Thanks, applied as 1024453d64fbae7fec6b7942bbc557805126dc53. Michael
[sent from post-receive hook] On Tue, 29 Jun 2021 07:09:11 +0200, Roland Hieber <[email protected]> wrote: > Changes to the patch queue: > > * (old 0002) "Makefile.am: rename INCLUDES -> AM_CPPFLAGS": > replaced by upstream commit 8acbae598b39a421b5d0 ("replace INCLUDES > with AM_CPPFLAGS") > > * (old 0006) "use EVP_MAX_MD_SIZE for hash size instead of open …": > replaced by upstream commit 1d9c27927932f2e750e3 ("Define hash and sig > buffer sizes and add asserts") > > * (old 0008) "evmctl: add parameter -e to set evm hash algo": > replaced by upstream commit ae1319eeabd6e0798003 ("Remove hardcoding > of SHA1 in EVM signatures"), which uses the already existing -a > parameter for this functionality now too. > > * (old 0009) "evmctl: add support for offline image preparation": > port the refactoring from upstream commit c317d4618f92d4dd65 > ("Namespace some too generic object names"). Also _GNU_SOURCE is now > already defined by configure, and will generate a warning when > redefined, so drop its definition here. > > * (old 0011, new 0009) "HACK: don't generate the man page": > expand patch to make sure the manpages are really not built and > generate an error looking for "asciidoc", even when the XSL stylesheet > is detected on the build host > > * (old 0013) "evmctl: use correct include for xattr.h": > replaced by upstream commit 6aea54d2ad2287b3e889 ("evmctl: use correct > include for xattr.h") > > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/8acbae598b39a421b5d0 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/1d9c27927932f2e750e3 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/ae1319eeabd6e0798003 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/c317d4618f92d4dd6570 > Link: https://sf.net/p/linux-ima/ima-evm-utils/ci/6aea54d2ad2287b3e889 > Signed-off-by: Roland Hieber <[email protected]> > Message-Id: <[email protected]> > [mol: use ac_cv_path_XMLCATALOG= instead of a patch, drop unnecessary INSTALL > patch] > [mol: make sure libtss2-esys/libtss2-rc are not used] > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git > a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > > b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > deleted file mode 100644 > index c035197d9cc7..000000000000 > --- > a/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > +++ /dev/null > @@ -1,389 +0,0 @@ > -From: Marc Kleine-Budde <[email protected]> > -Date: Wed, 18 Nov 2015 15:15:15 +0100 > -Subject: [PATCH] INSTALL: remove file, at it's autogenerated by autotools > - > -This patch remove the file "INSTALL" which is autogenerated during > -./autogen.sh. > - > -Signed-off-by: Marc Kleine-Budde <[email protected]> > ---- > - INSTALL | 370 > ---------------------------------------------------------------- > - 1 file changed, 370 deletions(-) > - delete mode 100644 INSTALL > - > -diff --git a/INSTALL b/INSTALL > -deleted file mode 100644 > -index 007e9396d0a2..000000000000 > ---- a/INSTALL > -+++ /dev/null > -@@ -1,370 +0,0 @@ > --Installation Instructions > --************************* > -- > --Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, > --Inc. > -- > -- Copying and distribution of this file, with or without modification, > --are permitted in any medium without royalty provided the copyright > --notice and this notice are preserved. This file is offered as-is, > --without warranty of any kind. > -- > --Basic Installation > --================== > -- > -- Briefly, the shell commands `./configure; make; make install' should > --configure, build, and install this package. The following > --more-detailed instructions are generic; see the `README' file for > --instructions specific to this package. Some packages provide this > --`INSTALL' file but do not implement all of the features documented > --below. The lack of an optional feature in a given package is not > --necessarily a bug. More recommendations for GNU packages can be found > --in *note Makefile Conventions: (standards)Makefile Conventions. > -- > -- The `configure' shell script attempts to guess correct values for > --various system-dependent variables used during compilation. It uses > --those values to create a `Makefile' in each directory of the package. > --It may also create one or more `.h' files containing system-dependent > --definitions. Finally, it creates a shell script `config.status' that > --you can run in the future to recreate the current configuration, and a > --file `config.log' containing compiler output (useful mainly for > --debugging `configure'). > -- > -- It can also use an optional file (typically called `config.cache' > --and enabled with `--cache-file=config.cache' or simply `-C') that saves > --the results of its tests to speed up reconfiguring. Caching is > --disabled by default to prevent problems with accidental use of stale > --cache files. > -- > -- If you need to do unusual things to compile the package, please try > --to figure out how `configure' could check whether to do them, and mail > --diffs or instructions to the address given in the `README' so they can > --be considered for the next release. If you are using the cache, and at > --some point `config.cache' contains results you don't want to keep, you > --may remove or edit it. > -- > -- The file `configure.ac' (or `configure.in') is used to create > --`configure' by a program called `autoconf'. You need `configure.ac' if > --you want to change it or regenerate `configure' using a newer version > --of `autoconf'. > -- > -- The simplest way to compile this package is: > -- > -- 1. `cd' to the directory containing the package's source code and type > -- `./configure' to configure the package for your system. > -- > -- Running `configure' might take a while. While running, it prints > -- some messages telling which features it is checking for. > -- > -- 2. Type `make' to compile the package. > -- > -- 3. Optionally, type `make check' to run any self-tests that come with > -- the package, generally using the just-built uninstalled binaries. > -- > -- 4. Type `make install' to install the programs and any data files and > -- documentation. When installing into a prefix owned by root, it is > -- recommended that the package be configured and built as a regular > -- user, and only the `make install' phase executed with root > -- privileges. > -- > -- 5. Optionally, type `make installcheck' to repeat any self-tests, but > -- this time using the binaries in their final installed location. > -- This target does not install anything. Running this target as a > -- regular user, particularly if the prior `make install' required > -- root privileges, verifies that the installation completed > -- correctly. > -- > -- 6. You can remove the program binaries and object files from the > -- source code directory by typing `make clean'. To also remove the > -- files that `configure' created (so you can compile the package for > -- a different kind of computer), type `make distclean'. There is > -- also a `make maintainer-clean' target, but that is intended mainly > -- for the package's developers. If you use it, you may have to get > -- all sorts of other programs in order to regenerate files that came > -- with the distribution. > -- > -- 7. Often, you can also type `make uninstall' to remove the installed > -- files again. In practice, not all packages have tested that > -- uninstallation works correctly, even though it is required by the > -- GNU Coding Standards. > -- > -- 8. Some packages, particularly those that use Automake, provide `make > -- distcheck', which can by used by developers to test that all other > -- targets like `make install' and `make uninstall' work correctly. > -- This target is generally not run by end users. > -- > --Compilers and Options > --===================== > -- > -- Some systems require unusual options for compilation or linking that > --the `configure' script does not know about. Run `./configure --help' > --for details on some of the pertinent environment variables. > -- > -- You can give `configure' initial values for configuration parameters > --by setting variables in the command line or in the environment. Here > --is an example: > -- > -- ./configure CC=c99 CFLAGS=-g LIBS=-lposix > -- > -- *Note Defining Variables::, for more details. > -- > --Compiling For Multiple Architectures > --==================================== > -- > -- You can compile the package for more than one kind of computer at the > --same time, by placing the object files for each architecture in their > --own directory. To do this, you can use GNU `make'. `cd' to the > --directory where you want the object files and executables to go and run > --the `configure' script. `configure' automatically checks for the > --source code in the directory that `configure' is in and in `..'. This > --is known as a "VPATH" build. > -- > -- With a non-GNU `make', it is safer to compile the package for one > --architecture at a time in the source code directory. After you have > --installed the package for one architecture, use `make distclean' before > --reconfiguring for another architecture. > -- > -- On MacOS X 10.5 and later systems, you can create libraries and > --executables that work on multiple system types--known as "fat" or > --"universal" binaries--by specifying multiple `-arch' options to the > --compiler but only a single `-arch' option to the preprocessor. Like > --this: > -- > -- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ > -- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ > -- CPP="gcc -E" CXXCPP="g++ -E" > -- > -- This is not guaranteed to produce working output in all cases, you > --may have to build one architecture at a time and combine the results > --using the `lipo' tool if you have problems. > -- > --Installation Names > --================== > -- > -- By default, `make install' installs the package's commands under > --`/usr/local/bin', include files under `/usr/local/include', etc. You > --can specify an installation prefix other than `/usr/local' by giving > --`configure' the option `--prefix=PREFIX', where PREFIX must be an > --absolute file name. > -- > -- You can specify separate installation prefixes for > --architecture-specific files and architecture-independent files. If you > --pass the option `--exec-prefix=PREFIX' to `configure', the package uses > --PREFIX as the prefix for installing programs and libraries. > --Documentation and other data files still use the regular prefix. > -- > -- In addition, if you use an unusual directory layout you can give > --options like `--bindir=DIR' to specify different values for particular > --kinds of files. Run `configure --help' for a list of the directories > --you can set and what kinds of files go in them. In general, the > --default for these options is expressed in terms of `${prefix}', so that > --specifying just `--prefix' will affect all of the other directory > --specifications that were not explicitly provided. > -- > -- The most portable way to affect installation locations is to pass the > --correct locations to `configure'; however, many packages provide one or > --both of the following shortcuts of passing variable assignments to the > --`make install' command line to change installation locations without > --having to reconfigure or recompile. > -- > -- The first method involves providing an override variable for each > --affected directory. For example, `make install > --prefix=/alternate/directory' will choose an alternate location for all > --directory configuration variables that were expressed in terms of > --`${prefix}'. Any directories that were specified during `configure', > --but not in terms of `${prefix}', must each be overridden at install > --time for the entire installation to be relocated. The approach of > --makefile variable overrides for each directory variable is required by > --the GNU Coding Standards, and ideally causes no recompilation. > --However, some platforms have known limitations with the semantics of > --shared libraries that end up requiring recompilation when using this > --method, particularly noticeable in packages that use GNU Libtool. > -- > -- The second method involves providing the `DESTDIR' variable. For > --example, `make install DESTDIR=/alternate/directory' will prepend > --`/alternate/directory' before all installation names. The approach of > --`DESTDIR' overrides is not required by the GNU Coding Standards, and > --does not work on platforms that have drive letters. On the other hand, > --it does better at avoiding recompilation issues, and works well even > --when some directory options were not specified in terms of `${prefix}' > --at `configure' time. > -- > --Optional Features > --================= > -- > -- If the package supports it, you can cause programs to be installed > --with an extra prefix or suffix on their names by giving `configure' the > --option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. > -- > -- Some packages pay attention to `--enable-FEATURE' options to > --`configure', where FEATURE indicates an optional part of the package. > --They may also pay attention to `--with-PACKAGE' options, where PACKAGE > --is something like `gnu-as' or `x' (for the X Window System). The > --`README' should mention any `--enable-' and `--with-' options that the > --package recognizes. > -- > -- For packages that use the X Window System, `configure' can usually > --find the X include and library files automatically, but if it doesn't, > --you can use the `configure' options `--x-includes=DIR' and > --`--x-libraries=DIR' to specify their locations. > -- > -- Some packages offer the ability to configure how verbose the > --execution of `make' will be. For these packages, running `./configure > ----enable-silent-rules' sets the default to minimal output, which can be > --overridden with `make V=1'; while running `./configure > ----disable-silent-rules' sets the default to verbose, which can be > --overridden with `make V=0'. > -- > --Particular systems > --================== > -- > -- On HP-UX, the default C compiler is not ANSI C compatible. If GNU > --CC is not installed, it is recommended to use the following options in > --order to use an ANSI C compiler: > -- > -- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" > -- > --and if that doesn't work, install pre-built binaries of GCC for HP-UX. > -- > -- HP-UX `make' updates targets which have the same time stamps as > --their prerequisites, which makes it generally unusable when shipped > --generated files such as `configure' are involved. Use GNU `make' > --instead. > -- > -- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot > --parse its `<wchar.h>' header file. The option `-nodtk' can be used as > --a workaround. If GNU CC is not installed, it is therefore recommended > --to try > -- > -- ./configure CC="cc" > -- > --and if that doesn't work, try > -- > -- ./configure CC="cc -nodtk" > -- > -- On Solaris, don't put `/usr/ucb' early in your `PATH'. This > --directory contains several dysfunctional programs; working variants of > --these programs are available in `/usr/bin'. So, if you need `/usr/ucb' > --in your `PATH', put it _after_ `/usr/bin'. > -- > -- On Haiku, software installed for all users goes in `/boot/common', > --not `/usr/local'. It is recommended to use the following options: > -- > -- ./configure --prefix=/boot/common > -- > --Specifying the System Type > --========================== > -- > -- There may be some features `configure' cannot figure out > --automatically, but needs to determine by the type of machine the package > --will run on. Usually, assuming the package is built to be run on the > --_same_ architectures, `configure' can figure that out, but if it prints > --a message saying it cannot guess the machine type, give it the > --`--build=TYPE' option. TYPE can either be a short name for the system > --type, such as `sun4', or a canonical name which has the form: > -- > -- CPU-COMPANY-SYSTEM > -- > --where SYSTEM can have one of these forms: > -- > -- OS > -- KERNEL-OS > -- > -- See the file `config.sub' for the possible values of each field. If > --`config.sub' isn't included in this package, then this package doesn't > --need to know the machine type. > -- > -- If you are _building_ compiler tools for cross-compiling, you should > --use the option `--target=TYPE' to select the type of system they will > --produce code for. > -- > -- If you want to _use_ a cross compiler, that generates code for a > --platform different from the build platform, you should specify the > --"host" platform (i.e., that on which the generated programs will > --eventually be run) with `--host=TYPE'. > -- > --Sharing Defaults > --================ > -- > -- If you want to set default values for `configure' scripts to share, > --you can create a site shell script called `config.site' that gives > --default values for variables like `CC', `cache_file', and `prefix'. > --`configure' looks for `PREFIX/share/config.site' if it exists, then > --`PREFIX/etc/config.site' if it exists. Or, you can set the > --`CONFIG_SITE' environment variable to the location of the site script. > --A warning: not all `configure' scripts look for a site script. > -- > --Defining Variables > --================== > -- > -- Variables not defined in a site shell script can be set in the > --environment passed to `configure'. However, some packages may run > --configure again during the build, and the customized values of these > --variables may be lost. In order to avoid this problem, you should set > --them in the `configure' command line, using `VAR=value'. For example: > -- > -- ./configure CC=/usr/local2/bin/gcc > -- > --causes the specified `gcc' to be used as the C compiler (unless it is > --overridden in the site shell script). > -- > --Unfortunately, this technique does not work for `CONFIG_SHELL' due to > --an Autoconf limitation. Until the limitation is lifted, you can use > --this workaround: > -- > -- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash > -- > --`configure' Invocation > --====================== > -- > -- `configure' recognizes the following options to control how it > --operates. > -- > --`--help' > --`-h' > -- Print a summary of all of the options to `configure', and exit. > -- > --`--help=short' > --`--help=recursive' > -- Print a summary of the options unique to this package's > -- `configure', and exit. The `short' variant lists options used > -- only in the top level, while the `recursive' variant lists options > -- also present in any nested packages. > -- > --`--version' > --`-V' > -- Print the version of Autoconf used to generate the `configure' > -- script, and exit. > -- > --`--cache-file=FILE' > -- Enable the cache: use and save the results of the tests in FILE, > -- traditionally `config.cache'. FILE defaults to `/dev/null' to > -- disable caching. > -- > --`--config-cache' > --`-C' > -- Alias for `--cache-file=config.cache'. > -- > --`--quiet' > --`--silent' > --`-q' > -- Do not print messages saying which checks are being made. To > -- suppress all normal output, redirect it to `/dev/null' (any error > -- messages will still be shown). > -- > --`--srcdir=DIR' > -- Look for the package's source code in directory DIR. Usually > -- `configure' can determine that directory automatically. > -- > --`--prefix=DIR' > -- Use DIR as the installation prefix. *note Installation Names:: > -- for more details, including other options available for fine-tuning > -- the installation locations. > -- > --`--no-create' > --`-n' > -- Run the configure checks, but stop before creating any output > -- files. > -- > --`configure' also accepts some other, not widely useful, options. Run > --`configure --help' for more details. > diff --git > a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > > b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > deleted file mode 100644 > index cb09b8d78f8a..000000000000 > --- > a/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > +++ /dev/null > @@ -1,40 +0,0 @@ > -From: Marc Kleine-Budde <[email protected]> > -Date: Wed, 27 May 2015 10:41:27 +0200 > -Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS > - > -This patch fixes the following warning during autoreconf: > - > -| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' > (or '*_CPPFLAGS') > - > -Signed-off-by: Marc Kleine-Budde <[email protected]> > ---- > - src/Makefile.am | 6 +++--- > - 1 file changed, 3 insertions(+), 3 deletions(-) > - > -diff --git a/src/Makefile.am b/src/Makefile.am > -index deb18fb09dc7..9f547283d535 100644 > ---- a/src/Makefile.am > -+++ b/src/Makefile.am > -@@ -1,7 +1,7 @@ > - lib_LTLIBRARIES = libimaevm.la > - > - libimaevm_la_SOURCES = libimaevm.c > --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) > -+libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) > - # current[:revision[:age]] > - # result: [current-age].age.revision > - libimaevm_la_LDFLAGS = -version-info 0:0:0 > -@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h > - bin_PROGRAMS = evmctl > - > - evmctl_SOURCES = evmctl.c > --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) > -+evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) > - evmctl_LDFLAGS = $(LDFLAGS_READLINE) > - evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la > - > --INCLUDES = -I$(top_srcdir) -include config.h > -+AM_CPPFLAGS = -I$(top_srcdir) -include config.h > - > - DISTCLEANFILES = @DISTCLEANFILES@ > - > diff --git > a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > > b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > deleted file mode 100644 > index a3cd597f82d6..000000000000 > --- > a/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > +++ /dev/null > @@ -1,73 +0,0 @@ > -From: Marc Kleine-Budde <[email protected]> > -Date: Sat, 26 Mar 2016 22:58:07 +0100 > -Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead > - of open coding it > - > -Signed-off-by: Marc Kleine-Budde <[email protected]> > ---- > - src/evmctl.c | 10 +++++----- > - src/libimaevm.c | 2 +- > - 2 files changed, 6 insertions(+), 6 deletions(-) > - > -diff --git a/src/evmctl.c b/src/evmctl.c > -index de53be37b69b..b0f3b6362528 100644 > ---- a/src/evmctl.c > -+++ b/src/evmctl.c > -@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > - > - static int sign_evm(const char *file, const char *key) > - { > -- unsigned char hash[20]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len, err; > - > -@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key) > - > - static int hash_ima(const char *file) > - { > -- unsigned char hash[66]; /* MAX hash size + 2 */ > -+ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */ > - int len, err, offset; > - int algo = get_hash_algo(params.hash_algo); > - > -@@ -571,7 +571,7 @@ static int hash_ima(const char *file) > - > - static int sign_ima(const char *file, const char *key) > - { > -- unsigned char hash[64]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len, err; > - > -@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd) > - > - static int verify_evm(const char *file) > - { > -- unsigned char hash[20]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len; > - > -@@ -1119,7 +1119,7 @@ out: > - > - static int hmac_evm(const char *file, const char *key) > - { > -- unsigned char hash[20]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - unsigned char sig[1024]; > - int len, err; > - > -diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 6fa0ed4a1c74..8fc23be08bd7 100644 > ---- a/src/libimaevm.c > -+++ b/src/libimaevm.c > -@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char > *hash, int size, unsigned > - int ima_verify_signature(const char *file, unsigned char *sig, int siglen, > - unsigned char *digest, int digestlen) > - { > -- unsigned char hash[64]; > -+ unsigned char hash[EVP_MAX_MD_SIZE]; > - int hashlen, sig_hash_algo; > - > - if (sig[0] != 0x03) { > diff --git > a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > > b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > deleted file mode 100644 > index 488dfa822286..000000000000 > --- > a/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > +++ /dev/null > @@ -1,133 +0,0 @@ > -From: Steffen Trumtrar <[email protected]> > -Date: Tue, 8 Mar 2016 13:46:14 +0100 > -Subject: [PATCH] evmctl: add parameter -e to set evm hash algo > - > -The paramter -a sets the hash algorithm only for IMA. To not break > -anything, add a new parameter -e to be able to change the hash for > -EVM, too. > - > -Signed-off-by: Steffen Trumtrar <[email protected]> > ---- > - src/evmctl.c | 27 +++++++++++++++++++++++---- > - src/imaevm.h | 1 + > - src/libimaevm.c | 1 + > - 3 files changed, 25 insertions(+), 4 deletions(-) > - > -diff --git a/src/evmctl.c b/src/evmctl.c > -index b0f3b6362528..5d664005e915 100644 > ---- a/src/evmctl.c > -+++ b/src/evmctl.c > -@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > - #else > - pctx = EVP_MD_CTX_new(); > - #endif > -+ const EVP_MD *md; > - > - if (lstat(file, &st)) { > - log_err("Failed to stat: %s\n", file); > -@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned > char *hash) > - return -1; > - } > - > -- err = EVP_DigestInit(pctx, EVP_sha1()); > -+ md = EVP_get_digestbyname(params.evm_hash_algo); > -+ if (!md) { > -+ log_err("EVP_get_digestbyname() failed\n"); > -+ return 1; > -+ } > -+ > -+ err = EVP_DigestInit(pctx, md); > - if (!err) { > - log_err("EVP_DigestInit() failed\n"); > - return 1; > -@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key) > - if (len <= 1) > - return len; > - > -- len = sign_hash("sha1", hash, len, key, NULL, sig + 1); > -+ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1); > - if (len <= 1) > - return len; > - > -@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > - #else > - pctx = HMAC_CTX_new(); > - #endif > -+ const EVP_MD *md; > - > - key = file2bin(keyfile, NULL, &keylen); > - if (!key) { > -@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > - goto out; > - } > - > -- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL); > -+ md = EVP_get_digestbyname(params.evm_hash_algo); > -+ if (!md) { > -+ log_err("EVP_get_digestbyname() failed\n"); > -+ return 1; > -+ } > -+ > -+ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL); > - if (err) { > - log_err("HMAC_Init() failed\n"); > - goto out; > -@@ -1635,6 +1649,7 @@ static void usage(void) > - printf( > - "\n" > - " -a, --hashalgo sha1 (default), sha224, sha256, sha384, > sha512\n" > -+ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, > sha512\n" > - " -s, --imasig make IMA signature\n" > - " -d, --imahash make IMA hash\n" > - " -f, --sigfile store IMA signature in .sig file instead > of xattr\n" > -@@ -1691,6 +1706,7 @@ static struct option opts[] = { > - {"imasig", 0, 0, 's'}, > - {"imahash", 0, 0, 'd'}, > - {"hashalgo", 1, 0, 'a'}, > -+ {"evmhashalgo", 1, 0, 'e'}, > - {"pass", 2, 0, 'p'}, > - {"sigfile", 0, 0, 'f'}, > - {"uuid", 2, 0, 'u'}, > -@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[]) > - g_argc = argc; > - > - while (1) { > -- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, > &lind); > -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, > &lind); > - if (c == -1) > - break; > - > -@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[]) > - case 'a': > - params.hash_algo = optarg; > - break; > -+ case 'e': > -+ params.evm_hash_algo = optarg; > -+ break; > - case 'p': > - if (optarg) > - params.keypass = optarg; > -diff --git a/src/imaevm.h b/src/imaevm.h > -index 1bafaad0f4ab..ed92e4d8981d 100644 > ---- a/src/imaevm.h > -+++ b/src/imaevm.h > -@@ -179,6 +179,7 @@ struct libevm_params { > - int verbose; > - int x509; > - const char *hash_algo; > -+ const char *evm_hash_algo; > - const char *keyfile; > - const char *keypass; > - }; > -diff --git a/src/libimaevm.c b/src/libimaevm.c > -index b6c328801708..4c093a038b72 100644 > ---- a/src/libimaevm.c > -+++ b/src/libimaevm.c > -@@ -129,6 +129,7 @@ struct libevm_params params = { > - .verbose = LOG_INFO - 1, > - .x509 = 1, > - .hash_algo = "sha1", > -+ .evm_hash_algo = "sha1", > - }; > - > - static void __attribute__ ((constructor)) libinit(void); > diff --git > a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch > b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch > deleted file mode 100644 > index bb44e8d6c2be..000000000000 > --- a/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch > +++ /dev/null > @@ -1,19 +0,0 @@ > -From: Michael Olbrich <[email protected]> > -Date: Wed, 3 Jun 2015 16:08:51 +0200 > -Subject: [PATCH] HACK: don't generate man page > - > -Signed-off-by: Michael Olbrich <[email protected]> > ---- > - Makefile.am | 1 - > - 1 file changed, 1 deletion(-) > - > -diff --git a/Makefile.am b/Makefile.am > -index 06ebf59ea4aa..e527f34f1faa 100644 > ---- a/Makefile.am > -+++ b/Makefile.am > -@@ -1,5 +1,4 @@ > - SUBDIRS = src > --dist_man_MANS = evmctl.1 > - > - doc_DATA = examples/ima-genkey-self.sh examples/ima-genkey.sh > examples/ima-gen-local-ca.sh > - EXTRA_DIST = autogen.sh $(doc_DATA) > diff --git > a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch > b/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch > deleted file mode 100644 > index 3157c711a065..000000000000 > --- > a/patches/ima-evm-utils-1.1/0013-evmctl-use-correct-include-for-xattr.h.patch > +++ /dev/null > @@ -1,80 +0,0 @@ > -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <[email protected]> > -Date: Mon, 17 Oct 2016 12:45:32 +0100 > -Subject: [PATCH] evmctl: use correct include for xattr.h > -MIME-Version: 1.0 > -Content-Type: text/plain; charset=UTF-8 > -Content-Transfer-Encoding: 8bit > - > -The xattr API/ABI is provided by both the c-library, as well as by the > -libattr package. The c-library's header file is sys/xattr.h, whereas > -libattr's header file can be found in attr/xattr.h. > - > -Given none of the code here *links* against the libattr.so shared library, it > -is wrong to *compile* against libattr's API (header file). > - > -Doing so avoids confusion as to which xattr.h is used as the least problem, > -and potential ABI differences as the worst problem due the mismatching header > -file used. > - > -So make sure we compile and link against the same thing, the c-library in > -both cases. > - > -Signed-off-by: André Draszik <[email protected]> > -Signed-off-by: Mimi Zohar <[email protected]> > ---- > - configure.ac | 2 +- > - packaging/ima-evm-utils.spec | 1 - > - packaging/ima-evm-utils.spec.in | 1 - > - src/evmctl.c | 2 +- > - 4 files changed, 2 insertions(+), 4 deletions(-) > - > -diff --git a/configure.ac b/configure.ac > -index 6822f39cff69..06d061bc94ea 100644 > ---- a/configure.ac > -+++ b/configure.ac > -@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS) > - AC_CHECK_HEADER(unistd.h) > - AC_CHECK_HEADERS(openssl/conf.h) > - > --AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not > found. You need the libattr development package.])]) > -+AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not > found. You need the c-library development package.])]) > - AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. > You need the libkeyutils development package.])]) > - > - #debug support - yes for a while > -diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec > -index a11a27a18815..63388d2b444b 100644 > ---- a/packaging/ima-evm-utils.spec > -+++ b/packaging/ima-evm-utils.spec > -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root > - BuildRequires: autoconf > - BuildRequires: automake > - BuildRequires: openssl-devel > --BuildRequires: libattr-devel > - BuildRequires: keyutils-libs-devel > - > - %description > -diff --git a/packaging/ima-evm-utils.spec.in > b/packaging/ima-evm-utils.spec.in > -index 7ca6c6fb3b0d..65c32f9e6445 100644 > ---- a/packaging/ima-evm-utils.spec.in > -+++ b/packaging/ima-evm-utils.spec.in > -@@ -11,7 +11,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root > - BuildRequires: autoconf > - BuildRequires: automake > - BuildRequires: openssl-devel > --BuildRequires: libattr-devel > - BuildRequires: keyutils-libs-devel > - > - %description > -diff --git a/src/evmctl.c b/src/evmctl.c > -index 4422c0e84d4a..02eb84d4c341 100644 > ---- a/src/evmctl.c > -+++ b/src/evmctl.c > -@@ -49,7 +49,7 @@ > - #include <stdint.h> > - #include <string.h> > - #include <dirent.h> > --#include <attr/xattr.h> > -+#include <sys/xattr.h> > - #include <linux/xattr.h> > - #include <getopt.h> > - #include <keyutils.h> > diff --git a/patches/ima-evm-utils-1.1/series > b/patches/ima-evm-utils-1.1/series > deleted file mode 100644 > index 6fb042465042..000000000000 > --- a/patches/ima-evm-utils-1.1/series > +++ /dev/null > @@ -1,16 +0,0 @@ > -# generated by git-ptx-patches > -#tag:base --start-number 1 > -0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch > -0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch > -0003-evmctl-find-add-missing-closedir-dir-on-error.patch > -0004-evmctl-find-add-missing-error-handling-and-propagate.patch > -0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > -0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch > -0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > -0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch > -0009-evmctl-add-support-for-offline-image-preparation.patch > -0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > -0011-HACK-don-t-generate-man-page.patch > -0012-Fix-warning-for-non-debug-use-case.patch > -0013-evmctl-use-correct-include-for-xattr.h.patch > -# 5032e96fb6da7cb77f053c2b5a6edc44 - git-ptx-patches magic > diff --git > a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch > > b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch > similarity index 79% > rename from > patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch > rename to > patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch > index 4b1c84584479..5c91c4621a76 100644 > --- > a/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch > +++ > b/patches/ima-evm-utils-1.3.2/0001-evmctl-find-add-missing-closedir-dir-on-error.patch > @@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <[email protected]> > 1 file changed, 2 insertions(+) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 2ffee786865b..20eccfa93b2b 100644 > +index 1815f55d73e0..cca2fabdb2a6 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t > func) > +@@ -1331,6 +1331,7 @@ static int find(const char *path, int dts, find_cb_t > func) > > if (fchdir(dirfd(dir))) { > log_err("Failed to chdir %s\n", path); > @@ -21,7 +21,7 @@ index 2ffee786865b..20eccfa93b2b 100644 > return -1; > } > > -@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t > func) > +@@ -1346,6 +1347,7 @@ static int find(const char *path, int dts, find_cb_t > func) > > if (chdir("..")) { > log_err("Failed to chdir: %s\n", path); > diff --git > a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch > > b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch > similarity index 87% > rename from > patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch > rename to > patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch > index 68660d95eda0..62471489a9f2 100644 > --- > a/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch > +++ > b/patches/ima-evm-utils-1.3.2/0002-evmctl-find-add-missing-error-handling-and-propagate.patch > @@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <[email protected]> > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 20eccfa93b2b..55fc619f5990 100644 > +index cca2fabdb2a6..e6761f2ae5e4 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t > func) > +@@ -1336,13 +1336,20 @@ static int find(const char *path, int dts, find_cb_t > func) > } > > while ((de = readdir(dir))) { > @@ -38,7 +38,7 @@ index 20eccfa93b2b..55fc619f5990 100644 > } > > if (chdir("..")) { > -@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t > func) > +@@ -1351,8 +1358,13 @@ static int find(const char *path, int dts, find_cb_t > func) > return -1; > } > > diff --git > a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > > b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > similarity index 80% > rename from > patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > rename to > patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > index 69aadb377668..0de24af6a0e7 100644 > --- > a/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > +++ > b/patches/ima-evm-utils-1.3.2/0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > @@ -10,12 +10,12 @@ Signed-off-by: Marc Kleine-Budde <[email protected]> > 1 file changed, 5 insertions(+) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 55fc619f5990..de53be37b69b 100644 > +index e6761f2ae5e4..a1fd9feaea78 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -62,6 +62,11 @@ > - #include <openssl/err.h> > - #include <openssl/rsa.h> > +@@ -72,6 +72,11 @@ > + #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX > + #endif > > +#ifndef XATTR_NAME_IMA > +#define XATTR_IMA_SUFFIX "ima" > diff --git > a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > > b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > similarity index 76% > rename from > patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > rename to > patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > index 2164c6238e78..e20cfaa826df 100644 > --- > a/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > +++ > b/patches/ima-evm-utils-1.3.2/0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > @@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <[email protected]> > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 8fc23be08bd7..b6c328801708 100644 > +index fa6c27858d0f..002b0657337c 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > -@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char > *hash, int size, > +@@ -382,7 +382,7 @@ static int verify_hash_v1(const char *file, const > unsigned char *hash, int size, > SHA_CTX ctx; > unsigned char out[1024]; > RSA *key; > @@ -20,7 +20,7 @@ index 8fc23be08bd7..b6c328801708 100644 > struct signature_hdr *hdr = (struct signature_hdr *)sig; > > log_info("hash-v1: "); > -@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned > char *hash, int size, cons > +@@ -805,7 +805,7 @@ static int sign_hash_v1(const char *hashalgo, const > unsigned char *hash, > unsigned char pub[1024]; > RSA *key; > char name[20]; > diff --git > a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch > > b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch > similarity index 78% > rename from > patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch > rename to > patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch > index 6d9b40fc5b43..75d92734190c 100644 > --- > a/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch > +++ > b/patches/ima-evm-utils-1.3.2/0005-evmctl-add-support-for-offline-image-preparation.patch > @@ -33,29 +33,29 @@ Signed-off-by: Marc Kleine-Budde <[email protected]> > --- > src/evmctl.c | 57 > +++++++++++++++++++++++++++++++++++++++++++++++++-------- > src/imaevm.h | 1 + > - src/libimaevm.c | 25 ++++++++++++++++++++++++- > - 3 files changed, 74 insertions(+), 9 deletions(-) > + src/libimaevm.c | 24 +++++++++++++++++++++++- > + 3 files changed, 73 insertions(+), 9 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 5d664005e915..9003f7640c0f 100644 > +index a1fd9feaea78..a4d784a5bfb6 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > +@@ -352,6 +352,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > + #else > pctx = EVP_MD_CTX_new(); > #endif > - const EVP_MD *md; > + ino_t ino; > > if (lstat(file, &st)) { > log_err("Failed to stat: %s\n", file); > -@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned > char *hash) > +@@ -386,9 +387,25 @@ static int calc_evm_hash(const char *file, unsigned > char *hash) > } > close(fd); > } > - log_info("generation: %u\n", generation); > } > > -+ if (params.image_mode) { > ++ if (imaevm_params.image_mode) { > + char buf[128] = { }; > + > + err = lgetxattr(file, "user.image-inode-number", buf, > sizeof(buf) - 1); > @@ -75,7 +75,7 @@ index 5d664005e915..9003f7640c0f 100644 > list_size = llistxattr(file, list, sizeof(list)); > if (list_size < 0) { > log_err("llistxattr() failed\n"); > -@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > +@@ -470,7 +487,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > > hmac_size = sizeof(*hmac); > if (!evm_portable) { > @@ -84,7 +84,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > } > hmac->uid = st.st_uid; > -@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > +@@ -481,7 +498,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > > hmac_size = sizeof(*hmac); > if (!evm_portable) { > @@ -93,7 +93,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > } > hmac->uid = st.st_uid; > -@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > +@@ -492,7 +509,7 @@ static int calc_evm_hash(const char *file, unsigned char > *hash) > > hmac_size = sizeof(*hmac); > if (!evm_portable) { > @@ -102,19 +102,19 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > } > hmac->uid = st.st_uid; > -@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > +@@ -1085,6 +1102,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > + #else > pctx = HMAC_CTX_new(); > #endif > - const EVP_MD *md; > + ino_t ino; > > key = file2bin(keyfile, NULL, &keylen); > if (!key) { > -@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const > char *keyfile, unsigned char *h > +@@ -1123,10 +1141,26 @@ static int calc_evm_hmac(const char *file, const > char *keyfile, unsigned char *h > close(fd); > } > > -+ if (params.image_mode) { > ++ if (imaevm_params.image_mode) { > + char buf[128] = { }; > + > + err = lgetxattr(file, "user.image-inode-number", buf, > sizeof(buf) - 1); > @@ -137,7 +137,7 @@ index 5d664005e915..9003f7640c0f 100644 > log_err("llistxattr() failed: %s\n", file); > goto out; > } > -@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > +@@ -1170,7 +1204,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > struct h_misc *hmac = (struct h_misc *)&hmac_misc; > > hmac_size = sizeof(*hmac); > @@ -146,7 +146,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > hmac->uid = st.st_uid; > hmac->gid = st.st_gid; > -@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > +@@ -1179,7 +1213,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; > > hmac_size = sizeof(*hmac); > @@ -155,7 +155,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > hmac->uid = st.st_uid; > hmac->gid = st.st_gid; > -@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > +@@ -1188,7 +1222,7 @@ static int calc_evm_hmac(const char *file, const char > *keyfile, unsigned char *h > struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; > > hmac_size = sizeof(*hmac); > @@ -164,7 +164,7 @@ index 5d664005e915..9003f7640c0f 100644 > hmac->generation = generation; > hmac->uid = st.st_uid; > hmac->gid = st.st_gid; > -@@ -1666,6 +1700,9 @@ static void usage(void) > +@@ -2476,6 +2510,9 @@ static void usage(void) > " --smack use extra SMACK xattrs for EVM\n" > " --m32 force EVM hmac/signature for 32 bit > target system\n" > " --m64 force EVM hmac/signature for 64 bit > target system\n" > @@ -174,7 +174,7 @@ index 5d664005e915..9003f7640c0f 100644 > " --ino use custom inode for EVM\n" > " --uid use custom UID for EVM\n" > " --gid use custom GID for EVM\n" > -@@ -1716,6 +1753,7 @@ static struct option opts[] = { > +@@ -2528,6 +2565,7 @@ static struct option opts[] = { > {"recursive", 0, 0, 'r'}, > {"m32", 0, 0, '3'}, > {"m64", 0, 0, '6'}, > @@ -182,31 +182,31 @@ index 5d664005e915..9003f7640c0f 100644 > {"portable", 0, 0, 'o'}, > {"smack", 0, 0, 128}, > {"version", 0, 0, 129}, > -@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[]) > +@@ -2600,7 +2638,7 @@ int main(int argc, char *argv[]) > g_argc = argc; > > while (1) { > -- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, > &lind); > -+ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, > &lind); > +- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, > &lind); > ++ c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:rim", opts, > &lind); > if (c == -1) > break; > > -@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[]) > +@@ -2670,6 +2708,9 @@ int main(int argc, char *argv[]) > case '6': > msize = 64; > break; > + case 'm': > -+ params.image_mode = true; > ++ imaevm_params.image_mode = true; > + break; > case 128: > evm_config_xattrnames = evm_extra_smack_xattrs; > break; > diff --git a/src/imaevm.h b/src/imaevm.h > -index ed92e4d8981d..7e32d09c6538 100644 > +index 45039199ab31..2f78a31ab438 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > -@@ -182,6 +182,7 @@ struct libevm_params { > - const char *evm_hash_algo; > +@@ -196,6 +196,7 @@ struct libimaevm_params { > + const char *hash_algo; > const char *keyfile; > const char *keypass; > + bool image_mode; > @@ -214,31 +214,23 @@ index ed92e4d8981d..7e32d09c6538 100644 > > struct RSA_ASN1_template { > diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 4c093a038b72..866f74b39b41 100644 > +index 002b0657337c..1cdf1dc590cc 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > -@@ -40,6 +40,7 @@ > - > - /* should we use logger instead for library? */ > - #define USE_FPRINTF > -+#define _GNU_SOURCE > - > - #include <sys/types.h> > - #include <sys/param.h> > -@@ -49,6 +50,7 @@ > - #include <dirent.h> > - #include <string.h> > +@@ -51,6 +51,7 @@ > #include <stdio.h> > + #include <assert.h> > + #include <ctype.h> > +#include <sys/xattr.h> > > + #include <openssl/crypto.h> > #include <openssl/pem.h> > - #include <openssl/evp.h> > -@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX > *ctx) > +@@ -193,7 +194,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX > *ctx) > } > > while ((de = readdir(dir))) { > - ino = de->d_ino; > -+ if (params.image_mode) { > ++ if (imaevm_params.image_mode) { > + char *name; > + char buf[128] = { }; > + > diff --git > a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > > b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > similarity index 86% > rename from > patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > rename to > patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > index 12b77a132002..251f7136b42b 100644 > --- > a/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > +++ > b/patches/ima-evm-utils-1.3.2/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > @@ -15,16 +15,16 @@ Signed-off-by: Sascha Hauer <[email protected]> > 1 file changed, 3 insertions(+) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > -index 866f74b39b41..834b738426bf 100644 > +index 1cdf1dc590cc..6bb0b0757c42 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > -@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX > *ctx) > +@@ -194,6 +194,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX > *ctx) > } > > while ((de = readdir(dir))) { > + if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) > + continue; > + > - if (params.image_mode) { > + if (imaevm_params.image_mode) { > char *name; > char buf[128] = { }; > diff --git > a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch > b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch > similarity index 86% > rename from > patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch > rename to > patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch > index 80073f19aaf5..2cddf569a91d 100644 > --- a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch > +++ > b/patches/ima-evm-utils-1.3.2/0007-Fix-warning-for-non-debug-use-case.patch > @@ -14,10 +14,10 @@ Signed-off-by: Juergen Borleis <[email protected]> > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > -index 9003f7640c0f..4422c0e84d4a 100644 > +index a4d784a5bfb6..7c1f15082615 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > -@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key) > +@@ -1279,7 +1279,7 @@ static int hmac_evm(const char *file, const char *key) > return 0; > } > > diff --git a/patches/ima-evm-utils-1.1/autogen.sh > b/patches/ima-evm-utils-1.3.2/autogen.sh > similarity index 100% > rename from patches/ima-evm-utils-1.1/autogen.sh > rename to patches/ima-evm-utils-1.3.2/autogen.sh > diff --git a/patches/ima-evm-utils-1.3.2/series > b/patches/ima-evm-utils-1.3.2/series > new file mode 100644 > index 000000000000..36781ea6bb6f > --- /dev/null > +++ b/patches/ima-evm-utils-1.3.2/series > @@ -0,0 +1,10 @@ > +# generated by git-ptx-patches > +#tag:base --start-number 1 > +0001-evmctl-find-add-missing-closedir-dir-on-error.patch > +0002-evmctl-find-add-missing-error-handling-and-propagate.patch > +0003-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch > +0004-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch > +0005-evmctl-add-support-for-offline-image-preparation.patch > +0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch > +0007-Fix-warning-for-non-debug-use-case.patch > +# f8ecfd002cf2ee8244984a1757a1bfea - git-ptx-patches magic > diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make > index 3a0ce4660c87..fb500fb169aa 100644 > --- a/rules/ima-evm-utils.make > +++ b/rules/ima-evm-utils.make > @@ -1,7 +1,7 @@ > # -*-makefile-*- > # > # Copyright (C) 2013 by Michael Grzeschik <[email protected]> > -# 2015 by Marc Kleine-Budde <[email protected]> > +# 2015, 2020 by Marc Kleine-Budde <[email protected]> > # 2021 Roland Hieber, Pengutronix <[email protected]> > # > # For further information about the PTXdist project and license conditions > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils > # > # Paths and names > # > -IMA_EVM_UTILS_VERSION := 1.1 > -IMA_EVM_UTILS_MD5 := 77455aeee54fdc7a70c733bcb65d33cc > +IMA_EVM_UTILS_VERSION := 1.3.2 > +IMA_EVM_UTILS_MD5 := 55cc0e2c77a725f722833c3b4a36038c > IMA_EVM_UTILS := ima-evm-utils-$(IMA_EVM_UTILS_VERSION) > IMA_EVM_UTILS_SUFFIX := tar.gz > IMA_EVM_UTILS_URL := $(call ptx/mirror, SF, > linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)) > @@ -32,9 +32,16 @@ IMA_EVM_UTILS_LICENSE_FILES := \ > # Prepare > # > ---------------------------------------------------------------------------- > > +IMA_EVM_UTILS_CONF_ENV := \ > + $(CROSS_ENV) \ > + ac_cv_lib_tss2_esys_Esys_Free=no \ > + ac_cv_lib_tss2_rc_Tss2_RC_Decode=no \ > + ac_cv_path_XMLCATALOG= > + > IMA_EVM_UTILS_CONF_TOOL := autoconf > IMA_EVM_UTILS_AUTOCONF := \ > $(CROSS_AUTOCONF_USR) \ > + --enable-openssl-conf \ > --disable-debug > > # > ---------------------------------------------------------------------------- _______________________________________________ ptxdist mailing list [email protected] To unsubscribe, send a mail with subject "unsubscribe" to [email protected]
