diff options
| author | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-06-09 13:24:05 +0200 |
|---|---|---|
| committer | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-06-09 13:24:50 +0200 |
| commit | 807711b4cee1986351e67b1c5602bbf1facacc42 (patch) | |
| tree | 5eff88651bd9cb17332c3a7af41030a7ab4a8287 | |
| parent | d5bfbcab5d2914138d0b27c6b86617fa131c0b10 (diff) | |
| download | ptxdist-807711b4cee1986351e67b1c5602bbf1facacc42.tar.gz ptxdist-807711b4cee1986351e67b1c5602bbf1facacc42.tar.xz | |
ima-evm-utils: add support to read inode number from extended attribute
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
| -rw-r--r-- | patches/ima-evm-utils-0.9/0001-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch | 40 | ||||
| -rw-r--r-- | patches/ima-evm-utils-0.9/0002-HACK-don-t-generate-man-page.patch (renamed from patches/ima-evm-utils-0.9/0001-HACK-don-t-generate-man-page.patch) | 0 | ||||
| -rw-r--r-- | patches/ima-evm-utils-0.9/0003-evmctl-read-inode-number-from-user.image-inode-numbe.patch | 116 | ||||
| -rw-r--r-- | patches/ima-evm-utils-0.9/series | 6 |
4 files changed, 160 insertions, 2 deletions
diff --git a/patches/ima-evm-utils-0.9/0001-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-0.9/0001-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch new file mode 100644 index 000000000..cb09b8d78 --- /dev/null +++ b/patches/ima-evm-utils-0.9/0001-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch @@ -0,0 +1,40 @@ +From: Marc Kleine-Budde <mkl@pengutronix.de> +Date: Wed, 27 May 2015 10:41:27 +0200 +Subject: [PATCH] Makefile.am: rename INCLUDES -> AM_CPPFLAGS + +This patch fixes the following warning during autoreconf: + +| src/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') + +Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> +--- + src/Makefile.am | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index deb18fb09dc7..9f547283d535 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -1,7 +1,7 @@ + lib_LTLIBRARIES = libimaevm.la + + libimaevm_la_SOURCES = libimaevm.c +-libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) ++libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) + # current[:revision[:age]] + # result: [current-age].age.revision + libimaevm_la_LDFLAGS = -version-info 0:0:0 +@@ -12,11 +12,11 @@ include_HEADERS = imaevm.h + bin_PROGRAMS = evmctl + + evmctl_SOURCES = evmctl.c +-evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) ++evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) $(AM_CPPFLAGS) + evmctl_LDFLAGS = $(LDFLAGS_READLINE) + evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la + +-INCLUDES = -I$(top_srcdir) -include config.h ++AM_CPPFLAGS = -I$(top_srcdir) -include config.h + + DISTCLEANFILES = @DISTCLEANFILES@ + diff --git a/patches/ima-evm-utils-0.9/0001-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-0.9/0002-HACK-don-t-generate-man-page.patch index bb44e8d6c..bb44e8d6c 100644 --- a/patches/ima-evm-utils-0.9/0001-HACK-don-t-generate-man-page.patch +++ b/patches/ima-evm-utils-0.9/0002-HACK-don-t-generate-man-page.patch diff --git a/patches/ima-evm-utils-0.9/0003-evmctl-read-inode-number-from-user.image-inode-numbe.patch b/patches/ima-evm-utils-0.9/0003-evmctl-read-inode-number-from-user.image-inode-numbe.patch new file mode 100644 index 000000000..fd8d54d11 --- /dev/null +++ b/patches/ima-evm-utils-0.9/0003-evmctl-read-inode-number-from-user.image-inode-numbe.patch @@ -0,0 +1,116 @@ +From: Sascha Hauer <s.hauer@pengutronix.de> +Date: Mon, 1 Dec 2014 15:23:21 +0100 +Subject: [PATCH] evmctl: read inode number from user.image-inode-number xattr + +mkfs.ubifs puts the inode numbers it uses during image generation +in the extended attribute user.image-inode-number. Read the inode +numbers back from this attribute in evmctl. + +Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> +--- + src/evmctl.c | 14 +++++++++++--- + src/libimaevm.c | 20 ++++++++++++++++++++ + 2 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/src/evmctl.c b/src/evmctl.c +index 109b82ae102e..049b2e5ecf40 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -312,6 +312,8 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + char uuid[16]; + struct h_misc_64 hmac_misc; + int hmac_size; ++ char buf[128] = {}; ++ ino_t ino; + + if (lstat(file, &st)) { + log_err("Failed to stat: %s\n", file); +@@ -368,13 +370,19 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + } + } + ++ err = lgetxattr(file, "user.image-inode-number", buf, sizeof(buf) - 1); ++ if (err > 0) ++ ino = strtoull(buf, NULL, 10); ++ else ++ ino = st.st_ino; ++ + memset(&hmac_misc, 0, sizeof(hmac_misc)); + + if (msize == 0) { + struct h_misc *hmac = (struct h_misc *)&hmac_misc; + + hmac_size = sizeof(*hmac); +- hmac->ino = st.st_ino; ++ hmac->ino = ino; + hmac->generation = generation; + hmac->uid = st.st_uid; + hmac->gid = st.st_gid; +@@ -383,7 +391,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; + + hmac_size = sizeof(*hmac); +- hmac->ino = st.st_ino; ++ hmac->ino = ino; + hmac->generation = generation; + hmac->uid = st.st_uid; + hmac->gid = st.st_gid; +@@ -392,7 +400,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; + + hmac_size = sizeof(*hmac); +- hmac->ino = st.st_ino; ++ hmac->ino = ino; + hmac->generation = generation; + hmac->uid = st.st_uid; + hmac->gid = st.st_gid; +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 2ce819fb486b..f86f57db4b8c 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -40,6 +40,7 @@ + + /* should we use logger instead for library? */ + #define USE_FPRINTF ++#define _GNU_SOURCE + + #include <sys/types.h> + #include <sys/param.h> +@@ -49,6 +50,7 @@ + #include <dirent.h> + #include <string.h> + #include <stdio.h> ++#include <attr/xattr.h> + + #include <openssl/pem.h> + #include <openssl/evp.h> +@@ -219,11 +221,29 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) + } + + while ((de = readdir(dir))) { ++ char *name; ++ char buf[128] = {}; ++ + ino = de->d_ino; + off = de->d_off; + type = de->d_type; + log_debug("entry: %s, ino: %llu, type: %u, off: %llu, reclen: %hu\n", + de->d_name, ino, type, off, de->d_reclen); ++ ++ err = asprintf(&name, "%s/%s", file, de->d_name); ++ if (err == -1) { ++ log_err("failed to allocate mem\n"); ++ return err; ++ } ++ ++ err = lgetxattr(name, "user.image-inode-number", buf, sizeof(buf) - 1); ++ if (err > 0) ++ ino = strtoull(buf, NULL, 10); ++ else ++ ino = de->d_ino; ++ ++ free(name); ++ + err = EVP_DigestUpdate(ctx, de->d_name, strlen(de->d_name)); + /*err |= EVP_DigestUpdate(ctx, &off, sizeof(off));*/ + err |= EVP_DigestUpdate(ctx, &ino, sizeof(ino)); diff --git a/patches/ima-evm-utils-0.9/series b/patches/ima-evm-utils-0.9/series index b57e76bcb..0271dc320 100644 --- a/patches/ima-evm-utils-0.9/series +++ b/patches/ima-evm-utils-0.9/series @@ -1,4 +1,6 @@ # generated by git-ptx-patches #tag:base --start-number 1 -0001-HACK-don-t-generate-man-page.patch -# 53f7d925720044f5251df422ec79d1c0 - git-ptx-patches magic +0001-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch +0002-HACK-don-t-generate-man-page.patch +0003-evmctl-read-inode-number-from-user.image-inode-numbe.patch +# 2807af62c49fb547a2e674cb55644293 - git-ptx-patches magic |