update to 1.4

2022-10-27 15:41:17 +08:00 · 2022-10-27 15:41:17 +08:00 · 8e8d158807
commit 8e8d158807
parent 4505285247
6 changed files with 38 additions and 64 deletions
--- a/add-save-command-to-support-digest-list-building.patch
+++ b/add-save-command-to-support-digest-list-building.patch
@ -1,4 +1,4 @@
-From 6e607f4c5b3a608477bfc10405fb3c1f2ef93024 Mon Sep 17 00:00:00 2001
+From b1c7340ed4b4233bfb480173f5dee1cb8a5becea Mon Sep 17 00:00:00 2001
 From: Roberto Sassu <roberto.sassu@huawei.com>
 Date: Thu, 21 Jan 2021 08:16:34 +0800
 Subject: [PATCH] add save command to support digest list building
@ -7,14 +7,14 @@ This patch adds save command to support IMA digest list.
 Signed-off-by: Tianxing Zhang <benjamin93@163.com>
 ---
- src/evmctl.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++------
+ src/evmctl.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 60 insertions(+), 7 deletions(-)
+ 1 file changed, 59 insertions(+), 6 deletions(-)
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 1815f55..439713d 100644
+index 8bdd348..355d04d 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -115,6 +115,7 @@ static int sigdump;
+@@ -118,6 +118,7 @@ static int sigdump;
 static int digest;
 static int digsig;
 static int sigfile;
@ -76,12 +76,12 @@ index 1815f55..439713d 100644
 -	if (!evm_immutable) {
 +	if (!evm_immutable && !evm_portable) {
- 		if ((S_ISREG(st.st_mode) || S_ISDIR(st.st_mode)) && !generation_str) {
+ 		if (S_ISREG(st.st_mode) && !generation_str) {
- 			/* we cannot at the momement to get generation of
+ 			int fd = open(file, 0);
- 			   special files kernel API does not support it */
+ 
-@@ -444,7 +461,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -454,7 +471,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 		/*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
+ 		log_info("name: %s, size: %d\n",
- 		log_info("name: %s, size: %d\n", *xattrname, err);
+ 			 use_xattr_ima ? xattr_ima : *xattrname, err);
 		log_debug_dump(xattr_value, err);
 -		err = EVP_DigestUpdate(pctx, xattr_value, err);
 +		if (datafile)
@ -92,7 +92,7 @@ index 1815f55..439713d 100644
 		if (!err) {
 			log_err("EVP_DigestUpdate() failed\n");
 			return 1;
-@@ -498,7 +519,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -508,7 +529,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 	log_debug("hmac_misc (%d): ", hmac_size);
 	log_debug_dump(&hmac_misc, hmac_size);
@ -105,7 +105,7 @@ index 1815f55..439713d 100644
 	if (!err) {
 		log_err("EVP_DigestUpdate() failed\n");
 		return 1;
-@@ -555,6 +580,9 @@ static int sign_evm(const char *file, const char *key)
+@@ -565,6 +590,9 @@ static int sign_evm(const char *file, const char *key)
 	if (sigdump || imaevm_params.verbose >= LOG_INFO)
 		imaevm_hexdump(sig, len);
@ -115,7 +115,7 @@ index 1815f55..439713d 100644
 	if (xattr) {
 		err = lsetxattr(file, xattr_evm, sig, len, 0);
 		if (err < 0) {
-@@ -566,6 +594,21 @@ static int sign_evm(const char *file, const char *key)
+@@ -576,6 +604,21 @@ static int sign_evm(const char *file, const char *key)
 	return 0;
 }
@ -137,7 +137,7 @@ index 1815f55..439713d 100644
 static int hash_ima(const char *file)
 {
 	unsigned char hash[MAX_DIGEST_SIZE + 2]; /* +2 byte xattr header */
-@@ -678,7 +721,7 @@ static int get_file_type(const char *path, const char *search_type)
+@@ -684,7 +727,7 @@ static int get_file_type(const char *path, const char *search_type)
 static int do_cmd(struct command *cmd, find_cb_t func)
 {
@ -146,7 +146,7 @@ index 1815f55..439713d 100644
 	int err, dts = REG_MASK; /* only regular files by default */
 	if (!path) {
-@@ -687,6 +730,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
+@@ -693,6 +736,10 @@ static int do_cmd(struct command *cmd, find_cb_t func)
 		return -1;
 	}
@ -157,7 +157,7 @@ index 1815f55..439713d 100644
 	if (recursive) {
 		if (search_type) {
 			dts = get_file_type(path, search_type);
-@@ -793,6 +840,11 @@ static int cmd_sign_evm(struct command *cmd)
+@@ -799,6 +846,11 @@ static int cmd_sign_evm(struct command *cmd)
 	return do_cmd(cmd, sign_evm_path);
 }
@ -169,16 +169,7 @@ index 1815f55..439713d 100644
 static int verify_evm(const char *file)
 {
 	unsigned char hash[MAX_DIGEST_SIZE];
-@@ -807,7 +859,7 @@ static int verify_evm(const char *file)
+@@ -2547,6 +2599,7 @@ struct command cmds[] = {
 		return len;
 	}
 -	if (sig[0] != 0x03) {
 +	if (sig[0] != 0x03 && sig[0] != 0x05) {
 		log_err("%s has no signature\n", xattr_evm);
 		return -1;
 	}
@@ -2479,6 +2531,7 @@ struct command cmds[] = {
 	{"import", cmd_import, 0, "[--rsa] pubkey keyring", "Import public key into the keyring.\n"},
 	{"convert", cmd_convert, 0, "key", "convert public key into the keyring.\n"},
 	{"sign", cmd_sign_evm, 0, "[-r] [--imahash | --imasig ] [--key key] [--pass [password] file", "Sign file metadata.\n"},
@ -187,5 +178,5 @@ index 1815f55..439713d 100644
 	{"ima_sign", cmd_sign_ima, 0, "[--sigfile] [--key key] [--pass [password] file", "Make file content signature.\n"},
 	{"ima_verify", cmd_verify_ima, 0, "file", "Verify IMA signature (for debugging).\n"},
 -- 
-2.25.1
+2.33.0
--- a/add-sm3-option.patch
+++ b/add-sm3-option.patch
@ -1,4 +1,4 @@
-From 3fe53a713f32c28841e7f5efd4afb397b6d7e154 Mon Sep 17 00:00:00 2001
+From 01cc9dee300fc78d827d70a647bb409579b29555 Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Wed, 24 Aug 2022 08:26:49 +0800
 Subject: [PATCH] add sm3 option
@ -9,18 +9,18 @@ Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 28f4b8d..bce4b91 100644
+index a8c31ed..5202e53 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -2489,7 +2489,7 @@ static void usage(void)
+@@ -2552,7 +2552,7 @@ static void usage(void)
 	printf(
 		"\n"
-		"  -a, --hashalgo     sha1 (default), sha224, sha256, sha384, sha512, streebog256, streebog512\n"
+-		"  -a, --hashalgo     sha1, sha224, sha256, sha384, sha512, streebog256, streebog512 (default: %s)\n"
-+		"  -a, --hashalgo     sha1 (default), sha224, sha256, sha384, sha512, streebog256, streebog512, sm3\n"
+		"  -a, --hashalgo     sha1, sha224, sha256, sha384, sha512, streebog256, streebog512, sm3 (default: %s)\n"
 		"  -s, --imasig       make IMA signature\n"
 		"  -d, --imahash      make IMA hash\n"
 		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
 -- 
-2.27.0
+2.33.0
--- a/ima-evm-utils-1.3.2.tar.gz
+++ b/ima-evm-utils-1.3.2.tar.gz
--- a/ima-evm-utils-1.4.tar.gz
+++ b/ima-evm-utils-1.4.tar.gz
--- a/ima-evm-utils.spec
+++ b/ima-evm-utils.spec
@ -1,14 +1,11 @@
 Name:         ima-evm-utils
-Version:      1.3.2
+Version:      1.4
-Release:      7
+Release:      1
 Summary:      IMA/EVM control utilities
 License:      GPLv2
 URL:          http://linux-ima.sourceforge.net/
 Source0:      http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
 Patch6000:    ima-evm-utils-Fix-incorrect-algorithm-name-in-hash_i.patch
 Patch6001:    ima-evm-utils-Support-SM2-3-algorithm-for-sign-and-v.patch
 Patch9000:    add-save-command-to-support-digest-list-building.patch
 Patch9001:    fix-caps-parameter-cannot-be-parsed.patch
 Patch9002:    add-sm3-option.patch
@ -78,6 +75,9 @@ make check
 %doc %{_mandir}/*/*
 %changelog
 * Thu Oct 27 2022 shenxiangwei <shenxiangwei1@huawei.com> - 1.4-1
 - update to 1.4
 * Wed Oct 19 2022 shenxiangwei <shenxiangwei1@huawei.com> - 1.3.2-7
 - Support SM signature
--- a/skip-test-error-in-docker.patch
+++ b/skip-test-error-in-docker.patch
@ -1,46 +1,29 @@
-From d3a4e24f6a2bac023f7e7c0eda403f0d8e25996d Mon Sep 17 00:00:00 2001
+From 766139cabc2dfb2cb02f12dc8b1a4b783752494e Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Mon, 26 Sep 2022 19:36:25 +0800
 Subject: [PATCH] Skip test error in docker
 ---
 tests/ima_hash.test    |  5 +++++
 tests/sign_verify.test | 10 ++++++++++
- 2 files changed, 15 insertions(+)
+ 1 file changed, 10 insertions(+)
 diff --git a/tests/ima_hash.test b/tests/ima_hash.test
 index 8d66e59..cd97e1d 100644
 --- a/tests/ima_hash.test
 +++ b/tests/ima_hash.test
@@ -24,6 +24,11 @@ trap _report_exit EXIT
 set -f # disable globbing
 check() {
 +  cat /proc/fs/ext4/sda1/options | grep xattr
 +  if [ `echo $?` -ne 0 ];then
 +          return "$SKIP"
 +  fi
 +
   local alg=$1 prefix=$2 chash=$3 hash
   local file=$alg-hash.txt
 diff --git a/tests/sign_verify.test b/tests/sign_verify.test
-index 288e133..e1899df 100644
+index c56290a..d4eddc8 100755
 --- a/tests/sign_verify.test
 +++ b/tests/sign_verify.test
-@@ -130,6 +130,11 @@ check_sign() {
+@@ -132,6 +132,11 @@ check_sign() {
   # PREFIX (signature header prefix in hex),
   # OPTS (additional options for evmctl),
   # FILE (working file to sign).
 +  cat /proc/fs/ext4/sda1/options | grep xattr
 +  if [ `echo $?` -ne 0 ];then
-+          return "$SKIP"
+	  return "$SKIP"
 +  fi
 +
   local "$@"
-   local KEY=${KEY%.*}.key
+   local key verifykey
   local FILE=${FILE:-$ALG.txt}
-@@ -225,6 +230,11 @@ check_verify() {
+@@ -242,6 +247,11 @@ check_verify() {
   # ALG (hash algo),
   # OPTS (additional options for evmctl),
   # FILE (filename to verify).
@ -53,5 +36,5 @@ index 288e133..e1899df 100644
   # shellcheck disable=SC2086
 -- 
-2.37.3.windows.1
+2.33.0