[gentoo-commits] repo/gentoo:master commit in: app-crypt/ima-evm-utils/, app-crypt/ima-evm-utils/files/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-crypt/ima-evm-utils/, app-crypt/ima-evm-utils/files/
Date:	Sat, 26 Feb 2022 02:44:01
Message-Id:	`1645843252.2c38515f011fb75697dae1d7456be62f8cf9b73e.sam@gentoo`

1

commit:     2c38515f011fb75697dae1d7456be62f8cf9b73e

2

Author:     Christopher Byrne <salah.coronya <AT> gmail <DOT> com>

3

AuthorDate: Sat Nov  6 20:58:58 2021 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Sat Feb 26 02:40:52 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c38515f

7

8

app-crypt/ima-evm-utils: Bump to 1.4

9

10

Package-Manager: Portage-3.0.28, Repoman-3.0.3

11

Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>

12

Closes: https://bugs.gentoo.org/822165

13

Closes: https://github.com/gentoo/gentoo/pull/22850

14

Signed-off-by: Sam James <sam <AT> gentoo.org>

15

16

 app-crypt/ima-evm-utils/Manifest                   |   1 +

17

 ...nfigure-remove-automagic-TSS-dependencies.patch |  39 ++++

18

 ...Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch |  84 ++++++++

19

 ...-evm-utils-1.4-test-remove-boot_aggregate.patch | 216 +++++++++++++++++++++

20

 app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild   |  52 +++++

21

 app-crypt/ima-evm-utils/metadata.xml               |   3 +

22

 6 files changed, 395 insertions(+)

23

24

diff --git a/app-crypt/ima-evm-utils/Manifest b/app-crypt/ima-evm-utils/Manifest

25

index 02f3d5d79e9d..3485816848d5 100644

26

--- a/app-crypt/ima-evm-utils/Manifest

27

+++ b/app-crypt/ima-evm-utils/Manifest

28

@@ -1,2 +1,3 @@

29

 DIST ima-evm-utils-1.1.tar.gz 37825 BLAKE2B 469f5bbc194f3fcc8996f252d01745c0d8d4d4f63476174622ea4569c97978db478bd522ae4672819c5ef995f2bb524eb857e5bf5c303131959f2f5cb9c2ebcc SHA512 fc7efc890812233db888eef210dc4357bee838b56fd95efd9a9e141d684b0b354670a3c053dd93a94a1402dd826074d4a83a4637c8e6c1d90ead3132354a5776

30

 DIST ima-evm-utils-1.3.2.tar.gz 100373 BLAKE2B 04717a934795f7e2a351b1f59388d2d429e00a8a18c57c0eb258bb81bc329342cb9971fa2b4493f7b492f07961ec794a0549fd2d0984381492dcab474915a0d6 SHA512 af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db

31

+DIST ima-evm-utils-1.4.tar.gz 110104 BLAKE2B 12e09162e0d5e689132dde6b814ceeb8001a0379e8edb89b9aeb87c8e9f6e21fdd554e6626d1496b82cc77213fdf08b26bcc0be77140d7d598589a482940a321 SHA512 2fdf41470d88608162a084c4877ba17d531941b744bcb44dd4913e48ab2c2d131e0af3e3ead74c18748a5d46aced51213ebd7c13a5ee19050c28d54a26c011a3

32

33

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch

34

new file mode 100644

35

index 000000000000..a5fb28a291fb

36

--- /dev/null

37

+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch

38

@@ -0,0 +1,39 @@

39

+From 911cef2b984a947b1020bdcf87d1573600ea754d Mon Sep 17 00:00:00 2001

40

+From: Christopher Byrne <salah.coronya@×××××.com>

41

+Date: Fri, 5 Nov 2021 21:31:10 -0500

42

+Subject: [PATCH] configure.ac: Remove automagic dependencies on the TSS stacks

43

+

44

+Signed-off-by: Christopher Byrne <salah.coronya@×××××.com>

45

+---

46

+ configure.ac | 12 +++++++++---

47

+ 1 file changed, 9 insertions(+), 3 deletions(-)

48

+

49

+diff --git a/configure.ac b/configure.ac

50

+index 1a0f093..c05b72d 100644

51

+--- a/configure.ac

52

++++ b/configure.ac

53

+@@ -31,12 +31,18 @@ AC_CHECK_HEADER(unistd.h)

54

+ AC_CHECK_HEADERS(openssl/conf.h)

55

+

56

+ # Intel TSS

57

+-AC_CHECK_LIB([tss2-esys], [Esys_Free])

58

+-AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])

59

++AC_ARG_WITH([pcrtss], AS_HELP_STRING([--with-pcrtss], [Build with Intel TSS library (default: disabled)]))

60

++AS_IF([test "x$with_pcrtss" = "xyes"], [

61

++  AC_CHECK_LIB([tss2-esys], [Esys_Free])

62

++  AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])

63

++])

64

+ AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_Free" = "xyes"])

65

+

66

+ # IBM TSS include files

67

+-AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]])

68

++AC_ARG_WITH([ibmtss], AS_HELP_STRING([--with-ibmtss], [Build with IBM TSS library (default: disabled)]))

69

++AS_IF([test "x$with_ibmtss" = "xyes"], [

70

++  AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]])

71

++])

72

+ AM_CONDITIONAL([USE_IBMTSS], [test "x$ac_cv_header_ibmtss_tss_h" = "xyes"])

73

+

74

+ AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])

75

+--

76

+2.32.0

77

+

78

79

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch

80

new file mode 100644

81

index 000000000000..41dd2cd6fb0c

82

--- /dev/null

83

+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch

84

@@ -0,0 +1,84 @@

85

+From 5be7797f96db606c16701b6cb7e218a487c4cf4a Mon Sep 17 00:00:00 2001

86

+From: Christopher Byrne <salah.coronya@×××××.com>

87

+Date: Sat, 6 Nov 2021 15:36:48 -0500

88

+Subject: [PATCH] test: Rename bash variable WORKDIR to MYWORKDIR

89

+

90

+Gentoo Portage ALSO uses the variable WORKDIR, and this results in

91

+Portage deleting the entire tree if the tests are run under it

92

+

93

+Signed-off-by: Christopher Byrne <salah.coronya@×××××.com>

94

+---

95

+ tests/functions.sh     | 12 ++++++------

96

+ tests/sign_verify.test |  6 +++---

97

+ 2 files changed, 9 insertions(+), 9 deletions(-)

98

+

99

+diff --git a/tests/functions.sh b/tests/functions.sh

100

+index 8f6f02d..eb6b34a 100755

101

+--- a/tests/functions.sh

102

++++ b/tests/functions.sh

103

+@@ -250,8 +250,8 @@ _enable_gost_engine() {

104

+ # Show test stats and exit into automake test system

105

+ # with proper exit code (same as ours). Do cleanups.

106

+ _report_exit_and_cleanup() {

107

+-  if [ -n "${WORKDIR}" ]; then

108

+-    rm -rf "${WORKDIR}"

109

++  if [ -n "${MYWORKDIR}" ]; then

110

++    rm -rf "${MYWORKDIR}"

111

+   fi

112

+

113

+   if [ $testsfail -gt 0 ]; then

114

+@@ -277,19 +277,19 @@ _report_exit_and_cleanup() {

115

+ }

116

+

117

+ # Setup SoftHSM for local testing by calling the softhsm_setup script.

118

+-# Use the provided workdir as the directory where SoftHSM will store its state

119

++# Use the provided myworkdir as the directory where SoftHSM will store its state

120

+ # into.

121

+ # Upon successfully setting up SoftHSM, this function sets the global variables

122

+ # OPENSSL_ENGINE and OPENSSL_KEYFORM so that the openssl command line tool can

123

+ # use SoftHSM. Also the PKCS11_KEYURI global variable is set to the test key's

124

+ # pkcs11 URI.

125

+ _softhsm_setup() {

126

+-  local workdir="$1"

127

++  local myworkdir="$1"

128

+

129

+   local msg

130

+

131

+-  export SOFTHSM_SETUP_CONFIGDIR="${workdir}/softhsm"

132

+-  export SOFTHSM2_CONF="${workdir}/softhsm/softhsm2.conf"

133

++  export SOFTHSM_SETUP_CONFIGDIR="${myworkdir}/softhsm"

134

++  export SOFTHSM2_CONF="${myworkdir}/softhsm/softhsm2.conf"

135

+

136

+   mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}"

137

+

138

+diff --git a/tests/sign_verify.test b/tests/sign_verify.test

139

+index c56290a..b619c22 100755

140

+--- a/tests/sign_verify.test

141

++++ b/tests/sign_verify.test

142

+@@ -29,7 +29,7 @@ fi

143

+ ./gen-keys.sh >/dev/null 2>&1

144

+

145

+ trap _report_exit_and_cleanup EXIT

146

+-WORKDIR=$(mktemp -d)

147

++MYWORKDIR=$(mktemp -d)

148

+ set -f # disable globbing

149

+

150

+ # Determine keyid from a cert

151

+@@ -426,7 +426,7 @@ expect_fail \

152

+   check_sign TYPE=ima KEY=gost2012_256-B ALG=md_gost12_512 PREFIX=0x0302 OPTS=

153

+

154

+ # Test signing with key described by pkcs11 URI

155

+-_softhsm_setup "${WORKDIR}"

156

++_softhsm_setup "${MYWORKDIR}"

157

+ if [ -n "${PKCS11_KEYURI}" ]; then

158

+   expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd

159

+   expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd

160

+@@ -436,4 +436,4 @@ else

161

+   expect_pass __skip

162

+   expect_pass __skip

163

+ fi

164

+-_softhsm_teardown "${WORKDIR}"

165

++_softhsm_teardown "${MYWORKDIR}"

166

+--

167

+2.32.0

168

+

169

170

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch

171

new file mode 100644

172

index 000000000000..701a81614f78

173

--- /dev/null

174

+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch

175

@@ -0,0 +1,216 @@

176

+diff --git a/tests/Makefile.am b/tests/Makefile.am

177

+index ff928e1..029f2ff 100644

178

+--- a/tests/Makefile.am

179

++++ b/tests/Makefile.am

180

+@@ -1,7 +1,7 @@

181

+ check_SCRIPTS =

182

+ TESTS = $(check_SCRIPTS)

183

+

184

+-check_SCRIPTS += ima_hash.test sign_verify.test boot_aggregate.test

185

++check_SCRIPTS += ima_hash.test sign_verify.test

186

+

187

+ clean-local:

188

+ 	-rm -f *.txt *.out *.sig *.sig2

189

+diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test

190

+deleted file mode 100755

191

+index d711566..0000000

192

+--- a/tests/boot_aggregate.test

193

++++ /dev/null

194

+@@ -1,197 +0,0 @@

195

+-#!/bin/bash

196

+-

197

+-#

198

+-# Calculate the boot_aggregate for each TPM bank, verifying that the

199

+-# boot_aggregate in the IMA measurement list matches one of them.

200

+-#

201

+-# A software TPM may be used to verify the boot_aggregate.  If a

202

+-# software TPM is not already running on the system, this test

203

+-# starts one and initializes the TPM PCR banks by walking the sample

204

+-# binary_bios_measurements event log, included in this directory, and

205

+-# extending the TPM PCRs.  The associated ascii_runtime_measurements

206

+-# for verifying the calculated boot_aggregate is included in this

207

+-# directory as well.

208

+-

209

+-trap cleanup SIGINT SIGTERM EXIT

210

+-

211

+-# Base VERBOSE on the environment variable, if set.

212

+-VERBOSE="${VERBOSE:-0}"

213

+-

214

+-cd "$(dirname "$0")"

215

+-export PATH=../src:$PATH

216

+-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH

217

+-. ./functions.sh

218

+-_require evmctl

219

+-TSSDIR="$(dirname -- "$(which tssstartup)")"

220

+-PCRFILE="/sys/class/tpm/tpm0/device/pcrs"

221

+-MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs"

222

+-

223

+-# Only stop this test's software TPM

224

+-cleanup() {

225

+-	if [ -n "${SWTPM_PID}" ]; then

226

+-		kill -SIGTERM "${SWTPM_PID}"

227

+-	elif [ -n "${TPMSERVER_PID}" ]; then

228

+-		"${TSSDIR}/tsstpmcmd" -stop

229

+-	fi

230

+-}

231

+-

232

+-# Try to start a software TPM if needed.

233

+-swtpm_start() {

234

+-	local tpm_server swtpm

235

+-

236

+-	tpm_server="$(which tpm_server)"

237

+-	swtpm="$(which swtpm)"

238

+-	if [ -z "${tpm_server}" ] && [ -z "${swtpm}" ]; then

239

+-		echo "${CYAN}SKIP: Software TPM (tpm_server and swtpm) not found${NORM}"

240

+-		return "$SKIP"

241

+-	fi

242

+-

243

+-	if [ -n "${swtpm}" ]; then

244

+-		pgrep swtpm

245

+-		if [ $? -eq 0 ]; then

246

+-			echo "INFO: Software TPM (swtpm) already running"

247

+-			return 114

248

+-		else

249

+-			echo "INFO: Starting software TPM: ${swtpm}"

250

+-			mkdir -p ./myvtpm

251

+-			${swtpm} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 &

252

+-			SWTPM_PID=$!

253

+-		fi

254

+-	elif [ -n "${tpm_server}" ]; then

255

+-		# tpm_server uses the Microsoft simulator encapsulated packet format

256

+-		export TPM_SERVER_TYPE="mssim"

257

+-		pgrep tpm_server

258

+-		if [ $? -eq 0 ]; then

259

+-			echo "INFO: Software TPM (tpm_server) already running"

260

+-			return 114

261

+-		else

262

+-			echo "INFO: Starting software TPM: ${tpm_server}"

263

+-			${tpm_server} > /dev/null 2>&1 &

264

+-			TPMSERVER_PID=$!

265

+-		fi

266

+-	fi

267

+-	return 0

268

+-}

269

+-

270

+-# Initialize the software TPM using the sample binary_bios_measurements log.

271

+-swtpm_init() {

272

+-	if [ ! -f "${TSSDIR}/tssstartup" ] || [ ! -f "${TSSDIR}/tsseventextend" ]; then

273

+-		echo "${CYAN}SKIP: tssstartup and tsseventextend needed for test${NORM}"

274

+-		return "$SKIP"

275

+-	fi

276

+-

277

+-	echo "INFO: Sending software TPM startup"

278

+-	"${TSSDIR}/tssstartup"

279

+-	if [ $? -ne 0 ]; then

280

+-		echo "INFO: Retry sending software TPM startup"

281

+-		sleep 1

282

+-		"${TSSDIR}/tssstartup"

283

+-	fi

284

+-

285

+-	if [ $? -ne 0 ]; then

286

+-		echo "INFO: Software TPM startup failed"

287

+-		return "$SKIP"

288

+-	fi

289

+-

290

+-	echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM"

291

+-#	$(${TSSDIR}/tsseventextend -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v) 2>&1 > /dev/null

292

+-	"${TSSDIR}/tsseventextend" -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v > /dev/null 2>&1

293

+-}

294

+-

295

+-# In VERBOSE mode, display the calculated TPM PCRs for the different banks.

296

+-display_pcrs() {

297

+-	local PCRMAX=9

298

+-	local banks=("sha1" "sha256")

299

+-	local i;

300

+-

301

+-	for bank in "${banks[@]}"; do

302

+-		echo "INFO: Displaying ${bank} TPM bank (PCRs 0 - 9)"

303

+-		for i in $(seq 0 $PCRMAX); do

304

+-			rc=0

305

+-			pcr=$("${TSSDIR}/tsspcrread" -halg "${bank}" -ha "${i}" -ns)

306

+-			if [ $rc -ne 0 ]; then

307

+-				echo "INFO: tsspcrread failed: $pcr"

308

+-				break

309

+-			fi

310

+-			echo "$i: $pcr"

311

+-		done

312

+-	done

313

+-}

314

+-

315

+-# The first entry in the IMA measurement list is the "boot_aggregate".

316

+-# For each kexec, an additional "boot_aggregate" will appear in the

317

+-# measurement list, assuming the previous measurement list is carried

318

+-# across the kexec.

319

+-#

320

+-# Verify that the last "boot_aggregate" record in the IMA measurement

321

+-# list matches.

322

+-check() {

323

+-	echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"

324

+-	bootaggr=$(evmctl ima_boot_aggregate)

325

+-	if [ $? -ne 0 ]; then

326

+-		echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"

327

+-		exit "$SKIP"

328

+-	fi

329

+-

330

+-	boot_aggr=( $bootaggr )

331

+-

332

+-	echo "INFO: Searching for the boot_aggregate in ${ASCII_RUNTIME_MEASUREMENTS}"

333

+-	for hash in "${boot_aggr[@]}"; do

334

+-		if [ "$VERBOSE" != "0" ]; then

335

+-			echo "$hash"

336

+-		fi

337

+-		if grep -e " boot_aggregate$" -e " boot_aggregate.$" "${ASCII_RUNTIME_MEASUREMENTS}" | tail -n 1 | grep -q "${hash}"; then

338

+-			echo "${GREEN}SUCCESS: boot_aggregate ${hash} found${NORM}"

339

+-			return "$OK"

340

+-		fi

341

+-	done

342

+-	echo "${RED}FAILURE: boot_aggregate not found${NORM}"

343

+-	echo "$bootaggr"

344

+-	return "$FAIL"

345

+-}

346

+-

347

+-if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then

348

+-	ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"

349

+-	if [ ! -d "/sys/kernel/security/ima" ]; then

350

+-		echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}"

351

+-		exit "$SKIP"

352

+-	fi

353

+-else

354

+-	BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9"

355

+-	ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"

356

+-	export TPM_INTERFACE_TYPE="socsim"

357

+-	export TPM_COMMAND_PORT=2321

358

+-	export TPM_PLATFORM_PORT=2322

359

+-	export TPM_SERVER_NAME="localhost"

360

+-

361

+-	# swtpm uses the raw, unencapsulated packet format

362

+-	export TPM_SERVER_TYPE="raw"

363

+-fi

364

+-

365

+-# Start and initialize a software TPM as needed

366

+-if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then

367

+-	if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then

368

+-		echo "${CYAN}SKIP: system has discrete TPM 1.2, sample TPM 2.0 event log test not supported.${NORM}"

369

+-		exit "$SKIP"

370

+-	fi

371

+-

372

+-	swtpm_start

373

+-	error=$?

374

+-	if [ $error -eq "$SKIP" ]; then

375

+-		echo "skip: swtpm not installed"

376

+-		exit "$SKIP"

377

+-	fi

378

+-

379

+-	if [ $error -eq 0 ]; then

380

+-		swtpm_init

381

+-		if [ $? -eq "$SKIP" ]; then

382

+-			echo "testing boot_aggregate without entries"

383

+-			exit "$SKIP"

384

+-		fi

385

+-	fi

386

+-	if [ "$VERBOSE" != "0" ]; then

387

+-		display_pcrs

388

+-	fi

389

+-fi

390

+-

391

+-expect_pass check

392

393

diff --git a/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild

394

new file mode 100644

395

index 000000000000..8a6872dda3e1

396

--- /dev/null

397

+++ b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild

398

@@ -0,0 +1,52 @@

399

+# Copyright 1999-2021 Gentoo Authors

400

+# Distributed under the terms of the GNU General Public License v2

401

+

402

+EAPI=8

403

+

404

+inherit autotools

405

+

406

+DESCRIPTION="Supporting tools for IMA and EVM"

407

+HOMEPAGE="http://linux-ima.sourceforge.net"

408

+SRC_URI="https://download.sourceforge.net/linux-ima/${P}.tar.gz"

409

+

410

+LICENSE="GPL-2"

411

+SLOT="0"

412

+KEYWORDS="~amd64 ~x86"

413

+IUSE="debug test tpm"

414

+

415

+RDEPEND="

416

+	dev-libs/openssl:0=

417

+	sys-apps/keyutils:=

418

+	tpm? ( app-crypt/tpm2-tss )"

419

+DEPEND="${RDEPEND}"

420

+BDEPEND="

421

+	app-text/asciidoc

422

+	app-text/docbook-xsl-stylesheets

423

+	dev-libs/libxslt

424

+	test? ( app-editors/vim-core )"

425

+

426

+RESTRICT="!test? ( test )"

427

+

428

+PATCHES=(

429

+	"${FILESDIR}/${PN}-1.4-configure-remove-automagic-TSS-dependencies.patch"

430

+	"${FILESDIR}/${PN}-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch"

431

+	"${FILESDIR}/${PN}-1.4-test-remove-boot_aggregate.patch"

432

+	)

433

+

434

+src_prepare() {

435

+	default

436

+

437

+	sed -i '/^MANPAGE_DOCBOOK_XSL/s:/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl:/usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl:' Makefile.am || die

438

+	eautoreconf

439

+}

440

+

441

+src_configure() {

442

+	econf \

443

+		$(use_enable debug) \

444

+		$(use_with tpm pcrtss)

445

+}

446

+

447

+src_install() {

448

+	default

449

+	find "${ED}" -name '*.la' -delete || die

450

+}

451

452

diff --git a/app-crypt/ima-evm-utils/metadata.xml b/app-crypt/ima-evm-utils/metadata.xml

453

index 1beb74ffb739..06e244511370 100644

454

--- a/app-crypt/ima-evm-utils/metadata.xml

455

+++ b/app-crypt/ima-evm-utils/metadata.xml

456

@@ -8,4 +8,7 @@

457

 	<upstream>

458

 		<remote-id type="sourceforge">linux-ima</remote-id>

459

 	</upstream>

460

+	<use>

461

+		<flag name="tpm">Enable TPM support</flag>

462

+	</use>	

463

 </pkgmetadata>

1	commit: 2c38515f011fb75697dae1d7456be62f8cf9b73e
2	Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
3	AuthorDate: Sat Nov 6 20:58:58 2021 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Sat Feb 26 02:40:52 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c38515f
7
8	app-crypt/ima-evm-utils: Bump to 1.4
9
10	Package-Manager: Portage-3.0.28, Repoman-3.0.3
11	Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>
12	Closes: https://bugs.gentoo.org/822165
13	Closes: https://github.com/gentoo/gentoo/pull/22850
14	Signed-off-by: Sam James <sam <AT> gentoo.org>
15
16	app-crypt/ima-evm-utils/Manifest \| 1 +
17	...nfigure-remove-automagic-TSS-dependencies.patch \| 39 ++++
18	...Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch \| 84 ++++++++
19	...-evm-utils-1.4-test-remove-boot_aggregate.patch \| 216 +++++++++++++++++++++
20	app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild \| 52 +++++
21	app-crypt/ima-evm-utils/metadata.xml \| 3 +
22	6 files changed, 395 insertions(+)
23
24	diff --git a/app-crypt/ima-evm-utils/Manifest b/app-crypt/ima-evm-utils/Manifest
25	index 02f3d5d79e9d..3485816848d5 100644
26	--- a/app-crypt/ima-evm-utils/Manifest
27	+++ b/app-crypt/ima-evm-utils/Manifest
28	@@ -1,2 +1,3 @@
29	DIST ima-evm-utils-1.1.tar.gz 37825 BLAKE2B 469f5bbc194f3fcc8996f252d01745c0d8d4d4f63476174622ea4569c97978db478bd522ae4672819c5ef995f2bb524eb857e5bf5c303131959f2f5cb9c2ebcc SHA512 fc7efc890812233db888eef210dc4357bee838b56fd95efd9a9e141d684b0b354670a3c053dd93a94a1402dd826074d4a83a4637c8e6c1d90ead3132354a5776
30	DIST ima-evm-utils-1.3.2.tar.gz 100373 BLAKE2B 04717a934795f7e2a351b1f59388d2d429e00a8a18c57c0eb258bb81bc329342cb9971fa2b4493f7b492f07961ec794a0549fd2d0984381492dcab474915a0d6 SHA512 af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db
31	+DIST ima-evm-utils-1.4.tar.gz 110104 BLAKE2B 12e09162e0d5e689132dde6b814ceeb8001a0379e8edb89b9aeb87c8e9f6e21fdd554e6626d1496b82cc77213fdf08b26bcc0be77140d7d598589a482940a321 SHA512 2fdf41470d88608162a084c4877ba17d531941b744bcb44dd4913e48ab2c2d131e0af3e3ead74c18748a5d46aced51213ebd7c13a5ee19050c28d54a26c011a3
32
33	diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch
34	new file mode 100644
35	index 000000000000..a5fb28a291fb
36	--- /dev/null
37	+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch
38	@@ -0,0 +1,39 @@
39	+From 911cef2b984a947b1020bdcf87d1573600ea754d Mon Sep 17 00:00:00 2001
40	+From: Christopher Byrne <salah.coronya@×××××.com>
41	+Date: Fri, 5 Nov 2021 21:31:10 -0500
42	+Subject: [PATCH] configure.ac: Remove automagic dependencies on the TSS stacks
43	+
44	+Signed-off-by: Christopher Byrne <salah.coronya@×××××.com>
45	+---
46	+ configure.ac \| 12 +++++++++---
47	+ 1 file changed, 9 insertions(+), 3 deletions(-)
48	+
49	+diff --git a/configure.ac b/configure.ac
50	+index 1a0f093..c05b72d 100644
51	+--- a/configure.ac
52	++++ b/configure.ac
53	+@@ -31,12 +31,18 @@ AC_CHECK_HEADER(unistd.h)
54	+ AC_CHECK_HEADERS(openssl/conf.h)
55	+
56	+ # Intel TSS
57	+-AC_CHECK_LIB([tss2-esys], [Esys_Free])
58	+-AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])
59	++AC_ARG_WITH([pcrtss], AS_HELP_STRING([--with-pcrtss], [Build with Intel TSS library (default: disabled)]))
60	++AS_IF([test "x$with_pcrtss" = "xyes"], [
61	++ AC_CHECK_LIB([tss2-esys], [Esys_Free])
62	++ AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])
63	++])
64	+ AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_Free" = "xyes"])
65	+
66	+ # IBM TSS include files
67	+-AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]])
68	++AC_ARG_WITH([ibmtss], AS_HELP_STRING([--with-ibmtss], [Build with IBM TSS library (default: disabled)]))
69	++AS_IF([test "x$with_ibmtss" = "xyes"], [
70	++ AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]])
71	++])
72	+ AM_CONDITIONAL([USE_IBMTSS], [test "x$ac_cv_header_ibmtss_tss_h" = "xyes"])
73	+
74	+ AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
75	+--
76	+2.32.0
77	+
78
79	diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch
80	new file mode 100644
81	index 000000000000..41dd2cd6fb0c
82	--- /dev/null
83	+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch
84	@@ -0,0 +1,84 @@
85	+From 5be7797f96db606c16701b6cb7e218a487c4cf4a Mon Sep 17 00:00:00 2001
86	+From: Christopher Byrne <salah.coronya@×××××.com>
87	+Date: Sat, 6 Nov 2021 15:36:48 -0500
88	+Subject: [PATCH] test: Rename bash variable WORKDIR to MYWORKDIR
89	+
90	+Gentoo Portage ALSO uses the variable WORKDIR, and this results in
91	+Portage deleting the entire tree if the tests are run under it
92	+
93	+Signed-off-by: Christopher Byrne <salah.coronya@×××××.com>
94	+---
95	+ tests/functions.sh \| 12 ++++++------
96	+ tests/sign_verify.test \| 6 +++---
97	+ 2 files changed, 9 insertions(+), 9 deletions(-)
98	+
99	+diff --git a/tests/functions.sh b/tests/functions.sh
100	+index 8f6f02d..eb6b34a 100755
101	+--- a/tests/functions.sh
102	++++ b/tests/functions.sh
103	+@@ -250,8 +250,8 @@ _enable_gost_engine() {
104	+ # Show test stats and exit into automake test system
105	+ # with proper exit code (same as ours). Do cleanups.
106	+ _report_exit_and_cleanup() {
107	+- if [ -n "${WORKDIR}" ]; then
108	+- rm -rf "${WORKDIR}"
109	++ if [ -n "${MYWORKDIR}" ]; then
110	++ rm -rf "${MYWORKDIR}"
111	+ fi
112	+
113	+ if [ $testsfail -gt 0 ]; then
114	+@@ -277,19 +277,19 @@ _report_exit_and_cleanup() {
115	+ }
116	+
117	+ # Setup SoftHSM for local testing by calling the softhsm_setup script.
118	+-# Use the provided workdir as the directory where SoftHSM will store its state
119	++# Use the provided myworkdir as the directory where SoftHSM will store its state
120	+ # into.
121	+ # Upon successfully setting up SoftHSM, this function sets the global variables
122	+ # OPENSSL_ENGINE and OPENSSL_KEYFORM so that the openssl command line tool can
123	+ # use SoftHSM. Also the PKCS11_KEYURI global variable is set to the test key's
124	+ # pkcs11 URI.
125	+ _softhsm_setup() {
126	+- local workdir="$1"
127	++ local myworkdir="$1"
128	+
129	+ local msg
130	+
131	+- export SOFTHSM_SETUP_CONFIGDIR="${workdir}/softhsm"
132	+- export SOFTHSM2_CONF="${workdir}/softhsm/softhsm2.conf"
133	++ export SOFTHSM_SETUP_CONFIGDIR="${myworkdir}/softhsm"
134	++ export SOFTHSM2_CONF="${myworkdir}/softhsm/softhsm2.conf"
135	+
136	+ mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}"
137	+
138	+diff --git a/tests/sign_verify.test b/tests/sign_verify.test
139	+index c56290a..b619c22 100755
140	+--- a/tests/sign_verify.test
141	++++ b/tests/sign_verify.test
142	+@@ -29,7 +29,7 @@ fi
143	+ ./gen-keys.sh >/dev/null 2>&1
144	+
145	+ trap _report_exit_and_cleanup EXIT
146	+-WORKDIR=$(mktemp -d)
147	++MYWORKDIR=$(mktemp -d)
148	+ set -f # disable globbing
149	+
150	+ # Determine keyid from a cert
151	+@@ -426,7 +426,7 @@ expect_fail \
152	+ check_sign TYPE=ima KEY=gost2012_256-B ALG=md_gost12_512 PREFIX=0x0302 OPTS=
153	+
154	+ # Test signing with key described by pkcs11 URI
155	+-_softhsm_setup "${WORKDIR}"
156	++_softhsm_setup "${MYWORKDIR}"
157	+ if [ -n "${PKCS11_KEYURI}" ]; then
158	+ expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd
159	+ expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha1 PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd
160	+@@ -436,4 +436,4 @@ else
161	+ expect_pass __skip
162	+ expect_pass __skip
163	+ fi
164	+-_softhsm_teardown "${WORKDIR}"
165	++_softhsm_teardown "${MYWORKDIR}"
166	+--
167	+2.32.0
168	+
169
170	diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch
171	new file mode 100644
172	index 000000000000..701a81614f78
173	--- /dev/null
174	+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch
175	@@ -0,0 +1,216 @@
176	+diff --git a/tests/Makefile.am b/tests/Makefile.am
177	+index ff928e1..029f2ff 100644
178	+--- a/tests/Makefile.am
179	++++ b/tests/Makefile.am
180	+@@ -1,7 +1,7 @@
181	+ check_SCRIPTS =
182	+ TESTS = $(check_SCRIPTS)
183	+
184	+-check_SCRIPTS += ima_hash.test sign_verify.test boot_aggregate.test
185	++check_SCRIPTS += ima_hash.test sign_verify.test
186	+
187	+ clean-local:
188	+ -rm -f .txt .out .sig .sig2
189	+diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
190	+deleted file mode 100755
191	+index d711566..0000000
192	+--- a/tests/boot_aggregate.test
193	++++ /dev/null
194	+@@ -1,197 +0,0 @@
195	+-#!/bin/bash
196	+-
197	+-#
198	+-# Calculate the boot_aggregate for each TPM bank, verifying that the
199	+-# boot_aggregate in the IMA measurement list matches one of them.
200	+-#
201	+-# A software TPM may be used to verify the boot_aggregate. If a
202	+-# software TPM is not already running on the system, this test
203	+-# starts one and initializes the TPM PCR banks by walking the sample
204	+-# binary_bios_measurements event log, included in this directory, and
205	+-# extending the TPM PCRs. The associated ascii_runtime_measurements
206	+-# for verifying the calculated boot_aggregate is included in this
207	+-# directory as well.
208	+-
209	+-trap cleanup SIGINT SIGTERM EXIT
210	+-
211	+-# Base VERBOSE on the environment variable, if set.
212	+-VERBOSE="${VERBOSE:-0}"
213	+-
214	+-cd "$(dirname "$0")"
215	+-export PATH=../src:$PATH
216	+-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH
217	+-. ./functions.sh
218	+-_require evmctl
219	+-TSSDIR="$(dirname -- "$(which tssstartup)")"
220	+-PCRFILE="/sys/class/tpm/tpm0/device/pcrs"
221	+-MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs"
222	+-
223	+-# Only stop this test's software TPM
224	+-cleanup() {
225	+- if [ -n "${SWTPM_PID}" ]; then
226	+- kill -SIGTERM "${SWTPM_PID}"
227	+- elif [ -n "${TPMSERVER_PID}" ]; then
228	+- "${TSSDIR}/tsstpmcmd" -stop
229	+- fi
230	+-}
231	+-
232	+-# Try to start a software TPM if needed.
233	+-swtpm_start() {
234	+- local tpm_server swtpm
235	+-
236	+- tpm_server="$(which tpm_server)"
237	+- swtpm="$(which swtpm)"
238	+- if [ -z "${tpm_server}" ] && [ -z "${swtpm}" ]; then
239	+- echo "${CYAN}SKIP: Software TPM (tpm_server and swtpm) not found${NORM}"
240	+- return "$SKIP"
241	+- fi
242	+-
243	+- if [ -n "${swtpm}" ]; then
244	+- pgrep swtpm
245	+- if [ $? -eq 0 ]; then
246	+- echo "INFO: Software TPM (swtpm) already running"
247	+- return 114
248	+- else
249	+- echo "INFO: Starting software TPM: ${swtpm}"
250	+- mkdir -p ./myvtpm
251	+- ${swtpm} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 &
252	+- SWTPM_PID=$!
253	+- fi
254	+- elif [ -n "${tpm_server}" ]; then
255	+- # tpm_server uses the Microsoft simulator encapsulated packet format
256	+- export TPM_SERVER_TYPE="mssim"
257	+- pgrep tpm_server
258	+- if [ $? -eq 0 ]; then
259	+- echo "INFO: Software TPM (tpm_server) already running"
260	+- return 114
261	+- else
262	+- echo "INFO: Starting software TPM: ${tpm_server}"
263	+- ${tpm_server} > /dev/null 2>&1 &
264	+- TPMSERVER_PID=$!
265	+- fi
266	+- fi
267	+- return 0
268	+-}
269	+-
270	+-# Initialize the software TPM using the sample binary_bios_measurements log.
271	+-swtpm_init() {
272	+- if [ ! -f "${TSSDIR}/tssstartup" ] \|\| [ ! -f "${TSSDIR}/tsseventextend" ]; then
273	+- echo "${CYAN}SKIP: tssstartup and tsseventextend needed for test${NORM}"
274	+- return "$SKIP"
275	+- fi
276	+-
277	+- echo "INFO: Sending software TPM startup"
278	+- "${TSSDIR}/tssstartup"
279	+- if [ $? -ne 0 ]; then
280	+- echo "INFO: Retry sending software TPM startup"
281	+- sleep 1
282	+- "${TSSDIR}/tssstartup"
283	+- fi
284	+-
285	+- if [ $? -ne 0 ]; then
286	+- echo "INFO: Software TPM startup failed"
287	+- return "$SKIP"
288	+- fi
289	+-
290	+- echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM"
291	+-# $(${TSSDIR}/tsseventextend -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v) 2>&1 > /dev/null
292	+- "${TSSDIR}/tsseventextend" -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v > /dev/null 2>&1
293	+-}
294	+-
295	+-# In VERBOSE mode, display the calculated TPM PCRs for the different banks.
296	+-display_pcrs() {
297	+- local PCRMAX=9
298	+- local banks=("sha1" "sha256")
299	+- local i;
300	+-
301	+- for bank in "${banks[@]}"; do
302	+- echo "INFO: Displaying ${bank} TPM bank (PCRs 0 - 9)"
303	+- for i in $(seq 0 $PCRMAX); do
304	+- rc=0
305	+- pcr=$("${TSSDIR}/tsspcrread" -halg "${bank}" -ha "${i}" -ns)
306	+- if [ $rc -ne 0 ]; then
307	+- echo "INFO: tsspcrread failed: $pcr"
308	+- break
309	+- fi
310	+- echo "$i: $pcr"
311	+- done
312	+- done
313	+-}
314	+-
315	+-# The first entry in the IMA measurement list is the "boot_aggregate".
316	+-# For each kexec, an additional "boot_aggregate" will appear in the
317	+-# measurement list, assuming the previous measurement list is carried
318	+-# across the kexec.
319	+-#
320	+-# Verify that the last "boot_aggregate" record in the IMA measurement
321	+-# list matches.
322	+-check() {
323	+- echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"
324	+- bootaggr=$(evmctl ima_boot_aggregate)
325	+- if [ $? -ne 0 ]; then
326	+- echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"
327	+- exit "$SKIP"
328	+- fi
329	+-
330	+- boot_aggr=( $bootaggr )
331	+-
332	+- echo "INFO: Searching for the boot_aggregate in ${ASCII_RUNTIME_MEASUREMENTS}"
333	+- for hash in "${boot_aggr[@]}"; do
334	+- if [ "$VERBOSE" != "0" ]; then
335	+- echo "$hash"
336	+- fi
337	+- if grep -e " boot_aggregate$" -e " boot_aggregate.$" "${ASCII_RUNTIME_MEASUREMENTS}" \| tail -n 1 \| grep -q "${hash}"; then
338	+- echo "${GREEN}SUCCESS: boot_aggregate ${hash} found${NORM}"
339	+- return "$OK"
340	+- fi
341	+- done
342	+- echo "${RED}FAILURE: boot_aggregate not found${NORM}"
343	+- echo "$bootaggr"
344	+- return "$FAIL"
345	+-}
346	+-
347	+-if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
348	+- ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
349	+- if [ ! -d "/sys/kernel/security/ima" ]; then
350	+- echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}"
351	+- exit "$SKIP"
352	+- fi
353	+-else
354	+- BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9"
355	+- ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"
356	+- export TPM_INTERFACE_TYPE="socsim"
357	+- export TPM_COMMAND_PORT=2321
358	+- export TPM_PLATFORM_PORT=2322
359	+- export TPM_SERVER_NAME="localhost"
360	+-
361	+- # swtpm uses the raw, unencapsulated packet format
362	+- export TPM_SERVER_TYPE="raw"
363	+-fi
364	+-
365	+-# Start and initialize a software TPM as needed
366	+-if [ "$(id -u)" != 0 ] \|\| [ ! -c "/dev/tpm0" ]; then
367	+- if [ -f "$PCRFILE" ] \|\| [ -f "$MISC_PCRFILE" ]; then
368	+- echo "${CYAN}SKIP: system has discrete TPM 1.2, sample TPM 2.0 event log test not supported.${NORM}"
369	+- exit "$SKIP"
370	+- fi
371	+-
372	+- swtpm_start
373	+- error=$?
374	+- if [ $error -eq "$SKIP" ]; then
375	+- echo "skip: swtpm not installed"
376	+- exit "$SKIP"
377	+- fi
378	+-
379	+- if [ $error -eq 0 ]; then
380	+- swtpm_init
381	+- if [ $? -eq "$SKIP" ]; then
382	+- echo "testing boot_aggregate without entries"
383	+- exit "$SKIP"
384	+- fi
385	+- fi
386	+- if [ "$VERBOSE" != "0" ]; then
387	+- display_pcrs
388	+- fi
389	+-fi
390	+-
391	+-expect_pass check
392
393	diff --git a/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild
394	new file mode 100644
395	index 000000000000..8a6872dda3e1
396	--- /dev/null
397	+++ b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild
398	@@ -0,0 +1,52 @@
399	+# Copyright 1999-2021 Gentoo Authors
400	+# Distributed under the terms of the GNU General Public License v2
401	+
402	+EAPI=8
403	+
404	+inherit autotools
405	+
406	+DESCRIPTION="Supporting tools for IMA and EVM"
407	+HOMEPAGE="http://linux-ima.sourceforge.net"
408	+SRC_URI="https://download.sourceforge.net/linux-ima/${P}.tar.gz"
409	+
410	+LICENSE="GPL-2"
411	+SLOT="0"
412	+KEYWORDS="~amd64 ~x86"
413	+IUSE="debug test tpm"
414	+
415	+RDEPEND="
416	+ dev-libs/openssl:0=
417	+ sys-apps/keyutils:=
418	+ tpm? ( app-crypt/tpm2-tss )"
419	+DEPEND="${RDEPEND}"
420	+BDEPEND="
421	+ app-text/asciidoc
422	+ app-text/docbook-xsl-stylesheets
423	+ dev-libs/libxslt
424	+ test? ( app-editors/vim-core )"
425	+
426	+RESTRICT="!test? ( test )"
427	+
428	+PATCHES=(
429	+ "${FILESDIR}/${PN}-1.4-configure-remove-automagic-TSS-dependencies.patch"
430	+ "${FILESDIR}/${PN}-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch"
431	+ "${FILESDIR}/${PN}-1.4-test-remove-boot_aggregate.patch"
432	+ )
433	+
434	+src_prepare() {
435	+ default
436	+
437	+ sed -i '/^MANPAGE_DOCBOOK_XSL/s:/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl:/usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl:' Makefile.am \|\| die
438	+ eautoreconf
439	+}
440	+
441	+src_configure() {
442	+ econf \
443	+ $(use_enable debug) \
444	+ $(use_with tpm pcrtss)
445	+}
446	+
447	+src_install() {
448	+ default
449	+ find "${ED}" -name '*.la' -delete \|\| die
450	+}
451
452	diff --git a/app-crypt/ima-evm-utils/metadata.xml b/app-crypt/ima-evm-utils/metadata.xml
453	index 1beb74ffb739..06e244511370 100644
454	--- a/app-crypt/ima-evm-utils/metadata.xml
455	+++ b/app-crypt/ima-evm-utils/metadata.xml
456	@@ -8,4 +8,7 @@
457	<upstream>
458	<remote-id type="sourceforge">linux-ima</remote-id>
459	</upstream>
460	+ <use>
461	+ <flag name="tpm">Enable TPM support</flag>
462	+ </use>
463	</pkgmetadata>

Gentoo Archives: gentoo-commits