import ima-evm-utils-1.3.2-12.el8

2021-02-23 06:11:35 +00:00 · 2021-02-23 06:11:35 +00:00 · 4da7043a2a
commit 4da7043a2a
parent 40df85c41d
7 changed files with 161 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
+SOURCES/ima-evm-utils-1.1.tar.gz
 SOURCES/ima-evm-utils-1.3.2.tar.gz
--- a/.ima-evm-utils.metadata
+++ b/.ima-evm-utils.metadata
@ -1 +1,2 @@
+58705b3544ae6e650042374dba535c0b3837b8fc SOURCES/ima-evm-utils-1.1.tar.gz
 034d163533ae5f9c06001b375ec7e5a1b09a3853 SOURCES/ima-evm-utils-1.3.2.tar.gz
--- a/SOURCES/annocheck-opt-flag.patch
+++ b/SOURCES/annocheck-opt-flag.patch
@ -0,0 +1,19 @@
+diff --git a/configure.ac b/configure.ac
+index 6822f39..34e4a81 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -36,9 +36,9 @@ AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You n
+ #debug support - yes for a while
+ PKG_ARG_ENABLE(debug, "yes", DEBUG, [Enable Debug support])
+ if test $pkg_cv_enable_debug = yes; then
+-	CFLAGS="$CFLAGS -g -O1 -Wall -Wstrict-prototypes -pipe"
+	CFLAGS="$CFLAGS -g -O2 -Wall -Wstrict-prototypes -pipe"
+ else
+-	CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
+	CFLAGS="$CFLAGS -O2 -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
+ fi
+ 
+ # for gcov
+-- 
+2.14.4
+
--- a/SOURCES/covscan-memory-leaks.patch
+++ b/SOURCES/covscan-memory-leaks.patch
@ -0,0 +1,45 @@
+diff --git a/src/evmctl.c b/src/evmctl.c
+index 2ffee78..b80a1c9 100644
+--- a/src/evmctl.c
+++ b/src/evmctl.c
+@@ -1716,7 +1716,7 @@ static char *get_password(void)
+ 
+ 	if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) {
+ 		perror("tcsetattr");
+-		return NULL;
+		goto get_pwd_err;
+ 	}
+ 
+ 	printf("PEM password: ");
+@@ -1725,10 +1725,14 @@ static char *get_password(void)
+ 	/* restore terminal */
+ 	if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
+ 		perror("tcsetattr");
+-		return NULL;
+		goto get_pwd_err;
+ 	}
+ 
+	free(password);
+ 	return pwd;
+get_pwd_err:
+	free(password);
+	return NULL;
+ }
+ 
+ int main(int argc, char *argv[])
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index 6fa0ed4..39582f2 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -466,6 +466,8 @@ void init_public_keys(const char *keyfiles)
+ 		entry->next = public_keys;
+ 		public_keys = entry;
+ 	}
+
+	free(tmp_keyfiles);
+ }
+ 
+ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
+-- 
+2.14.4
+
--- a/SOURCES/docbook-xsl-path.patch
+++ b/SOURCES/docbook-xsl-path.patch
@ -0,0 +1,12 @@
+diff -urNp ima-evm-utils-1.0-orig/Makefile.am ima-evm-utils-1.0/Makefile.am
+--- ima-evm-utils-1.0-orig/Makefile.am	2015-07-30 15:28:53.000000000 -0300
+++ ima-evm-utils-1.0/Makefile.am	2017-11-20 16:20:04.245591165 -0200
+@@ -24,7 +24,7 @@ rpm: $(tarname)
+ 	rpmbuild -ba --nodeps $(SPEC)
+ 
+ # requires asciidoc, xslproc, docbook-xsl
+-MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl
+MANPAGE_DOCBOOK_XSL = /usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl
+ 
+ evmctl.1.html: README
+ 	@asciidoc -o $@ $<
--- a/SOURCES/libimaevm-keydesc-import.patch
+++ b/SOURCES/libimaevm-keydesc-import.patch
@ -0,0 +1,37 @@
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index 6fa0ed4..b6f9b9f 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
+ 	memcpy(keyid, sha1 + 12, 8);
+ 	log_debug("keyid: ");
+ 	log_debug_dump(keyid, 8);
+	id = __be64_to_cpup((__be64 *) keyid);
+	sprintf(str, "%llX", (unsigned long long)id);
+ 
+-	if (params.verbose > LOG_INFO) {
+-		id = __be64_to_cpup((__be64 *) keyid);
+-		sprintf(str, "%llX", (unsigned long long)id);
+	if (params.verbose > LOG_INFO)
+ 		log_info("keyid-v1: %s\n", str);
+-	}
+ }
+ 
+ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
+@@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
+ 	memcpy(keyid, sha1 + 16, 4);
+ 	log_debug("keyid: ");
+ 	log_debug_dump(keyid, 4);
+	sprintf(str, "%x", __be32_to_cpup(keyid));
+ 
+-	if (params.verbose > LOG_INFO) {
+-		sprintf(str, "%x", __be32_to_cpup(keyid));
+	if (params.verbose > LOG_INFO)
+ 		log_info("keyid: %s\n", str);
+-	}
+ 
+ 	free(pkey);
+ }
+-- 
+2.19.1
+
--- a/SPECS/ima-evm-utils.spec
+++ b/SPECS/ima-evm-utils.spec
@ -1,12 +1,20 @@
+%global compat_soversion 0
+
 Name:    ima-evm-utils
 Version: 1.3.2
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: IMA/EVM support utilities
 License: GPLv2
 Url:     http://linux-ima.sourceforge.net/
 Source:  http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
+Source10: ima-evm-utils-1.1.tar.gz

 Patch0: 0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
+# compat patches
+Patch1: docbook-xsl-path.patch
+Patch2: covscan-memory-leaks.patch
+Patch3: annocheck-opt-flag.patch
+Patch4: libimaevm-keydesc-import.patch

 BuildRequires: asciidoc
 BuildRequires: autoconf
@ -17,8 +25,10 @@ BuildRequires: libtool
 BuildRequires: libxslt
 BuildRequires: openssl-devel
 BuildRequires: tpm2-tss-devel
+# compat requirement
+BuildRequires: libattr-devel

-Requires: tpm2-tss
+#Requires: tpm2-tss

 %description
 The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture
@ -35,10 +45,31 @@ Requires: %{name} = %{version}-%{release}
 %description devel
 This package provides the header files for %{name}

+%package -n %{name}%{compat_soversion}
+Summary: Compatibility package of %{name}
+
+%description -n %{name}%{compat_soversion}
+This package provides the libimaevm.so.%{compat_soversion} relative to %{name}-1.1
+
 %prep
-%autosetup -p1
+%setup -q
+%patch0 -p1
+mkdir compat/
+tar -zxf %{SOURCE10} --strip-components=1 -C compat/
+cd compat/
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1

 %build
+# build compat version of the package
+pushd compat/
+autoreconf -vif
+%configure --disable-static
+%make_build
+popd
+
 autoreconf -vif
 %configure --disable-static
 %make_build
@ -46,6 +77,11 @@ autoreconf -vif
 %install
 %make_install
 find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete
+# install compat libs
+pushd compat/src/.libs/
+install -p libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
+ln -s -f %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}
+popd

 %ldconfig_scriptlets

@ -63,7 +99,14 @@ find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete
 %{_includedir}/*
 %{_libdir}/libimaevm.so

+%files -n %{name}%{compat_soversion}
+%{_libdir}/libimaevm.so.%{compat_soversion}
+%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
+
 %changelog
+* Thu Feb 18 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-12
+- Add compat subpackage for keeping the API stability in userspace
+
 * Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-11
 - Bump release number for yet another rebuild