import ima-evm-utils-1.3.2-12.el8

2021-05-18 02:54:08 -04:00 · 2021-05-18 02:54:08 -04:00 · 710dd15dff
commit 710dd15dff
parent 039bbeb9d8
4 changed files with 131 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 SOURCES/ima-evm-utils-1.1.tar.gz
+SOURCES/ima-evm-utils-1.3.2.tar.gz
--- a/.ima-evm-utils.metadata
+++ b/.ima-evm-utils.metadata
@ -1 +1,2 @@
 58705b3544ae6e650042374dba535c0b3837b8fc SOURCES/ima-evm-utils-1.1.tar.gz
+034d163533ae5f9c06001b375ec7e5a1b09a3853 SOURCES/ima-evm-utils-1.3.2.tar.gz
--- a/SOURCES/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
+++ b/SOURCES/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
@ -0,0 +1,38 @@
+From ea10a33d26572eebde59565179f622b6fb240d04 Mon Sep 17 00:00:00 2001
+From: Patrick Uiterwijk <patrick@puiterwijk.org>
+Date: Wed, 6 Jan 2021 10:43:34 +0100
+Subject: [PATCH] Fix sign_hash not observing the hashalgo argument
+
+This fixes sign_hash not using the correct algorithm for creating the
+signature, by ensuring it uses the passed in variable value.
+
+Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
+---
+ src/libimaevm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index fa6c27858d0f..72d5e67f6fdd 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -916,7 +916,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
+ 		return -1;
+ 	}
+ 
+-	log_info("hash(%s): ", imaevm_params.hash_algo);
+	log_info("hash(%s): ", algo);
+ 	log_dump(hash, size);
+ 
+ 	pkey = read_priv_pkey(keyfile, imaevm_params.keypass);
+@@ -942,7 +942,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
+ 	if (!EVP_PKEY_sign_init(ctx))
+ 		goto err;
+ 	st = "EVP_get_digestbyname";
+-	if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
+	if (!(md = EVP_get_digestbyname(algo)))
+ 		goto err;
+ 	st = "EVP_PKEY_CTX_set_signature_md";
+ 	if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
+-- 
+2.29.2
+
--- a/SPECS/ima-evm-utils.spec
+++ b/SPECS/ima-evm-utils.spec
@ -1,17 +1,35 @@
+%global compat_soversion 0
+
+Name:    ima-evm-utils
+Version: 1.3.2
+Release: 12%{?dist}
 Summary: IMA/EVM support utilities
-Name: ima-evm-utils
-Version: 1.1
-Release: 5%{?dist}
 License: GPLv2
-Url:  http://linux-ima.sourceforge.net/
-Source: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
-BuildRequires: autoconf automake libtool m4 asciidoc libxslt
-BuildRequires: openssl-devel libattr-devel keyutils-libs-devel
+Url:     http://linux-ima.sourceforge.net/
+Source:  http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
+Source10: ima-evm-utils-1.1.tar.gz
+
+Patch0: 0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
+# compat patches
 Patch1: docbook-xsl-path.patch
 Patch2: covscan-memory-leaks.patch
 Patch3: annocheck-opt-flag.patch
 Patch4: libimaevm-keydesc-import.patch

+BuildRequires: asciidoc
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: keyutils-libs-devel
+BuildRequires: libtool
+BuildRequires: libxslt
+BuildRequires: openssl-devel
+BuildRequires: tpm2-tss-devel
+# compat requirement
+BuildRequires: libattr-devel
+
+#Requires: tpm2-tss
+
 %description
 The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture
 (IMA) maintains a list of hash values of executables and other sensitive
@ -22,42 +40,98 @@ ima-evm-utils is used to prepare the file system for these extended attributes.

 %package devel
 Summary: Development files for %{name}
+Requires: %{name} = %{version}-%{release}

 %description devel
 This package provides the header files for %{name}

+%package -n %{name}%{compat_soversion}
+Summary: Compatibility package of %{name}
+
+%description -n %{name}%{compat_soversion}
+This package provides the libimaevm.so.%{compat_soversion} relative to %{name}-1.1
+
 %prep
 %setup -q
+%patch0 -p1
+mkdir compat/
+tar -zxf %{SOURCE10} --strip-components=1 -C compat/
+cd compat/
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1

 %build
-mkdir -p m4
-autoreconf -f -i
+# build compat version of the package
+pushd compat/
+autoreconf -vif
 %configure --disable-static
-make %{?_smp_mflags}
+%make_build
+popd
+
+autoreconf -vif
+%configure --disable-static
+%make_build

 %install
-make DESTDIR=%{buildroot} install
+%make_install
 find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete
+# install compat libs
+pushd compat/src/.libs/
+install -p libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
+ln -s -f %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}
+popd

 %ldconfig_scriptlets

+%files
+%license COPYING
+%doc NEWS README AUTHORS
+%{_bindir}/*
+# if you need to bump the soname version, coordinate with dependent packages
+%{_libdir}/libimaevm.so.2
+%{_libdir}/libimaevm.so.2.0.0
+%{_mandir}/man1/*
+
 %files devel
 %{_pkgdocdir}/*.sh
 %{_includedir}/*
 %{_libdir}/libimaevm.so

-%files
-%doc ChangeLog README AUTHORS
-%license COPYING
-%{_bindir}/*
-%{_libdir}/libimaevm.so.*
-%{_mandir}/man1/*
+%files -n %{name}%{compat_soversion}
+%{_libdir}/libimaevm.so.%{compat_soversion}
+%{_libdir}/libimaevm.so.%{compat_soversion}.0.0

 %changelog
+* Thu Feb 18 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-12
+- Add compat subpackage for keeping the API stability in userspace
+
+* Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-11
+- Bump release number for yet another rebuild
+
+* Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-10
+- Add patch for fixing hash algorithm used through libimaevm
+
+* Fri Jan 15 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-9
+- Add tpm2-tss as a runtime dependency
+
+* Sun Jan 10 2021 Michal Domonkos <mdomonko@redhat.com> - 1.3.2-8
+- Bump release number for yet another couple of rebuilds
+
+* Wed Jan 06 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-4
+- Bump release number for yet another build for solving wrong target usage
+
+* Wed Jan 06 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-3
+- Bump release number for another build, handling build issues
+
+* Tue Dec 01 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-2
+- Bump release number for forcing a new build
+
+* Mon Nov 09 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-1
+- Rebase to upstream v1.3.2 version
+- Sync specfile with Fedora's version
+
 * Thu Mar 28 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-5
 - Add patch to correctly handle key description on keyring during importation