1 |
commit: 2c38515f011fb75697dae1d7456be62f8cf9b73e |
2 |
Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com> |
3 |
AuthorDate: Sat Nov 6 20:58:58 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 26 02:40:52 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c38515f |
7 |
|
8 |
app-crypt/ima-evm-utils: Bump to 1.4 |
9 |
|
10 |
Package-Manager: Portage-3.0.28, Repoman-3.0.3 |
11 |
Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com> |
12 |
Closes: https://bugs.gentoo.org/822165 |
13 |
Closes: https://github.com/gentoo/gentoo/pull/22850 |
14 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
15 |
|
16 |
app-crypt/ima-evm-utils/Manifest | 1 + |
17 |
...nfigure-remove-automagic-TSS-dependencies.patch | 39 ++++ |
18 |
...Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch | 84 ++++++++ |
19 |
...-evm-utils-1.4-test-remove-boot_aggregate.patch | 216 +++++++++++++++++++++ |
20 |
app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild | 52 +++++ |
21 |
app-crypt/ima-evm-utils/metadata.xml | 3 + |
22 |
6 files changed, 395 insertions(+) |
23 |
|
24 |
diff --git a/app-crypt/ima-evm-utils/Manifest b/app-crypt/ima-evm-utils/Manifest |
25 |
index 02f3d5d79e9d..3485816848d5 100644 |
26 |
--- a/app-crypt/ima-evm-utils/Manifest |
27 |
+++ b/app-crypt/ima-evm-utils/Manifest |
28 |
@@ -1,2 +1,3 @@ |
29 |
DIST ima-evm-utils-1.1.tar.gz 37825 BLAKE2B 469f5bbc194f3fcc8996f252d01745c0d8d4d4f63476174622ea4569c97978db478bd522ae4672819c5ef995f2bb524eb857e5bf5c303131959f2f5cb9c2ebcc SHA512 fc7efc890812233db888eef210dc4357bee838b56fd95efd9a9e141d684b0b354670a3c053dd93a94a1402dd826074d4a83a4637c8e6c1d90ead3132354a5776 |
30 |
DIST ima-evm-utils-1.3.2.tar.gz 100373 BLAKE2B 04717a934795f7e2a351b1f59388d2d429e00a8a18c57c0eb258bb81bc329342cb9971fa2b4493f7b492f07961ec794a0549fd2d0984381492dcab474915a0d6 SHA512 af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db |
31 |
+DIST ima-evm-utils-1.4.tar.gz 110104 BLAKE2B 12e09162e0d5e689132dde6b814ceeb8001a0379e8edb89b9aeb87c8e9f6e21fdd554e6626d1496b82cc77213fdf08b26bcc0be77140d7d598589a482940a321 SHA512 2fdf41470d88608162a084c4877ba17d531941b744bcb44dd4913e48ab2c2d131e0af3e3ead74c18748a5d46aced51213ebd7c13a5ee19050c28d54a26c011a3 |
32 |
|
33 |
diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch |
34 |
new file mode 100644 |
35 |
index 000000000000..a5fb28a291fb |
36 |
--- /dev/null |
37 |
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch |
38 |
@@ -0,0 +1,39 @@ |
39 |
+From 911cef2b984a947b1020bdcf87d1573600ea754d Mon Sep 17 00:00:00 2001 |
40 |
+From: Christopher Byrne <salah.coronya@×××××.com> |
41 |
+Date: Fri, 5 Nov 2021 21:31:10 -0500 |
42 |
+Subject: [PATCH] configure.ac: Remove automagic dependencies on the TSS stacks |
43 |
+ |
44 |
+Signed-off-by: Christopher Byrne <salah.coronya@×××××.com> |
45 |
+--- |
46 |
+ configure.ac | 12 +++++++++--- |
47 |
+ 1 file changed, 9 insertions(+), 3 deletions(-) |
48 |
+ |
49 |
+diff --git a/configure.ac b/configure.ac |
50 |
+index 1a0f093..c05b72d 100644 |
51 |
+--- a/configure.ac |
52 |
++++ b/configure.ac |
53 |
+@@ -31,12 +31,18 @@ AC_CHECK_HEADER(unistd.h) |
54 |
+ AC_CHECK_HEADERS(openssl/conf.h) |
55 |
+ |
56 |
+ # Intel TSS |
57 |
+-AC_CHECK_LIB([tss2-esys], [Esys_Free]) |
58 |
+-AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode]) |
59 |
++AC_ARG_WITH([pcrtss], AS_HELP_STRING([--with-pcrtss], [Build with Intel TSS library (default: disabled)])) |
60 |
++AS_IF([test "x$with_pcrtss" = "xyes"], [ |
61 |
++ AC_CHECK_LIB([tss2-esys], [Esys_Free]) |
62 |
++ AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode]) |
63 |
++]) |
64 |
+ AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_Free" = "xyes"]) |
65 |
+ |
66 |
+ # IBM TSS include files |
67 |
+-AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]]) |
68 |
++AC_ARG_WITH([ibmtss], AS_HELP_STRING([--with-ibmtss], [Build with IBM TSS library (default: disabled)])) |
69 |
++AS_IF([test "x$with_ibmtss" = "xyes"], [ |
70 |
++ AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]]) |
71 |
++]) |
72 |
+ AM_CONDITIONAL([USE_IBMTSS], [test "x$ac_cv_header_ibmtss_tss_h" = "xyes"]) |
73 |
+ |
74 |
+ AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])]) |
75 |
+-- |
76 |
+2.32.0 |
77 |
+ |
78 |
|
79 |
diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch |
80 |
new file mode 100644 |
81 |
index 000000000000..41dd2cd6fb0c |
82 |
--- /dev/null |
83 |
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch |
84 |
@@ -0,0 +1,84 @@ |
85 |
+From 5be7797f96db606c16701b6cb7e218a487c4cf4a Mon Sep 17 00:00:00 2001 |
86 |
+From: Christopher Byrne <salah.coronya@×××××.com> |
87 |
+Date: Sat, 6 Nov 2021 15:36:48 -0500 |
88 |
+Subject: [PATCH] test: Rename bash variable WORKDIR to MYWORKDIR |
89 |
+ |
90 |
+Gentoo Portage ALSO uses the variable WORKDIR, and this results in |
91 |
+Portage deleting the entire tree if the tests are run under it |
92 |
+ |
93 |
+Signed-off-by: Christopher Byrne <salah.coronya@×××××.com> |
94 |
+--- |
95 |
+ tests/functions.sh | 12 ++++++------ |
96 |
+ tests/sign_verify.test | 6 +++--- |
97 |
+ 2 files changed, 9 insertions(+), 9 deletions(-) |
98 |
+ |
99 |
+diff --git a/tests/functions.sh b/tests/functions.sh |
100 |
+index 8f6f02d..eb6b34a 100755 |
101 |
+--- a/tests/functions.sh |
102 |
++++ b/tests/functions.sh |
103 |
+@@ -250,8 +250,8 @@ _enable_gost_engine() { |
104 |
+ # Show test stats and exit into automake test system |
105 |
+ # with proper exit code (same as ours). Do cleanups. |
106 |
+ _report_exit_and_cleanup() { |
107 |
+- if [ -n "${WORKDIR}" ]; then |
108 |
+- rm -rf "${WORKDIR}" |
109 |
++ if [ -n "${MYWORKDIR}" ]; then |
110 |
++ rm -rf "${MYWORKDIR}" |
111 |
+ fi |
112 |
+ |
113 |
+ if [ $testsfail -gt 0 ]; then |
114 |
+@@ -277,19 +277,19 @@ _report_exit_and_cleanup() { |
115 |
+ } |
116 |
+ |
117 |
+ # Setup SoftHSM for local testing by calling the softhsm_setup script. |
118 |
+-# Use the provided workdir as the directory where SoftHSM will store its state |
119 |
++# Use the provided myworkdir as the directory where SoftHSM will store its state |
120 |
+ # into. |
121 |
+ # Upon successfully setting up SoftHSM, this function sets the global variables |
122 |
+ # OPENSSL_ENGINE and OPENSSL_KEYFORM so that the openssl command line tool can |
123 |
+ # use SoftHSM. Also the PKCS11_KEYURI global variable is set to the test key's |
124 |
+ # pkcs11 URI. |
125 |
+ _softhsm_setup() { |
126 |
+- local workdir="$1" |
127 |
++ local myworkdir="$1" |
128 |
+ |
129 |
+ local msg |
130 |
+ |
131 |
+- export SOFTHSM_SETUP_CONFIGDIR="${workdir}/softhsm" |
132 |
+- export SOFTHSM2_CONF="${workdir}/softhsm/softhsm2.conf" |
133 |
++ export SOFTHSM_SETUP_CONFIGDIR="${myworkdir}/softhsm" |
134 |
++ export SOFTHSM2_CONF="${myworkdir}/softhsm/softhsm2.conf" |
135 |
+ |
136 |
+ mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}" |
137 |
+ |
138 |
+diff --git a/tests/sign_verify.test b/tests/sign_verify.test |
139 |
+index c56290a..b619c22 100755 |
140 |
+--- a/tests/sign_verify.test |
141 |
++++ b/tests/sign_verify.test |
142 |
+@@ -29,7 +29,7 @@ fi |
143 |
+ ./gen-keys.sh >/dev/null 2>&1 |
144 |
+ |
145 |
+ trap _report_exit_and_cleanup EXIT |
146 |
+-WORKDIR=$(mktemp -d) |
147 |
++MYWORKDIR=$(mktemp -d) |
148 |
+ set -f # disable globbing |
149 |
+ |
150 |
+ # Determine keyid from a cert |
151 |
+@@ -426,7 +426,7 @@ expect_fail \ |
152 |
+ check_sign TYPE=ima KEY=gost2012_256-B ALG=md_gost12_512 PREFIX=0x0302 OPTS= |
153 |
+ |
154 |
+ # Test signing with key described by pkcs11 URI |
155 |
+-_softhsm_setup "${WORKDIR}" |
156 |
++_softhsm_setup "${MYWORKDIR}" |
157 |
+ if [ -n "${PKCS11_KEYURI}" ]; then |
158 |
+ expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd |
159 |
+ expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha1 PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd |
160 |
+@@ -436,4 +436,4 @@ else |
161 |
+ expect_pass __skip |
162 |
+ expect_pass __skip |
163 |
+ fi |
164 |
+-_softhsm_teardown "${WORKDIR}" |
165 |
++_softhsm_teardown "${MYWORKDIR}" |
166 |
+-- |
167 |
+2.32.0 |
168 |
+ |
169 |
|
170 |
diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch |
171 |
new file mode 100644 |
172 |
index 000000000000..701a81614f78 |
173 |
--- /dev/null |
174 |
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch |
175 |
@@ -0,0 +1,216 @@ |
176 |
+diff --git a/tests/Makefile.am b/tests/Makefile.am |
177 |
+index ff928e1..029f2ff 100644 |
178 |
+--- a/tests/Makefile.am |
179 |
++++ b/tests/Makefile.am |
180 |
+@@ -1,7 +1,7 @@ |
181 |
+ check_SCRIPTS = |
182 |
+ TESTS = $(check_SCRIPTS) |
183 |
+ |
184 |
+-check_SCRIPTS += ima_hash.test sign_verify.test boot_aggregate.test |
185 |
++check_SCRIPTS += ima_hash.test sign_verify.test |
186 |
+ |
187 |
+ clean-local: |
188 |
+ -rm -f *.txt *.out *.sig *.sig2 |
189 |
+diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test |
190 |
+deleted file mode 100755 |
191 |
+index d711566..0000000 |
192 |
+--- a/tests/boot_aggregate.test |
193 |
++++ /dev/null |
194 |
+@@ -1,197 +0,0 @@ |
195 |
+-#!/bin/bash |
196 |
+- |
197 |
+-# |
198 |
+-# Calculate the boot_aggregate for each TPM bank, verifying that the |
199 |
+-# boot_aggregate in the IMA measurement list matches one of them. |
200 |
+-# |
201 |
+-# A software TPM may be used to verify the boot_aggregate. If a |
202 |
+-# software TPM is not already running on the system, this test |
203 |
+-# starts one and initializes the TPM PCR banks by walking the sample |
204 |
+-# binary_bios_measurements event log, included in this directory, and |
205 |
+-# extending the TPM PCRs. The associated ascii_runtime_measurements |
206 |
+-# for verifying the calculated boot_aggregate is included in this |
207 |
+-# directory as well. |
208 |
+- |
209 |
+-trap cleanup SIGINT SIGTERM EXIT |
210 |
+- |
211 |
+-# Base VERBOSE on the environment variable, if set. |
212 |
+-VERBOSE="${VERBOSE:-0}" |
213 |
+- |
214 |
+-cd "$(dirname "$0")" |
215 |
+-export PATH=../src:$PATH |
216 |
+-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH |
217 |
+-. ./functions.sh |
218 |
+-_require evmctl |
219 |
+-TSSDIR="$(dirname -- "$(which tssstartup)")" |
220 |
+-PCRFILE="/sys/class/tpm/tpm0/device/pcrs" |
221 |
+-MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs" |
222 |
+- |
223 |
+-# Only stop this test's software TPM |
224 |
+-cleanup() { |
225 |
+- if [ -n "${SWTPM_PID}" ]; then |
226 |
+- kill -SIGTERM "${SWTPM_PID}" |
227 |
+- elif [ -n "${TPMSERVER_PID}" ]; then |
228 |
+- "${TSSDIR}/tsstpmcmd" -stop |
229 |
+- fi |
230 |
+-} |
231 |
+- |
232 |
+-# Try to start a software TPM if needed. |
233 |
+-swtpm_start() { |
234 |
+- local tpm_server swtpm |
235 |
+- |
236 |
+- tpm_server="$(which tpm_server)" |
237 |
+- swtpm="$(which swtpm)" |
238 |
+- if [ -z "${tpm_server}" ] && [ -z "${swtpm}" ]; then |
239 |
+- echo "${CYAN}SKIP: Software TPM (tpm_server and swtpm) not found${NORM}" |
240 |
+- return "$SKIP" |
241 |
+- fi |
242 |
+- |
243 |
+- if [ -n "${swtpm}" ]; then |
244 |
+- pgrep swtpm |
245 |
+- if [ $? -eq 0 ]; then |
246 |
+- echo "INFO: Software TPM (swtpm) already running" |
247 |
+- return 114 |
248 |
+- else |
249 |
+- echo "INFO: Starting software TPM: ${swtpm}" |
250 |
+- mkdir -p ./myvtpm |
251 |
+- ${swtpm} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 & |
252 |
+- SWTPM_PID=$! |
253 |
+- fi |
254 |
+- elif [ -n "${tpm_server}" ]; then |
255 |
+- # tpm_server uses the Microsoft simulator encapsulated packet format |
256 |
+- export TPM_SERVER_TYPE="mssim" |
257 |
+- pgrep tpm_server |
258 |
+- if [ $? -eq 0 ]; then |
259 |
+- echo "INFO: Software TPM (tpm_server) already running" |
260 |
+- return 114 |
261 |
+- else |
262 |
+- echo "INFO: Starting software TPM: ${tpm_server}" |
263 |
+- ${tpm_server} > /dev/null 2>&1 & |
264 |
+- TPMSERVER_PID=$! |
265 |
+- fi |
266 |
+- fi |
267 |
+- return 0 |
268 |
+-} |
269 |
+- |
270 |
+-# Initialize the software TPM using the sample binary_bios_measurements log. |
271 |
+-swtpm_init() { |
272 |
+- if [ ! -f "${TSSDIR}/tssstartup" ] || [ ! -f "${TSSDIR}/tsseventextend" ]; then |
273 |
+- echo "${CYAN}SKIP: tssstartup and tsseventextend needed for test${NORM}" |
274 |
+- return "$SKIP" |
275 |
+- fi |
276 |
+- |
277 |
+- echo "INFO: Sending software TPM startup" |
278 |
+- "${TSSDIR}/tssstartup" |
279 |
+- if [ $? -ne 0 ]; then |
280 |
+- echo "INFO: Retry sending software TPM startup" |
281 |
+- sleep 1 |
282 |
+- "${TSSDIR}/tssstartup" |
283 |
+- fi |
284 |
+- |
285 |
+- if [ $? -ne 0 ]; then |
286 |
+- echo "INFO: Software TPM startup failed" |
287 |
+- return "$SKIP" |
288 |
+- fi |
289 |
+- |
290 |
+- echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM" |
291 |
+-# $(${TSSDIR}/tsseventextend -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v) 2>&1 > /dev/null |
292 |
+- "${TSSDIR}/tsseventextend" -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v > /dev/null 2>&1 |
293 |
+-} |
294 |
+- |
295 |
+-# In VERBOSE mode, display the calculated TPM PCRs for the different banks. |
296 |
+-display_pcrs() { |
297 |
+- local PCRMAX=9 |
298 |
+- local banks=("sha1" "sha256") |
299 |
+- local i; |
300 |
+- |
301 |
+- for bank in "${banks[@]}"; do |
302 |
+- echo "INFO: Displaying ${bank} TPM bank (PCRs 0 - 9)" |
303 |
+- for i in $(seq 0 $PCRMAX); do |
304 |
+- rc=0 |
305 |
+- pcr=$("${TSSDIR}/tsspcrread" -halg "${bank}" -ha "${i}" -ns) |
306 |
+- if [ $rc -ne 0 ]; then |
307 |
+- echo "INFO: tsspcrread failed: $pcr" |
308 |
+- break |
309 |
+- fi |
310 |
+- echo "$i: $pcr" |
311 |
+- done |
312 |
+- done |
313 |
+-} |
314 |
+- |
315 |
+-# The first entry in the IMA measurement list is the "boot_aggregate". |
316 |
+-# For each kexec, an additional "boot_aggregate" will appear in the |
317 |
+-# measurement list, assuming the previous measurement list is carried |
318 |
+-# across the kexec. |
319 |
+-# |
320 |
+-# Verify that the last "boot_aggregate" record in the IMA measurement |
321 |
+-# list matches. |
322 |
+-check() { |
323 |
+- echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks" |
324 |
+- bootaggr=$(evmctl ima_boot_aggregate) |
325 |
+- if [ $? -ne 0 ]; then |
326 |
+- echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}" |
327 |
+- exit "$SKIP" |
328 |
+- fi |
329 |
+- |
330 |
+- boot_aggr=( $bootaggr ) |
331 |
+- |
332 |
+- echo "INFO: Searching for the boot_aggregate in ${ASCII_RUNTIME_MEASUREMENTS}" |
333 |
+- for hash in "${boot_aggr[@]}"; do |
334 |
+- if [ "$VERBOSE" != "0" ]; then |
335 |
+- echo "$hash" |
336 |
+- fi |
337 |
+- if grep -e " boot_aggregate$" -e " boot_aggregate.$" "${ASCII_RUNTIME_MEASUREMENTS}" | tail -n 1 | grep -q "${hash}"; then |
338 |
+- echo "${GREEN}SUCCESS: boot_aggregate ${hash} found${NORM}" |
339 |
+- return "$OK" |
340 |
+- fi |
341 |
+- done |
342 |
+- echo "${RED}FAILURE: boot_aggregate not found${NORM}" |
343 |
+- echo "$bootaggr" |
344 |
+- return "$FAIL" |
345 |
+-} |
346 |
+- |
347 |
+-if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then |
348 |
+- ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements" |
349 |
+- if [ ! -d "/sys/kernel/security/ima" ]; then |
350 |
+- echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}" |
351 |
+- exit "$SKIP" |
352 |
+- fi |
353 |
+-else |
354 |
+- BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9" |
355 |
+- ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9" |
356 |
+- export TPM_INTERFACE_TYPE="socsim" |
357 |
+- export TPM_COMMAND_PORT=2321 |
358 |
+- export TPM_PLATFORM_PORT=2322 |
359 |
+- export TPM_SERVER_NAME="localhost" |
360 |
+- |
361 |
+- # swtpm uses the raw, unencapsulated packet format |
362 |
+- export TPM_SERVER_TYPE="raw" |
363 |
+-fi |
364 |
+- |
365 |
+-# Start and initialize a software TPM as needed |
366 |
+-if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then |
367 |
+- if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then |
368 |
+- echo "${CYAN}SKIP: system has discrete TPM 1.2, sample TPM 2.0 event log test not supported.${NORM}" |
369 |
+- exit "$SKIP" |
370 |
+- fi |
371 |
+- |
372 |
+- swtpm_start |
373 |
+- error=$? |
374 |
+- if [ $error -eq "$SKIP" ]; then |
375 |
+- echo "skip: swtpm not installed" |
376 |
+- exit "$SKIP" |
377 |
+- fi |
378 |
+- |
379 |
+- if [ $error -eq 0 ]; then |
380 |
+- swtpm_init |
381 |
+- if [ $? -eq "$SKIP" ]; then |
382 |
+- echo "testing boot_aggregate without entries" |
383 |
+- exit "$SKIP" |
384 |
+- fi |
385 |
+- fi |
386 |
+- if [ "$VERBOSE" != "0" ]; then |
387 |
+- display_pcrs |
388 |
+- fi |
389 |
+-fi |
390 |
+- |
391 |
+-expect_pass check |
392 |
|
393 |
diff --git a/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild |
394 |
new file mode 100644 |
395 |
index 000000000000..8a6872dda3e1 |
396 |
--- /dev/null |
397 |
+++ b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild |
398 |
@@ -0,0 +1,52 @@ |
399 |
+# Copyright 1999-2021 Gentoo Authors |
400 |
+# Distributed under the terms of the GNU General Public License v2 |
401 |
+ |
402 |
+EAPI=8 |
403 |
+ |
404 |
+inherit autotools |
405 |
+ |
406 |
+DESCRIPTION="Supporting tools for IMA and EVM" |
407 |
+HOMEPAGE="http://linux-ima.sourceforge.net" |
408 |
+SRC_URI="https://download.sourceforge.net/linux-ima/${P}.tar.gz" |
409 |
+ |
410 |
+LICENSE="GPL-2" |
411 |
+SLOT="0" |
412 |
+KEYWORDS="~amd64 ~x86" |
413 |
+IUSE="debug test tpm" |
414 |
+ |
415 |
+RDEPEND=" |
416 |
+ dev-libs/openssl:0= |
417 |
+ sys-apps/keyutils:= |
418 |
+ tpm? ( app-crypt/tpm2-tss )" |
419 |
+DEPEND="${RDEPEND}" |
420 |
+BDEPEND=" |
421 |
+ app-text/asciidoc |
422 |
+ app-text/docbook-xsl-stylesheets |
423 |
+ dev-libs/libxslt |
424 |
+ test? ( app-editors/vim-core )" |
425 |
+ |
426 |
+RESTRICT="!test? ( test )" |
427 |
+ |
428 |
+PATCHES=( |
429 |
+ "${FILESDIR}/${PN}-1.4-configure-remove-automagic-TSS-dependencies.patch" |
430 |
+ "${FILESDIR}/${PN}-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch" |
431 |
+ "${FILESDIR}/${PN}-1.4-test-remove-boot_aggregate.patch" |
432 |
+ ) |
433 |
+ |
434 |
+src_prepare() { |
435 |
+ default |
436 |
+ |
437 |
+ sed -i '/^MANPAGE_DOCBOOK_XSL/s:/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl:/usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl:' Makefile.am || die |
438 |
+ eautoreconf |
439 |
+} |
440 |
+ |
441 |
+src_configure() { |
442 |
+ econf \ |
443 |
+ $(use_enable debug) \ |
444 |
+ $(use_with tpm pcrtss) |
445 |
+} |
446 |
+ |
447 |
+src_install() { |
448 |
+ default |
449 |
+ find "${ED}" -name '*.la' -delete || die |
450 |
+} |
451 |
|
452 |
diff --git a/app-crypt/ima-evm-utils/metadata.xml b/app-crypt/ima-evm-utils/metadata.xml |
453 |
index 1beb74ffb739..06e244511370 100644 |
454 |
--- a/app-crypt/ima-evm-utils/metadata.xml |
455 |
+++ b/app-crypt/ima-evm-utils/metadata.xml |
456 |
@@ -8,4 +8,7 @@ |
457 |
<upstream> |
458 |
<remote-id type="sourceforge">linux-ima</remote-id> |
459 |
</upstream> |
460 |
+ <use> |
461 |
+ <flag name="tpm">Enable TPM support</flag> |
462 |
+ </use> |
463 |
</pkgmetadata> |