mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement
@ 2021-06-16 16:16 Roland Hieber
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v1 -> v2:
 * fix unknown-exception -> custom-exception

PATCH v1: https://lore.ptxdist.org/ptxdist/20210611121842.GH839947@pengutronix.de
---
 rules/ima-evm-utils.make | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
index 1c5e15b1415f..3a0ce4660c87 100644
--- a/rules/ima-evm-utils.make
+++ b/rules/ima-evm-utils.make
@@ -2,6 +2,7 @@
 #
 # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
 #               2015 by Marc Kleine-Budde <mkl@pengutronix.de>
+#               2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
 #
 # For further information about the PTXdist project and license conditions
 # see the README file.
@@ -22,7 +23,10 @@ IMA_EVM_UTILS_SUFFIX	:= tar.gz
 IMA_EVM_UTILS_URL	:= $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
 IMA_EVM_UTILS_SOURCE	:= $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)
 IMA_EVM_UTILS_DIR	:= $(BUILDDIR)/$(IMA_EVM_UTILS)
-IMA_EVM_UTILS_LICENSE	:= LGPL-2.0-or-later
+IMA_EVM_UTILS_LICENSE	:= GPL-2.0-only WITH custom-exception
+IMA_EVM_UTILS_LICENSE_FILES	:= \
+	file://src/evmctl.c;startline=13;endline=35;md5=1e6e51503ab04045269a92c0bc5d5b55 \
+	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
 
 # ----------------------------------------------------------------------------
 # Prepare
-- 
2.29.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2
  2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
@ 2021-06-16 16:16 ` Roland Hieber
  2021-06-29  5:09   ` [ptxdist] [APPLIED] " Michael Olbrich
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
  2021-06-29  5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich
  2 siblings, 1 reply; 6+ messages in thread
From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Changes to the patch queue:

* (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS":
  replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES
  with AM_CPPFLAGS")

* (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …":
  replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig
  buffer sizes and add asserts")

* (old 0008) "evmctl: add parameter -e to set evm hash algo":
  replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding
  of SHA1 in EVM signatures"), which uses the already existing -a
  parameter for this functionality now too.

* (old 0009) "evmctl: add support for offline image preparation":
  port the refactoring from upstream commit c317d4618f92d4dd65
  ("Namespace some too generic object names"). Also _GNU_SOURCE is now
  already defined by configure, and will generate a warning when
  redefined, so drop its definition here.

* (old 0011, new 0009) "HACK: don't generate the man page":
  expand patch to make sure the manpages are really not built and
  generate an error looking for "asciidoc", even when the XSL stylesheet
  is detected on the build host

* (old 0013) "evmctl: use correct include for xattr.h":
  replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct
  include for xattr.h")

Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570
Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v1 -> v2:
 * update to version 1.3.2
 * port existing patches

PATCH v1: https://lore.ptxdist.org/ptxdist/20210607130909.4836-5-rhi@pengutronix.de
---
 ...efile.am-rename-INCLUDES-AM_CPPFLAGS.patch |  40 ------
 ...-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch |  73 ----------
 ...add-parameter-e-to-set-evm-hash-algo.patch | 133 ------------------
 .../0011-HACK-don-t-generate-man-page.patch   |  19 ---
 ...mctl-use-correct-include-for-xattr.h.patch |  80 -----------
 patches/ima-evm-utils-1.1/series              |  16 ---
 ...ile-at-it-s-autogenerated-by-autotoo.patch |   0
 ...d-add-missing-closedir-dir-on-error.patch} |   6 +-
 ...issing-error-handling-and-propagate.patch} |   6 +-
 ...back-definitions-for-XATTR_NAME_IMA.patch} |   8 +-
 ..._DIGEST_LENGTH-instead-of-open-codi.patch} |   6 +-
 ...pport-for-offline-image-preparation.patch} |  76 +++++-----
 ...ount-.-and-.-for-directory-hash-gen.patch} |   6 +-
 ...-Fix-warning-for-non-debug-use-case.patch} |   4 +-
 ...009-HACK-don-t-generate-the-man-page.patch |  60 ++++++++
 .../autogen.sh                                |   0
 patches/ima-evm-utils-1.3.2/series            |  12 ++
 rules/ima-evm-utils.make                      |   7 +-
 18 files changed, 128 insertions(+), 424 deletions(-)
 delete mode 100644 patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
 delete mode 100644 patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
 delete mode 100644 patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
 delete mode 100644 patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
 delete mode 100644 patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
 delete mode 100644 patches/ima-evm-utils-1.1/series
 rename patches/{ima-evm-utils-1.1 => ima-evm-utils-1.3.2}/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch (100%)
 rename patches/{ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch => ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch} (79%)
 rename patches/{ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch => ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch} (87%)
 rename patches/{ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch => ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch} (80%)
 rename patches/{ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch => ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch} (76%)
 rename patches/{ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch => ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch} (78%)
 rename patches/{ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch => ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch} (86%)
 rename patches/{ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch => ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch} (86%)
 create mode 100644 patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch
 rename patches/{ima-evm-utils-1.1 => ima-evm-utils-1.3.2}/autogen.sh (100%)
 create mode 100644 patches/ima-evm-utils-1.3.2/series

diff --git a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
deleted file mode 100644
index cb09b8d78f8a..000000000000
--- a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Marc Kleine-Budde <mkl@pengutronix.de>
-Date: Wed, 27 May 2015 10:41:27 +0200
-Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS
-
-This patch fixes the following warning during autoreconf:
-
-| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
-
-Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
----
- src/Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index deb18fb09dc7..9f547283d535 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -1,7 +1,7 @@
- lib_LTLIBRARIES = libimaevm.la
- 
- libimaevm_la_SOURCES = libimaevm.c
--libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
-+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
- # current[:revision[:age]]
- # result: [current-age].age.revision
- libimaevm_la_LDFLAGS = -version-info 0:0:0
-@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h
- bin_PROGRAMS = evmctl
- 
- evmctl_SOURCES = evmctl.c
--evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
-+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
- evmctl_LDFLAGS = $(LDFLAGS_READLINE)
- evmctl_LDADD =  $(OPENSSL_LIBS) -lkeyutils libimaevm.la
- 
--INCLUDES = -I$(top_srcdir) -include config.h
-+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
- 
- DISTCLEANFILES = @DISTCLEANFILES@
- 
diff --git a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
deleted file mode 100644
index a3cd597f82d6..000000000000
--- a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From: Marc Kleine-Budde <mkl@pengutronix.de>
-Date: Sat, 26 Mar 2016 22:58:07 +0100
-Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead
- of open coding it
-
-Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
----
- src/evmctl.c    | 10 +++++-----
- src/libimaevm.c |  2 +-
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/evmctl.c b/src/evmctl.c
-index de53be37b69b..b0f3b6362528 100644
---- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 
- static int sign_evm(const char *file, const char *key)
- {
--	unsigned char hash[20];
-+	unsigned char hash[EVP_MAX_MD_SIZE];
- 	unsigned char sig[1024];
- 	int len, err;
- 
-@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
- 
- static int hash_ima(const char *file)
- {
--	unsigned char hash[66]; /* MAX hash size + 2 */
-+	unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */
- 	int len, err, offset;
- 	int algo = get_hash_algo(params.hash_algo);
- 
-@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
- 
- static int sign_ima(const char *file, const char *key)
- {
--	unsigned char hash[64];
-+	unsigned char hash[EVP_MAX_MD_SIZE];
- 	unsigned char sig[1024];
- 	int len, err;
- 
-@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
- 
- static int verify_evm(const char *file)
- {
--	unsigned char hash[20];
-+	unsigned char hash[EVP_MAX_MD_SIZE];
- 	unsigned char sig[1024];
- 	int len;
- 
-@@ -1119,7 +1119,7 @@ out:
- 
- static int hmac_evm(const char *file, const char *key)
- {
--	unsigned char hash[20];
-+	unsigned char hash[EVP_MAX_MD_SIZE];
- 	unsigned char sig[1024];
- 	int len, err;
- 
-diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 6fa0ed4a1c74..8fc23be08bd7 100644
---- a/src/libimaevm.c
-+++ b/src/libimaevm.c
-@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
- int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
- 			 unsigned char *digest, int digestlen)
- {
--	unsigned char hash[64];
-+	unsigned char hash[EVP_MAX_MD_SIZE];
- 	int hashlen, sig_hash_algo;
- 
- 	if (sig[0] != 0x03) {
diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
deleted file mode 100644
index 488dfa822286..000000000000
--- a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
-Date: Tue, 8 Mar 2016 13:46:14 +0100
-Subject: [PATCH] evmctl: add parameter -e to set evm hash algo
-
-The paramter -a sets the hash algorithm only for IMA. To not break
-anything, add a new parameter -e to be able to change the hash for
-EVM, too.
-
-Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
----
- src/evmctl.c    | 27 +++++++++++++++++++++++----
- src/imaevm.h    |  1 +
- src/libimaevm.c |  1 +
- 3 files changed, 25 insertions(+), 4 deletions(-)
-
-diff --git a/src/evmctl.c b/src/evmctl.c
-index b0f3b6362528..5d664005e915 100644
---- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- #else
- 	pctx = EVP_MD_CTX_new();
- #endif
-+	const EVP_MD *md;
- 
- 	if (lstat(file, &st)) {
- 		log_err("Failed to stat: %s\n", file);
-@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 		return -1;
- 	}
- 
--	err = EVP_DigestInit(pctx, EVP_sha1());
-+	md = EVP_get_digestbyname(params.evm_hash_algo);
-+	if (!md) {
-+		log_err("EVP_get_digestbyname() failed\n");
-+		return 1;
-+	}
-+
-+	err = EVP_DigestInit(pctx, md);
- 	if (!err) {
- 		log_err("EVP_DigestInit() failed\n");
- 		return 1;
-@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
- 	if (len <= 1)
- 		return len;
- 
--	len = sign_hash("sha1", hash, len, key, NULL, sig + 1);
-+	len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1);
- 	if (len <= 1)
- 		return len;
- 
-@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- #else
- 	pctx = HMAC_CTX_new();
- #endif
-+	const EVP_MD *md;
- 
- 	key = file2bin(keyfile, NULL, &keylen);
- 	if (!key) {
-@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- 		goto out;
- 	}
- 
--	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
-+	md = EVP_get_digestbyname(params.evm_hash_algo);
-+	if (!md) {
-+		log_err("EVP_get_digestbyname() failed\n");
-+		return 1;
-+	}
-+
-+	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
- 	if (err) {
- 		log_err("HMAC_Init() failed\n");
- 		goto out;
-@@ -1635,6 +1649,7 @@ static void usage(void)
- 	printf(
- 		"\n"
- 		"  -a, --hashalgo     sha1 (default), sha224, sha256, sha384, sha512\n"
-+		"  -e, --evmhashalgo  sha1 (default), sha224, sha256, sha384, sha512\n"
- 		"  -s, --imasig       make IMA signature\n"
- 		"  -d, --imahash      make IMA hash\n"
- 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
-@@ -1691,6 +1706,7 @@ static struct option opts[] = {
- 	{"imasig", 0, 0, 's'},
- 	{"imahash", 0, 0, 'd'},
- 	{"hashalgo", 1, 0, 'a'},
-+	{"evmhashalgo", 1, 0, 'e'},
- 	{"pass", 2, 0, 'p'},
- 	{"sigfile", 0, 0, 'f'},
- 	{"uuid", 2, 0, 'u'},
-@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
- 	g_argc = argc;
- 
- 	while (1) {
--		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
-+		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
- 		if (c == -1)
- 			break;
- 
-@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
- 		case 'a':
- 			params.hash_algo = optarg;
- 			break;
-+		case 'e':
-+			params.evm_hash_algo = optarg;
-+			break;
- 		case 'p':
- 			if (optarg)
- 				params.keypass = optarg;
-diff --git a/src/imaevm.h b/src/imaevm.h
-index 1bafaad0f4ab..ed92e4d8981d 100644
---- a/src/imaevm.h
-+++ b/src/imaevm.h
-@@ -179,6 +179,7 @@ struct libevm_params {
- 	int verbose;
- 	int x509;
- 	const char *hash_algo;
-+	const char *evm_hash_algo;
- 	const char *keyfile;
- 	const char *keypass;
- };
-diff --git a/src/libimaevm.c b/src/libimaevm.c
-index b6c328801708..4c093a038b72 100644
---- a/src/libimaevm.c
-+++ b/src/libimaevm.c
-@@ -129,6 +129,7 @@ struct libevm_params params = {
- 	.verbose = LOG_INFO - 1,
- 	.x509 = 1,
- 	.hash_algo = "sha1",
-+	.evm_hash_algo = "sha1",
- };
- 
- static void __attribute__ ((constructor)) libinit(void);
diff --git a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
deleted file mode 100644
index bb44e8d6c2be..000000000000
--- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Wed, 3 Jun 2015 16:08:51 +0200
-Subject: [PATCH] HACK: don't generate man page
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Makefile.am | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 06ebf59ea4aa..e527f34f1faa 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1,5 +1,4 @@
- SUBDIRS = src
--dist_man_MANS = evmctl.1
- 
- doc_DATA =  examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
- EXTRA_DIST = autogen.sh $(doc_DATA)
diff --git a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
deleted file mode 100644
index 3157c711a065..000000000000
--- a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net>
-Date: Mon, 17 Oct 2016 12:45:32 +0100
-Subject: [PATCH] evmctl: use correct include for xattr.h
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The xattr API/ABI is provided by both the c-library, as well as by the
-libattr package. The c-library's header file is sys/xattr.h, whereas
-libattr's header file can be found in attr/xattr.h.
-
-Given none of the code here *links* against the libattr.so shared library, it
-is wrong to *compile* against libattr's API (header file).
-
-Doing so avoids confusion as to which xattr.h is used as the least problem,
-and potential ABI differences as the worst problem due the mismatching header
-file used.
-
-So make sure we compile and link against the same thing, the c-library in
-both cases.
-
-Signed-off-by: André Draszik <git@andred.net>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
----
- configure.ac                    | 2 +-
- packaging/ima-evm-utils.spec    | 1 -
- packaging/ima-evm-utils.spec.in | 1 -
- src/evmctl.c                    | 2 +-
- 4 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 6822f39cff69..06d061bc94ea 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS)
- AC_CHECK_HEADER(unistd.h)
- AC_CHECK_HEADERS(openssl/conf.h)
- 
--AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])])
-+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
- AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
- 
- #debug support - yes for a while
-diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec
-index a11a27a18815..63388d2b444b 100644
---- a/packaging/ima-evm-utils.spec
-+++ b/packaging/ima-evm-utils.spec
-@@ -11,7 +11,6 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
- BuildRequires:    autoconf
- BuildRequires:    automake
- BuildRequires:    openssl-devel
--BuildRequires:    libattr-devel
- BuildRequires:    keyutils-libs-devel
- 
- %description
-diff --git a/packaging/ima-evm-utils.spec.in b/packaging/ima-evm-utils.spec.in
-index 7ca6c6fb3b0d..65c32f9e6445 100644
---- a/packaging/ima-evm-utils.spec.in
-+++ b/packaging/ima-evm-utils.spec.in
-@@ -11,7 +11,6 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
- BuildRequires:    autoconf
- BuildRequires:    automake
- BuildRequires:    openssl-devel
--BuildRequires:    libattr-devel
- BuildRequires:    keyutils-libs-devel
- 
- %description
-diff --git a/src/evmctl.c b/src/evmctl.c
-index 4422c0e84d4a..02eb84d4c341 100644
---- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -49,7 +49,7 @@
- #include <stdint.h>
- #include <string.h>
- #include <dirent.h>
--#include <attr/xattr.h>
-+#include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <getopt.h>
- #include <keyutils.h>
diff --git a/patches/ima-evm-utils-1.1/series b/patches/ima-evm-utils-1.1/series
deleted file mode 100644
index 6fb042465042..000000000000
--- a/patches/ima-evm-utils-1.1/series
+++ /dev/null
@@ -1,16 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
-0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
-0003-evmctl-find-add-missing-closedir-dir-on-error.patch
-0004-evmctl-find-add-missing-error-handling-and-propagate.patch
-0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
-0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
-0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
-0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
-0009-evmctl-add-support-for-offline-image-preparation.patch
-0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
-0011-HACK-don-t-generate-man-page.patch
-0012-Fix-warning-for-non-debug-use-case.patch
-0013-evmctl-use-correct-include-for-xattr.h.patch
-# 5032e96fb6da7cb77f053c2b5a6edc44  - git-ptx-patches magic
diff --git a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.3.2/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
similarity index 100%
rename from patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
rename to patches/ima-evm-utils-1.3.2/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
diff --git a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch
similarity index 79%
rename from patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
rename to patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch
index 4b1c84584479..5c91c4621a76 100644
--- a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
+++ b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch
@@ -10,10 +10,10 @@
  1 file changed, 2 insertions(+)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 2ffee786865b..20eccfa93b2b 100644
+index 1815f55d73e0..cca2fabdb2a6 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t func)
  
  	if (fchdir(dirfd(dir))) {
  		log_err("Failed to chdir %s\n", path);
@@ -21,7 +21,7 @@ @@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
  		return -1;
  	}
  
-@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t func)
  
  	if (chdir("..")) {
  		log_err("Failed to chdir: %s\n", path);
diff --git a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch
similarity index 87%
rename from patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
rename to patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch
index 68660d95eda0..62471489a9f2 100644
--- a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
+++ b/patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch
@@ -12,10 +12,10 @@
  1 file changed, 16 insertions(+), 4 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 20eccfa93b2b..55fc619f5990 100644
+index cca2fabdb2a6..e6761f2ae5e4 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t func)
  	}
  
  	while ((de = readdir(dir))) {
@@ -38,7 +38,7 @@ @@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t fun
  	}
  
  	if (chdir("..")) {
-@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t func)
  		return -1;
  	}
  
diff --git a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
similarity index 80%
rename from patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
rename to patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
index 69aadb377668..0de24af6a0e7 100644
--- a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
+++ b/patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
@@ -10,12 +10,12 @@
  1 file changed, 5 insertions(+)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 55fc619f5990..de53be37b69b 100644
+index e6761f2ae5e4..a1fd9feaea78 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -62,6 +62,11 @@
- #include <openssl/err.h>
- #include <openssl/rsa.h>
+@@ -72,6 +72,11 @@
+ #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX
+ #endif
  
 +#ifndef XATTR_NAME_IMA
 +#define XATTR_IMA_SUFFIX "ima"
diff --git a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
similarity index 76%
rename from patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
rename to patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
index 2164c6238e78..e20cfaa826df 100644
--- a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
+++ b/patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
@@ -8,10 +8,10 @@
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 8fc23be08bd7..b6c328801708 100644
+index fa6c27858d0f..002b0657337c 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
-@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size,
+@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
  	SHA_CTX ctx;
  	unsigned char out[1024];
  	RSA *key;
@@ -20,7 +20,7 @@ @@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *ha
  	struct signature_hdr *hdr = (struct signature_hdr *)sig;
  
  	log_info("hash-v1: ");
-@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
+@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash,
  	unsigned char pub[1024];
  	RSA *key;
  	char name[20];
diff --git a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch
similarity index 78%
rename from patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
rename to patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch
index 6d9b40fc5b43..75d92734190c 100644
--- a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
+++ b/patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch
@@ -33,29 +33,29 @@
 ---
  src/evmctl.c    | 57 +++++++++++++++++++++++++++++++++++++++++++++++++--------
  src/imaevm.h    |  1 +
- src/libimaevm.c | 25 ++++++++++++++++++++++++-
- 3 files changed, 74 insertions(+), 9 deletions(-)
+ src/libimaevm.c | 24 +++++++++++++++++++++++-
+ 3 files changed, 73 insertions(+), 9 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 5d664005e915..9003f7640c0f 100644
+index a1fd9feaea78..a4d784a5bfb6 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ #else
  	pctx = EVP_MD_CTX_new();
  #endif
- 	const EVP_MD *md;
 +	ino_t ino;
  
  	if (lstat(file, &st)) {
  		log_err("Failed to stat: %s\n", file);
-@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  			}
  			close(fd);
  		}
 -		log_info("generation: %u\n", generation);
  	}
  
-+	if (params.image_mode) {
++	if (imaevm_params.image_mode) {
 +		char buf[128] = { };
 +
 +		err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
@@ -75,7 +75,7 @@ @@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *h
  	list_size = llistxattr(file, list, sizeof(list));
  	if (list_size < 0) {
  		log_err("llistxattr() failed\n");
-@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  		hmac_size = sizeof(*hmac);
  		if (!evm_portable) {
@@ -84,7 +84,7 @@ @@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha
  			hmac->generation = generation;
  		}
  		hmac->uid = st.st_uid;
-@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  		hmac_size = sizeof(*hmac);
  		if (!evm_portable) {
@@ -93,7 +93,7 @@ @@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha
  			hmac->generation = generation;
  		}
  		hmac->uid = st.st_uid;
-@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  		hmac_size = sizeof(*hmac);
  		if (!evm_portable) {
@@ -102,19 +102,19 @@ @@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha
  			hmac->generation = generation;
  		}
  		hmac->uid = st.st_uid;
-@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ #else
  	pctx = HMAC_CTX_new();
  #endif
- 	const EVP_MD *md;
 +	ino_t ino;
  
  	key = file2bin(keyfile, NULL, &keylen);
  	if (!key) {
-@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		close(fd);
  	}
  
-+	if (params.image_mode) {
++	if (imaevm_params.image_mode) {
 +		char buf[128] = { };
 +
 +		err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
@@ -137,7 +137,7 @@ @@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *k
  		log_err("llistxattr() failed: %s\n", file);
  		goto out;
  	}
-@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		struct h_misc *hmac = (struct h_misc *)&hmac_misc;
  
  		hmac_size = sizeof(*hmac);
@@ -146,7 +146,7 @@ @@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *key
  		hmac->generation = generation;
  		hmac->uid = st.st_uid;
  		hmac->gid = st.st_gid;
-@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
  
  		hmac_size = sizeof(*hmac);
@@ -155,7 +155,7 @@ @@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *key
  		hmac->generation = generation;
  		hmac->uid = st.st_uid;
  		hmac->gid = st.st_gid;
-@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
  
  		hmac_size = sizeof(*hmac);
@@ -164,7 +164,7 @@ @@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *key
  		hmac->generation = generation;
  		hmac->uid = st.st_uid;
  		hmac->gid = st.st_gid;
-@@ -1666,6 +1700,9 @@ static void usage(void)
+@@ -2476,6 +2510,9 @@ static void usage(void)
  		"      --smack        use extra SMACK xattrs for EVM\n"
  		"      --m32          force EVM hmac/signature for 32 bit target system\n"
  		"      --m64          force EVM hmac/signature for 64 bit target system\n"
@@ -174,7 +174,7 @@ @@ -1666,6 +1700,9 @@ static void usage(void)
  		"      --ino          use custom inode for EVM\n"
  		"      --uid          use custom UID for EVM\n"
  		"      --gid          use custom GID for EVM\n"
-@@ -1716,6 +1753,7 @@ static struct option opts[] = {
+@@ -2528,6 +2565,7 @@ static struct option opts[] = {
  	{"recursive", 0, 0, 'r'},
  	{"m32", 0, 0, '3'},
  	{"m64", 0, 0, '6'},
@@ -182,31 +182,31 @@ @@ -1716,6 +1753,7 @@ static struct option opts[] = {
  	{"portable", 0, 0, 'o'},
  	{"smack", 0, 0, 128},
  	{"version", 0, 0, 129},
-@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[])
+@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[])
  	g_argc = argc;
  
  	while (1) {
--		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
-+		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind);
+-		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
++		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, &lind);
  		if (c == -1)
  			break;
  
-@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[])
+@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[])
  		case '6':
  			msize = 64;
  			break;
 +		case 'm':
-+			params.image_mode = true;
++			imaevm_params.image_mode = true;
 +			break;
  		case 128:
  			evm_config_xattrnames = evm_extra_smack_xattrs;
  			break;
 diff --git a/src/imaevm.h b/src/imaevm.h
-index ed92e4d8981d..7e32d09c6538 100644
+index 45039199ab31..2f78a31ab438 100644
 --- a/src/imaevm.h
 +++ b/src/imaevm.h
-@@ -182,6 +182,7 @@ struct libevm_params {
- 	const char *evm_hash_algo;
+@@ -196,6 +196,7 @@ struct libimaevm_params {
+ 	const char *hash_algo;
  	const char *keyfile;
  	const char *keypass;
 +	bool image_mode;
@@ -214,31 +214,23 @@ @@ -182,6 +182,7 @@ struct libevm_params {
  
  struct RSA_ASN1_template {
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 4c093a038b72..866f74b39b41 100644
+index 002b0657337c..1cdf1dc590cc 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
-@@ -40,6 +40,7 @@
- 
- /* should we use logger instead for library? */
- #define USE_FPRINTF
-+#define _GNU_SOURCE
- 
- #include <sys/types.h>
- #include <sys/param.h>
-@@ -49,6 +50,7 @@
- #include <dirent.h>
- #include <string.h>
+@@ -51,6 +51,7 @@
  #include <stdio.h>
+ #include <assert.h>
+ #include <ctype.h>
 +#include <sys/xattr.h>
  
+ #include <openssl/crypto.h>
  #include <openssl/pem.h>
- #include <openssl/evp.h>
-@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
  	}
  
  	while ((de = readdir(dir))) {
 -		ino = de->d_ino;
-+		if (params.image_mode) {
++		if (imaevm_params.image_mode) {
 +			char *name;
 +			char buf[128] = { };
 +
diff --git a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
similarity index 86%
rename from patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
rename to patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
index 12b77a132002..251f7136b42b 100644
--- a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
+++ b/patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
@@ -15,16 +15,16 @@
  1 file changed, 3 insertions(+)
 
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 866f74b39b41..834b738426bf 100644
+index 1cdf1dc590cc..6bb0b0757c42 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
-@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
  	}
  
  	while ((de = readdir(dir))) {
 +		if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
 +			continue;
 +
- 		if (params.image_mode) {
+ 		if (imaevm_params.image_mode) {
  			char *name;
  			char buf[128] = { };
diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch
similarity index 86%
rename from patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
rename to patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch
index 80073f19aaf5..2cddf569a91d 100644
--- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
+++ b/patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch
@@ -14,10 +14,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 9003f7640c0f..4422c0e84d4a 100644
+index a4d784a5bfb6..7c1f15082615 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key)
+@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key)
  	return 0;
  }
  
diff --git a/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch b/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch
new file mode 100644
index 000000000000..b0c39f6ee75a
--- /dev/null
+++ b/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch
@@ -0,0 +1,60 @@
+From: Roland Hieber <rhi@pengutronix.de>
+Date: Mon, 14 Jun 2021 01:52:53 +0200
+Subject: [PATCH] HACK: don't generate the man page
+
+Also prevent host path leakage for
+/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl,
+which is autodetected by EVMCTL_MANPAGE_DOCBOOK_XSL when it exists on
+the build host.
+
+Signed-off-by: Roland Hieber <rhi@pengutronix.de>
+---
+ Makefile.am  | 18 ------------------
+ configure.ac |  2 --
+ 2 files changed, 20 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 17fd478eff2f..26e3d4843d0e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,7 +1,4 @@
+ SUBDIRS = src tests
+-if MANPAGE_DOCBOOK_XSL
+-dist_man_MANS = evmctl.1
+-endif
+ 
+ doc_DATA =  examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
+ EXTRA_DIST = autogen.sh $(doc_DATA)
+@@ -25,19 +22,4 @@ rpm: $(tarname)
+ 	cp $(tarname) $(SRCS)/
+ 	rpmbuild -ba --nodeps $(SPEC)
+ 
+-if MANPAGE_DOCBOOK_XSL
+-evmctl.1.html: README
+-	@asciidoc -o $@ $<
+-
+-evmctl.1:
+-	asciidoc -d manpage -b docbook -o evmctl.1.xsl README
+-	xsltproc --nonet -o $@ $(MANPAGE_DOCBOOK_XSL) evmctl.1.xsl
+-	rm -f evmctl.1.xsl
+-
+-rmman:
+-	rm -f evmctl.1
+-
+-doc: evmctl.1.html rmman evmctl.1
+-endif
+-
+ .PHONY: $(tarname)
+diff --git a/configure.ac b/configure.ac
+index e1ed1000858c..6cc076713453 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -56,8 +56,6 @@ else
+ 	CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
+ fi
+ 
+-EVMCTL_MANPAGE_DOCBOOK_XSL
+-
+ # for gcov
+ #CFLAGS="$CFLAGS -Wall -fprofile-arcs -ftest-coverage"
+ #CXXFLAGS="$CXXFLAGS -Wall -fprofile-arcs -ftest-coverage"
diff --git a/patches/ima-evm-utils-1.1/autogen.sh b/patches/ima-evm-utils-1.3.2/autogen.sh
similarity index 100%
rename from patches/ima-evm-utils-1.1/autogen.sh
rename to patches/ima-evm-utils-1.3.2/autogen.sh
diff --git a/patches/ima-evm-utils-1.3.2/series b/patches/ima-evm-utils-1.3.2/series
new file mode 100644
index 000000000000..0ff0d9aef8e1
--- /dev/null
+++ b/patches/ima-evm-utils-1.3.2/series
@@ -0,0 +1,12 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
+0002-evmctl-find-add-missing-closedir-dir-on-error.patch
+0003-evmctl-find-add-missing-error-handling-and-propagate.patch
+0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
+0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
+0006-evmctl-add-support-for-offline-image-preparation.patch
+0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
+0008-Fix-warning-for-non-debug-use-case.patch
+0009-HACK-don-t-generate-the-man-page.patch
+# 537ff71d727921132bf8bd9102e3a3e3  - git-ptx-patches magic
diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
index 3a0ce4660c87..6f483ec8c935 100644
--- a/rules/ima-evm-utils.make
+++ b/rules/ima-evm-utils.make
@@ -1,7 +1,7 @@
 # -*-makefile-*-
 #
 # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
-#               2015 by Marc Kleine-Budde <mkl@pengutronix.de>
+#               2015, 2020 by Marc Kleine-Budde <mkl@pengutronix.de>
 #               2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
 #
 # For further information about the PTXdist project and license conditions
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils
 #
 # Paths and names
 #
-IMA_EVM_UTILS_VERSION	:= 1.1
-IMA_EVM_UTILS_MD5	:= 77455aeee54fdc7a70c733bcb65d33cc
+IMA_EVM_UTILS_VERSION	:= 1.3.2
+IMA_EVM_UTILS_MD5	:= 55cc0e2c77a725f722833c3b4a36038c
 IMA_EVM_UTILS		:= ima-evm-utils-$(IMA_EVM_UTILS_VERSION)
 IMA_EVM_UTILS_SUFFIX	:= tar.gz
 IMA_EVM_UTILS_URL	:= $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
@@ -35,6 +35,7 @@ IMA_EVM_UTILS_LICENSE_FILES	:= \
 IMA_EVM_UTILS_CONF_TOOL := autoconf
 IMA_EVM_UTILS_AUTOCONF := \
 	$(CROSS_AUTOCONF_USR) \
+	--enable-openssl-conf \
 	--disable-debug
 
 # ----------------------------------------------------------------------------
-- 
2.29.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional
  2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
@ 2021-06-16 16:16 ` Roland Hieber
  2021-06-29  5:09   ` [ptxdist] [APPLIED] " Michael Olbrich
  2021-06-29  5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich
  2 siblings, 1 reply; 6+ messages in thread
From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

This reduces the dependency graph and can therefore decrease boot time
on systems that are configured with a static hostname, and which do not
use quota. With this, /usr/share/dbus-1/system-services/ may no longer
contain any service definitions, so add an empty kconfig option for it.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v1 -> v2:
 * order the new promptable options next to the other promptable options
 * set "default y" for both new options to keep compatibility

PATCH v1: https://lore.ptxdist.org/ptxdist/20210607130909.4836-7-rhi@pengutronix.de
---
 rules/systemd.in   | 23 +++++++++++++++++++++++
 rules/systemd.make | 12 ++++++++----
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/rules/systemd.in b/rules/systemd.in
index 854c344d5441..0c6dcb317613 100644
--- a/rules/systemd.in
+++ b/rules/systemd.in
@@ -56,11 +56,15 @@ comment "D-Bus is needed for the enabled features"
 config SYSTEMD_DBUS
 	bool
 
+config SYSTEMD_DBUS_SERVICES
+	bool
+
 config SYSTEMD_MICROHTTPD
 	bool
 
 config SYSTEMD_LOCALES
 	bool
+	select SYSTEMD_DBUS_SERVICES
 	default LOCALES
 
 config SYSTEMD_VCONSOLE
@@ -77,9 +81,19 @@ config SYSTEMD_DISABLE_RANDOM_SEED
 	  the random seed is not possible.
 	  Warning: enabling this option may be insecure.
 
+config SYSTEMD_HOSTNAMED
+	bool
+	default y
+	select SYSTEMD_DBUS_SERVICES
+	prompt "hostname daemon"
+	help
+	  A tiny daemon that can be used to control the hostname and related
+	  machine meta data from user programs.
+
 config SYSTEMD_LOGIND
 	bool
 	select SYSTEMD_DBUS
+	select SYSTEMD_DBUS_SERVICES
 	prompt "login daemon"
 
 config SYSTEMD_UNITS_USER
@@ -89,6 +103,7 @@ config SYSTEMD_UNITS_USER
 
 config SYSTEMD_NETWORK
 	bool
+	select SYSTEMD_DBUS_SERVICES
 	prompt "network configuration with systemd"
 
 config SYSTEMD_IPMASQUERADE
@@ -102,6 +117,7 @@ config SYSTEMD_TIMEDATE
 	bool
 	default y
 	select SYSTEMD_DBUS
+	select SYSTEMD_DBUS_SERVICES
 	prompt "date/time handling"
 	help
 	  NTP client for time synchronization and local timezone handling.
@@ -122,6 +138,13 @@ config SYSTEMD_POLKIT
 	bool
 	default POLKIT
 
+config SYSTEMD_QUOTACHECK
+	bool
+	default y
+	prompt "disk quota support"
+	help
+	  File system quota checker logic
+
 menu "journald                    "
 
 config SYSTEMD_XZ
diff --git a/rules/systemd.make b/rules/systemd.make
index 3a3621fe767e..929a76dd423e 100644
--- a/rules/systemd.make
+++ b/rules/systemd.make
@@ -95,7 +95,7 @@ SYSTEMD_CONF_OPT	:= \
 	-Dgshadow=false \
 	-Dhibernate=false \
 	-Dhomed=false \
-	-Dhostnamed=true \
+	-Dhostnamed=$(call ptx/truefalse,PTXCONF_SYSTEMD_HOSTNAMED) \
 	-Dhtml=false \
 	-Dhwdb=$(call ptx/truefalse,PTXCONF_SYSTEMD_UDEV_HWDB) \
 	-Didn=false \
@@ -152,7 +152,7 @@ SYSTEMD_CONF_OPT	:= \
 	-Dpstore=false \
 	-Dpwquality=false \
 	-Dqrencode=false \
-	-Dquotacheck=true \
+	-Dquotacheck=$(call ptx/truefalse,PTXCONF_SYSTEMD_QUOTACHECK) \
 	-Dquotacheck-path=/usr/sbin/quotacheck \
 	-Dquotaon-path=/usr/sbin/quotaon \
 	-Drandomseed=$(call ptx/falsetrue,PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED) \
@@ -248,7 +248,7 @@ SYSTEMD_HELPER := \
 	$(call ptx/ifdef, PTXCONF_SYSTEMD_COREDUMP,systemd-coredump) \
 	systemd-fsck \
 	systemd-growfs \
-	systemd-hostnamed \
+	$(call ptx/ifdef, PTXCONF_SYSTEMD_HOSTNAMED,systemd-hostnamed) \
 	systemd-journald \
 	$(call ptx/ifdef, PTXCONF_SYSTEMD_JOURNAL_REMOTE,systemd-journal-remote) \
 	$(call ptx/ifdef, PTXCONF_SYSTEMD_LOCALES,systemd-localed) \
@@ -257,7 +257,7 @@ SYSTEMD_HELPER := \
 	systemd-modules-load \
 	$(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd) \
 	$(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd-wait-online) \
-	systemd-quotacheck \
+	$(call ptx/ifdef, PTXCONF_SYSTEMD_QUOTACHECK,systemd-quotacheck) \
 	$(call ptx/ifdef, PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED,,systemd-random-seed) \
 	systemd-remount-fs \
 	systemd-reply-password \
@@ -347,7 +347,9 @@ $(STATEDIR)/systemd.targetinstall:
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-notify)
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-tmpfiles)
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/busctl)
+ifdef PTXCONF_SYSTEMD_HOSTNAMED
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/hostnamectl)
+endif
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-analyze)
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cat)
 	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cgls)
@@ -377,9 +379,11 @@ $(STATEDIR)/systemd.targetinstall:
 	@$(call install_tree, systemd, 0, 0, -, /usr/lib/tmpfiles.d/)
 	@$(call install_copy, systemd, 0, 0, 0644, -, /usr/lib/sysctl.d/50-default.conf)
 
+ifdef PTXCONF_SYSTEMD_DBUS_SERVICES
 	@$(call install_copy, systemd, 0, 0, 0644, -, \
 		/usr/share/dbus-1/services/org.freedesktop.systemd1.service)
 	@$(call install_tree, systemd, 0, 0, -, /usr/share/dbus-1/system-services/)
+endif
 
 #	# systemd expects this directory to exist.
 	@$(call install_copy, systemd, 0, 0, 0755, /var/lib/systemd)
-- 
2.29.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [APPLIED] ima-evm-utils: fix license statement
  2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
@ 2021-06-29  5:09 ` Michael Olbrich
  2 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2021-06-29  5:09 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Thanks, applied as d21327b990789532d71a2316af46b39d10e79b61.

Michael

[sent from post-receive hook]

On Tue, 29 Jun 2021 07:09:10 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210616161655.15480-1-rhi@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
> index 1c5e15b1415f..3a0ce4660c87 100644
> --- a/rules/ima-evm-utils.make
> +++ b/rules/ima-evm-utils.make
> @@ -2,6 +2,7 @@
>  #
>  # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
>  #               2015 by Marc Kleine-Budde <mkl@pengutronix.de>
> +#               2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
>  #
>  # For further information about the PTXdist project and license conditions
>  # see the README file.
> @@ -22,7 +23,10 @@ IMA_EVM_UTILS_SUFFIX	:= tar.gz
>  IMA_EVM_UTILS_URL	:= $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
>  IMA_EVM_UTILS_SOURCE	:= $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)
>  IMA_EVM_UTILS_DIR	:= $(BUILDDIR)/$(IMA_EVM_UTILS)
> -IMA_EVM_UTILS_LICENSE	:= LGPL-2.0-or-later
> +IMA_EVM_UTILS_LICENSE	:= GPL-2.0-only WITH custom-exception
> +IMA_EVM_UTILS_LICENSE_FILES	:= \
> +	file://src/evmctl.c;startline=13;endline=35;md5=1e6e51503ab04045269a92c0bc5d5b55 \
> +	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263
>  
>  # ----------------------------------------------------------------------------
>  # Prepare

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [APPLIED] ima-evm-utils: version bump 1.1 -> 1.3.2
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
@ 2021-06-29  5:09   ` Michael Olbrich
  0 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2021-06-29  5:09 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Thanks, applied as 1024453d64fbae7fec6b7942bbc557805126dc53.

Michael

[sent from post-receive hook]

On Tue, 29 Jun 2021 07:09:11 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> Changes to the patch queue:
> 
> * (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS":
>   replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES
>   with AM_CPPFLAGS")
> 
> * (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …":
>   replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig
>   buffer sizes and add asserts")
> 
> * (old 0008) "evmctl: add parameter -e to set evm hash algo":
>   replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding
>   of SHA1 in EVM signatures"), which uses the already existing -a
>   parameter for this functionality now too.
> 
> * (old 0009) "evmctl: add support for offline image preparation":
>   port the refactoring from upstream commit c317d4618f92d4dd65
>   ("Namespace some too generic object names"). Also _GNU_SOURCE is now
>   already defined by configure, and will generate a warning when
>   redefined, so drop its definition here.
> 
> * (old 0011, new 0009) "HACK: don't generate the man page":
>   expand patch to make sure the manpages are really not built and
>   generate an error looking for "asciidoc", even when the XSL stylesheet
>   is detected on the build host
> 
> * (old 0013) "evmctl: use correct include for xattr.h":
>   replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct
>   include for xattr.h")
> 
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570
> Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210616161655.15480-2-rhi@pengutronix.de>
> [mol: use ac_cv_path_XMLCATALOG= instead of a patch, drop unnecessary INSTALL patch]
> [mol: make sure libtss2-esys/libtss2-rc are not used]
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
> deleted file mode 100644
> index c035197d9cc7..000000000000
> --- a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
> +++ /dev/null
> @@ -1,389 +0,0 @@
> -From: Marc Kleine-Budde <mkl@pengutronix.de>
> -Date: Wed, 18 Nov 2015 15:15:15 +0100
> -Subject: [PATCH] INSTALL: remove file, at it's autogenerated by autotools
> -
> -This patch remove the file "INSTALL" which is autogenerated during
> -./autogen.sh.
> -
> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ----
> - INSTALL | 370 ----------------------------------------------------------------
> - 1 file changed, 370 deletions(-)
> - delete mode 100644 INSTALL
> -
> -diff --git a/INSTALL b/INSTALL
> -deleted file mode 100644
> -index 007e9396d0a2..000000000000
> ---- a/INSTALL
> -+++ /dev/null
> -@@ -1,370 +0,0 @@
> --Installation Instructions
> --*************************
> --
> --Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
> --Inc.
> --
> --   Copying and distribution of this file, with or without modification,
> --are permitted in any medium without royalty provided the copyright
> --notice and this notice are preserved.  This file is offered as-is,
> --without warranty of any kind.
> --
> --Basic Installation
> --==================
> --
> --   Briefly, the shell commands `./configure; make; make install' should
> --configure, build, and install this package.  The following
> --more-detailed instructions are generic; see the `README' file for
> --instructions specific to this package.  Some packages provide this
> --`INSTALL' file but do not implement all of the features documented
> --below.  The lack of an optional feature in a given package is not
> --necessarily a bug.  More recommendations for GNU packages can be found
> --in *note Makefile Conventions: (standards)Makefile Conventions.
> --
> --   The `configure' shell script attempts to guess correct values for
> --various system-dependent variables used during compilation.  It uses
> --those values to create a `Makefile' in each directory of the package.
> --It may also create one or more `.h' files containing system-dependent
> --definitions.  Finally, it creates a shell script `config.status' that
> --you can run in the future to recreate the current configuration, and a
> --file `config.log' containing compiler output (useful mainly for
> --debugging `configure').
> --
> --   It can also use an optional file (typically called `config.cache'
> --and enabled with `--cache-file=config.cache' or simply `-C') that saves
> --the results of its tests to speed up reconfiguring.  Caching is
> --disabled by default to prevent problems with accidental use of stale
> --cache files.
> --
> --   If you need to do unusual things to compile the package, please try
> --to figure out how `configure' could check whether to do them, and mail
> --diffs or instructions to the address given in the `README' so they can
> --be considered for the next release.  If you are using the cache, and at
> --some point `config.cache' contains results you don't want to keep, you
> --may remove or edit it.
> --
> --   The file `configure.ac' (or `configure.in') is used to create
> --`configure' by a program called `autoconf'.  You need `configure.ac' if
> --you want to change it or regenerate `configure' using a newer version
> --of `autoconf'.
> --
> --   The simplest way to compile this package is:
> --
> --  1. `cd' to the directory containing the package's source code and type
> --     `./configure' to configure the package for your system.
> --
> --     Running `configure' might take a while.  While running, it prints
> --     some messages telling which features it is checking for.
> --
> --  2. Type `make' to compile the package.
> --
> --  3. Optionally, type `make check' to run any self-tests that come with
> --     the package, generally using the just-built uninstalled binaries.
> --
> --  4. Type `make install' to install the programs and any data files and
> --     documentation.  When installing into a prefix owned by root, it is
> --     recommended that the package be configured and built as a regular
> --     user, and only the `make install' phase executed with root
> --     privileges.
> --
> --  5. Optionally, type `make installcheck' to repeat any self-tests, but
> --     this time using the binaries in their final installed location.
> --     This target does not install anything.  Running this target as a
> --     regular user, particularly if the prior `make install' required
> --     root privileges, verifies that the installation completed
> --     correctly.
> --
> --  6. You can remove the program binaries and object files from the
> --     source code directory by typing `make clean'.  To also remove the
> --     files that `configure' created (so you can compile the package for
> --     a different kind of computer), type `make distclean'.  There is
> --     also a `make maintainer-clean' target, but that is intended mainly
> --     for the package's developers.  If you use it, you may have to get
> --     all sorts of other programs in order to regenerate files that came
> --     with the distribution.
> --
> --  7. Often, you can also type `make uninstall' to remove the installed
> --     files again.  In practice, not all packages have tested that
> --     uninstallation works correctly, even though it is required by the
> --     GNU Coding Standards.
> --
> --  8. Some packages, particularly those that use Automake, provide `make
> --     distcheck', which can by used by developers to test that all other
> --     targets like `make install' and `make uninstall' work correctly.
> --     This target is generally not run by end users.
> --
> --Compilers and Options
> --=====================
> --
> --   Some systems require unusual options for compilation or linking that
> --the `configure' script does not know about.  Run `./configure --help'
> --for details on some of the pertinent environment variables.
> --
> --   You can give `configure' initial values for configuration parameters
> --by setting variables in the command line or in the environment.  Here
> --is an example:
> --
> --     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
> --
> --   *Note Defining Variables::, for more details.
> --
> --Compiling For Multiple Architectures
> --====================================
> --
> --   You can compile the package for more than one kind of computer at the
> --same time, by placing the object files for each architecture in their
> --own directory.  To do this, you can use GNU `make'.  `cd' to the
> --directory where you want the object files and executables to go and run
> --the `configure' script.  `configure' automatically checks for the
> --source code in the directory that `configure' is in and in `..'.  This
> --is known as a "VPATH" build.
> --
> --   With a non-GNU `make', it is safer to compile the package for one
> --architecture at a time in the source code directory.  After you have
> --installed the package for one architecture, use `make distclean' before
> --reconfiguring for another architecture.
> --
> --   On MacOS X 10.5 and later systems, you can create libraries and
> --executables that work on multiple system types--known as "fat" or
> --"universal" binaries--by specifying multiple `-arch' options to the
> --compiler but only a single `-arch' option to the preprocessor.  Like
> --this:
> --
> --     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
> --                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
> --                 CPP="gcc -E" CXXCPP="g++ -E"
> --
> --   This is not guaranteed to produce working output in all cases, you
> --may have to build one architecture at a time and combine the results
> --using the `lipo' tool if you have problems.
> --
> --Installation Names
> --==================
> --
> --   By default, `make install' installs the package's commands under
> --`/usr/local/bin', include files under `/usr/local/include', etc.  You
> --can specify an installation prefix other than `/usr/local' by giving
> --`configure' the option `--prefix=PREFIX', where PREFIX must be an
> --absolute file name.
> --
> --   You can specify separate installation prefixes for
> --architecture-specific files and architecture-independent files.  If you
> --pass the option `--exec-prefix=PREFIX' to `configure', the package uses
> --PREFIX as the prefix for installing programs and libraries.
> --Documentation and other data files still use the regular prefix.
> --
> --   In addition, if you use an unusual directory layout you can give
> --options like `--bindir=DIR' to specify different values for particular
> --kinds of files.  Run `configure --help' for a list of the directories
> --you can set and what kinds of files go in them.  In general, the
> --default for these options is expressed in terms of `${prefix}', so that
> --specifying just `--prefix' will affect all of the other directory
> --specifications that were not explicitly provided.
> --
> --   The most portable way to affect installation locations is to pass the
> --correct locations to `configure'; however, many packages provide one or
> --both of the following shortcuts of passing variable assignments to the
> --`make install' command line to change installation locations without
> --having to reconfigure or recompile.
> --
> --   The first method involves providing an override variable for each
> --affected directory.  For example, `make install
> --prefix=/alternate/directory' will choose an alternate location for all
> --directory configuration variables that were expressed in terms of
> --`${prefix}'.  Any directories that were specified during `configure',
> --but not in terms of `${prefix}', must each be overridden at install
> --time for the entire installation to be relocated.  The approach of
> --makefile variable overrides for each directory variable is required by
> --the GNU Coding Standards, and ideally causes no recompilation.
> --However, some platforms have known limitations with the semantics of
> --shared libraries that end up requiring recompilation when using this
> --method, particularly noticeable in packages that use GNU Libtool.
> --
> --   The second method involves providing the `DESTDIR' variable.  For
> --example, `make install DESTDIR=/alternate/directory' will prepend
> --`/alternate/directory' before all installation names.  The approach of
> --`DESTDIR' overrides is not required by the GNU Coding Standards, and
> --does not work on platforms that have drive letters.  On the other hand,
> --it does better at avoiding recompilation issues, and works well even
> --when some directory options were not specified in terms of `${prefix}'
> --at `configure' time.
> --
> --Optional Features
> --=================
> --
> --   If the package supports it, you can cause programs to be installed
> --with an extra prefix or suffix on their names by giving `configure' the
> --option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
> --
> --   Some packages pay attention to `--enable-FEATURE' options to
> --`configure', where FEATURE indicates an optional part of the package.
> --They may also pay attention to `--with-PACKAGE' options, where PACKAGE
> --is something like `gnu-as' or `x' (for the X Window System).  The
> --`README' should mention any `--enable-' and `--with-' options that the
> --package recognizes.
> --
> --   For packages that use the X Window System, `configure' can usually
> --find the X include and library files automatically, but if it doesn't,
> --you can use the `configure' options `--x-includes=DIR' and
> --`--x-libraries=DIR' to specify their locations.
> --
> --   Some packages offer the ability to configure how verbose the
> --execution of `make' will be.  For these packages, running `./configure
> ----enable-silent-rules' sets the default to minimal output, which can be
> --overridden with `make V=1'; while running `./configure
> ----disable-silent-rules' sets the default to verbose, which can be
> --overridden with `make V=0'.
> --
> --Particular systems
> --==================
> --
> --   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
> --CC is not installed, it is recommended to use the following options in
> --order to use an ANSI C compiler:
> --
> --     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
> --
> --and if that doesn't work, install pre-built binaries of GCC for HP-UX.
> --
> --   HP-UX `make' updates targets which have the same time stamps as
> --their prerequisites, which makes it generally unusable when shipped
> --generated files such as `configure' are involved.  Use GNU `make'
> --instead.
> --
> --   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
> --parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
> --a workaround.  If GNU CC is not installed, it is therefore recommended
> --to try
> --
> --     ./configure CC="cc"
> --
> --and if that doesn't work, try
> --
> --     ./configure CC="cc -nodtk"
> --
> --   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
> --directory contains several dysfunctional programs; working variants of
> --these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
> --in your `PATH', put it _after_ `/usr/bin'.
> --
> --   On Haiku, software installed for all users goes in `/boot/common',
> --not `/usr/local'.  It is recommended to use the following options:
> --
> --     ./configure --prefix=/boot/common
> --
> --Specifying the System Type
> --==========================
> --
> --   There may be some features `configure' cannot figure out
> --automatically, but needs to determine by the type of machine the package
> --will run on.  Usually, assuming the package is built to be run on the
> --_same_ architectures, `configure' can figure that out, but if it prints
> --a message saying it cannot guess the machine type, give it the
> --`--build=TYPE' option.  TYPE can either be a short name for the system
> --type, such as `sun4', or a canonical name which has the form:
> --
> --     CPU-COMPANY-SYSTEM
> --
> --where SYSTEM can have one of these forms:
> --
> --     OS
> --     KERNEL-OS
> --
> --   See the file `config.sub' for the possible values of each field.  If
> --`config.sub' isn't included in this package, then this package doesn't
> --need to know the machine type.
> --
> --   If you are _building_ compiler tools for cross-compiling, you should
> --use the option `--target=TYPE' to select the type of system they will
> --produce code for.
> --
> --   If you want to _use_ a cross compiler, that generates code for a
> --platform different from the build platform, you should specify the
> --"host" platform (i.e., that on which the generated programs will
> --eventually be run) with `--host=TYPE'.
> --
> --Sharing Defaults
> --================
> --
> --   If you want to set default values for `configure' scripts to share,
> --you can create a site shell script called `config.site' that gives
> --default values for variables like `CC', `cache_file', and `prefix'.
> --`configure' looks for `PREFIX/share/config.site' if it exists, then
> --`PREFIX/etc/config.site' if it exists.  Or, you can set the
> --`CONFIG_SITE' environment variable to the location of the site script.
> --A warning: not all `configure' scripts look for a site script.
> --
> --Defining Variables
> --==================
> --
> --   Variables not defined in a site shell script can be set in the
> --environment passed to `configure'.  However, some packages may run
> --configure again during the build, and the customized values of these
> --variables may be lost.  In order to avoid this problem, you should set
> --them in the `configure' command line, using `VAR=value'.  For example:
> --
> --     ./configure CC=/usr/local2/bin/gcc
> --
> --causes the specified `gcc' to be used as the C compiler (unless it is
> --overridden in the site shell script).
> --
> --Unfortunately, this technique does not work for `CONFIG_SHELL' due to
> --an Autoconf limitation.  Until the limitation is lifted, you can use
> --this workaround:
> --
> --     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
> --
> --`configure' Invocation
> --======================
> --
> --   `configure' recognizes the following options to control how it
> --operates.
> --
> --`--help'
> --`-h'
> --     Print a summary of all of the options to `configure', and exit.
> --
> --`--help=short'
> --`--help=recursive'
> --     Print a summary of the options unique to this package's
> --     `configure', and exit.  The `short' variant lists options used
> --     only in the top level, while the `recursive' variant lists options
> --     also present in any nested packages.
> --
> --`--version'
> --`-V'
> --     Print the version of Autoconf used to generate the `configure'
> --     script, and exit.
> --
> --`--cache-file=FILE'
> --     Enable the cache: use and save the results of the tests in FILE,
> --     traditionally `config.cache'.  FILE defaults to `/dev/null' to
> --     disable caching.
> --
> --`--config-cache'
> --`-C'
> --     Alias for `--cache-file=config.cache'.
> --
> --`--quiet'
> --`--silent'
> --`-q'
> --     Do not print messages saying which checks are being made.  To
> --     suppress all normal output, redirect it to `/dev/null' (any error
> --     messages will still be shown).
> --
> --`--srcdir=DIR'
> --     Look for the package's source code in directory DIR.  Usually
> --     `configure' can determine that directory automatically.
> --
> --`--prefix=DIR'
> --     Use DIR as the installation prefix.  *note Installation Names::
> --     for more details, including other options available for fine-tuning
> --     the installation locations.
> --
> --`--no-create'
> --`-n'
> --     Run the configure checks, but stop before creating any output
> --     files.
> --
> --`configure' also accepts some other, not widely useful, options.  Run
> --`configure --help' for more details.
> diff --git a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
> deleted file mode 100644
> index cb09b8d78f8a..000000000000
> --- a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -From: Marc Kleine-Budde <mkl@pengutronix.de>
> -Date: Wed, 27 May 2015 10:41:27 +0200
> -Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS
> -
> -This patch fixes the following warning during autoreconf:
> -
> -| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
> -
> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ----
> - src/Makefile.am | 6 +++---
> - 1 file changed, 3 insertions(+), 3 deletions(-)
> -
> -diff --git a/src/Makefile.am b/src/Makefile.am
> -index deb18fb09dc7..9f547283d535 100644
> ---- a/src/Makefile.am
> -+++ b/src/Makefile.am
> -@@ -1,7 +1,7 @@
> - lib_LTLIBRARIES = libimaevm.la
> - 
> - libimaevm_la_SOURCES = libimaevm.c
> --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
> -+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
> - # current[:revision[:age]]
> - # result: [current-age].age.revision
> - libimaevm_la_LDFLAGS = -version-info 0:0:0
> -@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h
> - bin_PROGRAMS = evmctl
> - 
> - evmctl_SOURCES = evmctl.c
> --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
> -+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS)
> - evmctl_LDFLAGS = $(LDFLAGS_READLINE)
> - evmctl_LDADD =  $(OPENSSL_LIBS) -lkeyutils libimaevm.la
> - 
> --INCLUDES = -I$(top_srcdir) -include config.h
> -+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
> - 
> - DISTCLEANFILES = @DISTCLEANFILES@
> - 
> diff --git a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
> deleted file mode 100644
> index a3cd597f82d6..000000000000
> --- a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
> +++ /dev/null
> @@ -1,73 +0,0 @@
> -From: Marc Kleine-Budde <mkl@pengutronix.de>
> -Date: Sat, 26 Mar 2016 22:58:07 +0100
> -Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead
> - of open coding it
> -
> -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> ----
> - src/evmctl.c    | 10 +++++-----
> - src/libimaevm.c |  2 +-
> - 2 files changed, 6 insertions(+), 6 deletions(-)
> -
> -diff --git a/src/evmctl.c b/src/evmctl.c
> -index de53be37b69b..b0f3b6362528 100644
> ---- a/src/evmctl.c
> -+++ b/src/evmctl.c
> -@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> - 
> - static int sign_evm(const char *file, const char *key)
> - {
> --	unsigned char hash[20];
> -+	unsigned char hash[EVP_MAX_MD_SIZE];
> - 	unsigned char sig[1024];
> - 	int len, err;
> - 
> -@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
> - 
> - static int hash_ima(const char *file)
> - {
> --	unsigned char hash[66]; /* MAX hash size + 2 */
> -+	unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */
> - 	int len, err, offset;
> - 	int algo = get_hash_algo(params.hash_algo);
> - 
> -@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
> - 
> - static int sign_ima(const char *file, const char *key)
> - {
> --	unsigned char hash[64];
> -+	unsigned char hash[EVP_MAX_MD_SIZE];
> - 	unsigned char sig[1024];
> - 	int len, err;
> - 
> -@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
> - 
> - static int verify_evm(const char *file)
> - {
> --	unsigned char hash[20];
> -+	unsigned char hash[EVP_MAX_MD_SIZE];
> - 	unsigned char sig[1024];
> - 	int len;
> - 
> -@@ -1119,7 +1119,7 @@ out:
> - 
> - static int hmac_evm(const char *file, const char *key)
> - {
> --	unsigned char hash[20];
> -+	unsigned char hash[EVP_MAX_MD_SIZE];
> - 	unsigned char sig[1024];
> - 	int len, err;
> - 
> -diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 6fa0ed4a1c74..8fc23be08bd7 100644
> ---- a/src/libimaevm.c
> -+++ b/src/libimaevm.c
> -@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
> - int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
> - 			 unsigned char *digest, int digestlen)
> - {
> --	unsigned char hash[64];
> -+	unsigned char hash[EVP_MAX_MD_SIZE];
> - 	int hashlen, sig_hash_algo;
> - 
> - 	if (sig[0] != 0x03) {
> diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
> deleted file mode 100644
> index 488dfa822286..000000000000
> --- a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
> +++ /dev/null
> @@ -1,133 +0,0 @@
> -From: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> -Date: Tue, 8 Mar 2016 13:46:14 +0100
> -Subject: [PATCH] evmctl: add parameter -e to set evm hash algo
> -
> -The paramter -a sets the hash algorithm only for IMA. To not break
> -anything, add a new parameter -e to be able to change the hash for
> -EVM, too.
> -
> -Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> ----
> - src/evmctl.c    | 27 +++++++++++++++++++++++----
> - src/imaevm.h    |  1 +
> - src/libimaevm.c |  1 +
> - 3 files changed, 25 insertions(+), 4 deletions(-)
> -
> -diff --git a/src/evmctl.c b/src/evmctl.c
> -index b0f3b6362528..5d664005e915 100644
> ---- a/src/evmctl.c
> -+++ b/src/evmctl.c
> -@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> - #else
> - 	pctx = EVP_MD_CTX_new();
> - #endif
> -+	const EVP_MD *md;
> - 
> - 	if (lstat(file, &st)) {
> - 		log_err("Failed to stat: %s\n", file);
> -@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> - 		return -1;
> - 	}
> - 
> --	err = EVP_DigestInit(pctx, EVP_sha1());
> -+	md = EVP_get_digestbyname(params.evm_hash_algo);
> -+	if (!md) {
> -+		log_err("EVP_get_digestbyname() failed\n");
> -+		return 1;
> -+	}
> -+
> -+	err = EVP_DigestInit(pctx, md);
> - 	if (!err) {
> - 		log_err("EVP_DigestInit() failed\n");
> - 		return 1;
> -@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
> - 	if (len <= 1)
> - 		return len;
> - 
> --	len = sign_hash("sha1", hash, len, key, NULL, sig + 1);
> -+	len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1);
> - 	if (len <= 1)
> - 		return len;
> - 
> -@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> - #else
> - 	pctx = HMAC_CTX_new();
> - #endif
> -+	const EVP_MD *md;
> - 
> - 	key = file2bin(keyfile, NULL, &keylen);
> - 	if (!key) {
> -@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> - 		goto out;
> - 	}
> - 
> --	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
> -+	md = EVP_get_digestbyname(params.evm_hash_algo);
> -+	if (!md) {
> -+		log_err("EVP_get_digestbyname() failed\n");
> -+		return 1;
> -+	}
> -+
> -+	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
> - 	if (err) {
> - 		log_err("HMAC_Init() failed\n");
> - 		goto out;
> -@@ -1635,6 +1649,7 @@ static void usage(void)
> - 	printf(
> - 		"\n"
> - 		"  -a, --hashalgo     sha1 (default), sha224, sha256, sha384, sha512\n"
> -+		"  -e, --evmhashalgo  sha1 (default), sha224, sha256, sha384, sha512\n"
> - 		"  -s, --imasig       make IMA signature\n"
> - 		"  -d, --imahash      make IMA hash\n"
> - 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
> -@@ -1691,6 +1706,7 @@ static struct option opts[] = {
> - 	{"imasig", 0, 0, 's'},
> - 	{"imahash", 0, 0, 'd'},
> - 	{"hashalgo", 1, 0, 'a'},
> -+	{"evmhashalgo", 1, 0, 'e'},
> - 	{"pass", 2, 0, 'p'},
> - 	{"sigfile", 0, 0, 'f'},
> - 	{"uuid", 2, 0, 'u'},
> -@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
> - 	g_argc = argc;
> - 
> - 	while (1) {
> --		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
> -+		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
> - 		if (c == -1)
> - 			break;
> - 
> -@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
> - 		case 'a':
> - 			params.hash_algo = optarg;
> - 			break;
> -+		case 'e':
> -+			params.evm_hash_algo = optarg;
> -+			break;
> - 		case 'p':
> - 			if (optarg)
> - 				params.keypass = optarg;
> -diff --git a/src/imaevm.h b/src/imaevm.h
> -index 1bafaad0f4ab..ed92e4d8981d 100644
> ---- a/src/imaevm.h
> -+++ b/src/imaevm.h
> -@@ -179,6 +179,7 @@ struct libevm_params {
> - 	int verbose;
> - 	int x509;
> - 	const char *hash_algo;
> -+	const char *evm_hash_algo;
> - 	const char *keyfile;
> - 	const char *keypass;
> - };
> -diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index b6c328801708..4c093a038b72 100644
> ---- a/src/libimaevm.c
> -+++ b/src/libimaevm.c
> -@@ -129,6 +129,7 @@ struct libevm_params params = {
> - 	.verbose = LOG_INFO - 1,
> - 	.x509 = 1,
> - 	.hash_algo = "sha1",
> -+	.evm_hash_algo = "sha1",
> - };
> - 
> - static void __attribute__ ((constructor)) libinit(void);
> diff --git a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
> deleted file mode 100644
> index bb44e8d6c2be..000000000000
> --- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
> +++ /dev/null
> @@ -1,19 +0,0 @@
> -From: Michael Olbrich <m.olbrich@pengutronix.de>
> -Date: Wed, 3 Jun 2015 16:08:51 +0200
> -Subject: [PATCH] HACK: don't generate man page
> -
> -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> ----
> - Makefile.am | 1 -
> - 1 file changed, 1 deletion(-)
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index 06ebf59ea4aa..e527f34f1faa 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -1,5 +1,4 @@
> - SUBDIRS = src
> --dist_man_MANS = evmctl.1
> - 
> - doc_DATA =  examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
> - EXTRA_DIST = autogen.sh $(doc_DATA)
> diff --git a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
> deleted file mode 100644
> index 3157c711a065..000000000000
> --- a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch
> +++ /dev/null
> @@ -1,80 +0,0 @@
> -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net>
> -Date: Mon, 17 Oct 2016 12:45:32 +0100
> -Subject: [PATCH] evmctl: use correct include for xattr.h
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -The xattr API/ABI is provided by both the c-library, as well as by the
> -libattr package. The c-library's header file is sys/xattr.h, whereas
> -libattr's header file can be found in attr/xattr.h.
> -
> -Given none of the code here *links* against the libattr.so shared library, it
> -is wrong to *compile* against libattr's API (header file).
> -
> -Doing so avoids confusion as to which xattr.h is used as the least problem,
> -and potential ABI differences as the worst problem due the mismatching header
> -file used.
> -
> -So make sure we compile and link against the same thing, the c-library in
> -both cases.
> -
> -Signed-off-by: André Draszik <git@andred.net>
> -Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> ----
> - configure.ac                    | 2 +-
> - packaging/ima-evm-utils.spec    | 1 -
> - packaging/ima-evm-utils.spec.in | 1 -
> - src/evmctl.c                    | 2 +-
> - 4 files changed, 2 insertions(+), 4 deletions(-)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 6822f39cff69..06d061bc94ea 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS)
> - AC_CHECK_HEADER(unistd.h)
> - AC_CHECK_HEADERS(openssl/conf.h)
> - 
> --AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])])
> -+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
> - AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
> - 
> - #debug support - yes for a while
> -diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec
> -index a11a27a18815..63388d2b444b 100644
> ---- a/packaging/ima-evm-utils.spec
> -+++ b/packaging/ima-evm-utils.spec
> -@@ -11,7 +11,6 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
> - BuildRequires:    autoconf
> - BuildRequires:    automake
> - BuildRequires:    openssl-devel
> --BuildRequires:    libattr-devel
> - BuildRequires:    keyutils-libs-devel
> - 
> - %description
> -diff --git a/packaging/ima-evm-utils.spec.in b/packaging/ima-evm-utils.spec.in
> -index 7ca6c6fb3b0d..65c32f9e6445 100644
> ---- a/packaging/ima-evm-utils.spec.in
> -+++ b/packaging/ima-evm-utils.spec.in
> -@@ -11,7 +11,6 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
> - BuildRequires:    autoconf
> - BuildRequires:    automake
> - BuildRequires:    openssl-devel
> --BuildRequires:    libattr-devel
> - BuildRequires:    keyutils-libs-devel
> - 
> - %description
> -diff --git a/src/evmctl.c b/src/evmctl.c
> -index 4422c0e84d4a..02eb84d4c341 100644
> ---- a/src/evmctl.c
> -+++ b/src/evmctl.c
> -@@ -49,7 +49,7 @@
> - #include <stdint.h>
> - #include <string.h>
> - #include <dirent.h>
> --#include <attr/xattr.h>
> -+#include <sys/xattr.h>
> - #include <linux/xattr.h>
> - #include <getopt.h>
> - #include <keyutils.h>
> diff --git a/patches/ima-evm-utils-1.1/series b/patches/ima-evm-utils-1.1/series
> deleted file mode 100644
> index 6fb042465042..000000000000
> --- a/patches/ima-evm-utils-1.1/series
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
> -0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
> -0003-evmctl-find-add-missing-closedir-dir-on-error.patch
> -0004-evmctl-find-add-missing-error-handling-and-propagate.patch
> -0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> -0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
> -0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> -0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
> -0009-evmctl-add-support-for-offline-image-preparation.patch
> -0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> -0011-HACK-don-t-generate-man-page.patch
> -0012-Fix-warning-for-non-debug-use-case.patch
> -0013-evmctl-use-correct-include-for-xattr.h.patch
> -# 5032e96fb6da7cb77f053c2b5a6edc44  - git-ptx-patches magic
> diff --git a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> similarity index 79%
> rename from patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
> rename to patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> index 4b1c84584479..5c91c4621a76 100644
> --- a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
> +++ b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> @@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
>   1 file changed, 2 insertions(+)
>  
>  diff --git a/src/evmctl.c b/src/evmctl.c
> -index 2ffee786865b..20eccfa93b2b 100644
> +index 1815f55d73e0..cca2fabdb2a6 100644
>  --- a/src/evmctl.c
>  +++ b/src/evmctl.c
> -@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t func)
>   
>   	if (fchdir(dirfd(dir))) {
>   		log_err("Failed to chdir %s\n", path);
> @@ -21,7 +21,7 @@ index 2ffee786865b..20eccfa93b2b 100644
>   		return -1;
>   	}
>   
> -@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t func)
>   
>   	if (chdir("..")) {
>   		log_err("Failed to chdir: %s\n", path);
> diff --git a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> similarity index 87%
> rename from patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
> rename to patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> index 68660d95eda0..62471489a9f2 100644
> --- a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
> +++ b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> @@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
>   1 file changed, 16 insertions(+), 4 deletions(-)
>  
>  diff --git a/src/evmctl.c b/src/evmctl.c
> -index 20eccfa93b2b..55fc619f5990 100644
> +index cca2fabdb2a6..e6761f2ae5e4 100644
>  --- a/src/evmctl.c
>  +++ b/src/evmctl.c
> -@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t func)
>   	}
>   
>   	while ((de = readdir(dir))) {
> @@ -38,7 +38,7 @@ index 20eccfa93b2b..55fc619f5990 100644
>   	}
>   
>   	if (chdir("..")) {
> -@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func)
> +@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t func)
>   		return -1;
>   	}
>   
> diff --git a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> similarity index 80%
> rename from patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> rename to patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> index 69aadb377668..0de24af6a0e7 100644
> --- a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> +++ b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> @@ -10,12 +10,12 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
>   1 file changed, 5 insertions(+)
>  
>  diff --git a/src/evmctl.c b/src/evmctl.c
> -index 55fc619f5990..de53be37b69b 100644
> +index e6761f2ae5e4..a1fd9feaea78 100644
>  --- a/src/evmctl.c
>  +++ b/src/evmctl.c
> -@@ -62,6 +62,11 @@
> - #include <openssl/err.h>
> - #include <openssl/rsa.h>
> +@@ -72,6 +72,11 @@
> + #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX
> + #endif
>   
>  +#ifndef XATTR_NAME_IMA
>  +#define XATTR_IMA_SUFFIX "ima"
> diff --git a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> similarity index 76%
> rename from patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> rename to patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> index 2164c6238e78..e20cfaa826df 100644
> --- a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> +++ b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> @@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
>   1 file changed, 2 insertions(+), 2 deletions(-)
>  
>  diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 8fc23be08bd7..b6c328801708 100644
> +index fa6c27858d0f..002b0657337c 100644
>  --- a/src/libimaevm.c
>  +++ b/src/libimaevm.c
> -@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size,
> +@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
>   	SHA_CTX ctx;
>   	unsigned char out[1024];
>   	RSA *key;
> @@ -20,7 +20,7 @@ index 8fc23be08bd7..b6c328801708 100644
>   	struct signature_hdr *hdr = (struct signature_hdr *)sig;
>   
>   	log_info("hash-v1: ");
> -@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
> +@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash,
>   	unsigned char pub[1024];
>   	RSA *key;
>   	char name[20];
> diff --git a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch
> similarity index 78%
> rename from patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
> rename to patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch
> index 6d9b40fc5b43..75d92734190c 100644
> --- a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
> +++ b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch
> @@ -33,29 +33,29 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
>  ---
>   src/evmctl.c    | 57 +++++++++++++++++++++++++++++++++++++++++++++++++--------
>   src/imaevm.h    |  1 +
> - src/libimaevm.c | 25 ++++++++++++++++++++++++-
> - 3 files changed, 74 insertions(+), 9 deletions(-)
> + src/libimaevm.c | 24 +++++++++++++++++++++++-
> + 3 files changed, 73 insertions(+), 9 deletions(-)
>  
>  diff --git a/src/evmctl.c b/src/evmctl.c
> -index 5d664005e915..9003f7640c0f 100644
> +index a1fd9feaea78..a4d784a5bfb6 100644
>  --- a/src/evmctl.c
>  +++ b/src/evmctl.c
> -@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> + #else
>   	pctx = EVP_MD_CTX_new();
>   #endif
> - 	const EVP_MD *md;
>  +	ino_t ino;
>   
>   	if (lstat(file, &st)) {
>   		log_err("Failed to stat: %s\n", file);
> -@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>   			}
>   			close(fd);
>   		}
>  -		log_info("generation: %u\n", generation);
>   	}
>   
> -+	if (params.image_mode) {
> ++	if (imaevm_params.image_mode) {
>  +		char buf[128] = { };
>  +
>  +		err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
> @@ -75,7 +75,7 @@ index 5d664005e915..9003f7640c0f 100644
>   	list_size = llistxattr(file, list, sizeof(list));
>   	if (list_size < 0) {
>   		log_err("llistxattr() failed\n");
> -@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>   
>   		hmac_size = sizeof(*hmac);
>   		if (!evm_portable) {
> @@ -84,7 +84,7 @@ index 5d664005e915..9003f7640c0f 100644
>   			hmac->generation = generation;
>   		}
>   		hmac->uid = st.st_uid;
> -@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>   
>   		hmac_size = sizeof(*hmac);
>   		if (!evm_portable) {
> @@ -93,7 +93,7 @@ index 5d664005e915..9003f7640c0f 100644
>   			hmac->generation = generation;
>   		}
>   		hmac->uid = st.st_uid;
> -@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
> +@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
>   
>   		hmac_size = sizeof(*hmac);
>   		if (!evm_portable) {
> @@ -102,19 +102,19 @@ index 5d664005e915..9003f7640c0f 100644
>   			hmac->generation = generation;
>   		}
>   		hmac->uid = st.st_uid;
> -@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> + #else
>   	pctx = HMAC_CTX_new();
>   #endif
> - 	const EVP_MD *md;
>  +	ino_t ino;
>   
>   	key = file2bin(keyfile, NULL, &keylen);
>   	if (!key) {
> -@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
>   		close(fd);
>   	}
>   
> -+	if (params.image_mode) {
> ++	if (imaevm_params.image_mode) {
>  +		char buf[128] = { };
>  +
>  +		err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1);
> @@ -137,7 +137,7 @@ index 5d664005e915..9003f7640c0f 100644
>   		log_err("llistxattr() failed: %s\n", file);
>   		goto out;
>   	}
> -@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
>   		struct h_misc *hmac = (struct h_misc *)&hmac_misc;
>   
>   		hmac_size = sizeof(*hmac);
> @@ -146,7 +146,7 @@ index 5d664005e915..9003f7640c0f 100644
>   		hmac->generation = generation;
>   		hmac->uid = st.st_uid;
>   		hmac->gid = st.st_gid;
> -@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
>   		struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
>   
>   		hmac_size = sizeof(*hmac);
> @@ -155,7 +155,7 @@ index 5d664005e915..9003f7640c0f 100644
>   		hmac->generation = generation;
>   		hmac->uid = st.st_uid;
>   		hmac->gid = st.st_gid;
> -@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
> +@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
>   		struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
>   
>   		hmac_size = sizeof(*hmac);
> @@ -164,7 +164,7 @@ index 5d664005e915..9003f7640c0f 100644
>   		hmac->generation = generation;
>   		hmac->uid = st.st_uid;
>   		hmac->gid = st.st_gid;
> -@@ -1666,6 +1700,9 @@ static void usage(void)
> +@@ -2476,6 +2510,9 @@ static void usage(void)
>   		"      --smack        use extra SMACK xattrs for EVM\n"
>   		"      --m32          force EVM hmac/signature for 32 bit target system\n"
>   		"      --m64          force EVM hmac/signature for 64 bit target system\n"
> @@ -174,7 +174,7 @@ index 5d664005e915..9003f7640c0f 100644
>   		"      --ino          use custom inode for EVM\n"
>   		"      --uid          use custom UID for EVM\n"
>   		"      --gid          use custom GID for EVM\n"
> -@@ -1716,6 +1753,7 @@ static struct option opts[] = {
> +@@ -2528,6 +2565,7 @@ static struct option opts[] = {
>   	{"recursive", 0, 0, 'r'},
>   	{"m32", 0, 0, '3'},
>   	{"m64", 0, 0, '6'},
> @@ -182,31 +182,31 @@ index 5d664005e915..9003f7640c0f 100644
>   	{"portable", 0, 0, 'o'},
>   	{"smack", 0, 0, 128},
>   	{"version", 0, 0, 129},
> -@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[])
> +@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[])
>   	g_argc = argc;
>   
>   	while (1) {
> --		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
> -+		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind);
> +-		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
> ++		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, &lind);
>   		if (c == -1)
>   			break;
>   
> -@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[])
> +@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[])
>   		case '6':
>   			msize = 64;
>   			break;
>  +		case 'm':
> -+			params.image_mode = true;
> ++			imaevm_params.image_mode = true;
>  +			break;
>   		case 128:
>   			evm_config_xattrnames = evm_extra_smack_xattrs;
>   			break;
>  diff --git a/src/imaevm.h b/src/imaevm.h
> -index ed92e4d8981d..7e32d09c6538 100644
> +index 45039199ab31..2f78a31ab438 100644
>  --- a/src/imaevm.h
>  +++ b/src/imaevm.h
> -@@ -182,6 +182,7 @@ struct libevm_params {
> - 	const char *evm_hash_algo;
> +@@ -196,6 +196,7 @@ struct libimaevm_params {
> + 	const char *hash_algo;
>   	const char *keyfile;
>   	const char *keypass;
>  +	bool image_mode;
> @@ -214,31 +214,23 @@ index ed92e4d8981d..7e32d09c6538 100644
>   
>   struct RSA_ASN1_template {
>  diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 4c093a038b72..866f74b39b41 100644
> +index 002b0657337c..1cdf1dc590cc 100644
>  --- a/src/libimaevm.c
>  +++ b/src/libimaevm.c
> -@@ -40,6 +40,7 @@
> - 
> - /* should we use logger instead for library? */
> - #define USE_FPRINTF
> -+#define _GNU_SOURCE
> - 
> - #include <sys/types.h>
> - #include <sys/param.h>
> -@@ -49,6 +50,7 @@
> - #include <dirent.h>
> - #include <string.h>
> +@@ -51,6 +51,7 @@
>   #include <stdio.h>
> + #include <assert.h>
> + #include <ctype.h>
>  +#include <sys/xattr.h>
>   
> + #include <openssl/crypto.h>
>   #include <openssl/pem.h>
> - #include <openssl/evp.h>
> -@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
> +@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
>   	}
>   
>   	while ((de = readdir(dir))) {
>  -		ino = de->d_ino;
> -+		if (params.image_mode) {
> ++		if (imaevm_params.image_mode) {
>  +			char *name;
>  +			char buf[128] = { };
>  +
> diff --git a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> similarity index 86%
> rename from patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> rename to patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> index 12b77a132002..251f7136b42b 100644
> --- a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> +++ b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> @@ -15,16 +15,16 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>   1 file changed, 3 insertions(+)
>  
>  diff --git a/src/libimaevm.c b/src/libimaevm.c
> -index 866f74b39b41..834b738426bf 100644
> +index 1cdf1dc590cc..6bb0b0757c42 100644
>  --- a/src/libimaevm.c
>  +++ b/src/libimaevm.c
> -@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
> +@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
>   	}
>   
>   	while ((de = readdir(dir))) {
>  +		if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
>  +			continue;
>  +
> - 		if (params.image_mode) {
> + 		if (imaevm_params.image_mode) {
>   			char *name;
>   			char buf[128] = { };
> diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch
> similarity index 86%
> rename from patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
> rename to patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch
> index 80073f19aaf5..2cddf569a91d 100644
> --- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
> +++ b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch
> @@ -14,10 +14,10 @@ Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
>   1 file changed, 1 insertion(+), 1 deletion(-)
>  
>  diff --git a/src/evmctl.c b/src/evmctl.c
> -index 9003f7640c0f..4422c0e84d4a 100644
> +index a4d784a5bfb6..7c1f15082615 100644
>  --- a/src/evmctl.c
>  +++ b/src/evmctl.c
> -@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key)
> +@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key)
>   	return 0;
>   }
>   
> diff --git a/patches/ima-evm-utils-1.1/autogen.sh b/patches/ima-evm-utils-1.3.2/autogen.sh
> similarity index 100%
> rename from patches/ima-evm-utils-1.1/autogen.sh
> rename to patches/ima-evm-utils-1.3.2/autogen.sh
> diff --git a/patches/ima-evm-utils-1.3.2/series b/patches/ima-evm-utils-1.3.2/series
> new file mode 100644
> index 000000000000..36781ea6bb6f
> --- /dev/null
> +++ b/patches/ima-evm-utils-1.3.2/series
> @@ -0,0 +1,10 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-evmctl-find-add-missing-closedir-dir-on-error.patch
> +0002-evmctl-find-add-missing-error-handling-and-propagate.patch
> +0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
> +0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
> +0005-evmctl-add-support-for-offline-image-preparation.patch
> +0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
> +0007-Fix-warning-for-non-debug-use-case.patch
> +# f8ecfd002cf2ee8244984a1757a1bfea  - git-ptx-patches magic
> diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
> index 3a0ce4660c87..fb500fb169aa 100644
> --- a/rules/ima-evm-utils.make
> +++ b/rules/ima-evm-utils.make
> @@ -1,7 +1,7 @@
>  # -*-makefile-*-
>  #
>  # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de>
> -#               2015 by Marc Kleine-Budde <mkl@pengutronix.de>
> +#               2015, 2020 by Marc Kleine-Budde <mkl@pengutronix.de>
>  #               2021 Roland Hieber, Pengutronix <rhi@pengutronix.de>
>  #
>  # For further information about the PTXdist project and license conditions
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils
>  #
>  # Paths and names
>  #
> -IMA_EVM_UTILS_VERSION	:= 1.1
> -IMA_EVM_UTILS_MD5	:= 77455aeee54fdc7a70c733bcb65d33cc
> +IMA_EVM_UTILS_VERSION	:= 1.3.2
> +IMA_EVM_UTILS_MD5	:= 55cc0e2c77a725f722833c3b4a36038c
>  IMA_EVM_UTILS		:= ima-evm-utils-$(IMA_EVM_UTILS_VERSION)
>  IMA_EVM_UTILS_SUFFIX	:= tar.gz
>  IMA_EVM_UTILS_URL	:= $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
> @@ -32,9 +32,16 @@ IMA_EVM_UTILS_LICENSE_FILES	:= \
>  # Prepare
>  # ----------------------------------------------------------------------------
>  
> +IMA_EVM_UTILS_CONF_ENV := \
> +	$(CROSS_ENV) \
> +	ac_cv_lib_tss2_esys_Esys_Free=no \
> +	ac_cv_lib_tss2_rc_Tss2_RC_Decode=no \
> +	ac_cv_path_XMLCATALOG=
> +
>  IMA_EVM_UTILS_CONF_TOOL := autoconf
>  IMA_EVM_UTILS_AUTOCONF := \
>  	$(CROSS_AUTOCONF_USR) \
> +	--enable-openssl-conf \
>  	--disable-debug
>  
>  # ----------------------------------------------------------------------------

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [APPLIED] systemd: make hostnamed and quotacheck optional
  2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
@ 2021-06-29  5:09   ` Michael Olbrich
  0 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2021-06-29  5:09 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Thanks, applied as cb4ac069a4c692caeeac38e2dbb68415ffc61121.

Michael

[sent from post-receive hook]

On Tue, 29 Jun 2021 07:09:12 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> This reduces the dependency graph and can therefore decrease boot time
> on systems that are configured with a static hostname, and which do not
> use quota. With this, /usr/share/dbus-1/system-services/ may no longer
> contain any service definitions, so add an empty kconfig option for it.
> 
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210616161655.15480-3-rhi@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/systemd.in b/rules/systemd.in
> index 854c344d5441..0c6dcb317613 100644
> --- a/rules/systemd.in
> +++ b/rules/systemd.in
> @@ -56,11 +56,15 @@ comment "D-Bus is needed for the enabled features"
>  config SYSTEMD_DBUS
>  	bool
>  
> +config SYSTEMD_DBUS_SERVICES
> +	bool
> +
>  config SYSTEMD_MICROHTTPD
>  	bool
>  
>  config SYSTEMD_LOCALES
>  	bool
> +	select SYSTEMD_DBUS_SERVICES
>  	default LOCALES
>  
>  config SYSTEMD_VCONSOLE
> @@ -77,9 +81,19 @@ config SYSTEMD_DISABLE_RANDOM_SEED
>  	  the random seed is not possible.
>  	  Warning: enabling this option may be insecure.
>  
> +config SYSTEMD_HOSTNAMED
> +	bool
> +	default y
> +	select SYSTEMD_DBUS_SERVICES
> +	prompt "hostname daemon"
> +	help
> +	  A tiny daemon that can be used to control the hostname and related
> +	  machine meta data from user programs.
> +
>  config SYSTEMD_LOGIND
>  	bool
>  	select SYSTEMD_DBUS
> +	select SYSTEMD_DBUS_SERVICES
>  	prompt "login daemon"
>  
>  config SYSTEMD_UNITS_USER
> @@ -89,6 +103,7 @@ config SYSTEMD_UNITS_USER
>  
>  config SYSTEMD_NETWORK
>  	bool
> +	select SYSTEMD_DBUS_SERVICES
>  	prompt "network configuration with systemd"
>  
>  config SYSTEMD_IPMASQUERADE
> @@ -102,6 +117,7 @@ config SYSTEMD_TIMEDATE
>  	bool
>  	default y
>  	select SYSTEMD_DBUS
> +	select SYSTEMD_DBUS_SERVICES
>  	prompt "date/time handling"
>  	help
>  	  NTP client for time synchronization and local timezone handling.
> @@ -122,6 +138,13 @@ config SYSTEMD_POLKIT
>  	bool
>  	default POLKIT
>  
> +config SYSTEMD_QUOTACHECK
> +	bool
> +	default y
> +	prompt "disk quota support"
> +	help
> +	  File system quota checker logic
> +
>  menu "journald                    "
>  
>  config SYSTEMD_XZ
> diff --git a/rules/systemd.make b/rules/systemd.make
> index 3a3621fe767e..929a76dd423e 100644
> --- a/rules/systemd.make
> +++ b/rules/systemd.make
> @@ -95,7 +95,7 @@ SYSTEMD_CONF_OPT	:= \
>  	-Dgshadow=false \
>  	-Dhibernate=false \
>  	-Dhomed=false \
> -	-Dhostnamed=true \
> +	-Dhostnamed=$(call ptx/truefalse,PTXCONF_SYSTEMD_HOSTNAMED) \
>  	-Dhtml=false \
>  	-Dhwdb=$(call ptx/truefalse,PTXCONF_SYSTEMD_UDEV_HWDB) \
>  	-Didn=false \
> @@ -152,7 +152,7 @@ SYSTEMD_CONF_OPT	:= \
>  	-Dpstore=false \
>  	-Dpwquality=false \
>  	-Dqrencode=false \
> -	-Dquotacheck=true \
> +	-Dquotacheck=$(call ptx/truefalse,PTXCONF_SYSTEMD_QUOTACHECK) \
>  	-Dquotacheck-path=/usr/sbin/quotacheck \
>  	-Dquotaon-path=/usr/sbin/quotaon \
>  	-Drandomseed=$(call ptx/falsetrue,PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED) \
> @@ -248,7 +248,7 @@ SYSTEMD_HELPER := \
>  	$(call ptx/ifdef, PTXCONF_SYSTEMD_COREDUMP,systemd-coredump) \
>  	systemd-fsck \
>  	systemd-growfs \
> -	systemd-hostnamed \
> +	$(call ptx/ifdef, PTXCONF_SYSTEMD_HOSTNAMED,systemd-hostnamed) \
>  	systemd-journald \
>  	$(call ptx/ifdef, PTXCONF_SYSTEMD_JOURNAL_REMOTE,systemd-journal-remote) \
>  	$(call ptx/ifdef, PTXCONF_SYSTEMD_LOCALES,systemd-localed) \
> @@ -257,7 +257,7 @@ SYSTEMD_HELPER := \
>  	systemd-modules-load \
>  	$(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd) \
>  	$(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd-wait-online) \
> -	systemd-quotacheck \
> +	$(call ptx/ifdef, PTXCONF_SYSTEMD_QUOTACHECK,systemd-quotacheck) \
>  	$(call ptx/ifdef, PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED,,systemd-random-seed) \
>  	systemd-remount-fs \
>  	systemd-reply-password \
> @@ -347,7 +347,9 @@ $(STATEDIR)/systemd.targetinstall:
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-notify)
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-tmpfiles)
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/busctl)
> +ifdef PTXCONF_SYSTEMD_HOSTNAMED
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/hostnamectl)
> +endif
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-analyze)
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cat)
>  	@$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cgls)
> @@ -377,9 +379,11 @@ $(STATEDIR)/systemd.targetinstall:
>  	@$(call install_tree, systemd, 0, 0, -, /usr/lib/tmpfiles.d/)
>  	@$(call install_copy, systemd, 0, 0, 0644, -, /usr/lib/sysctl.d/50-default.conf)
>  
> +ifdef PTXCONF_SYSTEMD_DBUS_SERVICES
>  	@$(call install_copy, systemd, 0, 0, 0644, -, \
>  		/usr/share/dbus-1/services/org.freedesktop.systemd1.service)
>  	@$(call install_tree, systemd, 0, 0, -, /usr/share/dbus-1/system-services/)
> +endif
>  
>  #	# systemd expects this directory to exist.
>  	@$(call install_copy, systemd, 0, 0, 0755, /var/lib/systemd)

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-06-29  5:10 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber
2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber
2021-06-29  5:09   ` [ptxdist] [APPLIED] " Michael Olbrich
2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber
2021-06-29  5:09   ` [ptxdist] [APPLIED] " Michael Olbrich
2021-06-29  5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox