredump) \
systemd-fsck \
systemd-growfs \
- systemd-hostnamed \
+ $(call ptx/ifdef, PTXCONF_SYSTEMD_HOSTNAMED,systemd-hostnamed) \
systemd-journald \
$(call ptx/ifdef, PTXCONF_SYSTEMD_JOURNAL_REMOTE,systemd-journal-remote) \
$(call ptx/ifdef, PTXCONF_SYSTEMD_LOCALES,systemd-localed) \
@@ -257,7 +257,7 @@ SYSTEMD_HELPER := \
systemd-modules-load \
$(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd) \
$(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd-wait-online) \
- systemd-quotacheck \
+ $(call ptx/ifdef, PTXCONF_SYSTEMD_QUOTACHECK,systemd-quotacheck) \
$(call ptx/ifdef, PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED,,systemd-random-seed) \
systemd-remount-fs \
systemd-reply-password \
@@ -347,7 +347,9 @@ $(STATEDIR)/systemd.targetinstall:
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-notify)
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-tmpfiles)
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/busctl)
+ifdef PTXCONF_SYSTEMD_HOSTNAMED
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/hostnamectl)
+endif
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-analyze)
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cat)
@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cgls)
@@ -377,9 +379,11 @@ $(STATEDIR)/systemd.targetinstall:
@$(call install_tree, systemd, 0, 0, -, /usr/lib/tmpfiles.d/)
@$(call install_copy, systemd, 0, 0, 0644, -, /usr/lib/sysctl.d/50-default.conf)
+ifdef PTXCONF_SYSTEMD_DBUS_SERVICES
@$(call install_copy, systemd, 0, 0, 0644, -, \
/usr/share/dbus-1/services/org.freedesktop.systemd1.service)
@$(call install_tree, systemd, 0, 0, -, /usr/share/dbus-1/system-services/)
+endif
# # systemd expects this directory to exist.
@$(call install_copy, systemd, 0, 0, 0755, /var/lib/systemd)
--
2.29.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [APPLIED] ima-evm-utils: fix license statement
2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
@ 2021-06-29 5:09 ` Michael Olbrich
2 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2021-06-29 5:09 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Thanks, applied as d21327b990789532d71a2316af46b39d10e79b61.
Michael
[sent from post-receive hook]
On Tue, 29 Jun 2021 07:09:10 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210616161655.15480-1-rhi@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
> index 1c5e15b1415f..3a0ce4660c87 100644
> --- a/rules/ima-evm-utils.make
> +++ b/rules/ima-evm-utils.make
> @@ -2,6 +2,7 @@
> #
> # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
> # 2015 by Marc Kleine-Budde <mkl@pengutronix.de>
> +# 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
> #
> # For further information about the PTXdist project and license conditions
> # see the README file.
> @@ -22,7 +23,10 @@ IMA_EVM_UTILS_SUFFIX := tar.gz
> IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
> IMA_EVM_UTILS_SOURCE := $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)
> IMA_EVM_UTILS_DIR := $(BUILDDIR)/$(IMA_EVM_UTILS)
> -IMA_EVM_UTILS_LICENSE := LGPL-2.0-or-later
> +IMA_EVM_UTILS_LICENSE := GPL-2.0-only WITH custom-exception
> +IMA_EVM_UTILS_LICENSE_FILES := \
> + file://src/evmctl.c;startline=13;endline=35;md5=1e6e51503ab04045269a92c0bc5d5b55 \
> + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
>
> # ----------------------------------------------------------------------------
> # Prepare
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [APPLIED] ima-evm-utils: version bump 1.1 -> 1.3.2
2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
@ 2021-06-29 5:09 ` Michael Olbrich
0 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2021-06-29 5:09 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Thanks, applied as 1024453d64fbae7fec6b7942bbc557805126dc53.
Michael
[sent from post-receive hook]
On Tue, 29 Jun 2021 07:09:11 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> Changes to the patch queue:
>
> * (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS":
> replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES
> with AM_CPPFLAGS")
>
> * (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …":
> replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig
> buffer sizes and add asserts")
>
> * (old 0008) "evmctl: add parameter -e to set evm hash algo":
> replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding
> of SHA1 in EVM signatures"), which uses the already existing -a
> parameter for this functionality now too.
>
> * (old 0009) "evmctl: add support for offline image preparation":
> port the refactoring from upstream commit c317d4618f92d4dd65
> ("Namespace some too generic object names"). Also _GNU_SOURCE is now
> already defined by configure, and will generate a warning when
> redefined, so drop its definition here.
>
> * (old 0011, new 0009) "HACK: don't generate the man page":
> expand patch to make sure the manpages are really not built and
> generate an error looking for "asciidoc", even when the XSL stylesheet
> is detected on the build host
>
> * (old 0013) "evmctl: use correct include for xattr.h":
> replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct
> include for xattr.h")
>
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210616161655.15480-2-rhi@pengutronix.de>
> [mol: use ac_cv_path_XMLCATALOG= instead of a patch, drop unnecessary INSTALL patch]
> [mol: make sure libtss2-esys/libtss2-rc are not used]
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
> deleted file mode 100644
> index c035197d9cc7..000000000000
> --- a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
> +++ /dev/null
> @@ -1,389 +0,0 @@
> -From: Marc Kleine-Budde <mkl@pengutronix.de>
> -Date: Wed, 18 Nov 2015 15:15:15 +0100
> -Subject: [PATCH] INSTALL: remove file, at it's autogenerated by autotools
> -
> -This patch remove the file "INSTALL" which is autogenerated during
> -./autogen.sh.
> -
> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ----
> - INSTALL | 370 ----------------------------------------------------------------
> - 1 file changed, 370 deletions(-)
> - delete mode 100644 INSTALL
> -
> -diff --git a/INSTALL b/INSTALL
> -deleted file mode 100644
> -index 007e9396d0a2..000000000000
> ---- a/INSTALL
> -+++ /dev/null
> -@@ -1,370 +0,0 @@
> --Installation Instructions
> --*************************
> --
> --Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
> --Inc.
> --
> -- Copying and distribution of this file, with or without modification,
> --are permitted in any medium without royalty provided the copyright
> --notice and this notice are preserved. This file is offered as-is,
> --without warranty of any kind.
> --
> --Basic Installation
> --==================
> --
> -- Briefly, the shell commands `./configure; make; make install' should
> --configure, build, and install this package. The following
> --more-detailed instructions are generic; see the `README' file for
> --instructions specific to this package. Some packages provide this
> --`INSTALL' file but do not implement all of the features documented
> --below. The lack of an optional feature in a given package is not
> --necessarily a bug. More recommendations for GNU packages can be found
> --in *note Makefile Conventions: (standards)Makefile Conventions.
> --
> -- The `configure' shell script attempts to guess correct values for
> --various system-dependent variables used during compilation. It uses
> --those values to create a `Makefile' in each directory of the package.
> --It may also create one or more `.h' files containing system-dependent
> --definitions. Finally, it creates a shell script `config.status' that
> --you can run in the future to recreate the current configuration, and a
> --file `config.log' containing compiler output (useful mainly for
> --debugging `configure').
> --
> -- It can also use an optional file (typically called `config.cache'
> --and enabled with `--cache-file=config.cache' or simply `-C') that saves
> --the results of its tests to speed up reconfiguring. Caching is
> --disabled by default to prevent problems with accidental use of stale
> --cache files.
> --
> -- If you need to do unusual things to compile the package, please try
> --to figure out how `configure' could check whether to do them, and mail
> --diffs or instructions to the address given in the `README' so they can
> --be considered for the next release. If you are using the cache, and at
> --some point `config.cache' contains results you don't want to keep, you
> --may remove or edit it.
> --
> -- The file `configure.ac' (or `configure.in') is used to create
> --`configure' by a program called `autoconf'. You need `configure.ac' if
> --you want to change it or regenerate `configure' using a newer version
> --of `autoconf'.
> --
> -- The simplest way to compile this package is:
> --
> -- 1. `cd' to the directory containing the package's source code and type
> -- `./configure' to configure the package for your system.
> --
> -- Running `configure' might take a while. While running, it prints
> -- some messages telling which features it is checking for.
> --
> -- 2. Type `make' to compile the package.
> --
> -- 3. Optionally, type `make check' to run any self-tests that come with
> -- the package, generally using the just-built uninstalled binaries.
> --
> -- 4. Type `make install' to install the programs and any data files and
> -- documentation. When installing into a prefix owned by root, it is
> -- recommended that the package be configured and built as a regular
> -- user, and only the `make install' phase executed with root
> -- privileges.
> --
> -- 5. Optionally, type `make installcheck' to repeat any self-tests, but
> -- this time using the binaries in their final installed location.
> -- This target does not install anything. Running this target as a
> -- regular user, particularly if the prior `make install' required
> -- root privileges, verifies that the installation completed
> -- correctly.
> --
> -- 6. You can remove the program binaries and object files from the
> -- source code directory by typing `make clean'. To also remove the
> -- files that `configure' created (so you can compile the package for
> -- a different kind of computer), type `make distclean'. There is
> -- also a `make maintainer-clean' target, but that is intended mainly
> -- for the package's developers. If you use it, you may have to get
> -- all sorts of other programs in order to regenerate files that came
> -- with the distribution.
> --
> -- 7. Often, you can also type `make uninstall' to remove the installed
> -- files again. In practice, not all packages have tested that
> -- uninstallation works correctly, even though it is required by the
> -- GNU Coding Standards.
> --
> -- 8. Some packages, particularly those that use Automake, provide `make
> -- distcheck', which can by used by developers to test that all other
> -- targets like `make install' and `make uninstall' work correctly.
> -- This target is generally not run by end users.
> --
> --Compilers and Options
> --=====================
> --
> -- Some systems require unusual options for compilation or linking that
> --the `configure' script does not know about. Run `./configure --help'
> --for details on some of the pertinent environment variables.
> --
> -- You can give `configure' initial values for configuration parameters
> --by setting variables in the command line or in the environment. Here
> --is an example:
> --
> -- ./configure CC=c99 CFLAGS=-g LIBS=-lposix
> --
> -- *Note Defining Variables::, for more details.
> --
> --Compiling For Multiple Architectures
> --====================================
> --
> -- You can compile the package for more than one kind of computer at the
> --same time, by placing the object files for each architecture in their
> --own directory. To do this, you can use GNU `make'. `cd' to the
> --directory where you want the object files and executables to go and run
> --the `configure' script. `configure' automatically checks for the
> --source code in the directory that `configure' is in and in `..'. This
> --is known as a "VPATH" build.
> --
> -- With a non-GNU `make', it is safer to compile the package for one
> --architecture at a time in the source code directory. After you have
> --installed the package for one architecture, use `make distclean' before
> --reconfiguring for another architecture.
> --
> -- On MacOS X 10.5 and later systems, you can create libraries and
> --executables that work on multiple system types--known as "fat" or
> --"universal" binaries--by specifying multiple `-arch' options to the
> --compiler but only a single `-arch' option to the preprocessor. Like
> --this:
> --
> -- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
> -- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
> -- CPP="gcc -E" CXXCPP="g++ -E"
> --
> -- This is not guaranteed to produce working output in all cases, you
> --may have to build one architecture at a time and combine the results
> --using the `lipo' tool if you have problems.
> --
> --Installation Names
> --==================
> --
> -- By default, `make install' installs the package's commands under
> --`/usr/local/bin', include files under `/usr/local/include', etc. You
> --can specify an installation prefix other than `/usr/local' by giving
> --`configure' the option `--prefix=PREFIX', where PREFIX must be an
> --absolute file name.
> --
> -- You can specify separate installation prefixes for
> --architecture-specific files and architecture-independent files. If you
> --pass the option `--exec-prefix=PREFIX' to `configure', the package uses
> --PREFIX as the prefix for installing programs and libraries.
> --Documentation and other data files still use the regular prefix.
> --
> -- In addition, if you use an unusual directory layout you can give
> --options like `--bindir=DIR' to specify different values for particular
> --kinds of files. Run `configure --help' for a list of the directories
> --you can set and what kinds of files go in them. In general, the
> --default for these options is expressed in terms of `${prefix}', so that
> --specifying just `--prefix' will affect all of the other directory
> --specifications that were not explicitly provided.
> --
> -- The most portable way to affect installation locations is to pass the
> --correct locations to `configure'; however, many packages provide one or
> --both of the following shortcuts of passing variable assignments to the
> --`make install' command line to change installation locations without
> --having to reconfigure or recompile.
> --
> -- The first method involves providing an override variable for each
> --affected directory. For example, `make install
> --prefix=/alternate/directory' will choose an alternate location for all
> --directory configuration variables that were expressed in terms of
> --`${prefix}'. Any directories that were specified during `configure',
> --but not in terms of `${prefix}', must each be overridden at install
> --time for the entire installation to be relocated. The approach of
> --makefile variable overrides for each directory variable is required by
> --the GNU Coding Standards, and ideally causes no recompilation.
> --However, some platforms have known limitations with the semantics of
> --shared libraries that end up requiring recompilation when using this
> --method, particularly noticeable in packages that use GNU Libtool.
> --
> -- The second method involves providing the `DESTDIR' variable. For
> --example, `make install DESTDIR=/alternate/directory' will prepend
> --`/alternate/directory' before all installation names. The approach of
> --`DESTDIR' overrides is not required by the GNU Coding Standards, and
> --does not work on platforms that have drive letters. On the other hand,
> --it does better at avoiding recompilation issues, and works well even
> --when some directory options were not specified in terms of `${prefix}'
> --at `configure' time.
> --
> --Optional Features
> --=================
> --
> -- If the package supports it, you can cause programs to be installed
> --with an extra prefix or suffix on their names by giving `configure' the
> --option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
> --
> -- Some packages pay attention to `--enable-FEATURE' options to
> --`configure', where FEATURE indicates an optional part of the package.
> --They may also pay attention to `--with-PACKAGE' options, where PACKAGE
> --is something like `gnu-as' or `x' (for the X Window System). The
> --`README' should mention any `--enable-' and `--with-' options that the
> --package recognizes.
> --
> -- For packages that use the X Window System, `configure' can usually
> --find the X include and library files automatically, but if it doesn't,
> --you can use the `configure' options `--x-includes=DIR' and
> --`--x-libraries=DIR' to specify their locations.
> --
> -- Some packages offer the ability to configure how verbose the
> --execution of `make' will be. For these packages, running `./configure
> ----enable-silent-rules' sets the default to minimal output, which can be
> --overridden with `make V=1'; while running `./configure
> ----disable-silent-rules' sets the default to verbose, which can be
> --overridden with `make V=0'.
> --
> --Particular systems
> --==================
> --
> -- On HP-UX, the default C compiler is not ANSI C compatible. If GNU
> --CC is not installed, it is recommended to use the following options in
> --order to use an ANSI C compiler:
> --
> -- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
> --
> --and if that doesn't work, install pre-built binaries of GCC for HP-UX.
> --
> -- HP-UX `make' updates targets which have the same time stamps as
> --their prerequisites, which makes it generally unusable when shipped
> --generated files such as `configure' are involved. Use GNU `make'
> --instead.
> --
> -- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
> --parse its `<wchar.h>' header file. The option `-nodtk' can be used as
> --a workaround. If GNU CC is not installed, it is therefore recommended
> --to try
> --
> -- ./configure CC="cc"
> --
> --and if that doesn't work, try
> --
> -- ./configure CC="cc -nodtk"
> --
> -- On Solaris, don't put `/usr/ucb' early in your `PATH'. This
> --directory contains several dysfunctional programs; working variants of
> --these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
> --in your `PATH', put it _after_ `/usr/bin'.
> --
> -- On Haiku, software installed for all users goes in `/boot/common',
> --not `/usr/local'. It is recommended to use the following options:
> --
> -- ./configure --prefix=/boot/common
> --
> --Specifying the System Type
> --==========================
> --
> -- There may be some features `configure' cannot figure out
> --automatically, but needs to determine by the type of machine the package
> --will run on. Usually, assuming the package is built to be run on the
> --_same_ architectures, `configure' can figure that out, but if it prints
> --a message saying it cannot guess the machine type, give it the
> --`--build=TYPE' option. TYPE can either be a short name for the system
> --type, such as `sun4', or a canonical name which has the form:
> --
> -- CPU-COMPANY-SYSTEM
> --
> --where SYSTEM can have one of these forms:
> --
> -- OS
> -- KERNEL-OS
> --
> -- See the file `config.sub' for the possible values of each field. If
> --`config.sub' isn't included in this package, then this package doesn't
> --need to know the machine type.
> --
> -- If you are _building_ compiler tools for cross-compiling, you should
> --use the option `--target=TYPE' to select the type of system they will
> --produce code for.
> --
> -- If you want to _use_ a cross compiler, that generates code for a
> --platform different from the build platform, you should specify the
> --"host" platform (i.e., that on which the generated programs will
> --eventually be run) with `--host=TYPE'.
> --
> --Sharing Defaults
> --================
> --
> -- If you want to set default values for `configure' scripts to share,
> --you can create a site shell script called `config.site' that gives
> --default values for variables like `CC', `cache_file', and `prefix'.
> --`configure' looks for `PREFIX/share/config.site' if it exists, then
> --`PREFIX/etc/config.site' if it exists. Or, you can set the
> --`CONFIG_SITE' environment variable to the location of the site script.
> --A warning: not all `configure' scripts look for a site script.
> --
> --Defining Variables
> --==================
> --
> -- Variables not defined in a site shell script can be set in the
> --environment passed to `configure'. However, some packages may run
> --configure again during the build, and the customized values of these
> --variables may be lost. In order to avoid this problem, you should set
> --them in the `configure' command line, using `VAR=value'. For example:
> --
> -- ./configure CC=/usr/local2/bin/gcc
> --
> --causes the specified `gcc' to be used as the C compiler (unless it is
> --overridden in the site shell script).
> --
> --Unfortunately, this technique does not work for `CONFIG_SHELL' due to
> --an Autoconf limitation. Until the limitation is lifted, you can use
> --this workaround:
> --
> -- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
> --
> --`configure' Invocation
> --======================
> --
> -- `configure' recognizes the following options to control how it
> --operates.
> --
> --`--help'
> --`-h'
> -- Print a summary of all of the options to `configure', and exit.
> --
> --`--help=short'
> --`--help=recursive'
> -- Print a summary of the options unique to this package's
> -- `configure', and exit. The `short' variant lists options used
> -- only in the top level, while the `recursive' variant lists options
> -- also present in any nested packages.
> --
> --`--version'
> --`-V'
> -- Print the version of Autoconf used to generate the `configure'
> -- script, and exit.
> --
> --`--cache-file=FILE'
> -- Enable the cache: use and save the results of the tests in FILE,
> -- traditionally `config.cache'. FILE defaults to `/dev/null' to
> -- disable caching.
> --
> --`--config-cache'
> --`-C'
> -- Alias for `--cache-file=config.cache'.
> --
> --`--quiet'
> --`--silent'
> --`-q'
> -- Do not print messages saying which checks are being made. To
> -- suppress all normal output, redirect it to `/dev/null' (any error
> -- messages will still be shown).
> --
> --`--srcdir=DIR'
> -- Look for the package's source code in directory DIR. Usually
> -- `configure' can determine that directory automatically.
> --
> --`--prefix=DIR'
> -- Use DIR as the installation prefix. *note Installation Names::
> -- for more details, including other options available for fine-tuning
> -- the installation locations.
> --
> --`--no-create'
> --`-n'
> -- Run the configure checks, but stop before creating any output
> -- files.
> --
> --`configure' also accepts some other, not widely useful, options. Run
> --`configure --help' for more details.
> diff --git a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
> deleted file mode 100644
> index cb09b8d78f8a..000000000000
> --- a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -From: Marc Kleine-Budde <mkl@pengutronix.de>
> -Date: Wed, 27 May 2015 10:41:27 +0200
> -Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS
> -
> -This patch fixes the following warning during autoreconf:
> -
> -| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
> -
> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ----
> - src/Makefile.am | 6 +++---
> - 1 file changed, 3 insertions(+), 3 deletions(-)
> -
> -diff --git a/src/Makefile.am b/src/Makefile.am
> -index deb18fb09dc7..9f547283d535 100644
> ---- a/src/Makefile.am
> -+++ b/src/Makefile.am
> -@@ -1,7 +1,7 @@
> - lib_LTLIBRARIES = libimaevm.la
> -
> - libimaevm_la_SOURCES = libimaevm.c
> --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
> -+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
> - # current[:revision[:age]]
> - # result: [current-age].age.revision
> - libimaevm_la_LDFLAGS = -version-info 0:0:0
> -@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h
> - bin_PROGRAMS = evmctl
> -
> - evmctl_SOURCES = evmctl.c
> --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
> -+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
> - evmctl_LDFLAGS = $(LDFLAGS_READLINE)
> - evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la
> -
> --INCLUDES = -I$(top_srcdir) -include config.h
> -+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
> -
> - DISTCLEANFILES = @DISTCLEANFILES@
> -
> diff --git a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
> deleted file mode 100644
> index a3cd597f82d6..000000000000
> --- a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
> +++ /dev/null
> @@ -1,73 +0,0 @@
> -From: Marc Kleine-Budde <mkl@pengutronix.de>
> -Date: Sat, 26 Mar 2016 22:58:07 +0100
> -Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead
> - of open coding it
> -
> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ----
> - src/evmctl.c | 10 +++++-----
> - src/libimaevm.c | 2 +-
> - 2 files changed, 6 insertions(+), 6 deletions(-)
> -
> -diff --git a/src/evmctl.c b/src/evmctl.c
> -index de53be37b69b..b0f3b6362528 100644
> ---- a/src/evmctl.c
> -+++ b/src/evmctl.c
> -@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> -
> - static int sign_evm(const char *file, const char *key)
> - {
> -- unsigned char hash[20];
> -+ unsigned char hash[EVP_MAX_MD_SIZE];
> - unsigned char sig[1024];
> - int len, err;
> -
> -@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
> -
> - static int hash_ima(const char *file)
> - {
> -- unsigned char hash[66]; /* MAX hash size + 2 */
> -+ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */
> - int len, err, offset;
> - int algo = get_hash_algo(params.hash_algo);
> -
> -@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
> -
> - static int sign_ima(const char *file, const char *key)
> - {
> -- unsigned char hash[64];
> -+ unsigned char hash[EVP_MAX_MD_SIZE];
> - unsigned char sig[1024];
> - int len, err;
> -
> -@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
> -
> - static int verify_evm(const char *file)
> - {
> -- unsigned char hash[20];
> -+ unsigned char hash[EVP_MAX_MD_SIZE];
> - unsigned char sig[1024];
> - int len;
> -
> -@@ -1119,7 +1119,7 @@ out:
> -
> - static int hmac_evm(const char *file, const char *key)
> - {
> -- unsigned char hash[20];
> -+ unsigned char hash[EVP_MAX_MD_SIZE];
> - unsigned char sig[1024];
> - int len, err;
> -
> -diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 6fa0ed4a1c74..8fc23be08bd7 100644
> ---- a/src/libimaevm.c
> -+++ b/src/libimaevm.c
> -@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
> - int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
> - unsigned char *digest, int digestlen)
> - {
> -- unsigned char hash[64];
> -+ unsigned char hash[EVP_MAX_MD_SIZE];
> - int hashlen, sig_hash_algo;
> -
> - if (sig[0] != 0x03) {
> diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
> deleted file mode 100644
> index 488dfa822286..000000000000
> --- a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
> +++ /dev/null
> @@ -1,133 +0,0 @@
> -From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> -Date: Tue, 8 Mar 2016 13:46:14 +0100
> -Subject: [PATCH] evmctl: add parameter -e to set evm hash algo
> -
> -The paramter -a sets the hash algorithm only for IMA. To not break
> -anything, add a new parameter -e to be able to change the hash for
> -EVM, too.
> -
> -Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> ----
> - src/evmctl.c | 27 +++++++++++++++++++++++----
> - src/imaevm.h | 1 +
> - src/libimaevm.c | 1 +
> - 3 files changed, 25 insertions(+), 4 deletions(-)
> -
> -diff --git a/src/evmctl.c b/src/evmctl.c
> -index b0f3b6362528..5d664005e915 100644
> ---- a/src/evmctl.c
> -+++ b/src/evmctl.c
> -@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> - #else
> - pctx = EVP_MD_CTX_new();
> - #endif
> -+ const EVP_MD *md;
> -
> - if (lstat(file, &st)) {
> - log_err("Failed to stat: %s\n", file);
> -@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> - return -1;
> - }
> -
> -- err = EVP_DigestInit(pctx, EVP_sha1());
> -+ md = EVP_get_digestbyname(params.evm_hash_algo);
> -+ if (!md) {
> -+ log_err("EVP_get_digestbyname() failed\n");
> -+ return 1;
> -+ }
> -+
> -+ err = EVP_DigestInit(pctx, md);
> - if (!err) {
> - log_err("EVP_DigestInit() failed\n");
> - return 1;
> -@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
> - if (len <= 1)
> - return len;
> -
> -- len = sign_hash("sha1", hash, len, key, NULL, sig + 1);
> -+ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1);
> - if (len <= 1)
> - return len;
> -
> -@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> - #else
> - pctx = HMAC_CTX_new();
> - #endif
> -+ const EVP_MD *md;
> -
> - key = file2bin(keyfile, NULL, &keylen);
> - if (!key) {
> -@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> - goto out;
> - }
> -
> -- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
> -+ md = EVP_get_digestbyname(params.evm_hash_algo);
> -+ if (!md) {
> -+ log_err("EVP_get_digestbyname() failed\n");
> -+ return 1;
> -+ }
> -+
> -+ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
> - if (err) {
> - log_err("HMAC_Init() failed\n");
> - goto out;
> -@@ -1635,6 +1649,7 @@ static void usage(void)
> - printf(
> - "\n"
> - " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n"
> -+ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, sha512\n"
> - " -s, --imasig make IMA signature\n"
> - " -d, --imahash make IMA hash\n"
> - " -f, --sigfile store IMA signature in .sig file instead of xattr\n"
> -@@ -1691,6 +1706,7 @@ static struct option opts[] = {
> - {"imasig", 0, 0, 's'},
> - {"imahash", 0, 0, 'd'},
> - {"hashalgo", 1, 0, 'a'},
> -+ {"evmhashalgo", 1, 0, 'e'},
> - {"pass", 2, 0, 'p'},
> - {"sigfile", 0, 0, 'f'},
> - {"uuid", 2, 0, 'u'},
> -@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
> - g_argc = argc;
> -
> - while (1) {
> -- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
> -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
> - if (c == -1)
> - break;
> -
> -@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
> - case 'a':
> - params.hash_algo = optarg;
> - break;
> -+ case 'e':
> -+ params.evm_hash_algo = optarg;
> -+ break;
> - case 'p':
> - if (optarg)
> - params.keypass = optarg;
> -diff --git a/src/imaevm.h b/src/imaevm.h
> -index 1bafaad0f4ab..ed92e4d8981d 100644
> ---- a/src/imaevm.h
> -+++ b/src/imaevm.h
> -@@ -179,6 +179,7 @@ struct libevm_params {
> - int verbose;
> - int x509;
> - const char *hash_algo;
> -+ const char *evm_hash_algo;
> - const char *keyfile;
> - const char *keypass;
> - };
> -diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index b6c328801708..4c093a038b72 100644
> ---- a/src/libimaevm.c
> -+++ b/src/libimaevm.c
> -@@ -129,6 +129,7 @@ struct libevm_params params = {
> - .verbose = LOG_INFO - 1,
> - .x509 = 1,
> - .hash_algo = "sha1",
> -+ .evm_hash_algo = "sha1",
> - };
> -
> - static void __attribute__ ((constructor)) libinit(void);
> diff --git a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
> deleted file mode 100644
> index bb44e8d6c2be..000000000000
> --- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
> +++ /dev/null
> @@ -1,19 +0,0 @@
> -From: Michael Olbrich <m.olbrich@pengutronix.de>
> -Date: Wed, 3 Jun 2015 16:08:51 +0200
> -Subject: [PATCH] HACK: don't generate man page
> -
> -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> ----
> - Makefile.am | 1 -
> - 1 file changed, 1 deletion(-)
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index 06ebf59ea4aa..e527f34f1faa 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -1,5 +1,4 @@
> - SUBDIRS = src
> --dist_man_MANS = evmctl.1
> -
> - doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
> - EXTRA_DIST = autogen.sh $(doc_DATA)
> diff --git a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
> deleted file mode 100644
> index 3157c711a065..000000000000
> --- a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
> +++ /dev/null
> @@ -1,80 +0,0 @@
> -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net>
> -Date: Mon, 17 Oct 2016 12:45:32 +0100
> -Subject: [PATCH] evmctl: use correct include for xattr.h
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -The xattr API/ABI is provided by both the c-library, as well as by the
> -libattr package. The c-library's header file is sys/xattr.h, whereas
> -libattr's header file can be found in attr/xattr.h.
> -
> -Given none of the code here *links* against the libattr.so shared library, it
> -is wrong to *compile* against libattr's API (header file).
> -
> -Doing so avoids confusion as to which xattr.h is used as the least problem,
> -and potential ABI differences as the worst problem due the mismatching header
> -file used.
> -
> -So make sure we compile and link against the same thing, the c-library in
> -both cases.
> -
> -Signed-off-by: André Draszik <git@andred.net>
> -Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> ----
> - configure.ac | 2 +-
> - packaging/ima-evm-utils.spec | 1 -
> - packaging/ima-evm-utils.spec.in | 1 -
> - src/evmctl.c | 2 +-
> - 4 files changed, 2 insertions(+), 4 deletions(-)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 6822f39cff69..06d061bc94ea 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS)
> - AC_CHECK_HEADER(unistd.h)
> - AC_CHECK_HEADERS(openssl/conf.h)
> -
> --AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])])
> -+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
> - AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
> -
> - #debug support - yes for a while
> -diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec
> -index a11a27a18815..63388d2b444b 100644
> ---- a/packaging/ima-evm-utils.spec
> -+++ b/packaging/ima-evm-utils.spec
> -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
> - BuildRequires: autoconf
> - BuildRequires: automake
> - BuildRequires: openssl-devel
> --BuildRequires: libattr-devel
> - BuildRequires: keyutils-libs-devel
> -
> - %description
> -diff --git a/packaging/ima-evm-utils.spec.in b/packaging/ima-evm-utils.spec.in
> -index 7ca6c6fb3b0d..65c32f9e6445 100644
> ---- a/packaging/ima-evm-utils.spec.in
> -+++ b/packaging/ima-evm-utils.spec.in
> -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
> - BuildRequires: autoconf
> - BuildRequires: automake
> - BuildRequires: openssl-devel
> --BuildRequires: libattr-devel
> - BuildRequires: keyutils-libs-devel
> -
> - %description
> -diff --git a/src/evmctl.c b/src/evmctl.c
> -index 4422c0e84d4a..02eb84d4c341 100644
> ---- a/src/evmctl.c
> -+++ b/src/evmctl.c
> -@@ -49,7 +49,7 @@
> - #include <stdint.h>
> - #include <string.h>
> - #include <dirent.h>
> --#include <attr/xattr.h>
> -+#include <sys/xattr.h>
> - #include <linux/xattr.h>
> - #include <getopt.h>
> - #include <keyutils.h>
> diff --git a/patches/ima-evm-utils-1.1/series b/patches/ima-evm-utils-1.1/series
> deleted file mode 100644
> index 6fb042465042..000000000000
> --- a/patches/ima-evm-utils-1.1/series
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
> -0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
> -0003-evmctl-find-add-missing-closedir-dir-on-error.patch
> -0004-evmctl-find-add-missing-error-handling-and-propagate.patch
> -0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> -0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
> -0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> -0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
> -0009-evmctl-add-support-for-offline-image-preparation.patch
> -0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> -0011-HACK-don-t-generate-man-page.patch
> -0012-Fix-warning-for-non-debug-use-case.patch
> -0013-evmctl-use-correct-include-for-xattr.h.patch
> -# 5032e96fb6da7cb77f053c2b5a6edc44 - git-ptx-patches magic
> diff --git a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> similarity index 79%
> rename from patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
> rename to patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> index 4b1c84584479..5c91c4621a76 100644
> --- a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
> +++ b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> @@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> -index 2ffee786865b..20eccfa93b2b 100644
> +index 1815f55d73e0..cca2fabdb2a6 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> -@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t func)
>
> if (fchdir(dirfd(dir))) {
> log_err("Failed to chdir %s\n", path);
> @@ -21,7 +21,7 @@ index 2ffee786865b..20eccfa93b2b 100644
> return -1;
> }
>
> -@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t func)
>
> if (chdir("..")) {
> log_err("Failed to chdir: %s\n", path);
> diff --git a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> similarity index 87%
> rename from patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
> rename to patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> index 68660d95eda0..62471489a9f2 100644
> --- a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
> +++ b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> @@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> -index 20eccfa93b2b..55fc619f5990 100644
> +index cca2fabdb2a6..e6761f2ae5e4 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> -@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t func)
> }
>
> while ((de = readdir(dir))) {
> @@ -38,7 +38,7 @@ index 20eccfa93b2b..55fc619f5990 100644
> }
>
> if (chdir("..")) {
> -@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t func)
> return -1;
> }
>
> diff --git a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> similarity index 80%
> rename from patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> rename to patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> index 69aadb377668..0de24af6a0e7 100644
> --- a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> +++ b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> @@ -10,12 +10,12 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> -index 55fc619f5990..de53be37b69b 100644
> +index e6761f2ae5e4..a1fd9feaea78 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> -@@ -62,6 +62,11 @@
> - #include <openssl/err.h>
> - #include <openssl/rsa.h>
> +@@ -72,6 +72,11 @@
> + #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX
> + #endif
>
> +#ifndef XATTR_NAME_IMA
> +#define XATTR_IMA_SUFFIX "ima"
> diff --git a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> similarity index 76%
> rename from patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> rename to patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> index 2164c6238e78..e20cfaa826df 100644
> --- a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> +++ b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> @@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 8fc23be08bd7..b6c328801708 100644
> +index fa6c27858d0f..002b0657337c 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> -@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size,
> +@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
> SHA_CTX ctx;
> unsigned char out[1024];
> RSA *key;
> @@ -20,7 +20,7 @@ index 8fc23be08bd7..b6c328801708 100644
> struct signature_hdr *hdr = (struct signature_hdr *)sig;
>
> log_info("hash-v1: ");
> -@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
> +@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash,
> unsigned char pub[1024];
> RSA *key;
> char name[20];
> diff --git a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch
> similarity index 78%
> rename from patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
> rename to patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch
> index 6d9b40fc5b43..75d92734190c 100644
> --- a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
> +++ b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch
> @@ -33,29 +33,29 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ---
> src/evmctl.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++--------
> src/imaevm.h | 1 +
> - src/libimaevm.c | 25 ++++++++++++++++++++++++-
> - 3 files changed, 74 insertions(+), 9 deletions(-)
> + src/libimaevm.c | 24 +++++++++++++++++++++++-
> + 3 files changed, 73 insertions(+), 9 deletions(-)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> -index 5d664005e915..9003f7640c0f 100644
> +index a1fd9feaea78..a4d784a5bfb6 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> -@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> + #else
> pctx = EVP_MD_CTX_new();
> #endif
> - const EVP_MD *md;
> + ino_t ino;
>
> if (lstat(file, &st)) {
> log_err("Failed to stat: %s\n", file);
> -@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> }
> close(fd);
> }
> - log_info("generation: %u\n", generation);
> }
>
> -+ if (params.image_mode) {
> ++ if (imaevm_params.image_mode) {
> + char buf[128] = { };
> +
> + err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
> @@ -75,7 +75,7 @@ index 5d664005e915..9003f7640c0f 100644
> list_size = llistxattr(file, list, sizeof(list));
> if (list_size < 0) {
> log_err("llistxattr() failed\n");
> -@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>
> hmac_size = sizeof(*hmac);
> if (!evm_portable) {
> @@ -84,7 +84,7 @@ index 5d664005e915..9003f7640c0f 100644
> hmac->generation = generation;
> }
> hmac->uid = st.st_uid;
> -@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>
> hmac_size = sizeof(*hmac);
> if (!evm_portable) {
> @@ -93,7 +93,7 @@ index 5d664005e915..9003f7640c0f 100644
> hmac->generation = generation;
> }
> hmac->uid = st.st_uid;
> -@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>
> hmac_size = sizeof(*hmac);
> if (!evm_portable) {
> @@ -102,19 +102,19 @@ index 5d664005e915..9003f7640c0f 100644
> hmac->generation = generation;
> }
> hmac->uid = st.st_uid;
> -@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> + #else
> pctx = HMAC_CTX_new();
> #endif
> - const EVP_MD *md;
> + ino_t ino;
>
> key = file2bin(keyfile, NULL, &keylen);
> if (!key) {
> -@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> close(fd);
> }
>
> -+ if (params.image_mode) {
> ++ if (imaevm_params.image_mode) {
> + char buf[128] = { };
> +
> + err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
> @@ -137,7 +137,7 @@ index 5d664005e915..9003f7640c0f 100644
> log_err("llistxattr() failed: %s\n", file);
> goto out;
> }
> -@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> struct h_misc *hmac = (struct h_misc *)&hmac_misc;
>
> hmac_size = sizeof(*hmac);
> @@ -146,7 +146,7 @@ index 5d664005e915..9003f7640c0f 100644
> hmac->generation = generation;
> hmac->uid = st.st_uid;
> hmac->gid = st.st_gid;
> -@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
>
> hmac_size = sizeof(*hmac);
> @@ -155,7 +155,7 @@ index 5d664005e915..9003f7640c0f 100644
> hmac->generation = generation;
> hmac->uid = st.st_uid;
> hmac->gid = st.st_gid;
> -@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
>
> hmac_size = sizeof(*hmac);
> @@ -164,7 +164,7 @@ index 5d664005e915..9003f7640c0f 100644
> hmac->generation = generation;
> hmac->uid = st.st_uid;
> hmac->gid = st.st_gid;
> -@@ -1666,6 +1700,9 @@ static void usage(void)
> +@@ -2476,6 +2510,9 @@ static void usage(void)
> " --smack use extra SMACK xattrs for EVM\n"
> " --m32 force EVM hmac/signature for 32 bit target system\n"
> " --m64 force EVM hmac/signature for 64 bit target system\n"
> @@ -174,7 +174,7 @@ index 5d664005e915..9003f7640c0f 100644
> " --ino use custom inode for EVM\n"
> " --uid use custom UID for EVM\n"
> " --gid use custom GID for EVM\n"
> -@@ -1716,6 +1753,7 @@ static struct option opts[] = {
> +@@ -2528,6 +2565,7 @@ static struct option opts[] = {
> {"recursive", 0, 0, 'r'},
> {"m32", 0, 0, '3'},
> {"m64", 0, 0, '6'},
> @@ -182,31 +182,31 @@ index 5d664005e915..9003f7640c0f 100644
> {"portable", 0, 0, 'o'},
> {"smack", 0, 0, 128},
> {"version", 0, 0, 129},
> -@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[])
> +@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[])
> g_argc = argc;
>
> while (1) {
> -- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
> -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind);
> +- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
> ++ c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, &lind);
> if (c == -1)
> break;
>
> -@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[])
> +@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[])
> case '6':
> msize = 64;
> break;
> + case 'm':
> -+ params.image_mode = true;
> ++ imaevm_params.image_mode = true;
> + break;
> case 128:
> evm_config_xattrnames = evm_extra_smack_xattrs;
> break;
> diff --git a/src/imaevm.h b/src/imaevm.h
> -index ed92e4d8981d..7e32d09c6538 100644
> +index 45039199ab31..2f78a31ab438 100644
> --- a/src/imaevm.h
> +++ b/src/imaevm.h
> -@@ -182,6 +182,7 @@ struct libevm_params {
> - const char *evm_hash_algo;
> +@@ -196,6 +196,7 @@ struct libimaevm_params {
> + const char *hash_algo;
> const char *keyfile;
> const char *keypass;
> + bool image_mode;
> @@ -214,31 +214,23 @@ index ed92e4d8981d..7e32d09c6538 100644
>
> struct RSA_ASN1_template {
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 4c093a038b72..866f74b39b41 100644
> +index 002b0657337c..1cdf1dc590cc 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> -@@ -40,6 +40,7 @@
> -
> - /* should we use logger instead for library? */
> - #define USE_FPRINTF
> -+#define _GNU_SOURCE
> -
> - #include <sys/types.h>
> - #include <sys/param.h>
> -@@ -49,6 +50,7 @@
> - #include <dirent.h>
> - #include <string.h>
> +@@ -51,6 +51,7 @@
> #include <stdio.h>
> + #include <assert.h>
> + #include <ctype.h>
> +#include <sys/xattr.h>
>
> + #include <openssl/crypto.h>
> #include <openssl/pem.h>
> - #include <openssl/evp.h>
> -@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
> +@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
> }
>
> while ((de = readdir(dir))) {
> - ino = de->d_ino;
> -+ if (params.image_mode) {
> ++ if (imaevm_params.image_mode) {
> + char *name;
> + char buf[128] = { };
> +
> diff --git a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> similarity index 86%
> rename from patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> rename to patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> index 12b77a132002..251f7136b42b 100644
> --- a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> +++ b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> @@ -15,16 +15,16 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 866f74b39b41..834b738426bf 100644
> +index 1cdf1dc590cc..6bb0b0757c42 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> -@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
> +@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
> }
>
> while ((de = readdir(dir))) {
> + if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
> + continue;
> +
> - if (params.image_mode) {
> + if (imaevm_params.image_mode) {
> char *name;
> char buf[128] = { };
> diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch
> similarity index 86%
> rename from patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
> rename to patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch
> index 80073f19aaf5..2cddf569a91d 100644
> --- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
> +++ b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch
> @@ -14,10 +14,10 @@ Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
> -index 9003f7640c0f..4422c0e84d4a 100644
> +index a4d784a5bfb6..7c1f15082615 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> -@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key)
> +@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key)
> return 0;
> }
>
> diff --git a/patches/ima-evm-utils-1.1/autogen.sh b/patches/ima-evm-utils-1.3.2/autogen.sh
> similarity index 100%
> rename from patches/ima-evm-utils-1.1/autogen.sh
> rename to patches/ima-evm-utils-1.3.2/autogen.sh
> diff --git a/patches/ima-evm-utils-1.3.2/series b/patches/ima-evm-utils-1.3.2/series
> new file mode 100644
> index 000000000000..36781ea6bb6f
> --- /dev/null
> +++ b/patches/ima-evm-utils-1.3.2/series
> @@ -0,0 +1,10 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> +0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> +0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> +0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> +0005-evmctl-add-support-for-offline-image-preparation.patch
> +0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> +0007-Fix-warning-for-non-debug-use-case.patch
> +# f8ecfd002cf2ee8244984a1757a1bfea - git-ptx-patches magic
> diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
> index 3a0ce4660c87..fb500fb169aa 100644
> --- a/rules/ima-evm-utils.make
> +++ b/rules/ima-evm-utils.make
> @@ -1,7 +1,7 @@
> # -*-makefile-*-
> #
> # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
> -# 2015 by Marc Kleine-Budde <mkl@pengutronix.de>
> +# 2015, 2020 by Marc Kleine-Budde <mkl@pengutronix.de>
> # 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
> #
> # For further information about the PTXdist project and license conditions
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils
> #
> # Paths and names
> #
> -IMA_EVM_UTILS_VERSION := 1.1
> -IMA_EVM_UTILS_MD5 := 77455aeee54fdc7a70c733bcb65d33cc
> +IMA_EVM_UTILS_VERSION := 1.3.2
> +IMA_EVM_UTILS_MD5 := 55cc0e2c77a725f722833c3b4a36038c
> IMA_EVM_UTILS := ima-evm-utils-$(IMA_EVM_UTILS_VERSION)
> IMA_EVM_UTILS_SUFFIX := tar.gz
> IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
> @@ -32,9 +32,16 @@ IMA_EVM_UTILS_LICENSE_FILES := \
> # Prepare
> # ----------------------------------------------------------------------------
>
> +IMA_EVM_UTILS_CONF_ENV := \
> + $(CROSS_ENV) \
> + ac_cv_lib_tss2_esys_Esys_Free=no \
> + ac_cv_lib_tss2_rc_Tss2_RC_Decode=no \
> + ac_cv_path_XMLCATALOG=
> +
> IMA_EVM_UTILS_CONF_TOOL := autoconf
> IMA_EVM_UTILS_AUTOCONF := \
> $(CROSS_AUTOCONF_USR) \
> + --enable-openssl-conf \
> --disable-debug
>
> # ----------------------------------------------------------------------------
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [APPLIED] systemd: make hostnamed and quotacheck optional
2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
@ 2021-06-29 5:09 ` Michael Olbrich
0 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2021-06-29 5:09 UTC (permalink / raw)
To: ptxdist; +Cc: Roland Hieber
Thanks, applied as cb4ac069a4c692caeeac38e2dbb68415ffc61121.
Michael
[sent from post-receive hook]
On Tue, 29 Jun 2021 07:09:12 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> This reduces the dependency graph and can therefore decrease boot time
> on systems that are configured with a static hostname, and which do not
> use quota. With this, /usr/share/dbus-1/system-services/ may no longer
> contain any service definitions, so add an empty kconfig option for it.
>
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210616161655.15480-3-rhi@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/systemd.in b/rules/systemd.in
> index 854c344d5441..0c6dcb317613 100644
> --- a/rules/systemd.in
> +++ b/rules/systemd.in
> @@ -56,11 +56,15 @@ comment "D-Bus is needed for the enabled features"
> config SYSTEMD_DBUS
> bool
>
> +config SYSTEMD_DBUS_SERVICES
> + bool
> +
> config SYSTEMD_MICROHTTPD
> bool
>
> config SYSTEMD_LOCALES
> bool
> + select SYSTEMD_DBUS_SERVICES
> default LOCALES
>
> config SYSTEMD_VCONSOLE
> @@ -77,9 +81,19 @@ config SYSTEMD_DISABLE_RANDOM_SEED
> the random seed is not possible.
> Warning: enabling this option may be insecure.
>
> +config SYSTEMD_HOSTNAMED
> + bool
> + default y
> + select SYSTEMD_DBUS_SERVICES
> + prompt "hostname daemon"
> + help
> + A tiny daemon that can be used to control the hostname and related
> + machine meta data from user programs.
> +
> config SYSTEMD_LOGIND
> bool
> select SYSTEMD_DBUS
> + select SYSTEMD_DBUS_SERVICES
> prompt "login daemon"
>
> config SYSTEMD_UNITS_USER
> @@ -89,6 +103,7 @@ config SYSTEMD_UNITS_USER
>
> config SYSTEMD_NETWORK
> bool
> + select SYSTEMD_DBUS_SERVICES
> prompt "network configuration with systemd"
>
> config SYSTEMD_IPMASQUERADE
> @@ -102,6 +117,7 @@ config SYSTEMD_TIMEDATE
> bool
> default y
> select SYSTEMD_DBUS
> + select SYSTEMD_DBUS_SERVICES
> prompt "date/time handling"
> help
> NTP client for time synchronization and local timezone handling.
> @@ -122,6 +138,13 @@ config SYSTEMD_POLKIT
> bool
> default POLKIT
>
> +config SYSTEMD_QUOTACHECK
> + bool
> + default y
> + prompt "disk quota support"
> + help
> + File system quota checker logic
> +
> menu "journald "
>
> config SYSTEMD_XZ
> diff --git a/rules/systemd.make b/rules/systemd.make
> index 3a3621fe767e..929a76dd423e 100644
> --- a/rules/systemd.make
> +++ b/rules/systemd.make
> @@ -95,7 +95,7 @@ SYSTEMD_CONF_OPT := \
> -Dgshadow=false \
> -Dhibernate=false \
> -Dhomed=false \
> - -Dhostnamed=true \
> + -Dhostnamed=$(call ptx/truefalse,PTXCONF_SYSTEMD_HOSTNAMED) \
> -Dhtml=false \
> -Dhwdb=$(call ptx/truefalse,PTXCONF_SYSTEMD_UDEV_HWDB) \
> -Didn=false \
> @@ -152,7 +152,7 @@ SYSTEMD_CONF_OPT := \
> -Dpstore=false \
> -Dpwquality=false \
> -Dqrencode=false \
> - -Dquotacheck=true \
> + -Dquotacheck=$(call ptx/truefalse,PTXCONF_SYSTEMD_QUOTACHECK) \
> -Dquotacheck-path=/usr/sbin/quotacheck \
> -Dquotaon-path=/usr/sbin/quotaon \
> -Drandomseed=$(call ptx/falsetrue,PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED) \
> @@ -248,7 +248,7 @@ SYSTEMD_HELPER := \
> $(call ptx/ifdef, PTXCONF_SYSTEMD_COREDUMP,systemd-coredump) \
> systemd-fsck \
> systemd-growfs \
> - systemd-hostnamed \
> + $(call ptx/ifdef, PTXCONF_SYSTEMD_HOSTNAMED,systemd-hostnamed) \
> systemd-journald \
> $(call ptx/ifdef, PTXCONF_SYSTEMD_JOURNAL_REMOTE,systemd-journal-remote) \
> $(call ptx/ifdef, PTXCONF_SYSTEMD_LOCALES,systemd-localed) \
> @@ -257,7 +257,7 @@ SYSTEMD_HELPER := \
> systemd-modules-load \
> $(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd) \
> $(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd-wait-online) \
> - systemd-quotacheck \
> + $(call ptx/ifdef, PTXCONF_SYSTEMD_QUOTACHECK,systemd-quotacheck) \
> $(call ptx/ifdef, PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED,,systemd-random-seed) \
> systemd-remount-fs \
> systemd-reply-password \
> @@ -347,7 +347,9 @@ $(STATEDIR)/systemd.targetinstall:
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-notify)
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-tmpfiles)
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/busctl)
> +ifdef PTXCONF_SYSTEMD_HOSTNAMED
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/hostnamectl)
> +endif
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-analyze)
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cat)
> @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cgls)
> @@ -377,9 +379,11 @@ $(STATEDIR)/systemd.targetinstall:
> @$(call install_tree, systemd, 0, 0, -, /usr/lib/tmpfiles.d/)
> @$(call install_copy, systemd, 0, 0, 0644, -, /usr/lib/sysctl.d/50-default.conf)
>
> +ifdef PTXCONF_SYSTEMD_DBUS_SERVICES
> @$(call install_copy, systemd, 0, 0, 0644, -, \
> /usr/share/dbus-1/services/org.freedesktop.systemd1.service)
> @$(call install_tree, systemd, 0, 0, -, /usr/share/dbus-1/system-services/)
> +endif
>
> # # systemd expects this directory to exist.
> @$(call install_copy, systemd, 0, 0, 0755, /var/lib/systemd)
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-06-29 5:10 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich
2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich
2021-06-29 5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox