ima-evm-utils: Update to 1.4

Switch from git to https in SRC_URI Drop patches not upstreamed. Passes OEQA: RESULTS - ima.IMACheck.test_ima_enabled: PASSED (1.05s) RESULTS - ima.IMACheck.test_ima_hash: PASSED (6.13s) RESULTS - ima.IMACheck.test_ima_overwrite: PASSED (131.31s) RESULTS - ima.IMACheck.test_ima_signature: PASSED (69.03s) Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2022-05-18 09:57:21 -0700
committer: Armin Kuster <akuster808@gmail.com> 2022-05-23 07:11:55 -0700
commit: 8e59bd9e0a5a7f5f4da00d924711e3d834d12b4e (patch)
tree: 3f022a058c195ef82a5929492433b56a9ed61bb7
parent: a8fba7a8ef99ce41a86ce4861c75ba5157f8389d (diff)
download: meta-security-8e59bd9e0a5a7f5f4da00d924711e3d834d12b4e.tar.gz
4 files changed, 2 insertions, 181 deletions
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/command-line-apply-operation-to-all-paths.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/command-line-apply-operation-to-all-paths.patch
deleted file mode 100644
index 35c3162..0000000
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/command-line-apply-operation-to-all-paths.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 5834216fb3aa4e5e59ee13e871c70db1b4e13f02 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Fri, 30 Sep 2016 10:22:16 +0200
-Subject: [PATCH] command line: apply operation to all paths
-Previously, invocations like "evmctl ima_hash foo bar" silently
-ignored all parameters after the first path name ("foo" in this
-example).
-Now evmctl iterates over all specified paths. It aborts with an
-error as soon as the selected operation fails for a path.
-Supporting more than one parameter is useful in combination with
-"find" and "xargs" because it is noticably faster than invoking
-evmutil separately for each file, in particular when run under pseudo
-(a fakeroot environment used by the OpenEmbedded build system).
-This complements the recursive mode and can be used when more control
-over file selection is needed.
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- src/evmctl.c | 21 ++++++++++++---------
- 1 file changed, 12 insertions(+), 9 deletions(-)
-diff --git a/src/evmctl.c b/src/evmctl.c
-index 23cf54c..2072034 100644
--- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -626,7 +626,7 @@ static int get_file_type(const char *path, const char *search_type)
- static int do_cmd(struct command *cmd, find_cb_t func)
- {
-        char *path = g_argv[optind++];
-       int err, dts = REG_MASK; /* only regular files by default */
-+       int err = 0, dts = REG_MASK; /* only regular files by default */
- 
-        if (!path) {
-                log_err("Parameters missing\n");
-@@ -634,15 +634,18 @@ static int do_cmd(struct command *cmd, find_cb_t func)
-                return -1;
-        }
- 
-       if (recursive) {
-               if (search_type) {
-                       dts = get_file_type(path, search_type);
-                       if (dts < 0)
-                               return dts;
-+       while (path && !err) {
-+               if (recursive) {
-+                       if (search_type) {
-+                               dts = get_file_type(path, search_type);
-+                               if (dts < 0)
-+                                       return dts;
-+                       }
-+                       err = find(path, dts, func);
-+               } else {
-+                       err = func(path);
-                }
-               err = find(path, dts, func);
-       } else {
-               err = func(path);
-+               path = g_argv[optind++];
-        }
- 
-        return err;
-- 
-2.1.4
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/disable-doc-creation.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/disable-doc-creation.patch
deleted file mode 100644
index 75076f5..0000000
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/disable-doc-creation.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 321a602098d11ee712ebd01f51033b5fd369eae9 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Wed, 13 May 2015 03:41:02 -0700
-Subject: [PATCH] Makefile.am: disable man page creation
-Depends on asciidoc, which is not available.
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- Makefile.am | 19 ++++++++++++++++++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-diff --git a/Makefile.am b/Makefile.am
-index 06ebf59..4ddd52c 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -1,5 +1,5 @@
- SUBDIRS = src
-dist_man_MANS = evmctl.1
-+# dist_man_MANS = evmctl.1
- 
- doc_DATA =  examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
- EXTRA_DIST = autogen.sh $(doc_DATA)
-@@ -39,4 +39,21 @@ rmman:
- 
- doc: evmctl.1.html rmman evmctl.1
- 
-+# requires asciidoc, xslproc, docbook-xsl
-+# FIXME Disabled until docbook-xsl is unavaliable on tizen.org
-+#MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl
-+#
-+#evmctl.1.html: README
-+#      @asciidoc -o $@ $<
-+#
-+#evmctl.1:
-+#      asciidoc -d manpage -b docbook -o evmctl.1.xsl README
-+#      xsltproc --nonet -o $@ $(MANPAGE_DOCBOOK_XSL) evmctl.1.xsl
-+#      rm -f evmctl.1.xsl
-+#
-+#rmman:
-+#      rm -f evmctl.1
-+#
-+#doc: evmctl.1.html rmman evmctl.1
-+
- .PHONY: $(tarname)
-- 
-1.8.4.5
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch
deleted file mode 100644
index ffa65df..0000000
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 2dec9199f8a8a2c84b25a3d3e7e2f41b71e07834 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Wed, 17 Jun 2015 14:28:18 +0200
-Subject: [PATCH 20/20] evmctl.c: do not depend on xattr.h with IMA defines
-Compilation on older Linux distros (like Ubuntu 12.04) fails
-because linux/xattr.h does not yet have the IMA defines. Compiling
-there makes sense when only the tools are needed, for example when
-signing an image in cross-compile mode.
-To support this, add fallbacks for the two defines which are needed.
-Their value is part of the Linux ABI and thus fixed.
-Upstream-status: Submitted [linux-ima-devel@lists.sourceforge.net]
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- src/evmctl.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-diff --git a/src/evmctl.c b/src/evmctl.c
-index c54efbb..23cf54c 100644
--- a/src/evmctl.c
-+++ b/src/evmctl.c
-@@ -57,6 +57,18 @@
- #include <termios.h>
- #include <assert.h>
- 
-+/*
-+ * linux/xattr.h might be old to have this. Allow compilation on older
-+ * Linux distros (like Ubuntu 12.04) by falling back to our own
-+ * definition.
-+ */
-+#ifndef XATTR_IMA_SUFFIX
-+# define XATTR_IMA_SUFFIX "ima"
-+#endif
-+#ifndef XATTR_NAME_IMA
-+# define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
-+#endif
-+
- #include <openssl/sha.h>
- #include <openssl/pem.h>
- #include <openssl/hmac.h>
-- 
-2.1.4
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
index fc7a2d6..4f1d1a3 100644
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
@@ -6,22 +6,8 @@ DEPENDS += "openssl attr keyutils"
 DEPENDS:class-native += "openssl-native keyutils-native"
-PV = "1.2.1+git${SRCPV}"
+SRC_URI = "https://sourceforge.net/projects/linux-ima/files/${BPN}/${BP}.tar.gz"
-SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
+SRC_URI[sha256sum] = "fcf85b31d6292051b3679e5f17ffa7f89b6898957aad0f59aa4e9878884b27d1"
-SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils;branch=ima-evm-utils-1.2.y"
-# Documentation depends on asciidoc, which we do not have, so
-# do not build documentation.
-SRC_URI += "file://disable-doc-creation.patch"
-# Workaround for upstream incompatibility with older Linux distros.
-# Relevant for us when compiling ima-evm-utils-native.
-SRC_URI += "file://evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch"
-# Required for xargs with more than one path as argument (better for performance).
-SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"
-S = "${WORKDIR}/git"
 inherit pkgconfig autotools features_check
author	Armin Kuster <akuster808@gmail.com>	2022-05-18 09:57:21 -0700
committer	Armin Kuster <akuster808@gmail.com>	2022-05-23 07:11:55 -0700
commit	8e59bd9e0a5a7f5f4da00d924711e3d834d12b4e (patch)
tree	3f022a058c195ef82a5929492433b56a9ed61bb7
parent	a8fba7a8ef99ce41a86ce4861c75ba5157f8389d (diff)
download	meta-security-8e59bd9e0a5a7f5f4da00d924711e3d834d12b4e.tar.gz

diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/command-line-apply-operation-to-all-paths.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/command-line-apply-operation-to-all-paths.patch deleted file mode 100644 index 35c3162..0000000 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/command-line-apply-operation-to-all-paths.patch +++ /dev/null
@@ -1,68 +0,0 @@
1	From 5834216fb3aa4e5e59ee13e871c70db1b4e13f02 Mon Sep 17 00:00:00 2001
2	From: Patrick Ohly <patrick.ohly@intel.com>
3	Date: Fri, 30 Sep 2016 10:22:16 +0200
4	Subject: [PATCH] command line: apply operation to all paths
5
6	Previously, invocations like "evmctl ima_hash foo bar" silently
7	ignored all parameters after the first path name ("foo" in this
8	example).
9
10	Now evmctl iterates over all specified paths. It aborts with an
11	error as soon as the selected operation fails for a path.
12
13	Supporting more than one parameter is useful in combination with
14	"find" and "xargs" because it is noticably faster than invoking
15	evmutil separately for each file, in particular when run under pseudo
16	(a fakeroot environment used by the OpenEmbedded build system).
17
18	This complements the recursive mode and can be used when more control
19	over file selection is needed.
20
21	Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
22	---
23	src/evmctl.c \| 21 ++++++++++++---------
24	1 file changed, 12 insertions(+), 9 deletions(-)
25
26	diff --git a/src/evmctl.c b/src/evmctl.c
27	index 23cf54c..2072034 100644
28	--- a/src/evmctl.c
29	+++ b/src/evmctl.c
30	@@ -626,7 +626,7 @@ static int get_file_type(const char path, const char search_type)
31	static int do_cmd(struct command *cmd, find_cb_t func)
32	{
33	char *path = g_argv[optind++];
34	- int err, dts = REG_MASK; /* only regular files by default */
35	+ int err = 0, dts = REG_MASK; /* only regular files by default */
36
37	if (!path) {
38	log_err("Parameters missing\n");
39	@@ -634,15 +634,18 @@ static int do_cmd(struct command *cmd, find_cb_t func)
40	return -1;
41	}
42
43	- if (recursive) {
44	- if (search_type) {
45	- dts = get_file_type(path, search_type);
46	- if (dts < 0)
47	- return dts;
48	+ while (path && !err) {
49	+ if (recursive) {
50	+ if (search_type) {
51	+ dts = get_file_type(path, search_type);
52	+ if (dts < 0)
53	+ return dts;
54	+ }
55	+ err = find(path, dts, func);
56	+ } else {
57	+ err = func(path);
58	}
59	- err = find(path, dts, func);
60	- } else {
61	- err = func(path);
62	+ path = g_argv[optind++];
63	}
64
65	return err;
66	--
67	2.1.4
68


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/disable-doc-creation.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/disable-doc-creation.patch deleted file mode 100644 index 75076f5..0000000 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/disable-doc-creation.patch +++ /dev/null
@@ -1,50 +0,0 @@
1	From 321a602098d11ee712ebd01f51033b5fd369eae9 Mon Sep 17 00:00:00 2001
2	From: Patrick Ohly <patrick.ohly@intel.com>
3	Date: Wed, 13 May 2015 03:41:02 -0700
4	Subject: [PATCH] Makefile.am: disable man page creation
5
6	Depends on asciidoc, which is not available.
7
8	Upstream-Status: Inappropriate [embedded specific]
9
10	Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
11	---
12	Makefile.am \| 19 ++++++++++++++++++-
13	1 file changed, 18 insertions(+), 1 deletion(-)
14
15	diff --git a/Makefile.am b/Makefile.am
16	index 06ebf59..4ddd52c 100644
17	--- a/Makefile.am
18	+++ b/Makefile.am
19	@@ -1,5 +1,5 @@
20	SUBDIRS = src
21	-dist_man_MANS = evmctl.1
22	+# dist_man_MANS = evmctl.1
23
24	doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh examples/ima-gen-local-ca.sh
25	EXTRA_DIST = autogen.sh $(doc_DATA)
26	@@ -39,4 +39,21 @@ rmman:
27
28	doc: evmctl.1.html rmman evmctl.1
29
30	+# requires asciidoc, xslproc, docbook-xsl
31	+# FIXME Disabled until docbook-xsl is unavaliable on tizen.org
32	+#MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl
33	+#
34	+#evmctl.1.html: README
35	+# @asciidoc -o $@ $<
36	+#
37	+#evmctl.1:
38	+# asciidoc -d manpage -b docbook -o evmctl.1.xsl README
39	+# xsltproc --nonet -o $@ $(MANPAGE_DOCBOOK_XSL) evmctl.1.xsl
40	+# rm -f evmctl.1.xsl
41	+#
42	+#rmman:
43	+# rm -f evmctl.1
44	+#
45	+#doc: evmctl.1.html rmman evmctl.1
46	+
47	.PHONY: $(tarname)
48	--
49	1.8.4.5
50


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch deleted file mode 100644 index ffa65df..0000000 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch +++ /dev/null
@@ -1,47 +0,0 @@
1	From 2dec9199f8a8a2c84b25a3d3e7e2f41b71e07834 Mon Sep 17 00:00:00 2001
2	From: Patrick Ohly <patrick.ohly@intel.com>
3	Date: Wed, 17 Jun 2015 14:28:18 +0200
4	Subject: [PATCH 20/20] evmctl.c: do not depend on xattr.h with IMA defines
5
6	Compilation on older Linux distros (like Ubuntu 12.04) fails
7	because linux/xattr.h does not yet have the IMA defines. Compiling
8	there makes sense when only the tools are needed, for example when
9	signing an image in cross-compile mode.
10
11	To support this, add fallbacks for the two defines which are needed.
12	Their value is part of the Linux ABI and thus fixed.
13
14	Upstream-status: Submitted [linux-ima-devel@lists.sourceforge.net]
15
16	Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
17
18	---
19	src/evmctl.c \| 12 ++++++++++++
20	1 file changed, 12 insertions(+)
21
22	diff --git a/src/evmctl.c b/src/evmctl.c
23	index c54efbb..23cf54c 100644
24	--- a/src/evmctl.c
25	+++ b/src/evmctl.c
26	@@ -57,6 +57,18 @@
27	#include <termios.h>
28	#include <assert.h>
29
30	+/*
31	+ * linux/xattr.h might be old to have this. Allow compilation on older
32	+ * Linux distros (like Ubuntu 12.04) by falling back to our own
33	+ * definition.
34	+ */
35	+#ifndef XATTR_IMA_SUFFIX
36	+# define XATTR_IMA_SUFFIX "ima"
37	+#endif
38	+#ifndef XATTR_NAME_IMA
39	+# define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
40	+#endif
41	+
42	#include <openssl/sha.h>
43	#include <openssl/pem.h>
44	#include <openssl/hmac.h>
45	--
46	2.1.4
47


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb index fc7a2d6..4f1d1a3 100644 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
@@ -6,22 +6,8 @@ DEPENDS += "openssl attr keyutils"
6		6
7	DEPENDS:class-native += "openssl-native keyutils-native"	7	DEPENDS:class-native += "openssl-native keyutils-native"
8		8
9	PV = "1.2.1+git${SRCPV}"	9	SRC_URI = "https://sourceforge.net/projects/linux-ima/files/${BPN}/${BP}.tar.gz"
10	SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"	10	SRC_URI[sha256sum] = "fcf85b31d6292051b3679e5f17ffa7f89b6898957aad0f59aa4e9878884b27d1"
11	SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils;branch=ima-evm-utils-1.2.y"
12
13	# Documentation depends on asciidoc, which we do not have, so
14	# do not build documentation.
15	SRC_URI += "file://disable-doc-creation.patch"
16
17	# Workaround for upstream incompatibility with older Linux distros.
18	# Relevant for us when compiling ima-evm-utils-native.
19	SRC_URI += "file://evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch"
20
21	# Required for xargs with more than one path as argument (better for performance).
22	SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"
23
24	S = "${WORKDIR}/git"
25		11
26	inherit pkgconfig autotools features_check	12	inherit pkgconfig autotools features_check
27		13