|
 |
607604 |
%bcond_with compat
|
|
|
607604 |
|
|
|
607604 |
# For cases where the soname requires a bump we need to define with_compat,
|
|
|
607604 |
# update the package into the side-tag, update RPM (rpm-sign) into side-tag,
|
|
|
607604 |
# _then_ undefine with_compat and rebuild the package into the side-tag. This
|
|
|
607604 |
# is required to workaround the chiken-egg situation with the rpm-sign update.
|
|
|
607604 |
# The compat pkg must not make the compose, it's only a buildrequirement for
|
|
|
607604 |
# rpm-sign in a soname bump.
|
|
|
607604 |
%if ! %{with compat}
|
|
|
607604 |
%undefine with_compat
|
|
|
607604 |
%endif
|
|
|
607604 |
|
|
|
607604 |
%if %{with compat}
|
|
|
607604 |
%global compat_soversion 2
|
|
|
607604 |
%endif
|
|
|
607604 |
|
|
|
c395a8 |
Name: ima-evm-utils
|
|
|
607604 |
Version: 1.4
|
|
|
607604 |
Release: 4%{?dist}
|
|
|
c395a8 |
Summary: IMA/EVM support utilities
|
|
|
c395a8 |
License: GPLv2
|
|
|
c395a8 |
Url: http://linux-ima.sourceforge.net/
|
|
|
c395a8 |
Source: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
|
|
|
607604 |
|
|
|
607604 |
# compat source and patches
|
|
|
607604 |
Source10: ima-evm-utils-1.3.2.tar.gz
|
|
|
607604 |
Patch10: 0001-evmctl-fix-memory-leak-in-get_password.patch
|
|
|
607604 |
Patch11: 0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch
|
|
|
c395a8 |
|
|
|
c395a8 |
BuildRequires: asciidoc
|
|
|
c395a8 |
BuildRequires: autoconf
|
|
|
c395a8 |
BuildRequires: automake
|
|
|
c395a8 |
BuildRequires: gcc
|
|
|
c395a8 |
BuildRequires: keyutils-libs-devel
|
|
|
c395a8 |
BuildRequires: libtool
|
|
|
c395a8 |
BuildRequires: libxslt
|
|
|
607604 |
BuildRequires: make
|
|
|
c395a8 |
BuildRequires: openssl-devel
|
|
|
c395a8 |
BuildRequires: tpm2-tss-devel
|
|
|
c395a8 |
|
|
|
c395a8 |
%description
|
|
|
c395a8 |
The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture
|
|
|
c395a8 |
(IMA) maintains a list of hash values of executables and other sensitive
|
|
|
c395a8 |
system files, as they are read or executed. These are stored in the file
|
|
|
c395a8 |
systems extended attributes. The Extended Verification Module (EVM) prevents
|
|
|
c395a8 |
unauthorized changes to these extended attributes on the file system.
|
|
|
c395a8 |
ima-evm-utils is used to prepare the file system for these extended attributes.
|
|
|
c395a8 |
|
|
|
c395a8 |
%package devel
|
|
|
c395a8 |
Summary: Development files for %{name}
|
|
|
c395a8 |
Requires: %{name} = %{version}-%{release}
|
|
|
c395a8 |
|
|
|
c395a8 |
%description devel
|
|
|
c395a8 |
This package provides the header files for %{name}
|
|
|
c395a8 |
|
|
|
607604 |
%if %{with compat}
|
|
|
607604 |
%package -n %{name}%{compat_soversion}
|
|
|
607604 |
Summary: Compatibility package of %{name}
|
|
|
607604 |
|
|
|
607604 |
%description -n %{name}%{compat_soversion}
|
|
|
607604 |
This package provides the libimaevm.so.%{compat_soversion} relative to %{name}-1.3
|
|
|
607604 |
%endif
|
|
|
607604 |
|
|
|
c395a8 |
%prep
|
|
|
607604 |
%setup -q
|
|
|
607604 |
|
|
|
607604 |
%if %{with compat}
|
|
|
607604 |
mkdir compat/
|
|
|
607604 |
tar -zxf %{SOURCE10} --strip-components=1 -C compat/
|
|
|
607604 |
cd compat/
|
|
|
607604 |
%patch10 -p1
|
|
|
607604 |
%patch11 -p1
|
|
|
607604 |
%endif
|
|
|
c395a8 |
|
|
|
c395a8 |
%build
|
|
|
c395a8 |
autoreconf -vif
|
|
|
c395a8 |
%configure --disable-static
|
|
|
c395a8 |
%make_build
|
|
|
c395a8 |
|
|
|
607604 |
%if %{with compat}
|
|
|
607604 |
pushd compat/
|
|
|
607604 |
autoreconf -vif
|
|
|
607604 |
%configure --disable-static
|
|
|
607604 |
%make_build
|
|
|
607604 |
popd
|
|
|
607604 |
%endif
|
|
|
607604 |
|
|
|
c395a8 |
%install
|
|
|
c395a8 |
%make_install
|
|
|
607604 |
find %{buildroot} -type f -name "*.la" -print -delete
|
|
|
607604 |
|
|
|
607604 |
%if %{with compat}
|
|
|
607604 |
pushd compat/src/.libs/
|
|
|
607604 |
install -p libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
|
|
|
607604 |
ln -s -f %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}
|
|
|
607604 |
popd
|
|
|
607604 |
%endif
|
|
|
c395a8 |
|
|
|
c395a8 |
%ldconfig_scriptlets
|
|
|
c395a8 |
|
|
|
c395a8 |
%files
|
|
|
c395a8 |
%license COPYING
|
|
|
c395a8 |
%doc NEWS README AUTHORS
|
|
|
607604 |
%{_bindir}/evmctl
|
|
|
c395a8 |
# if you need to bump the soname version, coordinate with dependent packages
|
|
|
607604 |
%{_libdir}/libimaevm.so.3*
|
|
|
607604 |
%{_mandir}/man1/evmctl*
|
|
|
c395a8 |
|
|
|
c395a8 |
%files devel
|
|
|
c395a8 |
%{_pkgdocdir}/*.sh
|
|
|
607604 |
%{_includedir}/imaevm.h
|
|
|
c395a8 |
%{_libdir}/libimaevm.so
|
|
|
c395a8 |
|
|
|
607604 |
%if %{with compat}
|
|
|
607604 |
%files -n %{name}%{compat_soversion}
|
|
|
607604 |
%{_libdir}/libimaevm.so.%{compat_soversion}
|
|
|
607604 |
%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
|
|
|
607604 |
%endif
|
|
|
607604 |
|
|
|
c395a8 |
%changelog
|
|
|
607604 |
* Mon Dec 13 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.4-4
|
|
|
607604 |
- Fix compat bcond_with value check.
|
|
|
607604 |
|
|
|
607604 |
* Fri Dec 10 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.4-3
|
|
|
607604 |
- Remove compat subpkg from compose (rhbz#2026028)
|
|
|
607604 |
|
|
|
607604 |
* Tue Dec 07 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.4-2
|
|
|
607604 |
- Add compat subpkg for helping building dependencies (rhbz#2026028)
|
|
|
607604 |
|
|
|
607604 |
* Thu Dec 02 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.4-1
|
|
|
607604 |
- Modify some pieces to get closer to Fedora's specfile
|
|
|
607604 |
- Remove patch handling memory leak: solved in the rebase
|
|
|
607604 |
- Remove patch handling SHA-256 default hash: solved in the rebase
|
|
|
607604 |
- Rebase to upstream release v1.4 (rhbz#2026028)
|
|
|
607604 |
|
|
|
c395a8 |
* Fri Aug 20 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-9
|
|
|
c395a8 |
- Use upstream accepted patch for the memory leak
|
|
|
c395a8 |
- Make SHA-256 the default hash algorithm (rhbz#1934949)
|
|
|
c395a8 |
|
|
|
c395a8 |
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-6
|
|
|
c395a8 |
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
c395a8 |
Related: rhbz#1991688
|
|
|
c395a8 |
|
|
|
c395a8 |
* Thu Jul 08 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-5
|
|
|
c395a8 |
- Add patch fixing memory leak (rhbz#1938742)
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-4
|
|
|
c395a8 |
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
c395a8 |
Related: rhbz#1971065
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-3
|
|
|
c395a8 |
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
c395a8 |
|
|
|
c395a8 |
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-2
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Oct 28 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-1
|
|
|
c395a8 |
- Rebase to new upstream v1.3.2 minor release
|
|
|
c395a8 |
|
|
|
c395a8 |
* Tue Aug 11 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.1-1
|
|
|
c395a8 |
- Rebase to new upstream v1.3.1 minor release
|
|
|
c395a8 |
|
|
|
c395a8 |
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3-3
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Sun Jul 26 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 1.3-2
|
|
|
c395a8 |
- Fix devel deps
|
|
|
c395a8 |
|
|
|
c395a8 |
* Sun Jul 26 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 1.3-1
|
|
|
c395a8 |
- Update to 1.3
|
|
|
c395a8 |
- Use tpm2-tss instead of tss2
|
|
|
c395a8 |
- Minor spec cleanups
|
|
|
c395a8 |
|
|
|
c395a8 |
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.2.1-4
|
|
|
c395a8 |
- Use make macros
|
|
|
c395a8 |
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-3
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Jul 31 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.2.1-2
|
|
|
c395a8 |
- Add pull request to correct lib soname version, wich was bumped to 1.0.0
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Jul 31 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.2.1-1
|
|
|
c395a8 |
- Rebase to upstream v1.2.1
|
|
|
c395a8 |
- Remove both patches that were already solved in upstream version
|
|
|
c395a8 |
- Add runtime dependency of tss2 to retrieve PCR bank data from TPM2.0
|
|
|
c395a8 |
|
|
|
c395a8 |
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-6
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-5
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Jul 20 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-4
|
|
|
c395a8 |
- Add patch to remove dependency from libattr-devel package
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-3
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Mar 02 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-2
|
|
|
c395a8 |
- Remove libtool files
|
|
|
c395a8 |
- Run ldconfig scriptlets after un/installing
|
|
|
c395a8 |
- Add -devel subpackage to handle include files and examples
|
|
|
c395a8 |
- Disable any static file in the package
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Feb 16 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-1
|
|
|
c395a8 |
- New upstream release
|
|
|
c395a8 |
- Support for OpenSSL 1.1 was added directly to the source code in upstream,
|
|
|
c395a8 |
thus removing specific patch for it
|
|
|
c395a8 |
- Docbook xsl stylesheet updated to a local path
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-5
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Feb 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0-4
|
|
|
c395a8 |
- Switch to %%ldconfig_scriptlets
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Dec 01 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-3
|
|
|
c395a8 |
- Add OpenSSL 1.1 API support for the package, avoiding the need of
|
|
|
c395a8 |
compat-openssl10-devel package
|
|
|
c395a8 |
|
|
|
c395a8 |
* Mon Nov 20 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-2
|
|
|
c395a8 |
- Adjusted docbook xsl path to match the correct stylesheet
|
|
|
c395a8 |
- Remove only *.la files, considering there aren't any *.a files
|
|
|
c395a8 |
|
|
|
c395a8 |
* Tue Sep 05 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-1
|
|
|
c395a8 |
- New upstream release
|
|
|
c395a8 |
- Add OpenSSL 1.0 compatibility package, due to issues with OpenSSL 1.1
|
|
|
c395a8 |
- Remove libtool files
|
|
|
c395a8 |
- Run ldconfig after un/installation to update *.so files
|
|
|
c395a8 |
- Add -devel subpackage to handle include files and examples
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-7
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-6
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-5
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Tue Jan 26 2016 Lubomir Rintel <lkundrak@v3.sk> - 0.9-3
|
|
|
c395a8 |
- Fix FTBFS
|
|
|
c395a8 |
|
|
|
c395a8 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Fri Oct 31 2014 Avesh Agarwal <avagarwa@redhat.com> - 0.9-1
|
|
|
c395a8 |
- New upstream release
|
|
|
c395a8 |
- Applied a patch to fix man page issues.
|
|
|
c395a8 |
- Updated spec file
|
|
|
c395a8 |
|
|
|
c395a8 |
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-2
|
|
|
c395a8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
c395a8 |
|
|
|
c395a8 |
* Tue Aug 27 2013 Vivek Goyal <vgoyal@redhat.com> - 0.6-1
|
|
|
c395a8 |
- Initial package
|