diff options
Diffstat (limited to 'patches')
-rw-r--r-- | patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch (renamed from patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch) | 0 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch (renamed from patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch) | 0 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch (renamed from patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch) | 6 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch (renamed from patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch) | 6 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch (renamed from patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch) | 2 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch (renamed from patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch) | 20 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch (renamed from patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch) | 8 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch (renamed from patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch) | 50 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch (renamed from patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch) | 110 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch (renamed from patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch) | 4 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch (renamed from patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch) | 0 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch | 28 | ||||
l--------- | patches/ima-evm-utils-1.1/autogen.sh (renamed from patches/ima-evm-utils-1.0/autogen.sh) | 0 | ||||
-rw-r--r-- | patches/ima-evm-utils-1.1/series (renamed from patches/ima-evm-utils-1.0/series) | 3 |
14 files changed, 133 insertions, 104 deletions
diff --git a/patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch index c035197d9..c035197d9 100644 --- a/patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch +++ b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch diff --git a/patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch index cb09b8d78..cb09b8d78 100644 --- a/patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch +++ b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch diff --git a/patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch index 77e9f5fc6..4b1c84584 100644 --- a/patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch +++ b/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch @@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 2 insertions(+) diff --git a/src/evmctl.c b/src/evmctl.c -index c20cbfe80ab6..19f5f3bc87b0 100644 +index 2ffee786865b..20eccfa93b2b 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -1092,6 +1092,7 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func) if (fchdir(dirfd(dir))) { log_err("Failed to chdir %s\n", path); @@ -21,7 +21,7 @@ index c20cbfe80ab6..19f5f3bc87b0 100644 return -1; } -@@ -1107,6 +1108,7 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func) if (chdir("..")) { log_err("Failed to chdir: %s\n", path); diff --git a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch index 8a562b3e0..68660d95e 100644 --- a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch +++ b/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch @@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 19f5f3bc87b0..a5355f6c0ee1 100644 +index 20eccfa93b2b..55fc619f5990 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -1097,13 +1097,20 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func) } while ((de = readdir(dir))) { @@ -38,7 +38,7 @@ index 19f5f3bc87b0..a5355f6c0ee1 100644 } if (chdir("..")) { -@@ -1112,8 +1119,13 @@ static int find(const char *path, int dts, find_cb_t func) +@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func) return -1; } diff --git a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch index 7d229d3e2..69aadb377 100644 --- a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch +++ b/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 5 insertions(+) diff --git a/src/evmctl.c b/src/evmctl.c -index a5355f6c0ee1..f120bf96b69d 100644 +index 55fc619f5990..de53be37b69b 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -62,6 +62,11 @@ diff --git a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch index a5de62dcc..a3cd597f8 100644 --- a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch +++ b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch @@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index f120bf96b69d..559e4cbf9176 100644 +index de53be37b69b..b0f3b6362528 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -446,7 +446,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) static int sign_evm(const char *file, const char *key) { @@ -22,7 +22,7 @@ index f120bf96b69d..559e4cbf9176 100644 unsigned char sig[1024]; int len, err; -@@ -481,7 +481,7 @@ static int sign_evm(const char *file, const char *key) +@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key) static int hash_ima(const char *file) { @@ -31,7 +31,7 @@ index f120bf96b69d..559e4cbf9176 100644 int len, err, offset; int algo = get_hash_algo(params.hash_algo); -@@ -519,7 +519,7 @@ static int hash_ima(const char *file) +@@ -571,7 +571,7 @@ static int hash_ima(const char *file) static int sign_ima(const char *file, const char *key) { @@ -40,7 +40,7 @@ index f120bf96b69d..559e4cbf9176 100644 unsigned char sig[1024]; int len, err; -@@ -699,7 +699,7 @@ static int cmd_sign_evm(struct command *cmd) +@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd) static int verify_evm(const char *file) { @@ -49,7 +49,7 @@ index f120bf96b69d..559e4cbf9176 100644 unsigned char sig[1024]; int len; -@@ -982,7 +982,7 @@ out: +@@ -1119,7 +1119,7 @@ out: static int hmac_evm(const char *file, const char *key) { @@ -59,12 +59,12 @@ index f120bf96b69d..559e4cbf9176 100644 int len, err; diff --git a/src/libimaevm.c b/src/libimaevm.c -index 575f0535fe07..32638e79ffdc 100644 +index 6fa0ed4a1c74..8fc23be08bd7 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -517,7 +517,7 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig - - int ima_verify_signature(const char *file, unsigned char *sig, int siglen) +@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned + int ima_verify_signature(const char *file, unsigned char *sig, int siglen, + unsigned char *digest, int digestlen) { - unsigned char hash[64]; + unsigned char hash[EVP_MAX_MD_SIZE]; diff --git a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch index 290d8adc7..2164c6238 100644 --- a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch +++ b/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch @@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libimaevm.c b/src/libimaevm.c -index 32638e79ffdc..1c5da965468c 100644 +index 8fc23be08bd7..b6c328801708 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -370,7 +370,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int +@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size, SHA_CTX ctx; unsigned char out[1024]; RSA *key; @@ -19,8 +19,8 @@ index 32638e79ffdc..1c5da965468c 100644 + unsigned char sighash[SHA_DIGEST_LENGTH]; struct signature_hdr *hdr = (struct signature_hdr *)sig; - log_info("hash: "); -@@ -652,7 +652,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons + log_info("hash-v1: "); +@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons unsigned char pub[1024]; RSA *key; char name[20]; diff --git a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch index 8165ed86d..488dfa822 100644 --- a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch +++ b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch @@ -14,33 +14,33 @@ Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 559e4cbf9176..d7352d87ef71 100644 +index b0f3b6362528..5d664005e915 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -319,6 +319,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - char uuid[16]; - struct h_misc_64 hmac_misc; - int hmac_size; +@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + #else + pctx = EVP_MD_CTX_new(); + #endif + const EVP_MD *md; if (lstat(file, &st)) { log_err("Failed to stat: %s\n", file); -@@ -350,7 +351,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash) return -1; } -- err = EVP_DigestInit(&ctx, EVP_sha1()); +- err = EVP_DigestInit(pctx, EVP_sha1()); + md = EVP_get_digestbyname(params.evm_hash_algo); + if (!md) { + log_err("EVP_get_digestbyname() failed\n"); + return 1; + } + -+ err = EVP_DigestInit(&ctx, md); ++ err = EVP_DigestInit(pctx, md); if (!err) { log_err("EVP_DigestInit() failed\n"); return 1; -@@ -454,7 +461,7 @@ static int sign_evm(const char *file, const char *key) +@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key) if (len <= 1) return len; @@ -49,30 +49,30 @@ index 559e4cbf9176..d7352d87ef71 100644 if (len <= 1) return len; -@@ -860,6 +867,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h - ssize_t list_size; - struct h_misc_64 hmac_misc; - int hmac_size; +@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + #else + pctx = HMAC_CTX_new(); + #endif + const EVP_MD *md; key = file2bin(keyfile, NULL, &keylen); if (!key) { -@@ -905,7 +913,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h goto out; } -- err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1()); +- err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL); + md = EVP_get_digestbyname(params.evm_hash_algo); + if (!md) { + log_err("EVP_get_digestbyname() failed\n"); + return 1; + } + -+ err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), md); ++ err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL); if (err) { log_err("HMAC_Init() failed\n"); goto out; -@@ -1464,6 +1478,7 @@ static void usage(void) +@@ -1635,6 +1649,7 @@ static void usage(void) printf( "\n" " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" @@ -80,7 +80,7 @@ index 559e4cbf9176..d7352d87ef71 100644 " -s, --imasig make IMA signature\n" " -d, --imahash make IMA hash\n" " -f, --sigfile store IMA signature in .sig file instead of xattr\n" -@@ -1508,6 +1523,7 @@ static struct option opts[] = { +@@ -1691,6 +1706,7 @@ static struct option opts[] = { {"imasig", 0, 0, 's'}, {"imahash", 0, 0, 'd'}, {"hashalgo", 1, 0, 'a'}, @@ -88,16 +88,16 @@ index 559e4cbf9176..d7352d87ef71 100644 {"pass", 2, 0, 'p'}, {"sigfile", 0, 0, 'f'}, {"uuid", 2, 0, 'u'}, -@@ -1565,7 +1581,7 @@ int main(int argc, char *argv[]) +@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[]) g_argc = argc; while (1) { -- c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:ri", opts, &lind); -+ c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind); +- c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind); ++ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); if (c == -1) break; -@@ -1591,6 +1607,9 @@ int main(int argc, char *argv[]) +@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[]) case 'a': params.hash_algo = optarg; break; @@ -108,10 +108,10 @@ index 559e4cbf9176..d7352d87ef71 100644 if (optarg) params.keypass = optarg; diff --git a/src/imaevm.h b/src/imaevm.h -index 711596c3f3fa..ef7858b8faa0 100644 +index 1bafaad0f4ab..ed92e4d8981d 100644 --- a/src/imaevm.h +++ b/src/imaevm.h -@@ -178,6 +178,7 @@ struct libevm_params { +@@ -179,6 +179,7 @@ struct libevm_params { int verbose; int x509; const char *hash_algo; @@ -120,7 +120,7 @@ index 711596c3f3fa..ef7858b8faa0 100644 const char *keypass; }; diff --git a/src/libimaevm.c b/src/libimaevm.c -index 1c5da965468c..595908395514 100644 +index b6c328801708..4c093a038b72 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -129,6 +129,7 @@ struct libevm_params params = { diff --git a/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch index 3467e1ec2..696528f75 100644 --- a/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch +++ b/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch @@ -2,23 +2,23 @@ From: Sascha Hauer <s.hauer@pengutronix.de> Date: Mon, 1 Dec 2014 15:23:21 +0100 Subject: [PATCH] evmctl: add support for offline image preparation -With this patch it's possible to sign a directory hierarchy, so that a -filesystem image (e.g. an ubifs) can be generated. +With this change it's possible to sign a directory hierarchy, so that a +filesystem image (e.g. a 'ubifs') can be generated. -Creating the ima and evm signatues for an images with evmctl has to problems: +Creating the ima and evm signatues for an image with 'evmctl' has two problems: 1) The inode-numbers of the files are different in the to be created image and in the current filesystem. 2) The inode generation can be different, too. These problems are solved in a 4-step process: -1) evmctl generates signatures and writes them to the extended attributed +1) 'evmctl' generates signatures and writes them to the extended attribute (the usual process so far). -2) The image, for example an ubifs image, is generted. mkfs.ubifs generates +2) The image, for example a 'ubifs' image, is generated. 'mkfs.ubifs' generates the image (including extended attributes) and stores the used inode number - in an extended attribute "user.image-inode-number". -3) evmct is started again to generate the signatures, this time with the - additional paramter "--image". Instead of using an ioctl to get the inode + into an extended attribute "user.image-inode-number". +3) 'evmct' is re-started to generate the signatures, this time with the + additional paramter "--image". Instead of using an 'ioctl' to get the inode number and generation, the inode is read from the extended attribute "user.image-inode-number", the generation is set to "0". 4) The image (omitting the exteneded attribute "user.image-inode-number") is @@ -37,18 +37,18 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 3 files changed, 74 insertions(+), 9 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index d7352d87ef71..ec1fed395656 100644 +index 5d664005e915..9003f7640c0f 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -320,6 +320,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - struct h_misc_64 hmac_misc; - int hmac_size; +@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + pctx = EVP_MD_CTX_new(); + #endif const EVP_MD *md; + ino_t ino; if (lstat(file, &st)) { log_err("Failed to stat: %s\n", file); -@@ -342,9 +343,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) } close(fd); } @@ -75,42 +75,42 @@ index d7352d87ef71..ec1fed395656 100644 list_size = llistxattr(file, list, sizeof(list)); if (list_size < 0) { log_err("llistxattr() failed\n"); -@@ -396,7 +413,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - struct h_misc *hmac = (struct h_misc *)&hmac_misc; +@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) hmac_size = sizeof(*hmac); -- hmac->ino = st.st_ino; -+ hmac->ino = ino; - hmac->generation = generation; + if (!evm_portable) { +- hmac->ino = st.st_ino; ++ hmac->ino = ino; + hmac->generation = generation; + } hmac->uid = st.st_uid; - hmac->gid = st.st_gid; -@@ -405,7 +422,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; +@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) hmac_size = sizeof(*hmac); -- hmac->ino = st.st_ino; -+ hmac->ino = ino; - hmac->generation = generation; + if (!evm_portable) { +- hmac->ino = st.st_ino; ++ hmac->ino = ino; + hmac->generation = generation; + } hmac->uid = st.st_uid; - hmac->gid = st.st_gid; -@@ -414,7 +431,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; +@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) hmac_size = sizeof(*hmac); -- hmac->ino = st.st_ino; -+ hmac->ino = ino; - hmac->generation = generation; + if (!evm_portable) { +- hmac->ino = st.st_ino; ++ hmac->ino = ino; + hmac->generation = generation; + } hmac->uid = st.st_uid; - hmac->gid = st.st_gid; -@@ -868,6 +885,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h - struct h_misc_64 hmac_misc; - int hmac_size; +@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + pctx = HMAC_CTX_new(); + #endif const EVP_MD *md; + ino_t ino; key = file2bin(keyfile, NULL, &keylen); if (!key) { -@@ -905,10 +923,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h close(fd); } @@ -137,7 +137,7 @@ index d7352d87ef71..ec1fed395656 100644 log_err("llistxattr() failed: %s\n", file); goto out; } -@@ -951,7 +985,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc *hmac = (struct h_misc *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -146,7 +146,7 @@ index d7352d87ef71..ec1fed395656 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -960,7 +994,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -155,7 +155,7 @@ index d7352d87ef71..ec1fed395656 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -969,7 +1003,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -164,48 +164,48 @@ index d7352d87ef71..ec1fed395656 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -1494,6 +1528,9 @@ static void usage(void) +@@ -1666,6 +1700,9 @@ static void usage(void) " --smack use extra SMACK xattrs for EVM\n" " --m32 force EVM hmac/signature for 32 bit target system\n" " --m64 force EVM hmac/signature for 64 bit target system\n" + " -m, --image image generation mode:\n" + " Read inode number from xattr 'user.image-inode-number',\n" + " and force inode generation to 0.\n" - " -v increase verbosity level\n" - " -h, --help display this help and exit\n" - "\n"); -@@ -1533,6 +1570,7 @@ static struct option opts[] = { + " --ino use custom inode for EVM\n" + " --uid use custom UID for EVM\n" + " --gid use custom GID for EVM\n" +@@ -1716,6 +1753,7 @@ static struct option opts[] = { {"recursive", 0, 0, 'r'}, {"m32", 0, 0, '3'}, {"m64", 0, 0, '6'}, + {"image", 0, 0, 'm'}, - {"smack", 0, 0, 256}, - {"version", 0, 0, 257}, - {} -@@ -1581,7 +1619,7 @@ int main(int argc, char *argv[]) + {"portable", 0, 0, 'o'}, + {"smack", 0, 0, 128}, + {"version", 0, 0, 129}, +@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[]) g_argc = argc; while (1) { -- c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind); -+ c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:rim", opts, &lind); +- c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind); ++ c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind); if (c == -1) break; -@@ -1648,6 +1686,9 @@ int main(int argc, char *argv[]) +@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[]) case '6': msize = 64; break; + case 'm': + params.image_mode = true; + break; - case 256: + case 128: evm_config_xattrnames = evm_extra_smack_xattrs; break; diff --git a/src/imaevm.h b/src/imaevm.h -index ef7858b8faa0..79f70974015a 100644 +index ed92e4d8981d..7e32d09c6538 100644 --- a/src/imaevm.h +++ b/src/imaevm.h -@@ -181,6 +181,7 @@ struct libevm_params { +@@ -182,6 +182,7 @@ struct libevm_params { const char *evm_hash_algo; const char *keyfile; const char *keypass; @@ -214,7 +214,7 @@ index ef7858b8faa0..79f70974015a 100644 struct RSA_ASN1_template { diff --git a/src/libimaevm.c b/src/libimaevm.c -index 595908395514..ea8e4f41488c 100644 +index 4c093a038b72..866f74b39b41 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -40,6 +40,7 @@ @@ -233,7 +233,7 @@ index 595908395514..ea8e4f41488c 100644 #include <openssl/pem.h> #include <openssl/evp.h> -@@ -223,7 +225,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) +@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) } while ((de = readdir(dir))) { diff --git a/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch index e90c5dcf2..12b77a132 100644 --- a/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch +++ b/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch @@ -15,10 +15,10 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> 1 file changed, 3 insertions(+) diff --git a/src/libimaevm.c b/src/libimaevm.c -index ea8e4f41488c..29d50c99c733 100644 +index 866f74b39b41..834b738426bf 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -225,6 +225,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) +@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) } while ((de = readdir(dir))) { diff --git a/patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch index bb44e8d6c..bb44e8d6c 100644 --- a/patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch +++ b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch new file mode 100644 index 000000000..80073f19a --- /dev/null +++ b/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch @@ -0,0 +1,28 @@ +From: Juergen Borleis <jbe@pengutronix.de> +Date: Wed, 18 Nov 2015 15:15:15 +0100 +Subject: [PATCH] Fix warning for non-debug use case + +This change fixes: + + evmctl.c:1194:12: warning: 'cmd_hmac_evm' defined but not used [-Wunused-function] + +Note: this change is GCC specific + +Signed-off-by: Juergen Borleis <jbe@pengutronix.de> +--- + src/evmctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/evmctl.c b/src/evmctl.c +index 9003f7640c0f..4422c0e84d4a 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key) + return 0; + } + +-static int cmd_hmac_evm(struct command *cmd) ++static __attribute__((unused)) int cmd_hmac_evm(struct command *cmd) + { + const char *key, *file = g_argv[optind++]; + int err; diff --git a/patches/ima-evm-utils-1.0/autogen.sh b/patches/ima-evm-utils-1.1/autogen.sh index 9f8a4cb7d..9f8a4cb7d 120000 --- a/patches/ima-evm-utils-1.0/autogen.sh +++ b/patches/ima-evm-utils-1.1/autogen.sh diff --git a/patches/ima-evm-utils-1.0/series b/patches/ima-evm-utils-1.1/series index fcd6547a8..784fc0147 100644 --- a/patches/ima-evm-utils-1.0/series +++ b/patches/ima-evm-utils-1.1/series @@ -11,4 +11,5 @@ 0009-evmctl-add-support-for-offline-image-preparation.patch 0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch 0011-HACK-don-t-generate-man-page.patch -# fd0c40bbcc8fc866030c326fe29b69aa - git-ptx-patches magic +0012-Fix-warning-for-non-debug-use-case.patch +# 25e6f60853e6b27e45f386bbca0730ab - git-ptx-patches magic |