diff --git a/digest-list-tools.spec b/digest-list-tools.spec index 4c3a96c..c4a191b 100644 --- a/digest-list-tools.spec +++ b/digest-list-tools.spec @@ -1,6 +1,6 @@ name: digest-list-tools Version: 0.3.95 -Release: 9 +Release: 10 Summary: Utilities for IMA Digest Lists extension Source0: https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz @@ -15,6 +15,7 @@ Patch3: fix-duplicated-kernel-parameters.patch Patch4: Fix-sm3-algorithm-name.patch Patch5: fix-faulty-code.patch Patch6: fix-file-resource-leakage-and-memory-leakage.patch +Patch7: fix-error-exit-in-dracut-program.patch BuildRequires: autoconf automake libcurl-devel libtool rpm-devel dracut gzip BuildRequires: libcap-devel libcmocka-devel libselinux-devel @@ -126,6 +127,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/%{name}.1.gz %changelog +* Tue Dec 20 2022 gaoyusong - 0.3.95-10 +- Fix error exit in dracut program + * Wed Sep 7 2022 shenxiangwei - 0.3.95-9 - Delete setup-ima-digest-lists.service diff --git a/fix-error-exit-in-dracut-program.patch b/fix-error-exit-in-dracut-program.patch new file mode 100644 index 0000000..8989ba4 --- /dev/null +++ b/fix-error-exit-in-dracut-program.patch @@ -0,0 +1,67 @@ +From eb4f01db4a82a1c902d208a7b67acb8b4be0f1f6 Mon Sep 17 00:00:00 2001 +From: gaoyusong +Date: Tue, 20 Dec 2022 16:43:38 +0800 +Subject: [PATCH] fix error exit in dracut program + +--- + initrd/dracut/load_digest_lists.sh | 45 ++++++++++++++---------------- + 1 file changed, 21 insertions(+), 24 deletions(-) + +diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh +index 9d6e5d1..8cb3e84 100644 +--- a/initrd/dracut/load_digest_lists.sh ++++ b/initrd/dracut/load_digest_lists.sh +@@ -1,29 +1,26 @@ + #! /bin/bash + +-if [ ! -f /sys/kernel/security/ima/digest_list_data ]; then +- exit 0 +-fi ++if [ -f /sys/kernel/security/ima/digest_list_data ]; then ++ digests_count=$(cat /sys/kernel/security/ima/digests_count) ++ if [ "$digests_count" != "0" ]; then ++ for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do ++ if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then ++ process_digest_list=$(getfattr -m - -e hex -d $f \ ++ 2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1; ++ if ($1 ~ /security.ima=0x03/) ima=1; } ++ END{ if (evm || ima) print "1" }') ++ if [ -z "$process_digest_list" ]; then ++ continue ++ fi + +-digests_count=$(cat /sys/kernel/security/ima/digests_count) +-if [ "$digests_count" = "0" ]; then +- exit 0 ++ format=$(echo $f | cut -d - -f 3) ++ if [ "$format" = "compact" ]; then ++ echo $f > /sys/kernel/security/ima/digest_list_data ++ else ++ upload_digest_lists add $f ++ fi ++ fi ++ done ++ fi + fi + +-for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do +- if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then +- process_digest_list=$(getfattr -m - -e hex -d $f \ +- 2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1; +- if ($1 ~ /security.ima=0x03/) ima=1; } +- END{ if (evm || ima) print "1" }') +- if [ -z "$process_digest_list" ]; then +- continue +- fi +- +- format=$(echo $f | cut -d - -f 3) +- if [ "$format" = "compact" ]; then +- echo $f > /sys/kernel/security/ima/digest_list_data +- else +- upload_digest_lists add $f +- fi +- fi +-done +-- +2.27.0 +