mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-11 15:00:34 +00:00
Code Issues Projects Releases Wiki Activity

ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch

Browse Source 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Stefan Berger
2023-04-28 08:23:16 -04:00
committed by Armin Kuster
parent 319522e00d
commit 9de807705b
2 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch Normal file
View File

@@ -0,0 +1,35 @@
From 00ace817c5134d9844db387cadb9517ebad43808 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Tue, 18 Apr 2023 11:43:55 -0400
Subject: [PATCH] Do not get generation using ioctl when evm_portable is true
If a signatures is detected as being portable do not attempt to read the
generation with the ioctl since in some cases this may not be supported
by the filesystem and is also not needed for computing a portable
signature.
This avoids the current work-around of passing --generation 0 when the
ioctl is not supported by the filesystem.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/evmctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 6d2bb67..c35a28c 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -376,7 +376,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
if (mode_str)
st.st_mode = strtoul(mode_str, NULL, 10);
- if (!evm_immutable) {
+ if (!evm_immutable && !evm_portable) {
if (S_ISREG(st.st_mode) && !generation_str) {
int fd = open(file, 0);
---
2.39.2

9
meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb → meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
View File

@@ -6,8 +6,13 @@ DEPENDS += "openssl attr keyutils"
DEPENDS:class-native += "openssl-native keyutils-native"
SRC_URI = "https://sourceforge.net/projects/linux-ima/files/${BPN}/${BP}.tar.gz"
SRC_URI[sha256sum] = "fcf85b31d6292051b3679e5f17ffa7f89b6898957aad0f59aa4e9878884b27d1"
FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
SRC_URI = " \
https://github.com/mimizohar/ima-evm-utils/releases/download/v${PV}/${BP}.tar.gz \
file://0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch \
"
SRC_URI[sha256sum] = "45f1caa3ad59ec59a1d6a74ea5df38c413488cd952ab62d98cf893c15e6f246d"
inherit pkgconfig autotools features_check