diff --git a/brp-digest-list b/brp-digest-list new file mode 100644 index 0000000000000000000000000000000000000000..7dd5b8f6d66a745aedd82397c023d4cbd7b4187f --- /dev/null +++ b/brp-digest-list @@ -0,0 +1,96 @@ +#!/usr/bin/sh + +# Get build root +RPM_BUILD_ROOT="${1}" + +# If using normal root, avoid changing anything. +if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then + exit 0 +fi + +# Create temporary file listing files in the manifest +#[ -n "$TMPDIR" ] || TMPDIR="/tmp" +TMPDIR="/tmp" +BIN_PKG_FILES=${TMPDIR}/${3%%.rpm} +cat - > $BIN_PKG_FILES + +# Ensure temporary file is cleaned up when we exit +trap "rm -f \"${BIN_PKG_FILES}\"" 0 2 3 5 10 13 15 + +# File empty, exit +if [ -z $(head -c 1 $BIN_PKG_FILES) ]; then + exit 0 +fi + +# Create directory for digest lists +DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists +mkdir -p $DIGEST_LIST_DIR +mkdir -p $DIGEST_LIST_DIR.tlv +mkdir -p $DIGEST_LIST_DIR.sig + +# Generate digest list for the kernel +gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \ + -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \ + -A $RPM_BUILD_ROOT -i e: \ + -i F:/lib \ + -i F:/usr/lib \ + -i F:/lib64 \ + -i F:/usr/lib64 \ + -i F:/lib/modules \ + -i F:/usr/lib/modules \ + -i F:/lib/firmware \ + -i F:/usr/lib/firmware + +f="$DIGEST_LIST_DIR/0-metadata_list-compact-$(basename $BIN_PKG_FILES)" +[ -f $f ] || exit 0 + +chmod 644 $f +echo $f + +# Generate TLV digest list to check metadata +gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR.tlv \ + -i l:policy -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \ + -T -A $RPM_BUILD_ROOT -i e: \ + -i F:/lib \ + -i F:/usr/lib \ + -i F:/lib64 \ + -i F:/usr/lib64 \ + -i F:/lib/modules \ + -i F:/usr/lib/modules \ + -i F:/lib/firmware \ + -i F:/usr/lib/firmware + +f="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basename $BIN_PKG_FILES)" +[ -f $f ] || exit 0 + +chmod 644 $f +echo $f + +if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \ + ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then + # Generate digest list for the user space parsers + LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \ + $RPM_BUILD_ROOT/usr/bin/gen_digest_lists \ + -d $DIGEST_LIST_DIR -t parser -f compact -m immutable \ + -i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i: + + f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec" + [ -f $f ] || exit 0 + + chmod 644 $f + echo $f + + [ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0 + + BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*" + export BRP_PESIGN_FILES + export RPM_BUILD_ROOT + RPM_PACKAGE_NAME="digest-list-tools" + export RPM_PACKAGE_NAME + RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES" + export RPM_SOURCE_DIR + + if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then + /usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null + fi +fi diff --git a/generic-rpm-config.spec b/generic-rpm-config.spec index c2af5081772912c2bae697c20dffae20aab69326..f6e3801d4921be0c164bed14caae3796d02c9108 100644 --- a/generic-rpm-config.spec +++ b/generic-rpm-config.spec @@ -2,7 +2,7 @@ Name: %{vendor}-rpm-config Version: 30 -Release: 10 +Release: 12 License: GPL+ Summary: specific rpm configuration files URL: https://gitee.com/src-openeuler/openEuler-rpm-config @@ -24,6 +24,7 @@ Source20: openEuler-hardened-cc1 Source21: openEuler-hardened-ld Source22: openEuler-pie-cc1 Source23: openEuler-pie-ld +SOurce24: brp-digest-list Provides: python-rpm-macros = %{version}-%{release} Provides: python2-rpm-macros = %{version}-%{release} @@ -116,7 +117,10 @@ mkdir -p %{buildroot}%{_fileattrsdir} %{_rpmconfigdir}/macros.d/macros.kmp %changelog -* Wed June 19 2020 zhangliuyan - 30-11 +* Mon Aug 3 2020 Anakin Zhang - 30-12 +- add brp-digest-list + +* Wed Jun 19 2020 zhangliuyan - 30-11 - add kmodtool.py macros.kmp * Wed May 6 2020 openEuler Buildteam - 30-10