dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

Build OpenSSL without engine support

Browse Source 
Fix COMPILE_SSL to build for the proper architecture, link with the
appropriate library, and set up library path for evmctl.

Compile OpenSSL with "no-engine" and "no-dynamic-engine" support.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar 2022-09-07 21:38:28 -04:00
parent abf7b5e236
commit 297d01bdb6
5 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yml vendored
View File

@ -114,7 +114,7 @@ jobs:
INSTALL="${INSTALL%%/*}" INSTALL="${INSTALL%%/*}"
if [ "$VARIANT" ]; then ARCH="$ARCH" ./ci/$INSTALL.$VARIANT.sh; fi if [ "$VARIANT" ]; then ARCH="$ARCH" ./ci/$INSTALL.$VARIANT.sh; fi
ARCH="$ARCH" CC="$CC" TSS="$TSS" ./ci/$INSTALL.sh ARCH="$ARCH" CC="$CC" TSS="$TSS" ./ci/$INSTALL.sh
if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" VARIANT="$VARIANT" ./tests/install-openssl3.sh; fi
- name: Build swtpm - name: Build swtpm
run: | run: |
@ -129,4 +129,4 @@ jobs:
run: $CC --version run: $CC --version
- name: Compile - name: Compile
run: CC="$CC" VARIANT="$VARIANT" ./build.sh run: CC="$CC" VARIANT="$VARIANT" COMPILE_SSL="$COMPILE_SSL" ./build.sh

2
.travis.yml
View File

@ -95,4 +95,4 @@ script:
- INSTALL="${DISTRO#${REPO}}" - INSTALL="${DISTRO#${REPO}}"
- INSTALL="${INSTALL%%:*}" - INSTALL="${INSTALL%%:*}"
- INSTALL="${INSTALL%%/*}" - INSTALL="${INSTALL%%/*}"
- $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh" - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ \"$COMPILE_SSL\" ]; then COMPILE_SSL=\"$COMPILE_SSL\" VARIANT=\"$VARIANT\" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" COMPILE_SSL=\"$COMPILE_SSL\" ./build.sh"

8
build.sh
View File

@ -32,6 +32,14 @@ log_exit()
cd `dirname $0` cd `dirname $0`
if [ "$COMPILE_SSL" ]; then
echo "COMPILE_SSL: $COMPILE_SSL"
export CFLAGS="-I/opt/openssl3/include $CFLAGS"
export LD_LIBRARY_PATH="/opt/openssl3/lib64:/opt/openssl3/lib:$HOME/src/ima-evm-utils/src/.libs:$LD_LIBRARY_PATH"
export LDFLAGS="-L/opt/openssl3/lib64 -L/opt/openssl3/lib $LDFLAGS"
export PATH="/opt/openssl3/bin:$HOME/src/ima-evm-utils/src/.libs:$PATH"
fi
case "$VARIANT" in case "$VARIANT" in
i386) i386)
echo "32-bit compilation" echo "32-bit compilation"

4
src/evmctl.c
View File

@ -2983,8 +2983,10 @@ int main(int argc, char *argv[])
#if CONFIG_IMA_EVM_ENGINE #if CONFIG_IMA_EVM_ENGINE
case 139: /* --engine e */ case 139: /* --engine e */
imaevm_params.eng = setup_engine(optarg); imaevm_params.eng = setup_engine(optarg);
if (!imaevm_params.eng) if (!imaevm_params.eng) {
log_info("setup_engine failed\n");
goto error; goto error;
}
break; break;
#endif #endif
case 140: /* --xattr-user */ case 140: /* --xattr-user */

9
tests/install-openssl3.sh
View File

@ -13,7 +13,14 @@ wget --no-check-certificate https://github.com/openssl/openssl/archive/refs/tags
tar --no-same-owner -xzf ${version}.tar.gz tar --no-same-owner -xzf ${version}.tar.gz
cd openssl-${version} cd openssl-${version}
./Configure --prefix=/opt/openssl3 --openssldir=/opt/openssl3/ssl if [ "$VARIANT" = "i386" ]; then
echo "32-bit compilation"
FLAGS="-m32 linux-generic32"
fi
./Configure $FLAGS no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3
# Uncomment for debugging
# perl configdata.pm --dump | grep engine
make -j$(nproc) make -j$(nproc)
# only install apps and library # only install apps and library
sudo make install_sw sudo make install_sw