Added RPM and TAR building rules

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
evm-utils renamed to ima-evm-utils
2012-04-05 15:24:01 +03:00 · 2012-04-05 14:54:28 +03:00 · 2012-04-05 14:32:28 +03:00 · 2012-04-05 13:48:39 +03:00 · 2012-04-05 13:48:08 +03:00 · 2012-04-05 12:23:45 +03:00
6 changed files with 471 additions and 364 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2012-04-02  Dmitry Kasatkin  <dmitry.kasatkin@intel.com>
+
+	version 0.1.0
+	* Fully functional version for lastest 3.x kernels
+
 2011-08-24  Dmitry Kasatkin  <dmitry.kasatkin@intel.com>

 	version 0.1
--- a/Makefile.am
+++ b/Makefile.am
@ -4,3 +4,20 @@ SUBDIRS = src tests

 ACLOCAL_AMFLAGS = -I m4

+SRCS = $(HOME)/rpmbuild/SOURCES
+SPEC = $(PACKAGE_NAME).spec
+
+pkgname = $(PACKAGE_NAME)-$(PACKAGE_VERSION)
+tarname = $(pkgname).tar.gz
+
+$(tarname):
+	git tag -f v$(PACKAGE_VERSION)
+	git archive --format=tar --prefix=$(pkgname)/ v$(PACKAGE_VERSION) $(FILES) | gzip >$@;
+
+tar: $(tarname)
+
+rpm: $(tarname)
+	cp $(tarname) $(SRCS)/
+	rpmbuild -ba --nodeps $(SPEC)
+
+.PHONY: $(tarname)
--- a/12
+++ b/12
@ -1,8 +1,17 @@

 1. Generate private key

+# plain key
 openssl genrsa -out privkey_evm.pem 1024

+# encrypted key
+openssl genrsa -des3 -out privkey_evm.pem 1024
+
+# set password for the key
+openssl rsa -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem -des3
+or
+openssl pkcs8 -topk8 -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem
+
 2. Generate public key

 openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem
@ -34,6 +43,9 @@ find /lib/modules ! -name "*.ko" -type f -uid 0 -exec evmctl sign --imahash '{}'
 # security.ima needs to have signature for modules
 find /lib/modules -name "*.ko" -type f -uid 0 -exec evmctl sign --imasig '{}' \;

+# generate signatures in .sig files
+find /lib/modules -name "*.ko" -type f -uid 0 -exec evmctl -n --sigfile ima_sign '{}' \;
+
 8. Label filesystem in fix mode...

 ima_fix_dir.sh <dir>
--- a/configure.ac
+++ b/configure.ac
@ -1,7 +1,7 @@
 # autoconf script

 AC_PREREQ([2.65])
-AC_INIT(evm-utils, 0.1, dmitry.kasatkin@intel.com)
+AC_INIT(ima-evm-utils, 0.1.1, dmitry.kasatkin@intel.com)
 AM_INIT_AUTOMAKE(AC_PACKAGE_NAME, AC_PACKAGE_VERSION)
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
@ -33,7 +33,7 @@ AC_CHECK_HEADERS(openssl/conf.h)
 #debug support - yes for a while
 PKG_ARG_ENABLE(debug, "yes", DEBUG, [Enable Debug support])
 if test $pkg_cv_enable_debug = yes; then
-	CFLAGS="-g -O1 -Wall -Wstrict-prototypes -pipe"
+	CFLAGS="$CFLAGS -g -O1 -Wall -Wstrict-prototypes -pipe"
 else
 	CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
 fi
@ -47,7 +47,7 @@ fi
 AC_CONFIG_FILES([Makefile
 		src/Makefile
 		tests/Makefile
-		evm-utils.spec
+		ima-evm-utils.spec
 		])
 AC_OUTPUT

--- a/ima-evm-utils.spec.in
+++ b/ima-evm-utils.spec.in
@ -1,7 +1,7 @@
 Name:		@PACKAGE_NAME@
 Version:	@PACKAGE_VERSION@
 Release:	1%{?dist}
-Summary:	evm-utils - IMA/EVM support utilities
+Summary:	@PACKAGE_NAME@ - IMA/EVM control utility
 Group:		System/Libraries
 License:	LGPLv2
 #URL:		
@ -12,11 +12,10 @@ BuildRequires:    autoconf
 BuildRequires:    automake
 BuildRequires:    openssl-devel
 BuildRequires:    libattr-devel
-BuildRequires:    readline-devel
 BuildRequires:    keyutils-libs-devel

 %description
-This library provides EVM support utilities.
+This package provide IMA/EVM control utility

 %prep
 %setup -q
@ -48,6 +47,6 @@ exit 0
 %{_libdir}/*

 %changelog
-* Wed Jul 20 2011 Dmitry Kasatkin <dmitry.kasatkin@intel.com>
- Initial package for MeeGo
+* Thu Apr 05 2012 Dmitry Kasatkin <dmitry.kasatkin@intel.com>
+- Initial RPM spec file

--- a/src/evmctl.c
+++ b/src/evmctl.c
Author	SHA1	Message	Date
Dmitry Kasatkin	510061c2b8	Added RPM and TAR building rules Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-05 15:24:01 +03:00
Dmitry Kasatkin	7b0cbf5e53	evm-utils renamed to ima-evm-utils Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-05 14:54:28 +03:00
Dmitry Kasatkin	776183a642	added command options description Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-05 14:32:28 +03:00
Dmitry Kasatkin	c3d090abba	removed unused parameter Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-05 13:48:39 +03:00
Dmitry Kasatkin	bb79f7aaf2	import functions combined Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-05 13:48:08 +03:00
Dmitry Kasatkin	a3c7609b80	updated error handling Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-05 12:23:45 +03:00
Dmitry Kasatkin	d70816cbf1	read list of existing extended attributes getxattr() might return runtime value which does not really exist on file system. It happens for SMACK LSM. Reading the list of existing attributes allows to prevent such to happen. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-04 16:48:38 +03:00
Dmitry Kasatkin	c6c8cccb83	added HMAC API error handling Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-04-04 16:48:16 +03:00
Dmitry Kasatkin	94de24e5ad	version 0.1.0	2012-04-02 15:52:30 +03:00
Dmitry Kasatkin	3f2f98aef8	remove unused parameter Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-03-15 11:52:36 +02:00
Dmitry Kasatkin	ae47101134	Changed time_t timestamp type to uint32_t time_t is actually long and is different on 32 and 64 bit architectures. Format of the signatures should not depend on the architecture and should be the same. Changed timestamp to uint32_t like in GPG. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-02 10:12:34 +02:00
Dmitry Kasatkin	d98e4a9bed	Added missing CFLAGS Added missing CFLAGS Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-01 15:24:07 +02:00
Dmitry Kasatkin	179664d7e9	Added signature write to .sig file To enable module signature verification working on file systems without extended attributes, or to be able to copy modules by methods, which does not support extended attribute copying, it is necessary to store signature in the file. This patch provides command line parameter for storing signature in .sig file. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-01 15:24:02 +02:00
Dmitry Kasatkin	c440d2d95f	Change set_xattr to xattr. set_xattr changed to xattr. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-01 11:10:15 +02:00
Dmitry Kasatkin	fed7fb6933	Changed to conform Linux kernel coding style Changed to conform Linux kernel coding style, except 80 characters line length limit. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-01 11:04:36 +02:00
Dmitry Kasatkin	78494ab370	added password parameter for using encrypted keys Added password parameter for using encrypted keys. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-01 10:35:43 +02:00
Dmitry Kasatkin	192f897b8e	added openssl initialization and error reporting Added openssl initialization and error reporting. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-02-01 10:35:38 +02:00
Dmitry Kasatkin	0799e24820	minor fixes - error message - command info Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-01-30 13:23:28 +02:00
Dmitry Kasatkin	c94a0b9262	Merge branch 'master' of ssh://linux-ima.git.sourceforge.net/gitroot/linux-ima/evm-utils	2011-12-02 14:39:56 +02:00
Dmitry Kasatkin	e2da6956c4	evmctl - IMA/EVM control tool evmctl provides signing support for IMA/EVM. Functionality includes signing of file content (IMA), file metadata (EVM), importing public keys into kernel keyring. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2011-10-14 16:53:34 +03:00