packages/digest-list-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!87 dracut script support loading digest list with modsig

Browse Source 
From: @HuaxinLuGitee 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2024-08-16 06:15:00 +00:00 committed by Gitee
commit 5598fb2920
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
digest-list-tools.spec
View File

@ -1,6 +1,6 @@
name: digest-list-tools name: digest-list-tools
Version: 0.3.95 Version: 0.3.95
Release: 14 Release: 15
Summary: Utilities for IMA Digest Lists extension Summary: Utilities for IMA Digest Lists extension
Source0: https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz Source0: https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
@ -19,6 +19,7 @@ Patch7: fix-error-exit-in-dracut-program.patch
Patch8: fix-cap_struct-to-adapter-libcap-2.61.patch Patch8: fix-cap_struct-to-adapter-libcap-2.61.patch
Patch9: fix-the-compilation-error.patch Patch9: fix-the-compilation-error.patch
Patch10: allow-a-specified-algo-different-from-the-list-file.patch Patch10: allow-a-specified-algo-different-from-the-list-file.patch
Patch11: dracut-script-support-loading-digest-list-with-modsi.patch
Requires: libcap >= 2.61 Requires: libcap >= 2.61
BuildRequires: autoconf automake libcurl-devel libtool rpm-devel dracut gzip BuildRequires: autoconf automake libcurl-devel libtool rpm-devel dracut gzip
@ -131,6 +132,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{name}.1.gz %{_mandir}/man1/%{name}.1.gz
%changelog %changelog
* Fri Aug 16 2024 luhuaxin <luhuaxin1@huawei.com> - 0.3.95-15
- dracut script support loading digest list with modsig
* Tue Aug 22 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 0.3.95-14 * Tue Aug 22 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 0.3.95-14
- Allowing a specified algorithm different from the list file. - Allowing a specified algorithm different from the list file.

29
dracut-script-support-loading-digest-list-with-modsi.patch Normal file
View File

@ -0,0 +1,29 @@
From 1e46b6c1440b0aece5bb45ef8bc432a16d64248d Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Fri, 16 Aug 2024 10:57:33 +0800
Subject: [PATCH] dracut script support loading digest list with modsig
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
initrd/dracut/load_digest_lists.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh
index 8cb3e84..fad24ed 100644
--- a/initrd/dracut/load_digest_lists.sh
+++ b/initrd/dracut/load_digest_lists.sh
@@ -10,7 +10,10 @@ if [ -f /sys/kernel/security/ima/digest_list_data ]; then
if ($1 ~ /security.ima=0x03/) ima=1; }
END{ if (evm || ima) print "1" }')
if [ -z "$process_digest_list" ]; then
- continue
+ tail -c 32 $f | grep -a "~Module signature appended~" &> /dev/null
+ if [ $? -ne 0 ]; then
+ continue
+ fi
fi
format=$(echo $f | cut -d - -f 3)
--
2.33.0