Hello community,

here is the log from the commit of package ima-evm-utils for openSUSE:Factory 
checked in at 2020-11-02 09:39:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ima-evm-utils (Old)
 and      /work/SRC/openSUSE:Factory/.ima-evm-utils.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ima-evm-utils"

Mon Nov  2 09:39:48 2020 rev:19 rq:844713 version:1.3.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/ima-evm-utils/ima-evm-utils.changes      
2020-10-02 17:17:31.146111718 +0200
+++ /work/SRC/openSUSE:Factory/.ima-evm-utils.new.3463/ima-evm-utils.changes    
2020-11-02 09:39:53.969581489 +0100
@@ -1,0 +2,13 @@
+Thu Oct 29 06:12:46 UTC 2020 - Petr Vorel <pvo...@suse.cz>
+
+- Update to version 1.3.2
+       * Bugfixes: importing keys
+       * NEW: Docker based travis distro testing
+       * Travis bugfixes, code cleanup, software version update,
+         and script removal
+       * Initial travis testing
+- Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch
+  (patch from this release)
+- Add make check + dependencies (getfattr => attr, xxd => vim)
+
+-------------------------------------------------------------------

Old:
----
  0001-help-Add-missing-new-line-for-ignore-violations.patch
  ima-evm-utils-1.3.1.tar.gz

New:
----
  ima-evm-utils-1.3.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ima-evm-utils.spec ++++++
--- /var/tmp/diff_new_pack.8saiuV/_old  2020-11-02 09:39:54.425581927 +0100
+++ /var/tmp/diff_new_pack.8saiuV/_new  2020-11-02 09:39:54.429581931 +0100
@@ -19,15 +19,15 @@
 %define sover 2
 %define libname libimaevm%{sover}
 Name:           ima-evm-utils
-Version:        1.3.1
+Version:        1.3.2
 Release:        0
 Summary:        IMA/EVM control utility
 License:        LGPL-2.1-or-later
 Group:          System/Base
 URL:            http://sourceforge.net/projects/linux-ima/
 Source0:        
http://downloads.sourceforge.net/project/linux-ima/ima-evm-utils/%{name}-%{version}.tar.gz
-Patch1:         0001-help-Add-missing-new-line-for-ignore-violations.patch
 BuildRequires:  asciidoc
+BuildRequires:  attr
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  docbook-xsl-stylesheets
@@ -38,6 +38,7 @@
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  tpm2-0-tss-devel
+BuildRequires:  vim
 
 %description
 This package provides the control utility for IMA/EVM (Integrity
@@ -86,6 +87,9 @@
 rm -rf %{buildroot}%{_datadir}/doc
 find %{buildroot} -type f -name "*.la" -delete -print
 
+%check
+make %{?_smp_mflags} check
+
 %post -n %{libname} -p /sbin/ldconfig
 %postun -n %{libname} -p /sbin/ldconfig
 

++++++ ima-evm-utils-1.3.1.tar.gz -> ima-evm-utils-1.3.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/.travis.yml 
new/ima-evm-utils-1.3.2/.travis.yml
--- old/ima-evm-utils-1.3.1/.travis.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/.travis.yml 2020-10-28 18:18:08.000000000 +0100
@@ -0,0 +1,78 @@
+dist: bionic
+language: C
+services:
+    - docker
+
+matrix:
+    include:
+        # 32 bit build
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss
+          compiler: gcc
+
+        # cross compilation builds
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=ppc64el 
TSS=ibmtss
+          compiler: powerpc64le-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=arm64 
TSS=tpm2-tss
+          compiler: aarch64-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=s390x TSS=ibmtss
+          compiler: s390x-linux-gnu-gcc
+
+        # musl
+        - os: linux
+          env: DISTRO=alpine:latest TSS=tpm2-tss
+          compiler: gcc
+
+        # glibc (gcc/clang)
+        - os: linux
+          env: DISTRO=opensuse/tumbleweed TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=opensuse/leap TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:eoan TSS=ibmtss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:xenial TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=fedora:latest TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=centos:7 TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=centos:latest TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:testing TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:stable TSS=ibmtss
+          compiler: gcc
+
+before_install:
+    - df -hT
+    - DIR="/usr/src/ima-evm-utils"
+    - printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > 
Dockerfile
+    - cat Dockerfile
+    - docker build -t ima-evm-utils .
+
+script:
+    - INSTALL="${DISTRO%%:*}"
+    - INSTALL="${INSTALL%%/*}"
+    - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" 
]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" 
TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || 
which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" 
../build.sh"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/Makefile.am 
new/ima-evm-utils-1.3.2/Makefile.am
--- old/ima-evm-utils-1.3.1/Makefile.am 2020-08-11 13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/Makefile.am 2020-10-28 18:18:08.000000000 +0100
@@ -1,5 +1,7 @@
 SUBDIRS = src tests
+if MANPAGE_DOCBOOK_XSL
 dist_man_MANS = evmctl.1
+endif
 
 doc_DATA =  examples/ima-genkey-self.sh examples/ima-genkey.sh 
examples/ima-gen-local-ca.sh
 EXTRA_DIST = autogen.sh $(doc_DATA)
@@ -23,6 +25,7 @@
        cp $(tarname) $(SRCS)/
        rpmbuild -ba --nodeps $(SPEC)
 
+if MANPAGE_DOCBOOK_XSL
 evmctl.1.html: README
        @asciidoc -o $@ $<
 
@@ -35,5 +38,6 @@
        rm -f evmctl.1
 
 doc: evmctl.1.html rmman evmctl.1
+endif
 
 .PHONY: $(tarname)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/NEWS new/ima-evm-utils-1.3.2/NEWS
--- old/ima-evm-utils-1.3.1/NEWS        2020-08-11 13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/NEWS        2020-10-28 18:18:08.000000000 +0100
@@ -1,3 +1,12 @@
+2020-10-28  Mimi Zohar <zo...@linux.ibm.com>
+
+       version 1.3.2:
+       * Bugfixes: importing keys
+       * NEW: Docker based travis distro testing
+       * Travis bugfixes, code cleanup, software version update,
+         and script removal
+       * Initial travis testing
+
 2020-08-11  Mimi Zohar <zo...@linux.ibm.com>
 
        version 1.3.1:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/README 
new/ima-evm-utils-1.3.2/README
--- old/ima-evm-utils-1.3.1/README      2020-08-11 13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/README      2020-10-28 18:18:08.000000000 +0100
@@ -28,6 +28,7 @@
  import [--rsa] pubkey keyring
  sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] 
file
  verify file
+ ima_boot_aggregate [--pcrs hash-algorithm,file] [TPM 1.2 BIOS event log]
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
  ima_hash file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/autogen.sh 
new/ima-evm-utils-1.3.2/autogen.sh
--- old/ima-evm-utils-1.3.1/autogen.sh  2020-08-11 13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/autogen.sh  2020-10-28 18:18:08.000000000 +0100
@@ -1,16 +1,4 @@
 #! /bin/sh
-
 set -e
 
-# new way
-# strange, but need this for Makefile.am, because it has -I m4
-test -d m4 || mkdir m4
-autoreconf -f -i
-
-# old way
-#libtoolize --automake --copy --force
-#aclocal
-#autoconf --force
-#autoheader --force
-#automake --add-missing --copy --force-missing --gnu
-
+autoreconf -i
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/build.sh 
new/ima-evm-utils-1.3.2/build.sh
--- old/ima-evm-utils-1.3.1/build.sh    1970-01-01 01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/build.sh    2020-10-28 18:18:08.000000000 +0100
@@ -0,0 +1,97 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+
+set -e
+
+CC="${CC:-gcc}"
+CFLAGS="${CFLAGS:--Wformat -Werror=format-security 
-Werror=implicit-function-declaration -Werror=return-type -fno-common}"
+PREFIX="${PREFIX:-$HOME/ima-evm-utils-install}"
+
+export 
LD_LIBRARY_PATH="$PREFIX/lib64:$PREFIX/lib:/usr/local/lib64:/usr/local/lib"
+export PATH="$PREFIX/bin:/usr/local/bin:$PATH"
+
+title()
+{
+       echo "===== $1 ====="
+}
+
+log_exit()
+{
+       local ret="${3:-$?}"
+       local log="$1"
+       local msg="$2"
+       local prefix
+
+       echo "=== $log ==="
+       [ $ret -eq 0 ] || prefix="FAIL: "
+       cat $log
+       echo
+       echo "$prefix$msg, see output of $log above"
+       exit $ret
+}
+
+cd `dirname $0`
+
+case "$VARIANT" in
+       i386)
+               echo "32-bit compilation"
+               export CFLAGS="-m32 $CFLAGS" LDFLAGS="-m32 $LDFLAGS"
+               export PKG_CONFIG_LIBDIR=/usr/lib/i386-linux-gnu/pkgconfig
+               ;;
+       cross-compile)
+               host="${CC%-gcc}"
+               export CROSS_COMPILE="${host}-"
+               host="--host=$host"
+               echo "cross compilation: $host"
+               echo "CROSS_COMPILE: '$CROSS_COMPILE'"
+               ;;
+       *)
+               if [ "$VARIANT" ]; then
+                       echo "Wrong VARIANT: '$VARIANT'" >&2
+                       exit 1
+               fi
+               echo "native build"
+               ;;
+esac
+
+title "compiler version"
+$CC --version
+echo "CFLAGS: '$CFLAGS'"
+echo "LDFLAGS: '$LDFLAGS'"
+echo "PREFIX: '$PREFIX'"
+
+title "configure"
+./autogen.sh
+./configure --prefix=$PREFIX $host || log_exit config.log "configure failed"
+
+title "make"
+make -j$(nproc)
+make install
+
+title "test"
+if [ "$VARIANT" = "cross-compile" ]; then
+       echo "skip make check on cross compilation"
+       exit 0
+fi
+
+ret=0
+VERBOSE=1 make check || ret=$?
+
+title "logs"
+if [ $ret -eq 0 ]; then
+       tail -3 tests/ima_hash.log
+       tail -3 tests/sign_verify.log
+       tail -20 tests/boot_aggregate.log
+       exit 0
+fi
+
+cat tests/test-suite.log
+
+if [ $ret -eq 77 ]; then
+       msg="WARN: some tests skipped"
+       ret=0
+else
+       msg="FAIL: tests exited: $ret"
+fi
+
+log_exit tests/test-suite.log "$msg" $ret
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/configure.ac 
new/ima-evm-utils-1.3.2/configure.ac
--- old/ima-evm-utils-1.3.1/configure.ac        2020-08-11 13:19:04.000000000 
+0200
+++ new/ima-evm-utils-1.3.2/configure.ac        2020-10-28 18:18:08.000000000 
+0100
@@ -1,7 +1,7 @@
 # autoconf script
 
 AC_PREREQ([2.65])
-AC_INIT(ima-evm-utils, 1.3.1, zo...@linux.ibm.com)
+AC_INIT(ima-evm-utils, 1.3.2, zo...@linux.ibm.com)
 AM_INIT_AUTOMAKE([foreign])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
@@ -30,9 +30,9 @@
 AC_CHECK_HEADER(unistd.h)
 AC_CHECK_HEADERS(openssl/conf.h)
 
-AC_CHECK_LIB([tss2-esys], [Esys_PCR_Read])
+AC_CHECK_LIB([tss2-esys], [Esys_Free])
 AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])
-AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_PCR_Read" = 
"xyes"])
+AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_Free" = "xyes"])
 
 AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. 
You need the c-library development package.])])
 AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You 
need the libkeyutils development package.])])
@@ -77,6 +77,7 @@
 echo   "Configuration:"
 echo   "          debug: $pkg_cv_enable_debug"
 echo   "   openssl-conf: $enable_openssl_conf"
-echo   "      tss2-esys: $ac_cv_lib_tss2_esys_Esys_PCR_Read"
+echo   "      tss2-esys: $ac_cv_lib_tss2_esys_Esys_Free"
 echo   " tss2-rc-decode: $ac_cv_lib_tss2_rc_Tss2_RC_Decode"
+echo   "            doc: $have_doc"
 echo
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/m4/manpage-docbook-xsl.m4 
new/ima-evm-utils-1.3.2/m4/manpage-docbook-xsl.m4
--- old/ima-evm-utils-1.3.1/m4/manpage-docbook-xsl.m4   2020-08-11 
13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/m4/manpage-docbook-xsl.m4   2020-10-28 
18:18:08.000000000 +0100
@@ -1,7 +1,10 @@
-dnl Copyright (c) 2018 Petr Vorel <pvo...@suse.cz>
+dnl Copyright (c) 2018-2020 Petr Vorel <pvo...@suse.cz>
 dnl Find docbook manpage stylesheet
 
 AC_DEFUN([EVMCTL_MANPAGE_DOCBOOK_XSL], [
+       DOCBOOK_XSL_URI="http://docbook.sourceforge.net/release/xsl/current";
+       DOCBOOK_XSL_PATH="manpages/docbook.xsl"
+
        AC_PATH_PROGS(XMLCATALOG, xmlcatalog)
        AC_ARG_WITH([xml-catalog],
                AC_HELP_STRING([--with-xml-catalog=CATALOG],
@@ -9,20 +12,37 @@
                                [with_xml_catalog=/etc/xml/catalog])
        XML_CATALOG_FILE="$with_xml_catalog"
        AC_SUBST([XML_CATALOG_FILE])
-       AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)])
-       if test -f "$XML_CATALOG_FILE"; then
-               have_xmlcatalog_file=yes
-               AC_MSG_RESULT([found])
+
+       if test "x${XMLCATALOG}" = "x"; then
+               AC_MSG_WARN([xmlcatalog not found, cannot search for 
$DOCBOOK_XSL_PATH])
        else
-               AC_MSG_RESULT([not found])
+               AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)])
+               if test -f "$XML_CATALOG_FILE"; then
+                       have_xmlcatalog_file=yes
+                       AC_MSG_RESULT([found])
+               else
+                       AC_MSG_RESULT([not found, cannot search for 
$DOCBOOK_XSL_PATH])
+               fi
        fi
+
        if test "x${XMLCATALOG}" != "x" -a "x$have_xmlcatalog_file" = "xyes"; 
then
-               
DOCBOOK_XSL_URI="http://docbook.sourceforge.net/release/xsl/current";
-               DOCBOOK_XSL_PATH="manpages/docbook.xsl"
-               MANPAGE_DOCBOOK_XSL=$(${XMLCATALOG} ${XML_CATALOG_FILE} 
${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH} | sed -n 's|^file:/\+|/|p;q')
+               MANPAGE_DOCBOOK_XSL=$(${XMLCATALOG} ${XML_CATALOG_FILE} 
${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH} | sed 's|^file:/\+|/|')
        fi
+
        if test "x${MANPAGE_DOCBOOK_XSL}" = "x"; then
                
MANPAGE_DOCBOOK_XSL="/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl"
+               AC_MSG_WARN([trying a default path for $DOCBOOK_XSL_PATH])
        fi
+
+       if test -f "$MANPAGE_DOCBOOK_XSL"; then
+               have_doc=yes
+               AC_MSG_NOTICE([using $MANPAGE_DOCBOOK_XSL for generating doc])
+       else
+               AC_MSG_WARN([$DOCBOOK_XSL_PATH not found, generating doc will 
be skipped])
+               MANPAGE_DOCBOOK_XSL=
+               have_doc=no
+       fi
+       AM_CONDITIONAL(MANPAGE_DOCBOOK_XSL, test "x$have_doc" = xyes)
+
        AC_SUBST(MANPAGE_DOCBOOK_XSL)
 ])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/packaging/ima-evm-utils.spec 
new/ima-evm-utils-1.3.2/packaging/ima-evm-utils.spec
--- old/ima-evm-utils-1.3.1/packaging/ima-evm-utils.spec        2020-08-11 
13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/packaging/ima-evm-utils.spec        2020-10-28 
18:18:08.000000000 +0100
@@ -1,5 +1,5 @@
 Name:          ima-evm-utils
-Version:       1.3.1
+Version:       1.3.2
 Release:       1%{?dist}
 Summary:       ima-evm-utils - IMA/EVM control utility
 Group:         System/Libraries
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/src/evmctl.c 
new/ima-evm-utils-1.3.2/src/evmctl.c
--- old/ima-evm-utils-1.3.1/src/evmctl.c        2020-08-11 13:19:04.000000000 
+0200
+++ new/ima-evm-utils-1.3.2/src/evmctl.c        2020-10-28 18:18:08.000000000 
+0100
@@ -221,7 +221,7 @@
                fclose(fp);
                return NULL;
        }
-       if (fread(data, len, 1, fp) != len) {
+       if (fread(data, len, 1, fp) != 1) {
                log_err("Failed to fread %zu bytes: %s\n", len, name);
                fclose(fp);
                free(data);
@@ -2467,7 +2467,7 @@
                "      --caps         use custom Capabilities for 
EVM(unspecified: from FS, empty: do not use)\n"
                "      --verify-sig   verify measurement list signatures\n"
                "      --engine e     preload OpenSSL engine e (such as: 
gost)\n"
-               "      --ignore-violations ignore ToMToU measurement violations"
+               "      --ignore-violations ignore ToMToU measurement 
violations\n"
                "  -v                 increase verbosity level\n"
                "  -h, --help         display this help and exit\n"
                "\n");
@@ -2485,7 +2485,7 @@
        {"ima_setxattr", cmd_setxattr_ima, 0, "[--sigfile file]", "Set IMA 
signature from sigfile\n"},
        {"ima_hash", cmd_hash_ima, 0, "file", "Make file content hash.\n"},
        {"ima_measurement", cmd_ima_measurement, 0, "[--ignore-violations] 
[--verify-sig [--key key1, key2, ...]] [--pcrs [hash-algorithm,]file [--pcrs 
hash-algorithm,file] ...] file", "Verify measurement list (experimental).\n"},
-       {"ima_boot_aggregate", cmd_ima_bootaggr, 0, "[file]", "Calculate per 
TPM bank boot_aggregate digests\n"},
+       {"ima_boot_aggregate", cmd_ima_bootaggr, 0, "[--pcrs 
hash-algorithm,file] [TPM 1.2 BIOS event log]", "Calculate per TPM bank 
boot_aggregate digests\n"},
        {"ima_fix", cmd_ima_fix, 0, "[-t fdsxm] path", "Recursively fix IMA/EVM 
xattrs in fix mode.\n"},
        {"ima_clear", cmd_ima_clear, 0, "[-t fdsxm] path", "Recursively remove 
IMA/EVM xattrs.\n"},
        {"sign_hash", cmd_sign_hash, 0, "[--key key] [--pass [password]", "Sign 
hashes from shaXsum output.\n"},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/tests/boot_aggregate.test 
new/ima-evm-utils-1.3.2/tests/boot_aggregate.test
--- old/ima-evm-utils-1.3.1/tests/boot_aggregate.test   2020-08-11 
13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/tests/boot_aggregate.test   2020-10-28 
18:18:08.000000000 +0100
@@ -26,44 +26,49 @@
 PCRFILE="/sys/class/tpm/tpm0/device/pcrs"
 MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs"
 
-if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
-       
ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
-else
-       BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9"
-       
ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"
-       export TPM_INTERFACE_TYPE="socsim"
-       export TPM_COMMAND_PORT=2321
-fi
-
-# Only stop this test's software TPM.  Preferred method: "tsstpmcmd -stop"
+# Only stop this test's software TPM
 cleanup() {
-       if [ ! -z "${SWTPM_PPID}" ]; then
-               if [ -f "${TSSDIR}/tsstpmcmd" ]; then
-                       "${TSSDIR}/tsstpmcmd" -stop
-               else
-                       pkill -P "${SWTPM_PPID}"
-               fi
+       if [ -n "${SWTPM_PID}" ]; then
+               kill -SIGTERM "${SWTPM_PID}"
+       elif [ -n "${TPMSERVER_PID}" ]; then
+               "${TSSDIR}/tsstpmcmd" -stop
        fi
 }
 
 # Try to start a software TPM if needed.
 swtpm_start() {
-       local swtpm
+       local tpm_server swtpm
 
-       swtpm="$(which tpm_server)"
-       if [ -z "${swtpm}" ]; then
-               echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}"
+       tpm_server="$(which tpm_server)"
+       swtpm="$(which swtpm)"
+       if [ -z "${tpm_server}" ] && [ -z "${swtpm}" ]; then
+               echo "${CYAN}SKIP: Software TPM (tpm_server and swtpm) not 
found${NORM}"
                return "$SKIP"
        fi
 
-       pgrep tpm_server
-       if [ $? -eq 0 ]; then
-               echo "INFO: Software TPM (tpm_server) already running"
-               return 114
-       else
-               echo "INFO: Starting software TPM: ${swtpm}"
-               ${swtpm} > /dev/null 2>&1 &
-               SWTPM_PPID=$!
+       if [ -n "${swtpm}" ]; then
+               pgrep swtpm
+               if [ $? -eq 0 ]; then
+                       echo "INFO: Software TPM (swtpm) already running"
+                       return 114
+               else
+                       echo "INFO: Starting software TPM: ${swtpm}"
+                       mkdir -p ./myvtpm
+                       ${swtpm} socket --tpmstate dir=./myvtpm --tpm2 --ctrl 
type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > 
/dev/null 2>&1 &
+                       SWTPM_PID=$!
+               fi
+       elif [ -n "${tpm_server}" ]; then
+               # tpm_server uses the Microsoft simulator encapsulated packet 
format
+               export TPM_SERVER_TYPE="mssim"
+               pgrep tpm_server
+               if [ $? -eq 0 ]; then
+                       echo "INFO: Software TPM (tpm_server) already running"
+                       return 114
+               else
+                       echo "INFO: Starting software TPM: ${tpm_server}"
+                       ${tpm_server} > /dev/null 2>&1 &
+                       TPMSERVER_PID=$!
+               fi
        fi
        return 0
 }
@@ -75,8 +80,20 @@
                return "$SKIP"
        fi
 
-       echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the 
software TPM"
+       echo "INFO: Sending software TPM startup"
        "${TSSDIR}/tssstartup"
+       if [ $? -ne 0 ]; then
+               echo "INFO: Retry sending software TPM startup"
+               sleep 1
+               "${TSSDIR}/tssstartup"
+       fi
+
+       if [ $? -ne 0 ]; then
+               echo "INFO: Software TPM startup failed"
+               return "$SKIP"
+       fi
+
+       echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the 
software TPM"
 #      $(${TSSDIR}/tsseventextend -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v) 
2>&1 > /dev/null
        "${TSSDIR}/tsseventextend" -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v > 
/dev/null 2>&1
 }
@@ -101,7 +118,7 @@
        done
 }
 
-# The first entry in the IMA measuremnet list is the "boot_aggregate".
+# The first entry in the IMA measurement list is the "boot_aggregate".
 # For each kexec, an additional "boot_aggregate" will appear in the
 # measurement list, assuming the previous measurement list is carried
 # across the kexec.
@@ -133,6 +150,24 @@
        return "$FAIL"
 }
 
+if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
+       
ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
+       if [ ! -d "/sys/kernel/security/ima" ]; then
+               echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}"
+               exit "$SKIP"
+       fi
+else
+       BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9"
+       
ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"
+       export TPM_INTERFACE_TYPE="socsim"
+       export TPM_COMMAND_PORT=2321
+       export TPM_PLATFORM_PORT=2322
+       export TPM_SERVER_NAME="localhost"
+
+       # swtpm uses the raw, unencapsulated packet format
+       export TPM_SERVER_TYPE="raw"
+fi
+
 # Start and initialize a software TPM as needed
 if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then
        if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/tests/install-swtpm.sh 
new/ima-evm-utils-1.3.2/tests/install-swtpm.sh
--- old/ima-evm-utils-1.3.1/tests/install-swtpm.sh      1970-01-01 
01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/tests/install-swtpm.sh      2020-10-28 
18:18:08.000000000 +0100
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -ex
+
+version=1637
+
+wget --no-check-certificate 
https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${version}.tar.gz/download
+mkdir ibmtpm$version
+cd ibmtpm$version
+tar -xvzf ../download
+cd src
+make -j$(nproc)
+sudo cp tpm_server /usr/local/bin/
+cd ../..
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/tests/install-tss.sh 
new/ima-evm-utils-1.3.2/tests/install-tss.sh
--- old/ima-evm-utils-1.3.1/tests/install-tss.sh        1970-01-01 
01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/tests/install-tss.sh        2020-10-28 
18:18:08.000000000 +0100
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -ex
+git clone https://git.code.sf.net/p/ibmtpm20tss/tss
+cd tss
+autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make 
-j$(nproc) && sudo make install
+cd ..
+rm -rf tss
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/tests/sign_verify.test 
new/ima-evm-utils-1.3.2/tests/sign_verify.test
--- old/ima-evm-utils-1.3.1/tests/sign_verify.test      2020-08-11 
13:19:04.000000000 +0200
+++ new/ima-evm-utils-1.3.2/tests/sign_verify.test      2020-10-28 
18:18:08.000000000 +0100
@@ -18,7 +18,14 @@
 cd "$(dirname "$0")" || exit 1
 PATH=../src:$PATH
 source ./functions.sh
-_require evmctl openssl xxd getfattr
+
+_require cmp evmctl getfattr openssl xxd
+
+if cmp -b 2>&1 | grep -q "invalid option"; then
+       echo "cmp does not support -b (cmp from busybox?) Use cmp from 
diffutils"
+       exit "$HARDFAIL"
+fi
+
 ./gen-keys.sh >/dev/null 2>&1
 
 trap _report_exit EXIT
@@ -93,7 +100,8 @@
     return "$FAIL"
   fi
 
-  rm "$file_sig" "$file_sig2"
+  # Leave '$file_sig' for ima_verify --sigfile test.
+  rm "$file_sig2"
 }
 
 # Run single sign command
@@ -254,9 +262,12 @@
 
     # Normal verify with proper key should pass
     expect_pass check_verify
+    expect_pass check_verify OPTS="--sigfile"
 
     # Multiple files and some don't verify
     expect_fail check_verify FILE="/dev/null $file"
+
+    rm "$FILE.sig"
   fi
 
   TYPE=evm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/alpine.sh 
new/ima-evm-utils-1.3.2/travis/alpine.sh
--- old/ima-evm-utils-1.3.1/travis/alpine.sh    1970-01-01 01:00:00.000000000 
+0100
+++ new/ima-evm-utils-1.3.2/travis/alpine.sh    2020-10-28 18:18:08.000000000 
+0100
@@ -0,0 +1,50 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+       echo "missing \$CC!" >&2
+       exit 1
+fi
+
+case "$TSS" in
+ibmtss) echo "No IBM TSS package, will be installed from git" >&2; TSS=;;
+tpm2-tss) TSS="tpm2-tss-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+apk update
+
+apk add \
+       $CC $TSS \
+       asciidoc \
+       attr \
+       attr-dev \
+       autoconf \
+       automake \
+       diffutils \
+       docbook-xml \
+       docbook-xsl \
+       keyutils-dev \
+       libtool \
+       libxslt \
+       linux-headers \
+       make \
+       musl-dev \
+       openssl \
+       openssl-dev \
+       pkgconfig \
+       procps \
+       sudo \
+       wget \
+       which \
+       xxd
+
+if [ ! "$TSS" ]; then
+       apk add git
+       ../tests/install-tss.sh
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/centos.sh 
new/ima-evm-utils-1.3.2/travis/centos.sh
--- old/ima-evm-utils-1.3.1/travis/centos.sh    1970-01-01 01:00:00.000000000 
+0100
+++ new/ima-evm-utils-1.3.2/travis/centos.sh    2020-11-02 09:39:54.493581992 
+0100
@@ -0,0 +1 @@
+symbolic link to fedora.sh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/debian.cross-compile.sh 
new/ima-evm-utils-1.3.2/travis/debian.cross-compile.sh
--- old/ima-evm-utils-1.3.1/travis/debian.cross-compile.sh      1970-01-01 
01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/travis/debian.cross-compile.sh      2020-10-28 
18:18:08.000000000 +0100
@@ -0,0 +1,23 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+set -ex
+
+if [ -z "$ARCH" ]; then
+       echo "missing \$ARCH!" >&2
+       exit 1
+fi
+
+case "$ARCH" in
+arm64) gcc_arch="aarch64";;
+ppc64el) gcc_arch="powerpc64le";;
+s390x) gcc_arch="$ARCH";;
+*) echo "unsupported arch: '$ARCH'!" >&2; exit 1;;
+esac
+
+dpkg --add-architecture $ARCH
+apt update
+
+apt install -y --no-install-recommends \
+       dpkg-dev \
+       gcc-${gcc_arch}-linux-gnu \
+       libc6-dev-${ARCH}-cross
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/debian.i386.sh 
new/ima-evm-utils-1.3.2/travis/debian.i386.sh
--- old/ima-evm-utils-1.3.1/travis/debian.i386.sh       1970-01-01 
01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/travis/debian.i386.sh       2020-10-28 
18:18:08.000000000 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+set -ex
+
+dpkg --add-architecture i386
+apt update
+
+apt install -y --no-install-recommends \
+       linux-libc-dev:i386 \
+       gcc-multilib \
+       pkg-config:i386
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/debian.sh 
new/ima-evm-utils-1.3.2/travis/debian.sh
--- old/ima-evm-utils-1.3.1/travis/debian.sh    1970-01-01 01:00:00.000000000 
+0100
+++ new/ima-evm-utils-1.3.2/travis/debian.sh    2020-10-28 18:18:08.000000000 
+0100
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+       echo "missing \$CC!" >&2
+       exit 1
+fi
+
+# debian.*.sh must be run first
+if [ "$ARCH" ]; then
+       ARCH=":$ARCH"
+       unset CC
+else
+       apt update
+fi
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+case "$TSS" in
+ibmtss) TSS="libtss-dev";;
+tpm2-tss) TSS="libtss2-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) [ "$TSS" ] && echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+apt="apt install -y --no-install-recommends"
+
+$apt \
+       $CC $TSS \
+       asciidoc \
+       attr \
+       autoconf \
+       automake \
+       diffutils \
+       debianutils \
+       docbook-xml \
+       docbook-xsl \
+       gzip \
+       libattr1-dev$ARCH \
+       libkeyutils-dev$ARCH \
+       libssl-dev$ARCH \
+       libtool \
+       make \
+       openssl \
+       pkg-config \
+       procps \
+       sudo \
+       wget \
+       xsltproc \
+
+$apt xxd || $apt vim-common
+$apt libengine-gost-openssl1.1$ARCH || true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/fedora.sh 
new/ima-evm-utils-1.3.2/travis/fedora.sh
--- old/ima-evm-utils-1.3.1/travis/fedora.sh    1970-01-01 01:00:00.000000000 
+0100
+++ new/ima-evm-utils-1.3.2/travis/fedora.sh    2020-10-28 18:18:08.000000000 
+0100
@@ -0,0 +1,44 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+set -e
+
+if [ -z "$CC" ]; then
+       echo "missing \$CC!" >&2
+       exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="tss2-devel";;
+tpm2-tss) TSS="tpm2-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+yum -y install \
+       $CC $TSS \
+       asciidoc \
+       attr \
+       autoconf \
+       automake \
+       diffutils \
+       docbook-xsl \
+       gzip \
+       keyutils-libs-devel \
+       libattr-devel \
+       libtool \
+       libxslt \
+       make \
+       openssl \
+       openssl-devel \
+       pkg-config \
+       procps \
+       sudo \
+       vim-common \
+       wget \
+       which
+
+yum -y install docbook5-style-xsl || true
+yum -y install swtpm || true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/opensuse.sh 
new/ima-evm-utils-1.3.2/travis/opensuse.sh
--- old/ima-evm-utils-1.3.1/travis/opensuse.sh  1970-01-01 01:00:00.000000000 
+0100
+++ new/ima-evm-utils-1.3.2/travis/opensuse.sh  2020-11-02 09:39:54.489581989 
+0100
@@ -0,0 +1 @@
+symbolic link to tumbleweed.sh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/tumbleweed.sh 
new/ima-evm-utils-1.3.2/travis/tumbleweed.sh
--- old/ima-evm-utils-1.3.1/travis/tumbleweed.sh        1970-01-01 
01:00:00.000000000 +0100
+++ new/ima-evm-utils-1.3.2/travis/tumbleweed.sh        2020-10-28 
18:18:08.000000000 +0100
@@ -0,0 +1,47 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvo...@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+       echo "missing \$CC!" >&2
+       exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="ibmtss-devel";;
+tpm2-tss) TSS="tpm2-0-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# clang has some gcc dependency
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+zypper --non-interactive install --force-resolution --no-recommends \
+       $CC $TSS \
+       asciidoc \
+       attr \
+       autoconf \
+       automake \
+       diffutils \
+       docbook_5 \
+       docbook5-xsl-stylesheets \
+       gzip \
+       ibmswtpm2 \
+       keyutils-devel \
+       libattr-devel \
+       libopenssl-devel \
+       libtool \
+       make \
+       openssl \
+       pkg-config \
+       procps \
+       sudo \
+       vim \
+       wget \
+       which \
+       xsltproc
+
+if [ -f /usr/lib/ibmtss/tpm_server ]; then
+       ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ima-evm-utils-1.3.1/travis/ubuntu.sh 
new/ima-evm-utils-1.3.2/travis/ubuntu.sh
--- old/ima-evm-utils-1.3.1/travis/ubuntu.sh    1970-01-01 01:00:00.000000000 
+0100
+++ new/ima-evm-utils-1.3.2/travis/ubuntu.sh    2020-11-02 09:39:54.481581981 
+0100
@@ -0,0 +1 @@
+symbolic link to debian.sh


Reply via email to