[yocto] [meta-integrity][PATCH] ima-evm-utils: bump to release 1.2.1
From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- ...link-to-libcrypto-instead-of-OpenSSL.patch | 65 --- ...ls-replace-INCLUDES-with-AM_CPPFLAGS.patch | 43 ...clude-hash-info.gen-into-distributio.patch | 31 - ...ma-evm-utils-update-.gitignore-files.patch | 34 -- .../ima-evm-utils/ima-evm-utils_git.bb| 12 +--- 5 files changed, 3 insertions(+), 182 deletions(-) delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch deleted file mode 100644 index 5ccb73d9b6e6.. --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 4feaf9b61f93e4043eca26b4ec9f9f68d0cf5e68 Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Wed, 6 Mar 2019 01:08:43 +0300 -Subject: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL - -There is no need to link to full libssl. evmctl uses functions from -libcrypto, so let's link only against that library. - -Signed-off-by: Dmitry Eremin-Solenikov - configure.ac| 4 +--- - src/Makefile.am | 9 - - 2 files changed, 5 insertions(+), 8 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 60f3684..32e8d85 100644 a/configure.ac -+++ b/configure.ac -@@ -24,9 +24,7 @@ LT_INIT - # Checks for header files. - AC_HEADER_STDC - --PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ]) --AC_SUBST(OPENSSL_CFLAGS) --AC_SUBST(OPENSSL_LIBS) -+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ]) - AC_SUBST(KERNEL_HEADERS) - AC_CHECK_HEADER(unistd.h) - AC_CHECK_HEADERS(openssl/conf.h) -diff --git a/src/Makefile.am b/src/Makefile.am -index d74fc6f..b81281a 100644 a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,11 +1,11 @@ - lib_LTLIBRARIES = libimaevm.la - - libimaevm_la_SOURCES = libimaevm.c --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) -+libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS) - # current[:revision[:age]] - # result: [current-age].age.revision - libimaevm_la_LDFLAGS = -version-info 0:0:0 --libimaevm_la_LIBADD = $(OPENSSL_LIBS) -+libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) - - include_HEADERS = imaevm.h - -@@ -17,12 +17,11 @@ hash_info.h: Makefile - bin_PROGRAMS = evmctl - - evmctl_SOURCES = evmctl.c --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) -+evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS) - evmctl_LDFLAGS = $(LDFLAGS_READLINE) --evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la -+evmctl_LDADD = $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la - - INCLUDES = -I$(top_srcdir) -include config.h - - CLEANFILES = hash_info.h - DISTCLEANFILES = @DISTCLEANFILES@ -- --- -2.17.1 - diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch deleted file mode 100644 index 8237274ca8b6.. --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5bb10f3da420f4c46e44423276a9da0d4bc1b691 Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Wed, 6 Mar 2019 01:17:12 +0300 -Subject: [PATCH 2/4] ima-evm-utils: replace INCLUDES with AM_CPPFLAGS - -Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning -about deprecated variable usage. - -Signed-off-by: Dmitry Eremin-Solenikov - src/Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index b81281a..164e7e4 100644 a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,7 +1,7 @@ - lib_LTLIBRARIES = libimaevm.la - - libimaevm_la_SOURCES = libimaevm.c --libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS) -+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) - # current[:revision[:age]] - # result: [current-age].age.revision - libimaevm_la_LDFLAGS = -version-info 0:0:0 -@@ -17,11 +17,11 @@ hash_info.h: Makefile - bin_PROGRAMS = evmctl - - evmctl_SOURCES = evmctl.c --evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS) -+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) - evmctl_LDFLAGS =
[yocto] [meta-security] keyutils: migrate to meta-oe
From: Dmitry Eremin-Solenikov
keyutils are now part of meta-oe, so remove them from meta-security.
Signed-off-by: Dmitry Eremin-Solenikov
---
.../files/fix_library_install_path.patch | 28 --
...ror-report-by-adding-default-message.patch | 42 ---
.../keyutils-test-fix-output-format.patch | 41 --
recipes-security/keyutils/files/run-ptest | 3 --
recipes-security/keyutils/keyutils_1.6.bb | 53 ---
5 files changed, 167 deletions(-)
delete mode 100644
recipes-security/keyutils/files/fix_library_install_path.patch
delete mode 100644
recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
delete mode 100644
recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
delete mode 100755 recipes-security/keyutils/files/run-ptest
delete mode 100644 recipes-security/keyutils/keyutils_1.6.bb
diff --git a/recipes-security/keyutils/files/fix_library_install_path.patch
b/recipes-security/keyutils/files/fix_library_install_path.patch
deleted file mode 100644
index 938fe2eb57a4..
--- a/recipes-security/keyutils/files/fix_library_install_path.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From b0355cc205543ffd33752874295139d57c4fbc3e Mon Sep 17 00:00:00 2001
-From: Wenzong Fan
-Date: Tue, 26 Sep 2017 07:59:51 +
-Subject: [PATCH] Subject: [PATCH] keyutils: use relative path for link
-
-The absolute path of the symlink will be invalid
-when populated in sysroot, so use relative path instead.
-
-Upstream-Status: Pending
-
-Signed-off-by: Jackie Huang
-Signed-off-by: Wenzong Fan
-{rebased for 1.6]
-Signed-off-by: Armin Kuster
-
-Index: keyutils-1.6/Makefile
-===
keyutils-1.6.orig/Makefile
-+++ keyutils-1.6/Makefile
-@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0)
- $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
- $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
- mkdir -p $(DESTDIR)$(USRLIBDIR)
-- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
-+ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
- sed \
- -e 's,@VERSION\@,$(VERSION),g' \
- -e 's,@prefix\@,$(PREFIX),g' \
diff --git
a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
deleted file mode 100644
index acd91c01c483..
---
a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-fix keyutils test error report
-
-Upstream-Status: Pending
-
-"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED.
-"Required key not available" may be the reason of EKEYREVOKED.
-EXPIRED and REVOKED are 2 status of kernel security keys features.
-But the userspace keyutils lib will output the error message, which may
-have several reasons.
-
-Signed-off-by: Han Chao
-
-diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh
-index bbca00a..739e9d0 100644
a/tests/toolbox.inc.sh
-+++ b/tests/toolbox.inc.sh
-@@ -227,11 +227,12 @@ function expect_error ()
- ;;
- EKEYEXPIRED)
- my_err="Key has expired"
-- alt_err="Unknown error 127"
-+ alt_err="Permission denied"
- ;;
- EKEYREVOKED)
- my_err="Key has been revoked"
-- alt_err="Unknown error 128"
-+ alt_err="Permission denied"
-+ alt2_err="Required key not available"
- ;;
- EKEYREJECTED)
- my_err="Key has been rejected"
-@@ -249,6 +250,9 @@ function expect_error ()
- elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err"
>&/dev/null
- then
- :
-+elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err"
>&/dev/null
-+then
-+ :
- elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err"
>&/dev/null
- then
- :
-
diff --git
a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
deleted file mode 100644
index a4ffd50ce54c..
--- a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001
-From: Jackie Huang
-Date: Mon, 15 May 2017 14:52:00 +0800
-Subject: [PATCH] keyutils: fix output format
-
-keyutils ptest output format is incorrect, according to yocto
-Development Manual
-(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest)
-5.10.6. Testing Packages With ptestThe test generates output in the format
used by Automake:
-:
-where the result can be PASS, FAIL, or SKIP, and the testname can be any
-identifying string.
-So we should change the test result format to match yocto ptest rules.
-
[yocto] [meta-integrity] layer.conf: switch to keyutils from meta-oe
From: Dmitry Eremin-Solenikov
As pointer by Martin Jansa, keyutils package is now a part of meta-oe,
so switch to using keyutils from that layer.
Signed-off-by: Dmitry Eremin-Solenikov
---
meta-integrity/conf/layer.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf
index 1d31edd9b151..41989da38f63 100644
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -22,5 +22,5 @@ INTEGRITY_BASE := '${LAYERDIR}'
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
LAYERSERIES_COMPAT_integrity = "warrior"
-# ima-evm-utils depends on keyutils from meta-security
-LAYERDEPENDS_integrity = "core security"
+# ima-evm-utils depends on keyutils from meta-oe
+LAYERDEPENDS_integrity = "core openembedded-layer"
--
2.20.1
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
