ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Stefan Berger <stefanb@linux.ibm.com> 2023-04-28 08:23:16 -0400
committer: Armin Kuster <akuster808@gmail.com> 2023-05-06 07:54:09 -0400
commit: 9de807705b27b05bbf84e9f16502fe6cdaa8928f (patch)
tree: ef331bf638ef1a6fe4283886c07621d351829769
parent: 319522e00dfd23c78cbe28ab26b87e08a8f46993 (diff)
download: meta-security-9de807705b27b05bbf84e9f16502fe6cdaa8928f.tar.gz
2 files changed, 42 insertions, 2 deletions
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch
new file mode 100644
index 0000000..3624576
--- /dev/null
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch
@@ -0,0 +1,35 @@
+From 00ace817c5134d9844db387cadb9517ebad43808 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Tue, 18 Apr 2023 11:43:55 -0400
+Subject: [PATCH] Do not get generation using ioctl when evm_portable is true
+If a signatures is detected as being portable do not attempt to read the
+generation with the ioctl since in some cases this may not be supported
+by the filesystem and is also not needed for computing a portable
+signature.
+This avoids the current work-around of passing --generation 0 when the
+ioctl is not supported by the filesystem.
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ src/evmctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/evmctl.c b/src/evmctl.c
+index 6d2bb67..c35a28c 100644
+--- a/src/evmctl.c
+++ b/src/evmctl.c
+@@ -376,7 +376,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+        if (mode_str)
+                st.st_mode = strtoul(mode_str, NULL, 10);
+ 
+-       if (!evm_immutable) {
+       if (!evm_immutable && !evm_portable) {
+                if (S_ISREG(st.st_mode) && !generation_str) {
+                        int fd = open(file, 0);
+ 
+---
+2.39.2
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
index 873aeeb..8ac080c 100644
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
@@ -6,8 +6,13 @@ DEPENDS += "openssl attr keyutils"
 DEPENDS:class-native += "openssl-native keyutils-native"
-SRC_URI = "https://sourceforge.net/projects/linux-ima/files/${BPN}/${BP}.tar.gz"
+FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
-SRC_URI[sha256sum] = "fcf85b31d6292051b3679e5f17ffa7f89b6898957aad0f59aa4e9878884b27d1"
+SRC_URI = " \
+    https://github.com/mimizohar/ima-evm-utils/releases/download/v${PV}/${BP}.tar.gz \
+    file://0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch \
+"
+SRC_URI[sha256sum] = "45f1caa3ad59ec59a1d6a74ea5df38c413488cd952ab62d98cf893c15e6f246d"
 inherit pkgconfig autotools features_check
author	Stefan Berger <stefanb@linux.ibm.com>	2023-04-28 08:23:16 -0400
committer	Armin Kuster <akuster808@gmail.com>	2023-05-06 07:54:09 -0400
commit	9de807705b27b05bbf84e9f16502fe6cdaa8928f (patch)
tree	ef331bf638ef1a6fe4283886c07621d351829769
parent	319522e00dfd23c78cbe28ab26b87e08a8f46993 (diff)
download	meta-security-9de807705b27b05bbf84e9f16502fe6cdaa8928f.tar.gz

diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch new file mode 100644 index 0000000..3624576 --- /dev/null +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch
@@ -0,0 +1,35 @@
		1	From 00ace817c5134d9844db387cadb9517ebad43808 Mon Sep 17 00:00:00 2001
		2	From: Stefan Berger <stefanb@linux.ibm.com>
		3	Date: Tue, 18 Apr 2023 11:43:55 -0400
		4	Subject: [PATCH] Do not get generation using ioctl when evm_portable is true
		5
		6	If a signatures is detected as being portable do not attempt to read the
		7	generation with the ioctl since in some cases this may not be supported
		8	by the filesystem and is also not needed for computing a portable
		9	signature.
		10
		11	This avoids the current work-around of passing --generation 0 when the
		12	ioctl is not supported by the filesystem.
		13
		14	Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
		15	---
		16	src/evmctl.c \| 2 +-
		17	1 file changed, 1 insertion(+), 1 deletion(-)
		18
		19	diff --git a/src/evmctl.c b/src/evmctl.c
		20	index 6d2bb67..c35a28c 100644
		21	--- a/src/evmctl.c
		22	+++ b/src/evmctl.c
		23	@@ -376,7 +376,7 @@ static int calc_evm_hash(const char file, unsigned char hash)
		24	if (mode_str)
		25	st.st_mode = strtoul(mode_str, NULL, 10);
		26
		27	- if (!evm_immutable) {
		28	+ if (!evm_immutable && !evm_portable) {
		29	if (S_ISREG(st.st_mode) && !generation_str) {
		30	int fd = open(file, 0);
		31
		32	---
		33	2.39.2
		34
		35


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb index 873aeeb..8ac080c 100644 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
@@ -6,8 +6,13 @@ DEPENDS += "openssl attr keyutils"
6		6
7	DEPENDS:class-native += "openssl-native keyutils-native"	7	DEPENDS:class-native += "openssl-native keyutils-native"
8		8
9	SRC_URI = "https://sourceforge.net/projects/linux-ima/files/${BPN}/${BP}.tar.gz"	9	FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
10	SRC_URI[sha256sum] = "fcf85b31d6292051b3679e5f17ffa7f89b6898957aad0f59aa4e9878884b27d1"	10
		11	SRC_URI = " \
		12	https://github.com/mimizohar/ima-evm-utils/releases/download/v${PV}/${BP}.tar.gz \
		13	file://0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch \
		14	"
		15	SRC_URI[sha256sum] = "45f1caa3ad59ec59a1d6a74ea5df38c413488cd952ab62d98cf893c15e6f246d"
11		16
12	inherit pkgconfig autotools features_check	17	inherit pkgconfig autotools features_check
13		18