diff options
Diffstat (limited to 'meta-oe/recipes-security/keyutils/files')
8 files changed, 272 insertions, 0 deletions
diff --git a/meta-oe/recipes-security/keyutils/files/0001-Adhere-to-the-SOURCE_DATE_EPOCH-standard.patch b/meta-oe/recipes-security/keyutils/files/0001-Adhere-to-the-SOURCE_DATE_EPOCH-standard.patch new file mode 100644 index 0000000000..ecc5b00967 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/0001-Adhere-to-the-SOURCE_DATE_EPOCH-standard.patch @@ -0,0 +1,32 @@ +From 3f7f70c746277e1a89978166533374a8b9bd5407 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Wed, 25 Jan 2023 17:05:25 +0000 +Subject: [PATCH] Adhere to the SOURCE_DATE_EPOCH standard + +Adhere to the SOURCE_DATE_EPOCH standard and use it's date when set +otherwise fall back to the default behaviour. + +Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl> +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- +Upstream-Status: Pending + + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 599b1452a05a..7776b0f0d63d 100644 +--- a/Makefile ++++ b/Makefile +@@ -109,7 +109,7 @@ all: keyctl request-key key.dns_resolver cxx + ############################################################################### + #RPATH = -Wl,-rpath,$(LIBDIR) + +-VCPPFLAGS := -DPKGBUILD="\"$(shell date -u +%F)\"" ++VCPPFLAGS := -DPKGBUILD="\"$(date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%F)\"" + VCPPFLAGS += -DPKGVERSION="\"keyutils-$(VERSION)\"" + VCPPFLAGS += -DAPIVERSION="\"libkeyutils-$(APIVERSION)\"" + +-- +2.39.0 + diff --git a/meta-oe/recipes-security/keyutils/files/0001-tests-builtin_trusted-Failure-command-is-failed.patch b/meta-oe/recipes-security/keyutils/files/0001-tests-builtin_trusted-Failure-command-is-failed.patch new file mode 100644 index 0000000000..b78d7f7f28 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/0001-tests-builtin_trusted-Failure-command-is-failed.patch @@ -0,0 +1,27 @@ +From 714542f009860e1652bc06d05ab939290374a114 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Thu, 26 Jan 2023 08:27:12 +0000 +Subject: [PATCH 1/2] tests: builtin_trusted: Failure command is `failed` + +Upstream-Status: Pending +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + tests/features/builtin_trusted/runtest.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/features/builtin_trusted/runtest.sh b/tests/features/builtin_trusted/runtest.sh +index 27910b5fa8e7..437f5ad1d6b2 100644 +--- a/tests/features/builtin_trusted/runtest.sh ++++ b/tests/features/builtin_trusted/runtest.sh +@@ -24,7 +24,7 @@ id_key --to=blk %:.blacklist + # There should be at least one built-in trusted key for module signing. + list_keyring $btk + expect_keyring_rlist bkeys +-if [ `echo $bkeys | wc -w` = 0 ]; then fail; fi ++if [ `echo $bkeys | wc -w` = 0 ]; then failed; fi + + # Check we can't add random keys to those keyrings + marker "TRY ADDING USER KEYS" +-- +2.39.0 + diff --git a/meta-oe/recipes-security/keyutils/files/0001-tests-toolbox.inc.sh-update-regex-for-getting-endian.patch b/meta-oe/recipes-security/keyutils/files/0001-tests-toolbox.inc.sh-update-regex-for-getting-endian.patch new file mode 100644 index 0000000000..314487aef6 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/0001-tests-toolbox.inc.sh-update-regex-for-getting-endian.patch @@ -0,0 +1,35 @@ +From b84ecc2e3e56a25a3efd56c8942ad6bab3ff9ba1 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Fri, 2 Dec 2022 15:35:40 +0800 +Subject: [PATCH] tests/toolbox.inc.sh: update regex for getting endian + +Update regex for getting endian in following condition: +/proc/777/exe: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2 + +Upstream-Status: Submitted [Submitted to keyrings@vger.kernel.org ] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + tests/toolbox.inc.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh +index 8bf0db6f6d87..7ea2f253ba7d 100644 +--- a/tests/toolbox.inc.sh ++++ b/tests/toolbox.inc.sh +@@ -13,10 +13,10 @@ + echo === $OUTPUTFILE === + + endian=`file -L /proc/$$/exe` +-if expr "$endian" : '.* MSB \+\(pie executable\|executable\|shared object\).*' >&/dev/null ++if expr "$endian" : '.* MSB .*\(pie executable\|executable\|shared object\).*' >&/dev/null + then + endian=BE +-elif expr "$endian" : '.* LSB \+\(pie executable\|executable\|shared object\).*' >&/dev/null ++elif expr "$endian" : '.* LSB .*\(pie executable\|executable\|shared object\).*' >&/dev/null + then + endian=LE + else +-- +2.39.0 + diff --git a/meta-oe/recipes-security/keyutils/files/0002-tests-Use-head-n1-for-busybox-compatibility.patch b/meta-oe/recipes-security/keyutils/files/0002-tests-Use-head-n1-for-busybox-compatibility.patch new file mode 100644 index 0000000000..900f2f0ec9 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/0002-tests-Use-head-n1-for-busybox-compatibility.patch @@ -0,0 +1,64 @@ +From 5e660f246bb04560692ac9fc144574732c7e19e7 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Thu, 26 Jan 2023 08:28:16 +0000 +Subject: [PATCH 2/2] tests: Use `head -n1` for busybox compatibility + +Upstream-Status: Pending +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + tests/keyctl/session/valid/runtest.sh | 4 ++-- + tests/keyctl/show/noargs/runtest.sh | 2 +- + tests/toolbox.inc.sh | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/keyctl/session/valid/runtest.sh b/tests/keyctl/session/valid/runtest.sh +index 4c831314c0b0..456e9f32de23 100644 +--- a/tests/keyctl/session/valid/runtest.sh ++++ b/tests/keyctl/session/valid/runtest.sh +@@ -17,7 +17,7 @@ then + expect_key_rdesc rdesc "keyring@.*@.*@.*@_ses[^@]*\$" + + # check the session keyring ID is shown +- seskeyring="`tail -2 $OUTPUTFILE | head -1`" ++ seskeyring="`tail -2 $OUTPUTFILE | head -n1`" + if ! expr "$seskeyring" : "Joined session keyring: [0-9]*" >&/dev/null + then + failed +@@ -30,7 +30,7 @@ new_session qwerty keyctl rdescribe @s "@" + expect_key_rdesc rdesc "keyring@.*@.*@.*@qwerty" + + # check the session keyring ID is shown +-seskeyring="`tail -2 $OUTPUTFILE | head -1`" ++seskeyring="`tail -2 $OUTPUTFILE | head -n1`" + if ! expr "$seskeyring" : "Joined session keyring: [0-9]*" >&/dev/null + then + failed +diff --git a/tests/keyctl/show/noargs/runtest.sh b/tests/keyctl/show/noargs/runtest.sh +index d5072716c76a..a6d8b6b585c4 100644 +--- a/tests/keyctl/show/noargs/runtest.sh ++++ b/tests/keyctl/show/noargs/runtest.sh +@@ -31,7 +31,7 @@ then + fi + + # the first key listed (line 2) should be a keying (the session keyring) ... +-keyring1="`grep -n keyring $OUTPUTFILE | cut -d: -f1 | head -1`" ++keyring1="`grep -n keyring $OUTPUTFILE | cut -d: -f1 | head -n1`" + if [ "$keyring1" != "4" ] + then + failed +diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh +index 7ea2f253ba7d..a461a73daaa3 100644 +--- a/tests/toolbox.inc.sh ++++ b/tests/toolbox.inc.sh +@@ -229,7 +229,7 @@ function check_notify () + if [ "$1" = "-2" ] + then + shift +- my_logline="`tail -2 $watch_log | head -1`" ++ my_logline="`tail -2 $watch_log | head -n1`" + else + my_logline="`tail -1 $watch_log`" + fi +-- +2.39.0 + diff --git a/meta-oe/recipes-security/keyutils/files/fix_library_install_path.patch b/meta-oe/recipes-security/keyutils/files/fix_library_install_path.patch new file mode 100644 index 0000000000..938fe2eb57 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/fix_library_install_path.patch @@ -0,0 +1,28 @@ +From b0355cc205543ffd33752874295139d57c4fbc3e Mon Sep 17 00:00:00 2001 +From: Wenzong Fan <wenzong.fan@windriver.com> +Date: Tue, 26 Sep 2017 07:59:51 +0000 +Subject: [PATCH] Subject: [PATCH] keyutils: use relative path for link + +The absolute path of the symlink will be invalid +when populated in sysroot, so use relative path instead. + +Upstream-Status: Pending + +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +{rebased for 1.6] +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: keyutils-1.6/Makefile +=================================================================== +--- keyutils-1.6.orig/Makefile ++++ keyutils-1.6/Makefile +@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0) + $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) + $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME) + mkdir -p $(DESTDIR)$(USRLIBDIR) +- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) ++ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) + sed \ + -e 's,@VERSION\@,$(VERSION),g' \ + -e 's,@prefix\@,$(PREFIX),g' \ diff --git a/meta-oe/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/meta-oe/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch new file mode 100644 index 0000000000..acd91c01c4 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch @@ -0,0 +1,42 @@ +fix keyutils test error report + +Upstream-Status: Pending + +"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED. +"Required key not available" may be the reason of EKEYREVOKED. +EXPIRED and REVOKED are 2 status of kernel security keys features. +But the userspace keyutils lib will output the error message, which may +have several reasons. + +Signed-off-by: Han Chao <chan@windriver.com> + +diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh +index bbca00a..739e9d0 100644 +--- a/tests/toolbox.inc.sh ++++ b/tests/toolbox.inc.sh +@@ -227,11 +227,12 @@ function expect_error () + ;; + EKEYEXPIRED) + my_err="Key has expired" +- alt_err="Unknown error 127" ++ alt_err="Permission denied" + ;; + EKEYREVOKED) + my_err="Key has been revoked" +- alt_err="Unknown error 128" ++ alt_err="Permission denied" ++ alt2_err="Required key not available" + ;; + EKEYREJECTED) + my_err="Key has been rejected" +@@ -249,6 +250,9 @@ function expect_error () + elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null + then + : ++ elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null ++ then ++ : + elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null + then + : + diff --git a/meta-oe/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/meta-oe/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch new file mode 100644 index 0000000000..a4ffd50ce5 --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch @@ -0,0 +1,41 @@ +From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Mon, 15 May 2017 14:52:00 +0800 +Subject: [PATCH] keyutils: fix output format + +keyutils ptest output format is incorrect, according to yocto +Development Manual +(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest) +5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake: +<result>: <testname> +where the result can be PASS, FAIL, or SKIP, and the testname can be any +identifying string. +So we should change the test result format to match yocto ptest rules. + +Upstream-Status: Inappropriate [OE ptest specific] + +Signed-off-by: Li Wang <li.wang@windriver.com> +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +--- + tests/runtest.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tests/runtest.sh b/tests/runtest.sh +index b6eaa7c..84263fb 100644 +--- a/tests/runtest.sh ++++ b/tests/runtest.sh +@@ -21,6 +21,11 @@ for i in ${TESTS}; do + echo "### RUNNING TEST $i" + if [[ $AUTOMATED != 0 ]] ; then + bash ./runtest.sh ++ if [ $? != 0 ]; then ++ echo "FAIL: $i" ++ else ++ echo "PASS: $i" ++ fi + else + bash ./runtest.sh || exit 1 + fi +-- +2.11.0 + diff --git a/meta-oe/recipes-security/keyutils/files/run-ptest b/meta-oe/recipes-security/keyutils/files/run-ptest new file mode 100755 index 0000000000..305707f65d --- /dev/null +++ b/meta-oe/recipes-security/keyutils/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh +export AUTOMATED=1 +make -C tests run |