!70 fix error exit in dracut program

From: @gys66 Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
2022-12-20 09:27:49 +00:00 · 2022-12-20 09:27:49 +00:00 · a98e857496
commit a98e857496
parent 1d0175a7de a541c384b1
2 changed files with 72 additions and 1 deletions
--- a/digest-list-tools.spec
+++ b/digest-list-tools.spec
@ -1,6 +1,6 @@
 name:           digest-list-tools
 Version:        0.3.95
-Release:        9
+Release:        10
 Summary:        Utilities for IMA Digest Lists extension

 Source0:        https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
@ -15,6 +15,7 @@ Patch3:         fix-duplicated-kernel-parameters.patch
 Patch4:		Fix-sm3-algorithm-name.patch
 Patch5: 	fix-faulty-code.patch
 Patch6: 	fix-file-resource-leakage-and-memory-leakage.patch
+Patch7: 	fix-error-exit-in-dracut-program.patch

 BuildRequires:  autoconf automake libcurl-devel libtool rpm-devel dracut gzip
 BuildRequires:  libcap-devel libcmocka-devel libselinux-devel
@ -126,6 +127,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{name}.1.gz

 %changelog
+* Tue Dec 20 2022 gaoyusong <gaoyusong2@huawei.com> - 0.3.95-10
+- Fix error exit in dracut program
+
 * Wed Sep 7 2022 shenxiangwei <shenxiangwei1@huawei.com> - 0.3.95-9
 - Delete setup-ima-digest-lists.service

--- a/fix-error-exit-in-dracut-program.patch
+++ b/fix-error-exit-in-dracut-program.patch
@ -0,0 +1,67 @@
+From eb4f01db4a82a1c902d208a7b67acb8b4be0f1f6 Mon Sep 17 00:00:00 2001
+From: gaoyusong <gaoyusong2@huawei.com>
+Date: Tue, 20 Dec 2022 16:43:38 +0800
+Subject: [PATCH] fix error exit in dracut program
+
+---
+ initrd/dracut/load_digest_lists.sh | 45 ++++++++++++++----------------
+ 1 file changed, 21 insertions(+), 24 deletions(-)
+
+diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh
+index 9d6e5d1..8cb3e84 100644
+--- a/initrd/dracut/load_digest_lists.sh
+++ b/initrd/dracut/load_digest_lists.sh
+@@ -1,29 +1,26 @@
+ #! /bin/bash
+ 
+-if [ ! -f /sys/kernel/security/ima/digest_list_data ]; then
+-	exit 0
+-fi
+if [  -f /sys/kernel/security/ima/digest_list_data ]; then
+	digests_count=$(cat /sys/kernel/security/ima/digests_count)
+	if [ "$digests_count" != "0" ]; then
+		for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do
+			if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then
+				process_digest_list=$(getfattr -m - -e hex -d $f \
+					2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1;
+							if ($1 ~ /security.ima=0x03/) ima=1; }
+							END{ if (evm || ima) print "1" }')
+				if [ -z "$process_digest_list" ]; then
+					continue
+				fi
+ 
+-digests_count=$(cat /sys/kernel/security/ima/digests_count)
+-if [ "$digests_count" = "0" ]; then
+-	exit 0
+				format=$(echo $f | cut -d - -f 3)
+				if [ "$format" = "compact" ]; then
+					echo $f > /sys/kernel/security/ima/digest_list_data
+				else
+					upload_digest_lists add $f
+				fi
+			fi
+		done
+	fi
+ fi
+ 
+-for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do
+-	if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then
+-		process_digest_list=$(getfattr -m - -e hex -d $f \
+-			2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1;
+-					if ($1 ~ /security.ima=0x03/) ima=1; }
+-					END{ if (evm || ima) print "1" }')
+-		if [ -z "$process_digest_list" ]; then
+-			continue
+-		fi
+-
+-		format=$(echo $f | cut -d - -f 3)
+-		if [ "$format" = "compact" ]; then
+-			echo $f > /sys/kernel/security/ima/digest_list_data
+-		else
+-			upload_digest_lists add $f
+-		fi
+-	fi
+-done
+-- 
+2.27.0
+