[yocto] [meta-integrity][PATCH] ima-evm-utils: bump to release 1.2.1
From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- ...link-to-libcrypto-instead-of-OpenSSL.patch | 65 --- ...ls-replace-INCLUDES-with-AM_CPPFLAGS.patch | 43 ...clude-hash-info.gen-into-distributio.patch | 31 - ...ma-evm-utils-update-.gitignore-files.patch | 34 -- .../ima-evm-utils/ima-evm-utils_git.bb| 12 +--- 5 files changed, 3 insertions(+), 182 deletions(-) delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch delete mode 100644 meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch deleted file mode 100644 index 5ccb73d9b6e6.. --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 4feaf9b61f93e4043eca26b4ec9f9f68d0cf5e68 Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Wed, 6 Mar 2019 01:08:43 +0300 -Subject: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL - -There is no need to link to full libssl. evmctl uses functions from -libcrypto, so let's link only against that library. - -Signed-off-by: Dmitry Eremin-Solenikov - configure.ac| 4 +--- - src/Makefile.am | 9 - - 2 files changed, 5 insertions(+), 8 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 60f3684..32e8d85 100644 a/configure.ac -+++ b/configure.ac -@@ -24,9 +24,7 @@ LT_INIT - # Checks for header files. - AC_HEADER_STDC - --PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ]) --AC_SUBST(OPENSSL_CFLAGS) --AC_SUBST(OPENSSL_LIBS) -+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ]) - AC_SUBST(KERNEL_HEADERS) - AC_CHECK_HEADER(unistd.h) - AC_CHECK_HEADERS(openssl/conf.h) -diff --git a/src/Makefile.am b/src/Makefile.am -index d74fc6f..b81281a 100644 a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,11 +1,11 @@ - lib_LTLIBRARIES = libimaevm.la - - libimaevm_la_SOURCES = libimaevm.c --libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS) -+libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS) - # current[:revision[:age]] - # result: [current-age].age.revision - libimaevm_la_LDFLAGS = -version-info 0:0:0 --libimaevm_la_LIBADD = $(OPENSSL_LIBS) -+libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) - - include_HEADERS = imaevm.h - -@@ -17,12 +17,11 @@ hash_info.h: Makefile - bin_PROGRAMS = evmctl - - evmctl_SOURCES = evmctl.c --evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) -+evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS) - evmctl_LDFLAGS = $(LDFLAGS_READLINE) --evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la -+evmctl_LDADD = $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la - - INCLUDES = -I$(top_srcdir) -include config.h - - CLEANFILES = hash_info.h - DISTCLEANFILES = @DISTCLEANFILES@ -- --- -2.17.1 - diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch deleted file mode 100644 index 8237274ca8b6.. --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5bb10f3da420f4c46e44423276a9da0d4bc1b691 Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Wed, 6 Mar 2019 01:17:12 +0300 -Subject: [PATCH 2/4] ima-evm-utils: replace INCLUDES with AM_CPPFLAGS - -Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning -about deprecated variable usage. - -Signed-off-by: Dmitry Eremin-Solenikov - src/Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index b81281a..164e7e4 100644 a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,7 +1,7 @@ - lib_LTLIBRARIES = libimaevm.la - - libimaevm_la_SOURCES = libimaevm.c --libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS) -+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) - # current[:revision[:age]] - # result: [current-age].age.revision - libimaevm_la_LDFLAGS = -version-info 0:0:0 -@@ -17,11 +17,11 @@ hash_info.h: Makefile - bin_PROGRAMS = evmctl - - evmctl_SOURCES = evmctl.c --evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS) -+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) - evmctl_LDFLAGS =
[yocto] [meta-security] keyutils: migrate to meta-oe
From: Dmitry Eremin-Solenikov keyutils are now part of meta-oe, so remove them from meta-security. Signed-off-by: Dmitry Eremin-Solenikov --- .../files/fix_library_install_path.patch | 28 -- ...ror-report-by-adding-default-message.patch | 42 --- .../keyutils-test-fix-output-format.patch | 41 -- recipes-security/keyutils/files/run-ptest | 3 -- recipes-security/keyutils/keyutils_1.6.bb | 53 --- 5 files changed, 167 deletions(-) delete mode 100644 recipes-security/keyutils/files/fix_library_install_path.patch delete mode 100644 recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch delete mode 100644 recipes-security/keyutils/files/keyutils-test-fix-output-format.patch delete mode 100755 recipes-security/keyutils/files/run-ptest delete mode 100644 recipes-security/keyutils/keyutils_1.6.bb diff --git a/recipes-security/keyutils/files/fix_library_install_path.patch b/recipes-security/keyutils/files/fix_library_install_path.patch deleted file mode 100644 index 938fe2eb57a4.. --- a/recipes-security/keyutils/files/fix_library_install_path.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b0355cc205543ffd33752874295139d57c4fbc3e Mon Sep 17 00:00:00 2001 -From: Wenzong Fan -Date: Tue, 26 Sep 2017 07:59:51 + -Subject: [PATCH] Subject: [PATCH] keyutils: use relative path for link - -The absolute path of the symlink will be invalid -when populated in sysroot, so use relative path instead. - -Upstream-Status: Pending - -Signed-off-by: Jackie Huang -Signed-off-by: Wenzong Fan -{rebased for 1.6] -Signed-off-by: Armin Kuster - -Index: keyutils-1.6/Makefile -=== keyutils-1.6.orig/Makefile -+++ keyutils-1.6/Makefile -@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0) - $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) - $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME) - mkdir -p $(DESTDIR)$(USRLIBDIR) -- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) -+ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) - sed \ - -e 's,@VERSION\@,$(VERSION),g' \ - -e 's,@prefix\@,$(PREFIX),g' \ diff --git a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch deleted file mode 100644 index acd91c01c483.. --- a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch +++ /dev/null @@ -1,42 +0,0 @@ -fix keyutils test error report - -Upstream-Status: Pending - -"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED. -"Required key not available" may be the reason of EKEYREVOKED. -EXPIRED and REVOKED are 2 status of kernel security keys features. -But the userspace keyutils lib will output the error message, which may -have several reasons. - -Signed-off-by: Han Chao - -diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh -index bbca00a..739e9d0 100644 a/tests/toolbox.inc.sh -+++ b/tests/toolbox.inc.sh -@@ -227,11 +227,12 @@ function expect_error () - ;; - EKEYEXPIRED) - my_err="Key has expired" -- alt_err="Unknown error 127" -+ alt_err="Permission denied" - ;; - EKEYREVOKED) - my_err="Key has been revoked" -- alt_err="Unknown error 128" -+ alt_err="Permission denied" -+ alt2_err="Required key not available" - ;; - EKEYREJECTED) - my_err="Key has been rejected" -@@ -249,6 +250,9 @@ function expect_error () - elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null - then - : -+elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null -+then -+ : - elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null - then - : - diff --git a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch deleted file mode 100644 index a4ffd50ce54c.. --- a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001 -From: Jackie Huang -Date: Mon, 15 May 2017 14:52:00 +0800 -Subject: [PATCH] keyutils: fix output format - -keyutils ptest output format is incorrect, according to yocto -Development Manual -(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest) -5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake: -: -where the result can be PASS, FAIL, or SKIP, and the testname can be any -identifying string. -So we should change the test result format to match yocto ptest rules. -
[yocto] [meta-integrity] layer.conf: switch to keyutils from meta-oe
From: Dmitry Eremin-Solenikov As pointer by Martin Jansa, keyutils package is now a part of meta-oe, so switch to using keyutils from that layer. Signed-off-by: Dmitry Eremin-Solenikov --- meta-integrity/conf/layer.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index 1d31edd9b151..41989da38f63 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf @@ -22,5 +22,5 @@ INTEGRITY_BASE := '${LAYERDIR}' OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" LAYERSERIES_COMPAT_integrity = "warrior" -# ima-evm-utils depends on keyutils from meta-security -LAYERDEPENDS_integrity = "core security" +# ima-evm-utils depends on keyutils from meta-oe +LAYERDEPENDS_integrity = "core openembedded-layer" -- 2.20.1 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto