* [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement @ 2021-06-16 16:16 Roland Hieber 2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- v1 -> v2: * fix unknown-exception -> custom-exception PATCH v1: https://lore.ptxdist.org/ptxdist/20210611121842.GH839947@pengutronix.de --- rules/ima-evm-utils.make | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make index 1c5e15b1415f..3a0ce4660c87 100644 --- a/rules/ima-evm-utils.make +++ b/rules/ima-evm-utils.make @@ -2,6 +2,7 @@ # # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de> # 2015 by Marc Kleine-Budde <mkl@pengutronix.de> +# 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de> # # For further information about the PTXdist project and license conditions # see the README file. @@ -22,7 +23,10 @@ IMA_EVM_UTILS_SUFFIX := tar.gz IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)) IMA_EVM_UTILS_SOURCE := $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX) IMA_EVM_UTILS_DIR := $(BUILDDIR)/$(IMA_EVM_UTILS) -IMA_EVM_UTILS_LICENSE := LGPL-2.0-or-later +IMA_EVM_UTILS_LICENSE := GPL-2.0-only WITH custom-exception +IMA_EVM_UTILS_LICENSE_FILES := \ + file://src/evmctl.c;startline=13;endline=35;md5=1e6e51503ab04045269a92c0bc5d5b55 \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 # ---------------------------------------------------------------------------- # Prepare -- 2.29.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber @ 2021-06-16 16:16 ` Roland Hieber 2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich 2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber 2021-06-29 5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich 2 siblings, 1 reply; 6+ messages in thread From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Changes to the patch queue: * (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS": replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES with AM_CPPFLAGS") * (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …": replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig buffer sizes and add asserts") * (old 0008) "evmctl: add parameter -e to set evm hash algo": replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding of SHA1 in EVM signatures"), which uses the already existing -a parameter for this functionality now too. * (old 0009) "evmctl: add support for offline image preparation": port the refactoring from upstream commit c317d4618f92d4dd65 ("Namespace some too generic object names"). Also _GNU_SOURCE is now already defined by configure, and will generate a warning when redefined, so drop its definition here. * (old 0011, new 0009) "HACK: don't generate the man page": expand patch to make sure the manpages are really not built and generate an error looking for "asciidoc", even when the XSL stylesheet is detected on the build host * (old 0013) "evmctl: use correct include for xattr.h": replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct include for xattr.h") Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0 Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3 Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003 Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570 Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889 Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- v1 -> v2: * update to version 1.3.2 * port existing patches PATCH v1: https://lore.ptxdist.org/ptxdist/20210607130909.4836-5-rhi@pengutronix.de --- ...efile.am-rename-INCLUDES-AM_CPPFLAGS.patch | 40 ------ ...-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch | 73 ---------- ...add-parameter-e-to-set-evm-hash-algo.patch | 133 ------------------ .../0011-HACK-don-t-generate-man-page.patch | 19 --- ...mctl-use-correct-include-for-xattr.h.patch | 80 ----------- patches/ima-evm-utils-1.1/series | 16 --- ...ile-at-it-s-autogenerated-by-autotoo.patch | 0 ...d-add-missing-closedir-dir-on-error.patch} | 6 +- ...issing-error-handling-and-propagate.patch} | 6 +- ...back-definitions-for-XATTR_NAME_IMA.patch} | 8 +- ..._DIGEST_LENGTH-instead-of-open-codi.patch} | 6 +- ...pport-for-offline-image-preparation.patch} | 76 +++++----- ...ount-.-and-.-for-directory-hash-gen.patch} | 6 +- ...-Fix-warning-for-non-debug-use-case.patch} | 4 +- ...009-HACK-don-t-generate-the-man-page.patch | 60 ++++++++ .../autogen.sh | 0 patches/ima-evm-utils-1.3.2/series | 12 ++ rules/ima-evm-utils.make | 7 +- 18 files changed, 128 insertions(+), 424 deletions(-) delete mode 100644 patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch delete mode 100644 patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch delete mode 100644 patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch delete mode 100644 patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch delete mode 100644 patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch delete mode 100644 patches/ima-evm-utils-1.1/series rename patches/{ima-evm-utils-1.1 => ima-evm-utils-1.3.2}/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch (100%) rename patches/{ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch => ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch} (79%) rename patches/{ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch => ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch} (87%) rename patches/{ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch => ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch} (80%) rename patches/{ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch => ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch} (76%) rename patches/{ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch => ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch} (78%) rename patches/{ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch => ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch} (86%) rename patches/{ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch => ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch} (86%) create mode 100644 patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch rename patches/{ima-evm-utils-1.1 => ima-evm-utils-1.3.2}/autogen.sh (100%) create mode 100644 patches/ima-evm-utils-1.3.2/series diff --git a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch deleted file mode 100644 index cb09b8d78f8a..000000000000 --- a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Marc Kleine-Budde <mkl@pengutronix.de> -Date: Wed, 27 May 2015 10:41:27 +0200 -Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS - -This patch fixes the following warning during autoreconf: - -| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') - -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> ---- - src/Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index deb18fb09dc7..9f547283d535 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,7 +1,7 @@ - lib_LTLIBRARIES = libimaevm.la - - libimaevm_la_SOURCES = libimaevm.c --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) -+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) - # current[:revision[:age]] - # result: [current-age].age.revision - libimaevm_la_LDFLAGS = -version-info 0:0:0 -@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h - bin_PROGRAMS = evmctl - - evmctl_SOURCES = evmctl.c --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) -+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) - evmctl_LDFLAGS = $(LDFLAGS_READLINE) - evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la - --INCLUDES = -I$(top_srcdir) -include config.h -+AM_CPPFLAGS = -I$(top_srcdir) -include config.h - - DISTCLEANFILES = @DISTCLEANFILES@ - diff --git a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch deleted file mode 100644 index a3cd597f82d6..000000000000 --- a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Marc Kleine-Budde <mkl@pengutronix.de> -Date: Sat, 26 Mar 2016 22:58:07 +0100 -Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead - of open coding it - -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> ---- - src/evmctl.c | 10 +++++----- - src/libimaevm.c | 2 +- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/evmctl.c b/src/evmctl.c -index de53be37b69b..b0f3b6362528 100644 ---- a/src/evmctl.c -+++ b/src/evmctl.c -@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - - static int sign_evm(const char *file, const char *key) - { -- unsigned char hash[20]; -+ unsigned char hash[EVP_MAX_MD_SIZE]; - unsigned char sig[1024]; - int len, err; - -@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key) - - static int hash_ima(const char *file) - { -- unsigned char hash[66]; /* MAX hash size + 2 */ -+ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */ - int len, err, offset; - int algo = get_hash_algo(params.hash_algo); - -@@ -571,7 +571,7 @@ static int hash_ima(const char *file) - - static int sign_ima(const char *file, const char *key) - { -- unsigned char hash[64]; -+ unsigned char hash[EVP_MAX_MD_SIZE]; - unsigned char sig[1024]; - int len, err; - -@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd) - - static int verify_evm(const char *file) - { -- unsigned char hash[20]; -+ unsigned char hash[EVP_MAX_MD_SIZE]; - unsigned char sig[1024]; - int len; - -@@ -1119,7 +1119,7 @@ out: - - static int hmac_evm(const char *file, const char *key) - { -- unsigned char hash[20]; -+ unsigned char hash[EVP_MAX_MD_SIZE]; - unsigned char sig[1024]; - int len, err; - -diff --git a/src/libimaevm.c b/src/libimaevm.c -index 6fa0ed4a1c74..8fc23be08bd7 100644 ---- a/src/libimaevm.c -+++ b/src/libimaevm.c -@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned - int ima_verify_signature(const char *file, unsigned char *sig, int siglen, - unsigned char *digest, int digestlen) - { -- unsigned char hash[64]; -+ unsigned char hash[EVP_MAX_MD_SIZE]; - int hashlen, sig_hash_algo; - - if (sig[0] != 0x03) { diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch deleted file mode 100644 index 488dfa822286..000000000000 --- a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch +++ /dev/null @@ -1,133 +0,0 @@ -From: Steffen Trumtrar <s.trumtrar@pengutronix.de> -Date: Tue, 8 Mar 2016 13:46:14 +0100 -Subject: [PATCH] evmctl: add parameter -e to set evm hash algo - -The paramter -a sets the hash algorithm only for IMA. To not break -anything, add a new parameter -e to be able to change the hash for -EVM, too. - -Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> ---- - src/evmctl.c | 27 +++++++++++++++++++++++---- - src/imaevm.h | 1 + - src/libimaevm.c | 1 + - 3 files changed, 25 insertions(+), 4 deletions(-) - -diff --git a/src/evmctl.c b/src/evmctl.c -index b0f3b6362528..5d664005e915 100644 ---- a/src/evmctl.c -+++ b/src/evmctl.c -@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - #else - pctx = EVP_MD_CTX_new(); - #endif -+ const EVP_MD *md; - - if (lstat(file, &st)) { - log_err("Failed to stat: %s\n", file); -@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - return -1; - } - -- err = EVP_DigestInit(pctx, EVP_sha1()); -+ md = EVP_get_digestbyname(params.evm_hash_algo); -+ if (!md) { -+ log_err("EVP_get_digestbyname() failed\n"); -+ return 1; -+ } -+ -+ err = EVP_DigestInit(pctx, md); - if (!err) { - log_err("EVP_DigestInit() failed\n"); - return 1; -@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key) - if (len <= 1) - return len; - -- len = sign_hash("sha1", hash, len, key, NULL, sig + 1); -+ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1); - if (len <= 1) - return len; - -@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h - #else - pctx = HMAC_CTX_new(); - #endif -+ const EVP_MD *md; - - key = file2bin(keyfile, NULL, &keylen); - if (!key) { -@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h - goto out; - } - -- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL); -+ md = EVP_get_digestbyname(params.evm_hash_algo); -+ if (!md) { -+ log_err("EVP_get_digestbyname() failed\n"); -+ return 1; -+ } -+ -+ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL); - if (err) { - log_err("HMAC_Init() failed\n"); - goto out; -@@ -1635,6 +1649,7 @@ static void usage(void) - printf( - "\n" - " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" -+ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, sha512\n" - " -s, --imasig make IMA signature\n" - " -d, --imahash make IMA hash\n" - " -f, --sigfile store IMA signature in .sig file instead of xattr\n" -@@ -1691,6 +1706,7 @@ static struct option opts[] = { - {"imasig", 0, 0, 's'}, - {"imahash", 0, 0, 'd'}, - {"hashalgo", 1, 0, 'a'}, -+ {"evmhashalgo", 1, 0, 'e'}, - {"pass", 2, 0, 'p'}, - {"sigfile", 0, 0, 'f'}, - {"uuid", 2, 0, 'u'}, -@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[]) - g_argc = argc; - - while (1) { -- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind); -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); - if (c == -1) - break; - -@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[]) - case 'a': - params.hash_algo = optarg; - break; -+ case 'e': -+ params.evm_hash_algo = optarg; -+ break; - case 'p': - if (optarg) - params.keypass = optarg; -diff --git a/src/imaevm.h b/src/imaevm.h -index 1bafaad0f4ab..ed92e4d8981d 100644 ---- a/src/imaevm.h -+++ b/src/imaevm.h -@@ -179,6 +179,7 @@ struct libevm_params { - int verbose; - int x509; - const char *hash_algo; -+ const char *evm_hash_algo; - const char *keyfile; - const char *keypass; - }; -diff --git a/src/libimaevm.c b/src/libimaevm.c -index b6c328801708..4c093a038b72 100644 ---- a/src/libimaevm.c -+++ b/src/libimaevm.c -@@ -129,6 +129,7 @@ struct libevm_params params = { - .verbose = LOG_INFO - 1, - .x509 = 1, - .hash_algo = "sha1", -+ .evm_hash_algo = "sha1", - }; - - static void __attribute__ ((constructor)) libinit(void); diff --git a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch deleted file mode 100644 index bb44e8d6c2be..000000000000 --- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch +++ /dev/null @@ -1,19 +0,0 @@ -From: Michael Olbrich <m.olbrich@pengutronix.de> -Date: Wed, 3 Jun 2015 16:08:51 +0200 -Subject: [PATCH] HACK: don't generate man page - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Makefile.am | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index 06ebf59ea4aa..e527f34f1faa 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -1,5 +1,4 @@ - SUBDIRS = src --dist_man_MANS = evmctl.1 - - doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh - EXTRA_DIST = autogen.sh $(doc_DATA) diff --git a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch deleted file mode 100644 index 3157c711a065..000000000000 --- a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> -Date: Mon, 17 Oct 2016 12:45:32 +0100 -Subject: [PATCH] evmctl: use correct include for xattr.h -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The xattr API/ABI is provided by both the c-library, as well as by the -libattr package. The c-library's header file is sys/xattr.h, whereas -libattr's header file can be found in attr/xattr.h. - -Given none of the code here *links* against the libattr.so shared library, it -is wrong to *compile* against libattr's API (header file). - -Doing so avoids confusion as to which xattr.h is used as the least problem, -and potential ABI differences as the worst problem due the mismatching header -file used. - -So make sure we compile and link against the same thing, the c-library in -both cases. - -Signed-off-by: André Draszik <git@andred.net> -Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> ---- - configure.ac | 2 +- - packaging/ima-evm-utils.spec | 1 - - packaging/ima-evm-utils.spec.in | 1 - - src/evmctl.c | 2 +- - 4 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 6822f39cff69..06d061bc94ea 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS) - AC_CHECK_HEADER(unistd.h) - AC_CHECK_HEADERS(openssl/conf.h) - --AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])]) -+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])]) - AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])]) - - #debug support - yes for a while -diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec -index a11a27a18815..63388d2b444b 100644 ---- a/packaging/ima-evm-utils.spec -+++ b/packaging/ima-evm-utils.spec -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root - BuildRequires: autoconf - BuildRequires: automake - BuildRequires: openssl-devel --BuildRequires: libattr-devel - BuildRequires: keyutils-libs-devel - - %description -diff --git a/packaging/ima-evm-utils.spec.in b/packaging/ima-evm-utils.spec.in -index 7ca6c6fb3b0d..65c32f9e6445 100644 ---- a/packaging/ima-evm-utils.spec.in -+++ b/packaging/ima-evm-utils.spec.in -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root - BuildRequires: autoconf - BuildRequires: automake - BuildRequires: openssl-devel --BuildRequires: libattr-devel - BuildRequires: keyutils-libs-devel - - %description -diff --git a/src/evmctl.c b/src/evmctl.c -index 4422c0e84d4a..02eb84d4c341 100644 ---- a/src/evmctl.c -+++ b/src/evmctl.c -@@ -49,7 +49,7 @@ - #include <stdint.h> - #include <string.h> - #include <dirent.h> --#include <attr/xattr.h> -+#include <sys/xattr.h> - #include <linux/xattr.h> - #include <getopt.h> - #include <keyutils.h> diff --git a/patches/ima-evm-utils-1.1/series b/patches/ima-evm-utils-1.1/series deleted file mode 100644 index 6fb042465042..000000000000 --- a/patches/ima-evm-utils-1.1/series +++ /dev/null @@ -1,16 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch -0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch -0003-evmctl-find-add-missing-closedir-dir-on-error.patch -0004-evmctl-find-add-missing-error-handling-and-propagate.patch -0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch -0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch -0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch -0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch -0009-evmctl-add-support-for-offline-image-preparation.patch -0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch -0011-HACK-don-t-generate-man-page.patch -0012-Fix-warning-for-non-debug-use-case.patch -0013-evmctl-use-correct-include-for-xattr.h.patch -# 5032e96fb6da7cb77f053c2b5a6edc44 - git-ptx-patches magic diff --git a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.3.2/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch similarity index 100% rename from patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch rename to patches/ima-evm-utils-1.3.2/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch diff --git a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch similarity index 79% rename from patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch rename to patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch index 4b1c84584479..5c91c4621a76 100644 --- a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch +++ b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-closedir-dir-on-error.patch @@ -10,10 +10,10 @@ 1 file changed, 2 insertions(+) diff --git a/src/evmctl.c b/src/evmctl.c -index 2ffee786865b..20eccfa93b2b 100644 +index 1815f55d73e0..cca2fabdb2a6 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t func) if (fchdir(dirfd(dir))) { log_err("Failed to chdir %s\n", path); @@ -21,7 +21,7 @@ @@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func) return -1; } -@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t func) if (chdir("..")) { log_err("Failed to chdir: %s\n", path); diff --git a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch similarity index 87% rename from patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch rename to patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch index 68660d95eda0..62471489a9f2 100644 --- a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch +++ b/patches/ima-evm-utils-1.3.2/0003-evmctl-find-add-missing-error-handling-and-propagate.patch @@ -12,10 +12,10 @@ 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 20eccfa93b2b..55fc619f5990 100644 +index cca2fabdb2a6..e6761f2ae5e4 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t func) } while ((de = readdir(dir))) { @@ -38,7 +38,7 @@ @@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t fun } if (chdir("..")) { -@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t func) return -1; } diff --git a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch similarity index 80% rename from patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch rename to patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch index 69aadb377668..0de24af6a0e7 100644 --- a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch +++ b/patches/ima-evm-utils-1.3.2/0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch @@ -10,12 +10,12 @@ 1 file changed, 5 insertions(+) diff --git a/src/evmctl.c b/src/evmctl.c -index 55fc619f5990..de53be37b69b 100644 +index e6761f2ae5e4..a1fd9feaea78 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -62,6 +62,11 @@ - #include <openssl/err.h> - #include <openssl/rsa.h> +@@ -72,6 +72,11 @@ + #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX + #endif +#ifndef XATTR_NAME_IMA +#define XATTR_IMA_SUFFIX "ima" diff --git a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch similarity index 76% rename from patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch rename to patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch index 2164c6238e78..e20cfaa826df 100644 --- a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch +++ b/patches/ima-evm-utils-1.3.2/0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch @@ -8,10 +8,10 @@ 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libimaevm.c b/src/libimaevm.c -index 8fc23be08bd7..b6c328801708 100644 +index fa6c27858d0f..002b0657337c 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size, +@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const unsigned char *hash, int size, SHA_CTX ctx; unsigned char out[1024]; RSA *key; @@ -20,7 +20,7 @@ @@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *ha struct signature_hdr *hdr = (struct signature_hdr *)sig; log_info("hash-v1: "); -@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons +@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash, unsigned char pub[1024]; RSA *key; char name[20]; diff --git a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch similarity index 78% rename from patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch rename to patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch index 6d9b40fc5b43..75d92734190c 100644 --- a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch +++ b/patches/ima-evm-utils-1.3.2/0006-evmctl-add-support-for-offline-image-preparation.patch @@ -33,29 +33,29 @@ --- src/evmctl.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++-------- src/imaevm.h | 1 + - src/libimaevm.c | 25 ++++++++++++++++++++++++- - 3 files changed, 74 insertions(+), 9 deletions(-) + src/libimaevm.c | 24 +++++++++++++++++++++++- + 3 files changed, 73 insertions(+), 9 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 5d664005e915..9003f7640c0f 100644 +index a1fd9feaea78..a4d784a5bfb6 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + #else pctx = EVP_MD_CTX_new(); #endif - const EVP_MD *md; + ino_t ino; if (lstat(file, &st)) { log_err("Failed to stat: %s\n", file); -@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) } close(fd); } - log_info("generation: %u\n", generation); } -+ if (params.image_mode) { ++ if (imaevm_params.image_mode) { + char buf[128] = { }; + + err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1); @@ -75,7 +75,7 @@ @@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *h list_size = llistxattr(file, list, sizeof(list)); if (list_size < 0) { log_err("llistxattr() failed\n"); -@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) hmac_size = sizeof(*hmac); if (!evm_portable) { @@ -84,7 +84,7 @@ @@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha hmac->generation = generation; } hmac->uid = st.st_uid; -@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) hmac_size = sizeof(*hmac); if (!evm_portable) { @@ -93,7 +93,7 @@ @@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha hmac->generation = generation; } hmac->uid = st.st_uid; -@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) hmac_size = sizeof(*hmac); if (!evm_portable) { @@ -102,19 +102,19 @@ @@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *ha hmac->generation = generation; } hmac->uid = st.st_uid; -@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + #else pctx = HMAC_CTX_new(); #endif - const EVP_MD *md; + ino_t ino; key = file2bin(keyfile, NULL, &keylen); if (!key) { -@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h close(fd); } -+ if (params.image_mode) { ++ if (imaevm_params.image_mode) { + char buf[128] = { }; + + err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1); @@ -137,7 +137,7 @@ @@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *k log_err("llistxattr() failed: %s\n", file); goto out; } -@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc *hmac = (struct h_misc *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -146,7 +146,7 @@ @@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *key hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -155,7 +155,7 @@ @@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *key hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -164,7 +164,7 @@ @@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *key hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -1666,6 +1700,9 @@ static void usage(void) +@@ -2476,6 +2510,9 @@ static void usage(void) " --smack use extra SMACK xattrs for EVM\n" " --m32 force EVM hmac/signature for 32 bit target system\n" " --m64 force EVM hmac/signature for 64 bit target system\n" @@ -174,7 +174,7 @@ @@ -1666,6 +1700,9 @@ static void usage(void) " --ino use custom inode for EVM\n" " --uid use custom UID for EVM\n" " --gid use custom GID for EVM\n" -@@ -1716,6 +1753,7 @@ static struct option opts[] = { +@@ -2528,6 +2565,7 @@ static struct option opts[] = { {"recursive", 0, 0, 'r'}, {"m32", 0, 0, '3'}, {"m64", 0, 0, '6'}, @@ -182,31 +182,31 @@ @@ -1716,6 +1753,7 @@ static struct option opts[] = { {"portable", 0, 0, 'o'}, {"smack", 0, 0, 128}, {"version", 0, 0, 129}, -@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[]) +@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[]) g_argc = argc; while (1) { -- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind); +- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind); ++ c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, &lind); if (c == -1) break; -@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[]) +@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[]) case '6': msize = 64; break; + case 'm': -+ params.image_mode = true; ++ imaevm_params.image_mode = true; + break; case 128: evm_config_xattrnames = evm_extra_smack_xattrs; break; diff --git a/src/imaevm.h b/src/imaevm.h -index ed92e4d8981d..7e32d09c6538 100644 +index 45039199ab31..2f78a31ab438 100644 --- a/src/imaevm.h +++ b/src/imaevm.h -@@ -182,6 +182,7 @@ struct libevm_params { - const char *evm_hash_algo; +@@ -196,6 +196,7 @@ struct libimaevm_params { + const char *hash_algo; const char *keyfile; const char *keypass; + bool image_mode; @@ -214,31 +214,23 @@ @@ -182,6 +182,7 @@ struct libevm_params { struct RSA_ASN1_template { diff --git a/src/libimaevm.c b/src/libimaevm.c -index 4c093a038b72..866f74b39b41 100644 +index 002b0657337c..1cdf1dc590cc 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -40,6 +40,7 @@ - - /* should we use logger instead for library? */ - #define USE_FPRINTF -+#define _GNU_SOURCE - - #include <sys/types.h> - #include <sys/param.h> -@@ -49,6 +50,7 @@ - #include <dirent.h> - #include <string.h> +@@ -51,6 +51,7 @@ #include <stdio.h> + #include <assert.h> + #include <ctype.h> +#include <sys/xattr.h> + #include <openssl/crypto.h> #include <openssl/pem.h> - #include <openssl/evp.h> -@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) +@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) } while ((de = readdir(dir))) { - ino = de->d_ino; -+ if (params.image_mode) { ++ if (imaevm_params.image_mode) { + char *name; + char buf[128] = { }; + diff --git a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch similarity index 86% rename from patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch rename to patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch index 12b77a132002..251f7136b42b 100644 --- a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch +++ b/patches/ima-evm-utils-1.3.2/0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch @@ -15,16 +15,16 @@ 1 file changed, 3 insertions(+) diff --git a/src/libimaevm.c b/src/libimaevm.c -index 866f74b39b41..834b738426bf 100644 +index 1cdf1dc590cc..6bb0b0757c42 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) +@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) } while ((de = readdir(dir))) { + if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) + continue; + - if (params.image_mode) { + if (imaevm_params.image_mode) { char *name; char buf[128] = { }; diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch similarity index 86% rename from patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch rename to patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch index 80073f19aaf5..2cddf569a91d 100644 --- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch +++ b/patches/ima-evm-utils-1.3.2/0008-Fix-warning-for-non-debug-use-case.patch @@ -14,10 +14,10 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 9003f7640c0f..4422c0e84d4a 100644 +index a4d784a5bfb6..7c1f15082615 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key) +@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key) return 0; } diff --git a/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch b/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch new file mode 100644 index 000000000000..b0c39f6ee75a --- /dev/null +++ b/patches/ima-evm-utils-1.3.2/0009-HACK-don-t-generate-the-man-page.patch @@ -0,0 +1,60 @@ +From: Roland Hieber <rhi@pengutronix.de> +Date: Mon, 14 Jun 2021 01:52:53 +0200 +Subject: [PATCH] HACK: don't generate the man page + +Also prevent host path leakage for +/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl, +which is autodetected by EVMCTL_MANPAGE_DOCBOOK_XSL when it exists on +the build host. + +Signed-off-by: Roland Hieber <rhi@pengutronix.de> +--- + Makefile.am | 18 ------------------ + configure.ac | 2 -- + 2 files changed, 20 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 17fd478eff2f..26e3d4843d0e 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,7 +1,4 @@ + SUBDIRS = src tests +-if MANPAGE_DOCBOOK_XSL +-dist_man_MANS = evmctl.1 +-endif + + doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh + EXTRA_DIST = autogen.sh $(doc_DATA) +@@ -25,19 +22,4 @@ rpm: $(tarname) + cp $(tarname) $(SRCS)/ + rpmbuild -ba --nodeps $(SPEC) + +-if MANPAGE_DOCBOOK_XSL +-evmctl.1.html: README +- @asciidoc -o $@ $< +- +-evmctl.1: +- asciidoc -d manpage -b docbook -o evmctl.1.xsl README +- xsltproc --nonet -o $@ $(MANPAGE_DOCBOOK_XSL) evmctl.1.xsl +- rm -f evmctl.1.xsl +- +-rmman: +- rm -f evmctl.1 +- +-doc: evmctl.1.html rmman evmctl.1 +-endif +- + .PHONY: $(tarname) +diff --git a/configure.ac b/configure.ac +index e1ed1000858c..6cc076713453 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -56,8 +56,6 @@ else + CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer" + fi + +-EVMCTL_MANPAGE_DOCBOOK_XSL +- + # for gcov + #CFLAGS="$CFLAGS -Wall -fprofile-arcs -ftest-coverage" + #CXXFLAGS="$CXXFLAGS -Wall -fprofile-arcs -ftest-coverage" diff --git a/patches/ima-evm-utils-1.1/autogen.sh b/patches/ima-evm-utils-1.3.2/autogen.sh similarity index 100% rename from patches/ima-evm-utils-1.1/autogen.sh rename to patches/ima-evm-utils-1.3.2/autogen.sh diff --git a/patches/ima-evm-utils-1.3.2/series b/patches/ima-evm-utils-1.3.2/series new file mode 100644 index 000000000000..0ff0d9aef8e1 --- /dev/null +++ b/patches/ima-evm-utils-1.3.2/series @@ -0,0 +1,12 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch +0002-evmctl-find-add-missing-closedir-dir-on-error.patch +0003-evmctl-find-add-missing-error-handling-and-propagate.patch +0004-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch +0005-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch +0006-evmctl-add-support-for-offline-image-preparation.patch +0007-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch +0008-Fix-warning-for-non-debug-use-case.patch +0009-HACK-don-t-generate-the-man-page.patch +# 537ff71d727921132bf8bd9102e3a3e3 - git-ptx-patches magic diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make index 3a0ce4660c87..6f483ec8c935 100644 --- a/rules/ima-evm-utils.make +++ b/rules/ima-evm-utils.make @@ -1,7 +1,7 @@ # -*-makefile-*- # # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de> -# 2015 by Marc Kleine-Budde <mkl@pengutronix.de> +# 2015, 2020 by Marc Kleine-Budde <mkl@pengutronix.de> # 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de> # # For further information about the PTXdist project and license conditions @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils # # Paths and names # -IMA_EVM_UTILS_VERSION := 1.1 -IMA_EVM_UTILS_MD5 := 77455aeee54fdc7a70c733bcb65d33cc +IMA_EVM_UTILS_VERSION := 1.3.2 +IMA_EVM_UTILS_MD5 := 55cc0e2c77a725f722833c3b4a36038c IMA_EVM_UTILS := ima-evm-utils-$(IMA_EVM_UTILS_VERSION) IMA_EVM_UTILS_SUFFIX := tar.gz IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)) @@ -35,6 +35,7 @@ IMA_EVM_UTILS_LICENSE_FILES := \ IMA_EVM_UTILS_CONF_TOOL := autoconf IMA_EVM_UTILS_AUTOCONF := \ $(CROSS_AUTOCONF_USR) \ + --enable-openssl-conf \ --disable-debug # ---------------------------------------------------------------------------- -- 2.29.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [APPLIED] ima-evm-utils: version bump 1.1 -> 1.3.2 2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber @ 2021-06-29 5:09 ` Michael Olbrich 0 siblings, 0 replies; 6+ messages in thread From: Michael Olbrich @ 2021-06-29 5:09 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Thanks, applied as 1024453d64fbae7fec6b7942bbc557805126dc53. Michael [sent from post-receive hook] On Tue, 29 Jun 2021 07:09:11 +0200, Roland Hieber <rhi@pengutronix.de> wrote: > Changes to the patch queue: > > * (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS": > replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES > with AM_CPPFLAGS") > > * (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …": > replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig > buffer sizes and add asserts") > > * (old 0008) "evmctl: add parameter -e to set evm hash algo": > replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding > of SHA1 in EVM signatures"), which uses the already existing -a > parameter for this functionality now too. > > * (old 0009) "evmctl: add support for offline image preparation": > port the refactoring from upstream commit c317d4618f92d4dd65 > ("Namespace some too generic object names"). Also _GNU_SOURCE is now > already defined by configure, and will generate a warning when > redefined, so drop its definition here. > > * (old 0011, new 0009) "HACK: don't generate the man page": > expand patch to make sure the manpages are really not built and > generate an error looking for "asciidoc", even when the XSL stylesheet > is detected on the build host > > * (old 0013) "evmctl: use correct include for xattr.h": > replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct > include for xattr.h") > > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889 > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > Message-Id: <20210616161655.15480-2-rhi@pengutronix.de> > [mol: use ac_cv_path_XMLCATALOG= instead of a patch, drop unnecessary INSTALL patch] > [mol: make sure libtss2-esys/libtss2-rc are not used] > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > deleted file mode 100644 > index c035197d9cc7..000000000000 > --- a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > +++ /dev/null > @@ -1,389 +0,0 @@ > -From: Marc Kleine-Budde <mkl@pengutronix.de> > -Date: Wed, 18 Nov 2015 15:15:15 +0100 > -Subject: [PATCH] INSTALL: remove file, at it's autogenerated by autotools > - > -This patch remove the file "INSTALL" which is autogenerated during > -./autogen.sh. > - > -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > ---- > - INSTALL | 370 ---------------------------------------------------------------- > - 1 file changed, 370 deletions(-) > - delete mode 100644 INSTALL > - > -diff --git a/INSTALL b/INSTALL > -deleted file mode 100644 > -index 007e9396d0a2..000000000000 > ---- a/INSTALL > -+++ /dev/null > -@@ -1,370 +0,0 @@ > --Installation Instructions > --************************* > -- > --Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, > --Inc. > -- > -- Copying and distribution of this file, with or without modification, > --are permitted in any medium without royalty provided the copyright > --notice and this notice are preserved. This file is offered as-is, > --without warranty of any kind. > -- > --Basic Installation > --================== > -- > -- Briefly, the shell commands `./configure; make; make install' should > --configure, build, and install this package. The following > --more-detailed instructions are generic; see the `README' file for > --instructions specific to this package. Some packages provide this > --`INSTALL' file but do not implement all of the features documented > --below. The lack of an optional feature in a given package is not > --necessarily a bug. More recommendations for GNU packages can be found > --in *note Makefile Conventions: (standards)Makefile Conventions. > -- > -- The `configure' shell script attempts to guess correct values for > --various system-dependent variables used during compilation. It uses > --those values to create a `Makefile' in each directory of the package. > --It may also create one or more `.h' files containing system-dependent > --definitions. Finally, it creates a shell script `config.status' that > --you can run in the future to recreate the current configuration, and a > --file `config.log' containing compiler output (useful mainly for > --debugging `configure'). > -- > -- It can also use an optional file (typically called `config.cache' > --and enabled with `--cache-file=config.cache' or simply `-C') that saves > --the results of its tests to speed up reconfiguring. Caching is > --disabled by default to prevent problems with accidental use of stale > --cache files. > -- > -- If you need to do unusual things to compile the package, please try > --to figure out how `configure' could check whether to do them, and mail > --diffs or instructions to the address given in the `README' so they can > --be considered for the next release. If you are using the cache, and at > --some point `config.cache' contains results you don't want to keep, you > --may remove or edit it. > -- > -- The file `configure.ac' (or `configure.in') is used to create > --`configure' by a program called `autoconf'. You need `configure.ac' if > --you want to change it or regenerate `configure' using a newer version > --of `autoconf'. > -- > -- The simplest way to compile this package is: > -- > -- 1. `cd' to the directory containing the package's source code and type > -- `./configure' to configure the package for your system. > -- > -- Running `configure' might take a while. While running, it prints > -- some messages telling which features it is checking for. > -- > -- 2. Type `make' to compile the package. > -- > -- 3. Optionally, type `make check' to run any self-tests that come with > -- the package, generally using the just-built uninstalled binaries. > -- > -- 4. Type `make install' to install the programs and any data files and > -- documentation. When installing into a prefix owned by root, it is > -- recommended that the package be configured and built as a regular > -- user, and only the `make install' phase executed with root > -- privileges. > -- > -- 5. Optionally, type `make installcheck' to repeat any self-tests, but > -- this time using the binaries in their final installed location. > -- This target does not install anything. Running this target as a > -- regular user, particularly if the prior `make install' required > -- root privileges, verifies that the installation completed > -- correctly. > -- > -- 6. You can remove the program binaries and object files from the > -- source code directory by typing `make clean'. To also remove the > -- files that `configure' created (so you can compile the package for > -- a different kind of computer), type `make distclean'. There is > -- also a `make maintainer-clean' target, but that is intended mainly > -- for the package's developers. If you use it, you may have to get > -- all sorts of other programs in order to regenerate files that came > -- with the distribution. > -- > -- 7. Often, you can also type `make uninstall' to remove the installed > -- files again. In practice, not all packages have tested that > -- uninstallation works correctly, even though it is required by the > -- GNU Coding Standards. > -- > -- 8. Some packages, particularly those that use Automake, provide `make > -- distcheck', which can by used by developers to test that all other > -- targets like `make install' and `make uninstall' work correctly. > -- This target is generally not run by end users. > -- > --Compilers and Options > --===================== > -- > -- Some systems require unusual options for compilation or linking that > --the `configure' script does not know about. Run `./configure --help' > --for details on some of the pertinent environment variables. > -- > -- You can give `configure' initial values for configuration parameters > --by setting variables in the command line or in the environment. Here > --is an example: > -- > -- ./configure CC=c99 CFLAGS=-g LIBS=-lposix > -- > -- *Note Defining Variables::, for more details. > -- > --Compiling For Multiple Architectures > --==================================== > -- > -- You can compile the package for more than one kind of computer at the > --same time, by placing the object files for each architecture in their > --own directory. To do this, you can use GNU `make'. `cd' to the > --directory where you want the object files and executables to go and run > --the `configure' script. `configure' automatically checks for the > --source code in the directory that `configure' is in and in `..'. This > --is known as a "VPATH" build. > -- > -- With a non-GNU `make', it is safer to compile the package for one > --architecture at a time in the source code directory. After you have > --installed the package for one architecture, use `make distclean' before > --reconfiguring for another architecture. > -- > -- On MacOS X 10.5 and later systems, you can create libraries and > --executables that work on multiple system types--known as "fat" or > --"universal" binaries--by specifying multiple `-arch' options to the > --compiler but only a single `-arch' option to the preprocessor. Like > --this: > -- > -- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ > -- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ > -- CPP="gcc -E" CXXCPP="g++ -E" > -- > -- This is not guaranteed to produce working output in all cases, you > --may have to build one architecture at a time and combine the results > --using the `lipo' tool if you have problems. > -- > --Installation Names > --================== > -- > -- By default, `make install' installs the package's commands under > --`/usr/local/bin', include files under `/usr/local/include', etc. You > --can specify an installation prefix other than `/usr/local' by giving > --`configure' the option `--prefix=PREFIX', where PREFIX must be an > --absolute file name. > -- > -- You can specify separate installation prefixes for > --architecture-specific files and architecture-independent files. If you > --pass the option `--exec-prefix=PREFIX' to `configure', the package uses > --PREFIX as the prefix for installing programs and libraries. > --Documentation and other data files still use the regular prefix. > -- > -- In addition, if you use an unusual directory layout you can give > --options like `--bindir=DIR' to specify different values for particular > --kinds of files. Run `configure --help' for a list of the directories > --you can set and what kinds of files go in them. In general, the > --default for these options is expressed in terms of `${prefix}', so that > --specifying just `--prefix' will affect all of the other directory > --specifications that were not explicitly provided. > -- > -- The most portable way to affect installation locations is to pass the > --correct locations to `configure'; however, many packages provide one or > --both of the following shortcuts of passing variable assignments to the > --`make install' command line to change installation locations without > --having to reconfigure or recompile. > -- > -- The first method involves providing an override variable for each > --affected directory. For example, `make install > --prefix=/alternate/directory' will choose an alternate location for all > --directory configuration variables that were expressed in terms of > --`${prefix}'. Any directories that were specified during `configure', > --but not in terms of `${prefix}', must each be overridden at install > --time for the entire installation to be relocated. The approach of > --makefile variable overrides for each directory variable is required by > --the GNU Coding Standards, and ideally causes no recompilation. > --However, some platforms have known limitations with the semantics of > --shared libraries that end up requiring recompilation when using this > --method, particularly noticeable in packages that use GNU Libtool. > -- > -- The second method involves providing the `DESTDIR' variable. For > --example, `make install DESTDIR=/alternate/directory' will prepend > --`/alternate/directory' before all installation names. The approach of > --`DESTDIR' overrides is not required by the GNU Coding Standards, and > --does not work on platforms that have drive letters. On the other hand, > --it does better at avoiding recompilation issues, and works well even > --when some directory options were not specified in terms of `${prefix}' > --at `configure' time. > -- > --Optional Features > --================= > -- > -- If the package supports it, you can cause programs to be installed > --with an extra prefix or suffix on their names by giving `configure' the > --option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. > -- > -- Some packages pay attention to `--enable-FEATURE' options to > --`configure', where FEATURE indicates an optional part of the package. > --They may also pay attention to `--with-PACKAGE' options, where PACKAGE > --is something like `gnu-as' or `x' (for the X Window System). The > --`README' should mention any `--enable-' and `--with-' options that the > --package recognizes. > -- > -- For packages that use the X Window System, `configure' can usually > --find the X include and library files automatically, but if it doesn't, > --you can use the `configure' options `--x-includes=DIR' and > --`--x-libraries=DIR' to specify their locations. > -- > -- Some packages offer the ability to configure how verbose the > --execution of `make' will be. For these packages, running `./configure > ----enable-silent-rules' sets the default to minimal output, which can be > --overridden with `make V=1'; while running `./configure > ----disable-silent-rules' sets the default to verbose, which can be > --overridden with `make V=0'. > -- > --Particular systems > --================== > -- > -- On HP-UX, the default C compiler is not ANSI C compatible. If GNU > --CC is not installed, it is recommended to use the following options in > --order to use an ANSI C compiler: > -- > -- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" > -- > --and if that doesn't work, install pre-built binaries of GCC for HP-UX. > -- > -- HP-UX `make' updates targets which have the same time stamps as > --their prerequisites, which makes it generally unusable when shipped > --generated files such as `configure' are involved. Use GNU `make' > --instead. > -- > -- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot > --parse its `<wchar.h>' header file. The option `-nodtk' can be used as > --a workaround. If GNU CC is not installed, it is therefore recommended > --to try > -- > -- ./configure CC="cc" > -- > --and if that doesn't work, try > -- > -- ./configure CC="cc -nodtk" > -- > -- On Solaris, don't put `/usr/ucb' early in your `PATH'. This > --directory contains several dysfunctional programs; working variants of > --these programs are available in `/usr/bin'. So, if you need `/usr/ucb' > --in your `PATH', put it _after_ `/usr/bin'. > -- > -- On Haiku, software installed for all users goes in `/boot/common', > --not `/usr/local'. It is recommended to use the following options: > -- > -- ./configure --prefix=/boot/common > -- > --Specifying the System Type > --========================== > -- > -- There may be some features `configure' cannot figure out > --automatically, but needs to determine by the type of machine the package > --will run on. Usually, assuming the package is built to be run on the > --_same_ architectures, `configure' can figure that out, but if it prints > --a message saying it cannot guess the machine type, give it the > --`--build=TYPE' option. TYPE can either be a short name for the system > --type, such as `sun4', or a canonical name which has the form: > -- > -- CPU-COMPANY-SYSTEM > -- > --where SYSTEM can have one of these forms: > -- > -- OS > -- KERNEL-OS > -- > -- See the file `config.sub' for the possible values of each field. If > --`config.sub' isn't included in this package, then this package doesn't > --need to know the machine type. > -- > -- If you are _building_ compiler tools for cross-compiling, you should > --use the option `--target=TYPE' to select the type of system they will > --produce code for. > -- > -- If you want to _use_ a cross compiler, that generates code for a > --platform different from the build platform, you should specify the > --"host" platform (i.e., that on which the generated programs will > --eventually be run) with `--host=TYPE'. > -- > --Sharing Defaults > --================ > -- > -- If you want to set default values for `configure' scripts to share, > --you can create a site shell script called `config.site' that gives > --default values for variables like `CC', `cache_file', and `prefix'. > --`configure' looks for `PREFIX/share/config.site' if it exists, then > --`PREFIX/etc/config.site' if it exists. Or, you can set the > --`CONFIG_SITE' environment variable to the location of the site script. > --A warning: not all `configure' scripts look for a site script. > -- > --Defining Variables > --================== > -- > -- Variables not defined in a site shell script can be set in the > --environment passed to `configure'. However, some packages may run > --configure again during the build, and the customized values of these > --variables may be lost. In order to avoid this problem, you should set > --them in the `configure' command line, using `VAR=value'. For example: > -- > -- ./configure CC=/usr/local2/bin/gcc > -- > --causes the specified `gcc' to be used as the C compiler (unless it is > --overridden in the site shell script). > -- > --Unfortunately, this technique does not work for `CONFIG_SHELL' due to > --an Autoconf limitation. Until the limitation is lifted, you can use > --this workaround: > -- > -- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash > -- > --`configure' Invocation > --====================== > -- > -- `configure' recognizes the following options to control how it > --operates. > -- > --`--help' > --`-h' > -- Print a summary of all of the options to `configure', and exit. > -- > --`--help=short' > --`--help=recursive' > -- Print a summary of the options unique to this package's > -- `configure', and exit. The `short' variant lists options used > -- only in the top level, while the `recursive' variant lists options > -- also present in any nested packages. > -- > --`--version' > --`-V' > -- Print the version of Autoconf used to generate the `configure' > -- script, and exit. > -- > --`--cache-file=FILE' > -- Enable the cache: use and save the results of the tests in FILE, > -- traditionally `config.cache'. FILE defaults to `/dev/null' to > -- disable caching. > -- > --`--config-cache' > --`-C' > -- Alias for `--cache-file=config.cache'. > -- > --`--quiet' > --`--silent' > --`-q' > -- Do not print messages saying which checks are being made. To > -- suppress all normal output, redirect it to `/dev/null' (any error > -- messages will still be shown). > -- > --`--srcdir=DIR' > -- Look for the package's source code in directory DIR. Usually > -- `configure' can determine that directory automatically. > -- > --`--prefix=DIR' > -- Use DIR as the installation prefix. *note Installation Names:: > -- for more details, including other options available for fine-tuning > -- the installation locations. > -- > --`--no-create' > --`-n' > -- Run the configure checks, but stop before creating any output > -- files. > -- > --`configure' also accepts some other, not widely useful, options. Run > --`configure --help' for more details. > diff --git a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > deleted file mode 100644 > index cb09b8d78f8a..000000000000 > --- a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > +++ /dev/null > @@ -1,40 +0,0 @@ > -From: Marc Kleine-Budde <mkl@pengutronix.de> > -Date: Wed, 27 May 2015 10:41:27 +0200 > -Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS > - > -This patch fixes the following warning during autoreconf: > - > -| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') > - > -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > ---- > - src/Makefile.am | 6 +++--- > - 1 file changed, 3 insertions(+), 3 deletions(-) > - > -diff --git a/src/Makefile.am b/src/Makefile.am > -index deb18fb09dc7..9f547283d535 100644 > ---- a/src/Makefile.am > -+++ b/src/Makefile.am > -@@ -1,7 +1,7 @@ > - lib_LTLIBRARIES = libimaevm.la > - > - libimaevm_la_SOURCES = libimaevm.c > --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) > -+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) > - # current[:revision[:age]] > - # result: [current-age].age.revision > - libimaevm_la_LDFLAGS = -version-info 0:0:0 > -@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h > - bin_PROGRAMS = evmctl > - > - evmctl_SOURCES = evmctl.c > --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) > -+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) > - evmctl_LDFLAGS = $(LDFLAGS_READLINE) > - evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la > - > --INCLUDES = -I$(top_srcdir) -include config.h > -+AM_CPPFLAGS = -I$(top_srcdir) -include config.h > - > - DISTCLEANFILES = @DISTCLEANFILES@ > - > diff --git a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > deleted file mode 100644 > index a3cd597f82d6..000000000000 > --- a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > +++ /dev/null > @@ -1,73 +0,0 @@ > -From: Marc Kleine-Budde <mkl@pengutronix.de> > -Date: Sat, 26 Mar 2016 22:58:07 +0100 > -Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead > - of open coding it > - > -Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > ---- > - src/evmctl.c | 10 +++++----- > - src/libimaevm.c | 2 +- > - 2 files changed, 6 insertions(+), 6 deletions(-) > - > -diff --git a/src/evmctl.c b/src/evmctl.c > -index de53be37b69b..b0f3b6362528 100644 > ---- a/src/evmctl.c > -+++ b/src/evmctl.c > -@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > - > - static int sign_evm(const char *file, const char *key) > - { > -- unsigned char hash[20]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len, err; > - > -@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key) > - > - static int hash_ima(const char *file) > - { > -- unsigned char hash[66]; /* MAX hash size + 2 */ > -+ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */ > - int len, err, offset; > - int algo = get_hash_algo(params.hash_algo); > - > -@@ -571,7 +571,7 @@ static int hash_ima(const char *file) > - > - static int sign_ima(const char *file, const char *key) > - { > -- unsigned char hash[64]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len, err; > - > -@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd) > - > - static int verify_evm(const char *file) > - { > -- unsigned char hash[20]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len; > - > -@@ -1119,7 +1119,7 @@ out: > - > - static int hmac_evm(const char *file, const char *key) > - { > -- unsigned char hash[20]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len, err; > - > -diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 6fa0ed4a1c74..8fc23be08bd7 100644 > ---- a/src/libimaevm.c > -+++ b/src/libimaevm.c > -@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned > - int ima_verify_signature(const char *file, unsigned char *sig, int siglen, > - unsigned char *digest, int digestlen) > - { > -- unsigned char hash[64]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - int hashlen, sig_hash_algo; > - > - if (sig[0] != 0x03) { > diff --git a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > deleted file mode 100644 > index 488dfa822286..000000000000 > --- a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > +++ /dev/null > @@ -1,133 +0,0 @@ > -From: Steffen Trumtrar <s.trumtrar@pengutronix.de> > -Date: Tue, 8 Mar 2016 13:46:14 +0100 > -Subject: [PATCH] evmctl: add parameter -e to set evm hash algo > - > -The paramter -a sets the hash algorithm only for IMA. To not break > -anything, add a new parameter -e to be able to change the hash for > -EVM, too. > - > -Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> > ---- > - src/evmctl.c | 27 +++++++++++++++++++++++---- > - src/imaevm.h | 1 + > - src/libimaevm.c | 1 + > - 3 files changed, 25 insertions(+), 4 deletions(-) > - > -diff --git a/src/evmctl.c b/src/evmctl.c > -index b0f3b6362528..5d664005e915 100644 > ---- a/src/evmctl.c > -+++ b/src/evmctl.c > -@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > - #else > - pctx = EVP_MD_CTX_new(); > - #endif > -+ const EVP_MD *md; > - > - if (lstat(file, &st)) { > - log_err("Failed to stat: %s\n", file); > -@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > - return -1; > - } > - > -- err = EVP_DigestInit(pctx, EVP_sha1()); > -+ md = EVP_get_digestbyname(params.evm_hash_algo); > -+ if (!md) { > -+ log_err("EVP_get_digestbyname() failed\n"); > -+ return 1; > -+ } > -+ > -+ err = EVP_DigestInit(pctx, md); > - if (!err) { > - log_err("EVP_DigestInit() failed\n"); > - return 1; > -@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key) > - if (len <= 1) > - return len; > - > -- len = sign_hash("sha1", hash, len, key, NULL, sig + 1); > -+ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1); > - if (len <= 1) > - return len; > - > -@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > - #else > - pctx = HMAC_CTX_new(); > - #endif > -+ const EVP_MD *md; > - > - key = file2bin(keyfile, NULL, &keylen); > - if (!key) { > -@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > - goto out; > - } > - > -- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL); > -+ md = EVP_get_digestbyname(params.evm_hash_algo); > -+ if (!md) { > -+ log_err("EVP_get_digestbyname() failed\n"); > -+ return 1; > -+ } > -+ > -+ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL); > - if (err) { > - log_err("HMAC_Init() failed\n"); > - goto out; > -@@ -1635,6 +1649,7 @@ static void usage(void) > - printf( > - "\n" > - " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" > -+ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, sha512\n" > - " -s, --imasig make IMA signature\n" > - " -d, --imahash make IMA hash\n" > - " -f, --sigfile store IMA signature in .sig file instead of xattr\n" > -@@ -1691,6 +1706,7 @@ static struct option opts[] = { > - {"imasig", 0, 0, 's'}, > - {"imahash", 0, 0, 'd'}, > - {"hashalgo", 1, 0, 'a'}, > -+ {"evmhashalgo", 1, 0, 'e'}, > - {"pass", 2, 0, 'p'}, > - {"sigfile", 0, 0, 'f'}, > - {"uuid", 2, 0, 'u'}, > -@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[]) > - g_argc = argc; > - > - while (1) { > -- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind); > -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); > - if (c == -1) > - break; > - > -@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[]) > - case 'a': > - params.hash_algo = optarg; > - break; > -+ case 'e': > -+ params.evm_hash_algo = optarg; > -+ break; > - case 'p': > - if (optarg) > - params.keypass = optarg; > -diff --git a/src/imaevm.h b/src/imaevm.h > -index 1bafaad0f4ab..ed92e4d8981d 100644 > ---- a/src/imaevm.h > -+++ b/src/imaevm.h > -@@ -179,6 +179,7 @@ struct libevm_params { > - int verbose; > - int x509; > - const char *hash_algo; > -+ const char *evm_hash_algo; > - const char *keyfile; > - const char *keypass; > - }; > -diff --git a/src/libimaevm.c b/src/libimaevm.c > -index b6c328801708..4c093a038b72 100644 > ---- a/src/libimaevm.c > -+++ b/src/libimaevm.c > -@@ -129,6 +129,7 @@ struct libevm_params params = { > - .verbose = LOG_INFO - 1, > - .x509 = 1, > - .hash_algo = "sha1", > -+ .evm_hash_algo = "sha1", > - }; > - > - static void __attribute__ ((constructor)) libinit(void); > diff --git a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch > deleted file mode 100644 > index bb44e8d6c2be..000000000000 > --- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch > +++ /dev/null > @@ -1,19 +0,0 @@ > -From: Michael Olbrich <m.olbrich@pengutronix.de> > -Date: Wed, 3 Jun 2015 16:08:51 +0200 > -Subject: [PATCH] HACK: don't generate man page > - > -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > ---- > - Makefile.am | 1 - > - 1 file changed, 1 deletion(-) > - > -diff --git a/Makefile.am b/Makefile.am > -index 06ebf59ea4aa..e527f34f1faa 100644 > ---- a/Makefile.am > -+++ b/Makefile.am > -@@ -1,5 +1,4 @@ > - SUBDIRS = src > --dist_man_MANS = evmctl.1 > - > - doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh > - EXTRA_DIST = autogen.sh $(doc_DATA) > diff --git a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch > deleted file mode 100644 > index 3157c711a065..000000000000 > --- a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch > +++ /dev/null > @@ -1,80 +0,0 @@ > -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> > -Date: Mon, 17 Oct 2016 12:45:32 +0100 > -Subject: [PATCH] evmctl: use correct include for xattr.h > -MIME-Version: 1.0 > -Content-Type: text/plain; charset=UTF-8 > -Content-Transfer-Encoding: 8bit > - > -The xattr API/ABI is provided by both the c-library, as well as by the > -libattr package. The c-library's header file is sys/xattr.h, whereas > -libattr's header file can be found in attr/xattr.h. > - > -Given none of the code here *links* against the libattr.so shared library, it > -is wrong to *compile* against libattr's API (header file). > - > -Doing so avoids confusion as to which xattr.h is used as the least problem, > -and potential ABI differences as the worst problem due the mismatching header > -file used. > - > -So make sure we compile and link against the same thing, the c-library in > -both cases. > - > -Signed-off-by: André Draszik <git@andred.net> > -Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> > ---- > - configure.ac | 2 +- > - packaging/ima-evm-utils.spec | 1 - > - packaging/ima-evm-utils.spec.in | 1 - > - src/evmctl.c | 2 +- > - 4 files changed, 2 insertions(+), 4 deletions(-) > - > -diff --git a/configure.ac b/configure.ac > -index 6822f39cff69..06d061bc94ea 100644 > ---- a/configure.ac > -+++ b/configure.ac > -@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS) > - AC_CHECK_HEADER(unistd.h) > - AC_CHECK_HEADERS(openssl/conf.h) > - > --AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])]) > -+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])]) > - AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])]) > - > - #debug support - yes for a while > -diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec > -index a11a27a18815..63388d2b444b 100644 > ---- a/packaging/ima-evm-utils.spec > -+++ b/packaging/ima-evm-utils.spec > -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root > - BuildRequires: autoconf > - BuildRequires: automake > - BuildRequires: openssl-devel > --BuildRequires: libattr-devel > - BuildRequires: keyutils-libs-devel > - > - %description > -diff --git a/packaging/ima-evm-utils.spec.in b/packaging/ima-evm-utils.spec.in > -index 7ca6c6fb3b0d..65c32f9e6445 100644 > ---- a/packaging/ima-evm-utils.spec.in > -+++ b/packaging/ima-evm-utils.spec.in > -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root > - BuildRequires: autoconf > - BuildRequires: automake > - BuildRequires: openssl-devel > --BuildRequires: libattr-devel > - BuildRequires: keyutils-libs-devel > - > - %description > -diff --git a/src/evmctl.c b/src/evmctl.c > -index 4422c0e84d4a..02eb84d4c341 100644 > ---- a/src/evmctl.c > -+++ b/src/evmctl.c > -@@ -49,7 +49,7 @@ > - #include <stdint.h> > - #include <string.h> > - #include <dirent.h> > --#include <attr/xattr.h> > -+#include <sys/xattr.h> > - #include <linux/xattr.h> > - #include <getopt.h> > - #include <keyutils.h> > diff --git a/patches/ima-evm-utils-1.1/series b/patches/ima-evm-utils-1.1/series > deleted file mode 100644 > index 6fb042465042..000000000000 > --- a/patches/ima-evm-utils-1.1/series > +++ /dev/null > @@ -1,16 +0,0 @@ > -# generated by git-ptx-patches > -#tag:base --start-number 1 > -0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > -0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > -0003-evmctl-find-add-missing-closedir-dir-on-error.patch > -0004-evmctl-find-add-missing-error-handling-and-propagate.patch > -0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > -0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > -0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > -0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > -0009-evmctl-add-support-for-offline-image-preparation.patch > -0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > -0011-HACK-don-t-generate-man-page.patch > -0012-Fix-warning-for-non-debug-use-case.patch > -0013-evmctl-use-correct-include-for-xattr.h.patch > -# 5032e96fb6da7cb77f053c2b5a6edc44 - git-ptx-patches magic > diff --git a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch > similarity index 79% > rename from patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch > rename to patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch > index 4b1c84584479..5c91c4621a76 100644 > --- a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch > +++ b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch > @@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > 1 file changed, 2 insertions(+) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 2ffee786865b..20eccfa93b2b 100644 > +index 1815f55d73e0..cca2fabdb2a6 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func) > +@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t func) > > if (fchdir(dirfd(dir))) { > log_err("Failed to chdir %s\n", path); > @@ -21,7 +21,7 @@ index 2ffee786865b..20eccfa93b2b 100644 > return -1; > } > > -@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func) > +@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t func) > > if (chdir("..")) { > log_err("Failed to chdir: %s\n", path); > diff --git a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch > similarity index 87% > rename from patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch > rename to patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch > index 68660d95eda0..62471489a9f2 100644 > --- a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch > +++ b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch > @@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 20eccfa93b2b..55fc619f5990 100644 > +index cca2fabdb2a6..e6761f2ae5e4 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func) > +@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t func) > } > > while ((de = readdir(dir))) { > @@ -38,7 +38,7 @@ index 20eccfa93b2b..55fc619f5990 100644 > } > > if (chdir("..")) { > -@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func) > +@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t func) > return -1; > } > > diff --git a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > similarity index 80% > rename from patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > rename to patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > index 69aadb377668..0de24af6a0e7 100644 > --- a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > +++ b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > @@ -10,12 +10,12 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > 1 file changed, 5 insertions(+) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 55fc619f5990..de53be37b69b 100644 > +index e6761f2ae5e4..a1fd9feaea78 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -62,6 +62,11 @@ > - #include <openssl/err.h> > - #include <openssl/rsa.h> > +@@ -72,6 +72,11 @@ > + #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX > + #endif > > +#ifndef XATTR_NAME_IMA > +#define XATTR_IMA_SUFFIX "ima" > diff --git a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > similarity index 76% > rename from patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > rename to patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > index 2164c6238e78..e20cfaa826df 100644 > --- a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > +++ b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > @@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 8fc23be08bd7..b6c328801708 100644 > +index fa6c27858d0f..002b0657337c 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > -@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size, > +@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const unsigned char *hash, int size, > SHA_CTX ctx; > unsigned char out[1024]; > RSA *key; > @@ -20,7 +20,7 @@ index 8fc23be08bd7..b6c328801708 100644 > struct signature_hdr *hdr = (struct signature_hdr *)sig; > > log_info("hash-v1: "); > -@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons > +@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const unsigned char *hash, > unsigned char pub[1024]; > RSA *key; > char name[20]; > diff --git a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch > similarity index 78% > rename from patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch > rename to patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch > index 6d9b40fc5b43..75d92734190c 100644 > --- a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch > +++ b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch > @@ -33,29 +33,29 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> > --- > src/evmctl.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++-------- > src/imaevm.h | 1 + > - src/libimaevm.c | 25 ++++++++++++++++++++++++- > - 3 files changed, 74 insertions(+), 9 deletions(-) > + src/libimaevm.c | 24 +++++++++++++++++++++++- > + 3 files changed, 73 insertions(+), 9 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 5d664005e915..9003f7640c0f 100644 > +index a1fd9feaea78..a4d784a5bfb6 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > +@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > + #else > pctx = EVP_MD_CTX_new(); > #endif > - const EVP_MD *md; > + ino_t ino; > > if (lstat(file, &st)) { > log_err("Failed to stat: %s\n", file); > -@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > +@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > } > close(fd); > } > - log_info("generation: %u\n", generation); > } > > -+ if (params.image_mode) { > ++ if (imaevm_params.image_mode) { > + char buf[128] = { }; > + > + err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1); > @@ -75,7 +75,7 @@ index 5d664005e915..9003f7640c0f 100644 > list_size = llistxattr(file, list, sizeof(list)); > if (list_size < 0) { > log_err("llistxattr() failed\n"); > -@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > +@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > > hmac_size = sizeof(*hmac); > if (!evm_portable) { > @@ -84,7 +84,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > } > hmac->uid = st.st_uid; > -@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > +@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > > hmac_size = sizeof(*hmac); > if (!evm_portable) { > @@ -93,7 +93,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > } > hmac->uid = st.st_uid; > -@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > +@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > > hmac_size = sizeof(*hmac); > if (!evm_portable) { > @@ -102,19 +102,19 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > } > hmac->uid = st.st_uid; > -@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > +@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > + #else > pctx = HMAC_CTX_new(); > #endif > - const EVP_MD *md; > + ino_t ino; > > key = file2bin(keyfile, NULL, &keylen); > if (!key) { > -@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > +@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > close(fd); > } > > -+ if (params.image_mode) { > ++ if (imaevm_params.image_mode) { > + char buf[128] = { }; > + > + err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1); > @@ -137,7 +137,7 @@ index 5d664005e915..9003f7640c0f 100644 > log_err("llistxattr() failed: %s\n", file); > goto out; > } > -@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > +@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > struct h_misc *hmac = (struct h_misc *)&hmac_misc; > > hmac_size = sizeof(*hmac); > @@ -146,7 +146,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > hmac->uid = st.st_uid; > hmac->gid = st.st_gid; > -@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > +@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; > > hmac_size = sizeof(*hmac); > @@ -155,7 +155,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > hmac->uid = st.st_uid; > hmac->gid = st.st_gid; > -@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > +@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; > > hmac_size = sizeof(*hmac); > @@ -164,7 +164,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > hmac->uid = st.st_uid; > hmac->gid = st.st_gid; > -@@ -1666,6 +1700,9 @@ static void usage(void) > +@@ -2476,6 +2510,9 @@ static void usage(void) > " --smack use extra SMACK xattrs for EVM\n" > " --m32 force EVM hmac/signature for 32 bit target system\n" > " --m64 force EVM hmac/signature for 64 bit target system\n" > @@ -174,7 +174,7 @@ index 5d664005e915..9003f7640c0f 100644 > " --ino use custom inode for EVM\n" > " --uid use custom UID for EVM\n" > " --gid use custom GID for EVM\n" > -@@ -1716,6 +1753,7 @@ static struct option opts[] = { > +@@ -2528,6 +2565,7 @@ static struct option opts[] = { > {"recursive", 0, 0, 'r'}, > {"m32", 0, 0, '3'}, > {"m64", 0, 0, '6'}, > @@ -182,31 +182,31 @@ index 5d664005e915..9003f7640c0f 100644 > {"portable", 0, 0, 'o'}, > {"smack", 0, 0, 128}, > {"version", 0, 0, 129}, > -@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[]) > +@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[]) > g_argc = argc; > > while (1) { > -- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); > -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind); > +- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind); > ++ c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, &lind); > if (c == -1) > break; > > -@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[]) > +@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[]) > case '6': > msize = 64; > break; > + case 'm': > -+ params.image_mode = true; > ++ imaevm_params.image_mode = true; > + break; > case 128: > evm_config_xattrnames = evm_extra_smack_xattrs; > break; > diff --git a/src/imaevm.h b/src/imaevm.h > -index ed92e4d8981d..7e32d09c6538 100644 > +index 45039199ab31..2f78a31ab438 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > -@@ -182,6 +182,7 @@ struct libevm_params { > - const char *evm_hash_algo; > +@@ -196,6 +196,7 @@ struct libimaevm_params { > + const char *hash_algo; > const char *keyfile; > const char *keypass; > + bool image_mode; > @@ -214,31 +214,23 @@ index ed92e4d8981d..7e32d09c6538 100644 > > struct RSA_ASN1_template { > diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 4c093a038b72..866f74b39b41 100644 > +index 002b0657337c..1cdf1dc590cc 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > -@@ -40,6 +40,7 @@ > - > - /* should we use logger instead for library? */ > - #define USE_FPRINTF > -+#define _GNU_SOURCE > - > - #include <sys/types.h> > - #include <sys/param.h> > -@@ -49,6 +50,7 @@ > - #include <dirent.h> > - #include <string.h> > +@@ -51,6 +51,7 @@ > #include <stdio.h> > + #include <assert.h> > + #include <ctype.h> > +#include <sys/xattr.h> > > + #include <openssl/crypto.h> > #include <openssl/pem.h> > - #include <openssl/evp.h> > -@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) > +@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) > } > > while ((de = readdir(dir))) { > - ino = de->d_ino; > -+ if (params.image_mode) { > ++ if (imaevm_params.image_mode) { > + char *name; > + char buf[128] = { }; > + > diff --git a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > similarity index 86% > rename from patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > rename to patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > index 12b77a132002..251f7136b42b 100644 > --- a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > +++ b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > @@ -15,16 +15,16 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> > 1 file changed, 3 insertions(+) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 866f74b39b41..834b738426bf 100644 > +index 1cdf1dc590cc..6bb0b0757c42 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > -@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) > +@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) > } > > while ((de = readdir(dir))) { > + if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) > + continue; > + > - if (params.image_mode) { > + if (imaevm_params.image_mode) { > char *name; > char buf[128] = { }; > diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch > similarity index 86% > rename from patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch > rename to patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch > index 80073f19aaf5..2cddf569a91d 100644 > --- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch > +++ b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch > @@ -14,10 +14,10 @@ Signed-off-by: Juergen Borleis <jbe@pengutronix.de> > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 9003f7640c0f..4422c0e84d4a 100644 > +index a4d784a5bfb6..7c1f15082615 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key) > +@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key) > return 0; > } > > diff --git a/patches/ima-evm-utils-1.1/autogen.sh b/patches/ima-evm-utils-1.3.2/autogen.sh > similarity index 100% > rename from patches/ima-evm-utils-1.1/autogen.sh > rename to patches/ima-evm-utils-1.3.2/autogen.sh > diff --git a/patches/ima-evm-utils-1.3.2/series b/patches/ima-evm-utils-1.3.2/series > new file mode 100644 > index 000000000000..36781ea6bb6f > --- /dev/null > +++ b/patches/ima-evm-utils-1.3.2/series > @@ -0,0 +1,10 @@ > +# generated by git-ptx-patches > +#tag:base --start-number 1 > +0001-evmctl-find-add-missing-closedir-dir-on-error.patch > +0002-evmctl-find-add-missing-error-handling-and-propagate.patch > +0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > +0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > +0005-evmctl-add-support-for-offline-image-preparation.patch > +0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > +0007-Fix-warning-for-non-debug-use-case.patch > +# f8ecfd002cf2ee8244984a1757a1bfea - git-ptx-patches magic > diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make > index 3a0ce4660c87..fb500fb169aa 100644 > --- a/rules/ima-evm-utils.make > +++ b/rules/ima-evm-utils.make > @@ -1,7 +1,7 @@ > # -*-makefile-*- > # > # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de> > -# 2015 by Marc Kleine-Budde <mkl@pengutronix.de> > +# 2015, 2020 by Marc Kleine-Budde <mkl@pengutronix.de> > # 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de> > # > # For further information about the PTXdist project and license conditions > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils > # > # Paths and names > # > -IMA_EVM_UTILS_VERSION := 1.1 > -IMA_EVM_UTILS_MD5 := 77455aeee54fdc7a70c733bcb65d33cc > +IMA_EVM_UTILS_VERSION := 1.3.2 > +IMA_EVM_UTILS_MD5 := 55cc0e2c77a725f722833c3b4a36038c > IMA_EVM_UTILS := ima-evm-utils-$(IMA_EVM_UTILS_VERSION) > IMA_EVM_UTILS_SUFFIX := tar.gz > IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)) > @@ -32,9 +32,16 @@ IMA_EVM_UTILS_LICENSE_FILES := \ > # Prepare > # ---------------------------------------------------------------------------- > > +IMA_EVM_UTILS_CONF_ENV := \ > + $(CROSS_ENV) \ > + ac_cv_lib_tss2_esys_Esys_Free=no \ > + ac_cv_lib_tss2_rc_Tss2_RC_Decode=no \ > + ac_cv_path_XMLCATALOG= > + > IMA_EVM_UTILS_CONF_TOOL := autoconf > IMA_EVM_UTILS_AUTOCONF := \ > $(CROSS_AUTOCONF_USR) \ > + --enable-openssl-conf \ > --disable-debug > > # ---------------------------------------------------------------------------- _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional 2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber 2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber @ 2021-06-16 16:16 ` Roland Hieber 2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich 2021-06-29 5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich 2 siblings, 1 reply; 6+ messages in thread From: Roland Hieber @ 2021-06-16 16:16 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber This reduces the dependency graph and can therefore decrease boot time on systems that are configured with a static hostname, and which do not use quota. With this, /usr/share/dbus-1/system-services/ may no longer contain any service definitions, so add an empty kconfig option for it. Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- v1 -> v2: * order the new promptable options next to the other promptable options * set "default y" for both new options to keep compatibility PATCH v1: https://lore.ptxdist.org/ptxdist/20210607130909.4836-7-rhi@pengutronix.de --- rules/systemd.in | 23 +++++++++++++++++++++++ rules/systemd.make | 12 ++++++++---- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/rules/systemd.in b/rules/systemd.in index 854c344d5441..0c6dcb317613 100644 --- a/rules/systemd.in +++ b/rules/systemd.in @@ -56,11 +56,15 @@ comment "D-Bus is needed for the enabled features" config SYSTEMD_DBUS bool +config SYSTEMD_DBUS_SERVICES + bool + config SYSTEMD_MICROHTTPD bool config SYSTEMD_LOCALES bool + select SYSTEMD_DBUS_SERVICES default LOCALES config SYSTEMD_VCONSOLE @@ -77,9 +81,19 @@ config SYSTEMD_DISABLE_RANDOM_SEED the random seed is not possible. Warning: enabling this option may be insecure. +config SYSTEMD_HOSTNAMED + bool + default y + select SYSTEMD_DBUS_SERVICES + prompt "hostname daemon" + help + A tiny daemon that can be used to control the hostname and related + machine meta data from user programs. + config SYSTEMD_LOGIND bool select SYSTEMD_DBUS + select SYSTEMD_DBUS_SERVICES prompt "login daemon" config SYSTEMD_UNITS_USER @@ -89,6 +103,7 @@ config SYSTEMD_UNITS_USER config SYSTEMD_NETWORK bool + select SYSTEMD_DBUS_SERVICES prompt "network configuration with systemd" config SYSTEMD_IPMASQUERADE @@ -102,6 +117,7 @@ config SYSTEMD_TIMEDATE bool default y select SYSTEMD_DBUS + select SYSTEMD_DBUS_SERVICES prompt "date/time handling" help NTP client for time synchronization and local timezone handling. @@ -122,6 +138,13 @@ config SYSTEMD_POLKIT bool default POLKIT +config SYSTEMD_QUOTACHECK + bool + default y + prompt "disk quota support" + help + File system quota checker logic + menu "journald " config SYSTEMD_XZ diff --git a/rules/systemd.make b/rules/systemd.make index 3a3621fe767e..929a76dd423e 100644 --- a/rules/systemd.make +++ b/rules/systemd.make @@ -95,7 +95,7 @@ SYSTEMD_CONF_OPT := \ -Dgshadow=false \ -Dhibernate=false \ -Dhomed=false \ - -Dhostnamed=true \ + -Dhostnamed=$(call ptx/truefalse,PTXCONF_SYSTEMD_HOSTNAMED) \ -Dhtml=false \ -Dhwdb=$(call ptx/truefalse,PTXCONF_SYSTEMD_UDEV_HWDB) \ -Didn=false \ @@ -152,7 +152,7 @@ SYSTEMD_CONF_OPT := \ -Dpstore=false \ -Dpwquality=false \ -Dqrencode=false \ - -Dquotacheck=true \ + -Dquotacheck=$(call ptx/truefalse,PTXCONF_SYSTEMD_QUOTACHECK) \ -Dquotacheck-path=/usr/sbin/quotacheck \ -Dquotaon-path=/usr/sbin/quotaon \ -Drandomseed=$(call ptx/falsetrue,PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED) \ @@ -248,7 +248,7 @@ SYSTEMD_HELPER := \ $(call ptx/ifdef, PTXCONF_SYSTEMD_COREDUMP,systemd-coredump) \ systemd-fsck \ systemd-growfs \ - systemd-hostnamed \ + $(call ptx/ifdef, PTXCONF_SYSTEMD_HOSTNAMED,systemd-hostnamed) \ systemd-journald \ $(call ptx/ifdef, PTXCONF_SYSTEMD_JOURNAL_REMOTE,systemd-journal-remote) \ $(call ptx/ifdef, PTXCONF_SYSTEMD_LOCALES,systemd-localed) \ @@ -257,7 +257,7 @@ SYSTEMD_HELPER := \ systemd-modules-load \ $(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd) \ $(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd-wait-online) \ - systemd-quotacheck \ + $(call ptx/ifdef, PTXCONF_SYSTEMD_QUOTACHECK,systemd-quotacheck) \ $(call ptx/ifdef, PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED,,systemd-random-seed) \ systemd-remount-fs \ systemd-reply-password \ @@ -347,7 +347,9 @@ $(STATEDIR)/systemd.targetinstall: @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-notify) @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-tmpfiles) @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/busctl) +ifdef PTXCONF_SYSTEMD_HOSTNAMED @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/hostnamectl) +endif @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-analyze) @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cat) @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cgls) @@ -377,9 +379,11 @@ $(STATEDIR)/systemd.targetinstall: @$(call install_tree, systemd, 0, 0, -, /usr/lib/tmpfiles.d/) @$(call install_copy, systemd, 0, 0, 0644, -, /usr/lib/sysctl.d/50-default.conf) +ifdef PTXCONF_SYSTEMD_DBUS_SERVICES @$(call install_copy, systemd, 0, 0, 0644, -, \ /usr/share/dbus-1/services/org.freedesktop.systemd1.service) @$(call install_tree, systemd, 0, 0, -, /usr/share/dbus-1/system-services/) +endif # # systemd expects this directory to exist. @$(call install_copy, systemd, 0, 0, 0755, /var/lib/systemd) -- 2.29.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [APPLIED] systemd: make hostnamed and quotacheck optional 2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber @ 2021-06-29 5:09 ` Michael Olbrich 0 siblings, 0 replies; 6+ messages in thread From: Michael Olbrich @ 2021-06-29 5:09 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Thanks, applied as cb4ac069a4c692caeeac38e2dbb68415ffc61121. Michael [sent from post-receive hook] On Tue, 29 Jun 2021 07:09:12 +0200, Roland Hieber <rhi@pengutronix.de> wrote: > This reduces the dependency graph and can therefore decrease boot time > on systems that are configured with a static hostname, and which do not > use quota. With this, /usr/share/dbus-1/system-services/ may no longer > contain any service definitions, so add an empty kconfig option for it. > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > Message-Id: <20210616161655.15480-3-rhi@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/rules/systemd.in b/rules/systemd.in > index 854c344d5441..0c6dcb317613 100644 > --- a/rules/systemd.in > +++ b/rules/systemd.in > @@ -56,11 +56,15 @@ comment "D-Bus is needed for the enabled features" > config SYSTEMD_DBUS > bool > > +config SYSTEMD_DBUS_SERVICES > + bool > + > config SYSTEMD_MICROHTTPD > bool > > config SYSTEMD_LOCALES > bool > + select SYSTEMD_DBUS_SERVICES > default LOCALES > > config SYSTEMD_VCONSOLE > @@ -77,9 +81,19 @@ config SYSTEMD_DISABLE_RANDOM_SEED > the random seed is not possible. > Warning: enabling this option may be insecure. > > +config SYSTEMD_HOSTNAMED > + bool > + default y > + select SYSTEMD_DBUS_SERVICES > + prompt "hostname daemon" > + help > + A tiny daemon that can be used to control the hostname and related > + machine meta data from user programs. > + > config SYSTEMD_LOGIND > bool > select SYSTEMD_DBUS > + select SYSTEMD_DBUS_SERVICES > prompt "login daemon" > > config SYSTEMD_UNITS_USER > @@ -89,6 +103,7 @@ config SYSTEMD_UNITS_USER > > config SYSTEMD_NETWORK > bool > + select SYSTEMD_DBUS_SERVICES > prompt "network configuration with systemd" > > config SYSTEMD_IPMASQUERADE > @@ -102,6 +117,7 @@ config SYSTEMD_TIMEDATE > bool > default y > select SYSTEMD_DBUS > + select SYSTEMD_DBUS_SERVICES > prompt "date/time handling" > help > NTP client for time synchronization and local timezone handling. > @@ -122,6 +138,13 @@ config SYSTEMD_POLKIT > bool > default POLKIT > > +config SYSTEMD_QUOTACHECK > + bool > + default y > + prompt "disk quota support" > + help > + File system quota checker logic > + > menu "journald " > > config SYSTEMD_XZ > diff --git a/rules/systemd.make b/rules/systemd.make > index 3a3621fe767e..929a76dd423e 100644 > --- a/rules/systemd.make > +++ b/rules/systemd.make > @@ -95,7 +95,7 @@ SYSTEMD_CONF_OPT := \ > -Dgshadow=false \ > -Dhibernate=false \ > -Dhomed=false \ > - -Dhostnamed=true \ > + -Dhostnamed=$(call ptx/truefalse,PTXCONF_SYSTEMD_HOSTNAMED) \ > -Dhtml=false \ > -Dhwdb=$(call ptx/truefalse,PTXCONF_SYSTEMD_UDEV_HWDB) \ > -Didn=false \ > @@ -152,7 +152,7 @@ SYSTEMD_CONF_OPT := \ > -Dpstore=false \ > -Dpwquality=false \ > -Dqrencode=false \ > - -Dquotacheck=true \ > + -Dquotacheck=$(call ptx/truefalse,PTXCONF_SYSTEMD_QUOTACHECK) \ > -Dquotacheck-path=/usr/sbin/quotacheck \ > -Dquotaon-path=/usr/sbin/quotaon \ > -Drandomseed=$(call ptx/falsetrue,PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED) \ > @@ -248,7 +248,7 @@ SYSTEMD_HELPER := \ > $(call ptx/ifdef, PTXCONF_SYSTEMD_COREDUMP,systemd-coredump) \ > systemd-fsck \ > systemd-growfs \ > - systemd-hostnamed \ > + $(call ptx/ifdef, PTXCONF_SYSTEMD_HOSTNAMED,systemd-hostnamed) \ > systemd-journald \ > $(call ptx/ifdef, PTXCONF_SYSTEMD_JOURNAL_REMOTE,systemd-journal-remote) \ > $(call ptx/ifdef, PTXCONF_SYSTEMD_LOCALES,systemd-localed) \ > @@ -257,7 +257,7 @@ SYSTEMD_HELPER := \ > systemd-modules-load \ > $(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd) \ > $(call ptx/ifdef, PTXCONF_SYSTEMD_NETWORK,systemd-networkd-wait-online) \ > - systemd-quotacheck \ > + $(call ptx/ifdef, PTXCONF_SYSTEMD_QUOTACHECK,systemd-quotacheck) \ > $(call ptx/ifdef, PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED,,systemd-random-seed) \ > systemd-remount-fs \ > systemd-reply-password \ > @@ -347,7 +347,9 @@ $(STATEDIR)/systemd.targetinstall: > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-notify) > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-tmpfiles) > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/busctl) > +ifdef PTXCONF_SYSTEMD_HOSTNAMED > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/hostnamectl) > +endif > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-analyze) > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cat) > @$(call install_copy, systemd, 0, 0, 0755, -, /usr/bin/systemd-cgls) > @@ -377,9 +379,11 @@ $(STATEDIR)/systemd.targetinstall: > @$(call install_tree, systemd, 0, 0, -, /usr/lib/tmpfiles.d/) > @$(call install_copy, systemd, 0, 0, 0644, -, /usr/lib/sysctl.d/50-default.conf) > > +ifdef PTXCONF_SYSTEMD_DBUS_SERVICES > @$(call install_copy, systemd, 0, 0, 0644, -, \ > /usr/share/dbus-1/services/org.freedesktop.systemd1.service) > @$(call install_tree, systemd, 0, 0, -, /usr/share/dbus-1/system-services/) > +endif > > # # systemd expects this directory to exist. > @$(call install_copy, systemd, 0, 0, 0755, /var/lib/systemd) _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] [APPLIED] ima-evm-utils: fix license statement 2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber 2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber 2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber @ 2021-06-29 5:09 ` Michael Olbrich 2 siblings, 0 replies; 6+ messages in thread From: Michael Olbrich @ 2021-06-29 5:09 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Thanks, applied as d21327b990789532d71a2316af46b39d10e79b61. Michael [sent from post-receive hook] On Tue, 29 Jun 2021 07:09:10 +0200, Roland Hieber <rhi@pengutronix.de> wrote: > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > Message-Id: <20210616161655.15480-1-rhi@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make > index 1c5e15b1415f..3a0ce4660c87 100644 > --- a/rules/ima-evm-utils.make > +++ b/rules/ima-evm-utils.make > @@ -2,6 +2,7 @@ > # > # Copyright (C) 2013 by Michael Grzeschik <mgr@pengutronix.de> > # 2015 by Marc Kleine-Budde <mkl@pengutronix.de> > +# 2021 Roland Hieber, Pengutronix <rhi@pengutronix.de> > # > # For further information about the PTXdist project and license conditions > # see the README file. > @@ -22,7 +23,10 @@ IMA_EVM_UTILS_SUFFIX := tar.gz > IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)) > IMA_EVM_UTILS_SOURCE := $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX) > IMA_EVM_UTILS_DIR := $(BUILDDIR)/$(IMA_EVM_UTILS) > -IMA_EVM_UTILS_LICENSE := LGPL-2.0-or-later > +IMA_EVM_UTILS_LICENSE := GPL-2.0-only WITH custom-exception > +IMA_EVM_UTILS_LICENSE_FILES := \ > + file://src/evmctl.c;startline=13;endline=35;md5=1e6e51503ab04045269a92c0bc5d5b55 \ > + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 > > # ---------------------------------------------------------------------------- > # Prepare _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-06-29 5:10 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-06-16 16:16 [ptxdist] [PATCH v2 1/3] ima-evm-utils: fix license statement Roland Hieber 2021-06-16 16:16 ` [ptxdist] [PATCH v2 2/3] ima-evm-utils: version bump 1.1 -> 1.3.2 Roland Hieber 2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich 2021-06-16 16:16 ` [ptxdist] [PATCH v2 3/3] systemd: make hostnamed and quotacheck optional Roland Hieber 2021-06-29 5:09 ` [ptxdist] [APPLIED] " Michael Olbrich 2021-06-29 5:09 ` [ptxdist] [APPLIED] ima-evm-utils: fix license statement Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox