ima-evm-utils: cleanup and update to tip

update to tip backported patches to fix build issues. fix native support Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2019-05-17 08:25:26 -0700
committer: Armin Kuster <akuster808@gmail.com> 2019-05-26 21:58:11 -0700
commit: 8ccf6cafba538b79aed3e5ce7837a77a2ac08e11 (patch)
tree: 8d0a65fe6547022e9b8948b64ef3f383b6f9d244
parent: 982352e810660dbcaa56503338a53a720cc4a9a9 (diff)
download: meta-security-8ccf6cafba538b79aed3e5ce7837a77a2ac08e11.tar.gz
6 files changed, 200 insertions, 22 deletions
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils.inc b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils.inc
deleted file mode 100644
index 72a13f7..0000000
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils.inc
+++ /dev/null
@@ -1,19 +0,0 @@
-DESCRIPTION = "IMA/EVM control utility"
-LICENSE = "GPL-2.0-with-OpenSSL-exception"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-DEPENDS = " \
-openssl \
-attr \
-keyutils \
-pkgconfig \
-"
-# blkid is called by evmctl when creating evm checksums.
-# This is less useful when signing files on the build host,
-# so disable it when compiling on the host.
-RDEPENDS_${PN}_append_class-target = " util-linux-blkid"
-inherit autotools
-BBCLASSEXTEND = "native"
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch
new file mode 100644
index 0000000..5ccb73d
--- /dev/null
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch
@@ -0,0 +1,65 @@
+From 4feaf9b61f93e4043eca26b4ec9f9f68d0cf5e68 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Wed, 6 Mar 2019 01:08:43 +0300
+Subject: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL
+There is no need to link to full libssl. evmctl uses functions from
+libcrypto, so let's link only against that library.
+Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+---
+ configure.ac    | 4 +---
+ src/Makefile.am | 9 ++++-----
+ 2 files changed, 5 insertions(+), 8 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index 60f3684..32e8d85 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -24,9 +24,7 @@ LT_INIT
+ # Checks for header files.
+ AC_HEADER_STDC
+ 
+-PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ])
+-AC_SUBST(OPENSSL_CFLAGS)
+-AC_SUBST(OPENSSL_LIBS)
+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ])
+ AC_SUBST(KERNEL_HEADERS)
+ AC_CHECK_HEADER(unistd.h)
+ AC_CHECK_HEADERS(openssl/conf.h)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index d74fc6f..b81281a 100644
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -1,11 +1,11 @@
+ lib_LTLIBRARIES = libimaevm.la
+ 
+ libimaevm_la_SOURCES = libimaevm.c
+-libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
+libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
+ # current[:revision[:age]]
+ # result: [current-age].age.revision
+ libimaevm_la_LDFLAGS = -version-info 0:0:0
+-libimaevm_la_LIBADD =  $(OPENSSL_LIBS)
+libimaevm_la_LIBADD =  $(LIBCRYPTO_LIBS)
+ 
+ include_HEADERS = imaevm.h
+ 
+@@ -17,12 +17,11 @@ hash_info.h: Makefile
+ bin_PROGRAMS = evmctl
+ 
+ evmctl_SOURCES = evmctl.c
+-evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
+evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
+ evmctl_LDFLAGS = $(LDFLAGS_READLINE)
+-evmctl_LDADD =  $(OPENSSL_LIBS) -lkeyutils libimaevm.la
+evmctl_LDADD =  $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
+ 
+ INCLUDES = -I$(top_srcdir) -include config.h
+ 
+ CLEANFILES = hash_info.h
+ DISTCLEANFILES = @DISTCLEANFILES@
+-
+-- 
+2.17.1
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch
new file mode 100644
index 0000000..8237274
--- /dev/null
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch
@@ -0,0 +1,43 @@
+From 5bb10f3da420f4c46e44423276a9da0d4bc1b691 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Wed, 6 Mar 2019 01:17:12 +0300
+Subject: [PATCH 2/4] ima-evm-utils: replace INCLUDES with AM_CPPFLAGS
+Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning
+about deprecated variable usage.
+Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+---
+ src/Makefile.am | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b81281a..164e7e4 100644
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -1,7 +1,7 @@
+ lib_LTLIBRARIES = libimaevm.la
+ 
+ libimaevm_la_SOURCES = libimaevm.c
+-libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
+ # current[:revision[:age]]
+ # result: [current-age].age.revision
+ libimaevm_la_LDFLAGS = -version-info 0:0:0
+@@ -17,11 +17,11 @@ hash_info.h: Makefile
+ bin_PROGRAMS = evmctl
+ 
+ evmctl_SOURCES = evmctl.c
+-evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
+ evmctl_LDFLAGS = $(LDFLAGS_READLINE)
+ evmctl_LDADD =  $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
+ 
+-INCLUDES = -I$(top_srcdir) -include config.h
+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
+ 
+ CLEANFILES = hash_info.h
+ DISTCLEANFILES = @DISTCLEANFILES@
+-- 
+2.17.1
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch
new file mode 100644
index 0000000..3d250d2
--- /dev/null
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch
@@ -0,0 +1,31 @@
+From c587ec307a6259a990bfab727cea7db28dba4c23 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Wed, 6 Mar 2019 01:22:30 +0300
+Subject: [PATCH 3/4] ima-evm-utils: include hash-info.gen into distribution
+Include hash-info.gen into tarball and call it from the sourcedir to fix
+out-of-tree build (and thus 'make distcheck').
+Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+---
+ src/Makefile.am | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 164e7e4..9c037e2 100644
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -11,8 +11,9 @@ include_HEADERS = imaevm.h
+ 
+ nodist_libimaevm_la_SOURCES = hash_info.h
+ BUILT_SOURCES = hash_info.h
+EXTRA_DIST = hash_info.gen
+ hash_info.h: Makefile
+-       ./hash_info.gen $(KERNEL_HEADERS) >$@
+       $(srcdir)/hash_info.gen $(KERNEL_HEADERS) >$@
+ 
+ bin_PROGRAMS = evmctl
+ 
+-- 
+2.17.1
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch
new file mode 100644
index 0000000..4ada1a2
--- /dev/null
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch
@@ -0,0 +1,34 @@
+From b9f327c5c513ccea9cb56d4bbd50c1f66d629099 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+Date: Wed, 6 Mar 2019 01:24:04 +0300
+Subject: [PATCH 4/4] ima-evm-utils: update .gitignore files
+Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+---
+ .gitignore     | 1 +
+ src/.gitignore | 1 +
+ 2 files changed, 2 insertions(+)
+ create mode 100644 src/.gitignore
+diff --git a/.gitignore b/.gitignore
+index ca7a06e..cb82166 100644
+--- a/.gitignore
+++ b/.gitignore
+@@ -45,6 +45,7 @@ cscope.*
+ ncscope.*
+ 
+ # Generated documentation
+*.1
+ *.8
+ *.5
+ manpage.links
+diff --git a/src/.gitignore b/src/.gitignore
+new file mode 100644
+index 0000000..38e8e3c
+--- /dev/null
+++ b/src/.gitignore
+@@ -0,0 +1 @@
+hash_info.h
+-- 
+2.17.1
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index 8a9999f..929d853 100644
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -1,9 +1,14 @@
-require ima-evm-utils.inc
+DESCRIPTION = "IMA/EVM control utility"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+DEPENDS += "openssl attr keyutils"
+DEPENDS_class-native += "openssl-native keyutils-native"
 PV = "1.0+git${SRCPV}"
-SRCREV = "3e2a67bdb0673581a97506262e62db098efef6d7"
+SRCREV = "0267fa16990fd0ddcc89984a8e55b27d43e80167"
 SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils"
-S = "${WORKDIR}/git"
 # Documentation depends on asciidoc, which we do not have, so
 # do not build documentation.
@@ -15,3 +20,22 @@ SRC_URI += "file://evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch"
 # Required for xargs with more than one path as argument (better for performance).
 SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"
+SRC_URI += "\
+    file://0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch \
+    file://0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch \
+    file://0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch \
+    file://0004-ima-evm-utils-update-.gitignore-files.patch \
+"
+S = "${WORKDIR}/git"
+inherit pkgconfig autotools
+EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
+# blkid is called by evmctl when creating evm checksums.
+# This is less useful when signing files on the build host,
+# so disable it when compiling on the host.
+RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"
+BBCLASSEXTEND = "native nativesdk"
author	Armin Kuster <akuster808@gmail.com>	2019-05-17 08:25:26 -0700
committer	Armin Kuster <akuster808@gmail.com>	2019-05-26 21:58:11 -0700
commit	8ccf6cafba538b79aed3e5ce7837a77a2ac08e11 (patch)
tree	8d0a65fe6547022e9b8948b64ef3f383b6f9d244
parent	982352e810660dbcaa56503338a53a720cc4a9a9 (diff)
download	meta-security-8ccf6cafba538b79aed3e5ce7837a77a2ac08e11.tar.gz

diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils.inc b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils.inc deleted file mode 100644 index 72a13f7..0000000 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils.inc +++ /dev/null
@@ -1,19 +0,0 @@
1	DESCRIPTION = "IMA/EVM control utility"
2	LICENSE = "GPL-2.0-with-OpenSSL-exception"
3	LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
4
5	DEPENDS = " \
6	openssl \
7	attr \
8	keyutils \
9	pkgconfig \
10	"
11
12	# blkid is called by evmctl when creating evm checksums.
13	# This is less useful when signing files on the build host,
14	# so disable it when compiling on the host.
15	RDEPENDS_${PN}_append_class-target = " util-linux-blkid"
16
17	inherit autotools
18
19	BBCLASSEXTEND = "native"


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch new file mode 100644 index 0000000..5ccb73d --- /dev/null +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch
@@ -0,0 +1,65 @@
		1	From 4feaf9b61f93e4043eca26b4ec9f9f68d0cf5e68 Mon Sep 17 00:00:00 2001
		2	From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		3	Date: Wed, 6 Mar 2019 01:08:43 +0300
		4	Subject: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL
		5
		6	There is no need to link to full libssl. evmctl uses functions from
		7	libcrypto, so let's link only against that library.
		8
		9	Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		10	---
		11	configure.ac \| 4 +---
		12	src/Makefile.am \| 9 ++++-----
		13	2 files changed, 5 insertions(+), 8 deletions(-)
		14
		15	diff --git a/configure.ac b/configure.ac
		16	index 60f3684..32e8d85 100644
		17	--- a/configure.ac
		18	+++ b/configure.ac
		19	@@ -24,9 +24,7 @@ LT_INIT
		20	# Checks for header files.
		21	AC_HEADER_STDC
		22
		23	-PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ])
		24	-AC_SUBST(OPENSSL_CFLAGS)
		25	-AC_SUBST(OPENSSL_LIBS)
		26	+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ])
		27	AC_SUBST(KERNEL_HEADERS)
		28	AC_CHECK_HEADER(unistd.h)
		29	AC_CHECK_HEADERS(openssl/conf.h)
		30	diff --git a/src/Makefile.am b/src/Makefile.am
		31	index d74fc6f..b81281a 100644
		32	--- a/src/Makefile.am
		33	+++ b/src/Makefile.am
		34	@@ -1,11 +1,11 @@
		35	lib_LTLIBRARIES = libimaevm.la
		36
		37	libimaevm_la_SOURCES = libimaevm.c
		38	-libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
		39	+libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
		40	# current[:revision[:age]]
		41	# result: [current-age].age.revision
		42	libimaevm_la_LDFLAGS = -version-info 0:0:0
		43	-libimaevm_la_LIBADD = $(OPENSSL_LIBS)
		44	+libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS)
		45
		46	include_HEADERS = imaevm.h
		47
		48	@@ -17,12 +17,11 @@ hash_info.h: Makefile
		49	bin_PROGRAMS = evmctl
		50
		51	evmctl_SOURCES = evmctl.c
		52	-evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
		53	+evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
		54	evmctl_LDFLAGS = $(LDFLAGS_READLINE)
		55	-evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la
		56	+evmctl_LDADD = $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
		57
		58	INCLUDES = -I$(top_srcdir) -include config.h
		59
		60	CLEANFILES = hash_info.h
		61	DISTCLEANFILES = @DISTCLEANFILES@
		62	-
		63	--
		64	2.17.1
		65


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch new file mode 100644 index 0000000..8237274 --- /dev/null +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch
@@ -0,0 +1,43 @@
		1	From 5bb10f3da420f4c46e44423276a9da0d4bc1b691 Mon Sep 17 00:00:00 2001
		2	From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		3	Date: Wed, 6 Mar 2019 01:17:12 +0300
		4	Subject: [PATCH 2/4] ima-evm-utils: replace INCLUDES with AM_CPPFLAGS
		5
		6	Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning
		7	about deprecated variable usage.
		8
		9	Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		10	---
		11	src/Makefile.am \| 6 +++---
		12	1 file changed, 3 insertions(+), 3 deletions(-)
		13
		14	diff --git a/src/Makefile.am b/src/Makefile.am
		15	index b81281a..164e7e4 100644
		16	--- a/src/Makefile.am
		17	+++ b/src/Makefile.am
		18	@@ -1,7 +1,7 @@
		19	lib_LTLIBRARIES = libimaevm.la
		20
		21	libimaevm_la_SOURCES = libimaevm.c
		22	-libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
		23	+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
		24	# current[:revision[:age]]
		25	# result: [current-age].age.revision
		26	libimaevm_la_LDFLAGS = -version-info 0:0:0
		27	@@ -17,11 +17,11 @@ hash_info.h: Makefile
		28	bin_PROGRAMS = evmctl
		29
		30	evmctl_SOURCES = evmctl.c
		31	-evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
		32	+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
		33	evmctl_LDFLAGS = $(LDFLAGS_READLINE)
		34	evmctl_LDADD = $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
		35
		36	-INCLUDES = -I$(top_srcdir) -include config.h
		37	+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
		38
		39	CLEANFILES = hash_info.h
		40	DISTCLEANFILES = @DISTCLEANFILES@
		41	--
		42	2.17.1
		43


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch new file mode 100644 index 0000000..3d250d2 --- /dev/null +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch
@@ -0,0 +1,31 @@
		1	From c587ec307a6259a990bfab727cea7db28dba4c23 Mon Sep 17 00:00:00 2001
		2	From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		3	Date: Wed, 6 Mar 2019 01:22:30 +0300
		4	Subject: [PATCH 3/4] ima-evm-utils: include hash-info.gen into distribution
		5
		6	Include hash-info.gen into tarball and call it from the sourcedir to fix
		7	out-of-tree build (and thus 'make distcheck').
		8
		9	Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		10	---
		11	src/Makefile.am \| 3 ++-
		12	1 file changed, 2 insertions(+), 1 deletion(-)
		13
		14	diff --git a/src/Makefile.am b/src/Makefile.am
		15	index 164e7e4..9c037e2 100644
		16	--- a/src/Makefile.am
		17	+++ b/src/Makefile.am
		18	@@ -11,8 +11,9 @@ include_HEADERS = imaevm.h
		19
		20	nodist_libimaevm_la_SOURCES = hash_info.h
		21	BUILT_SOURCES = hash_info.h
		22	+EXTRA_DIST = hash_info.gen
		23	hash_info.h: Makefile
		24	- ./hash_info.gen $(KERNEL_HEADERS) >$@
		25	+ $(srcdir)/hash_info.gen $(KERNEL_HEADERS) >$@
		26
		27	bin_PROGRAMS = evmctl
		28
		29	--
		30	2.17.1
		31


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch new file mode 100644 index 0000000..4ada1a2 --- /dev/null +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch
@@ -0,0 +1,34 @@
		1	From b9f327c5c513ccea9cb56d4bbd50c1f66d629099 Mon Sep 17 00:00:00 2001
		2	From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		3	Date: Wed, 6 Mar 2019 01:24:04 +0300
		4	Subject: [PATCH 4/4] ima-evm-utils: update .gitignore files
		5
		6	Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
		7	---
		8	.gitignore \| 1 +
		9	src/.gitignore \| 1 +
		10	2 files changed, 2 insertions(+)
		11	create mode 100644 src/.gitignore
		12
		13	diff --git a/.gitignore b/.gitignore
		14	index ca7a06e..cb82166 100644
		15	--- a/.gitignore
		16	+++ b/.gitignore
		17	@@ -45,6 +45,7 @@ cscope.*
		18	ncscope.*
		19
		20	# Generated documentation
		21	+*.1
		22	*.8
		23	*.5
		24	manpage.links
		25	diff --git a/src/.gitignore b/src/.gitignore
		26	new file mode 100644
		27	index 0000000..38e8e3c
		28	--- /dev/null
		29	+++ b/src/.gitignore
		30	@@ -0,0 +1 @@
		31	+hash_info.h
		32	--
		33	2.17.1
		34


diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb index 8a9999f..929d853 100644 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -1,9 +1,14 @@
1	require ima-evm-utils.inc	1	DESCRIPTION = "IMA/EVM control utility"
		2	LICENSE = "GPL-2.0-with-OpenSSL-exception"
		3	LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
		4
		5	DEPENDS += "openssl attr keyutils"
		6
		7	DEPENDS_class-native += "openssl-native keyutils-native"
2		8
3	PV = "1.0+git${SRCPV}"	9	PV = "1.0+git${SRCPV}"
4	SRCREV = "3e2a67bdb0673581a97506262e62db098efef6d7"	10	SRCREV = "0267fa16990fd0ddcc89984a8e55b27d43e80167"
5	SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils"	11	SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils"
6	S = "${WORKDIR}/git"
7		12
8	# Documentation depends on asciidoc, which we do not have, so	13	# Documentation depends on asciidoc, which we do not have, so
9	# do not build documentation.	14	# do not build documentation.
@@ -15,3 +20,22 @@ SRC_URI += "file://evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch"
15		20
16	# Required for xargs with more than one path as argument (better for performance).	21	# Required for xargs with more than one path as argument (better for performance).
17	SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"	22	SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"
		23
		24	SRC_URI += "\
		25	file://0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch \
		26	file://0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch \
		27	file://0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch \
		28	file://0004-ima-evm-utils-update-.gitignore-files.patch \
		29	"
		30	S = "${WORKDIR}/git"
		31
		32	inherit pkgconfig autotools
		33
		34	EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
		35
		36	# blkid is called by evmctl when creating evm checksums.
		37	# This is less useful when signing files on the build host,
		38	# so disable it when compiling on the host.
		39	RDEPENDS_${PN}_append_class-target = " util-linux-blkid libcrypto attr libattr keyutils"
		40
		41	BBCLASSEXTEND = "native nativesdk"