[PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL

[PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL

[Dmitry Eremin-Solenikov]

There is no need to link to full libssl. evmctl uses functions from
libcrypto, so let's link only against that library.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---
 configure.ac    | 4 +---
 src/Makefile.am | 9 ++++-----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index 10d1d88ccdc7..9beb4b6c2377 100644
--- a/configure.ac
+++ b/configure.ac
@@ -24,9 +24,7 @@ LT_INIT
 # Checks for header files.
 AC_HEADER_STDC
 
-PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ])
-AC_SUBST(OPENSSL_CFLAGS)
-AC_SUBST(OPENSSL_LIBS)
+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ])
 AC_SUBST(KERNEL_HEADERS)
 AC_CHECK_HEADER(unistd.h)
 AC_CHECK_HEADERS(openssl/conf.h)
diff --git a/src/Makefile.am b/src/Makefile.am
index d74fc6f6e190..b81281a31d9b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,11 +1,11 @@
 lib_LTLIBRARIES = libimaevm.la
 
 libimaevm_la_SOURCES = libimaevm.c
-libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
+libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
 # current[:revision[:age]]
 # result: [current-age].age.revision
 libimaevm_la_LDFLAGS = -version-info 0:0:0
-libimaevm_la_LIBADD =  $(OPENSSL_LIBS)
+libimaevm_la_LIBADD =  $(LIBCRYPTO_LIBS)
 
 include_HEADERS = imaevm.h
 
@@ -17,12 +17,11 @@ hash_info.h: Makefile
 bin_PROGRAMS = evmctl
 
 evmctl_SOURCES = evmctl.c
-evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
+evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
 evmctl_LDFLAGS = $(LDFLAGS_READLINE)
-evmctl_LDADD =  $(OPENSSL_LIBS) -lkeyutils libimaevm.la
+evmctl_LDADD =  $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
 
 INCLUDES = -I$(top_srcdir) -include config.h
 
 CLEANFILES = hash_info.h
 DISTCLEANFILES = @DISTCLEANFILES@
-
-- 
2.20.1

[PATCH 2/4] ima-evm-utils: replace INCLUDES with AM_CPPFLAGS

[Dmitry Eremin-Solenikov]

Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning
about deprecated variable usage.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---
 src/Makefile.am | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index b81281a31d9b..164e7e4af020 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,7 +1,7 @@
 lib_LTLIBRARIES = libimaevm.la
 
 libimaevm_la_SOURCES = libimaevm.c
-libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
 # current[:revision[:age]]
 # result: [current-age].age.revision
 libimaevm_la_LDFLAGS = -version-info 0:0:0
@@ -17,11 +17,11 @@ hash_info.h: Makefile
 bin_PROGRAMS = evmctl
 
 evmctl_SOURCES = evmctl.c
-evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
 evmctl_LDFLAGS = $(LDFLAGS_READLINE)
 evmctl_LDADD =  $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
 
-INCLUDES = -I$(top_srcdir) -include config.h
+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
 
 CLEANFILES = hash_info.h
 DISTCLEANFILES = @DISTCLEANFILES@
-- 
2.20.1

[PATCH 3/4] ima-evm-utils: include hash-info.gen into distribution

[Dmitry Eremin-Solenikov]

Include hash-info.gen into tarball and call it from the sourcedir to fix
out-of-tree build (and thus 'make distcheck').

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---
 src/Makefile.am | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 164e7e4af020..9c037e21dc4f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -11,8 +11,9 @@ include_HEADERS = imaevm.h
 
 nodist_libimaevm_la_SOURCES = hash_info.h
 BUILT_SOURCES = hash_info.h
+EXTRA_DIST = hash_info.gen
 hash_info.h: Makefile
-	./hash_info.gen $(KERNEL_HEADERS) >$@
+	$(srcdir)/hash_info.gen $(KERNEL_HEADERS) >$@
 
 bin_PROGRAMS = evmctl
 
-- 
2.20.1

[PATCH 4/4] ima-evm-utils: update .gitignore files

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---
 .gitignore     | 1 +
 src/.gitignore | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 src/.gitignore

diff --git a/.gitignore b/.gitignore
index ca7a06ea94ff..cb82166fe13f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,7 @@ cscope.*
 ncscope.*
 
 # Generated documentation
+*.1
 *.8
 *.5
 manpage.links
diff --git a/src/.gitignore b/src/.gitignore
new file mode 100644
index 000000000000..38e8e3ca60fb
--- /dev/null
+++ b/src/.gitignore
@@ -0,0 +1 @@
+hash_info.h
-- 
2.20.1

Re: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL

[Mimi Zohar]

On Thu, 2019-05-23 at 15:26 +0300, Dmitry Eremin-Solenikov wrote:
> There is no need to link to full libssl. evmctl uses functions from
> libcrypto, so let's link only against that library.
> 
> Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Thank you for this patch and the other three.  They're all now in the
next branch.

Mimi

Re: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL

[Dmitry Eremin-Solenikov]

чт, 23 мая 2019 г. в 18:13, Mimi Zohar <zohar@linux.ibm.com>:
>
> On Thu, 2019-05-23 at 15:26 +0300, Dmitry Eremin-Solenikov wrote:
> > There is no need to link to full libssl. evmctl uses functions from
> > libcrypto, so let's link only against that library.
> >
> > Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
>
> Thank you for this patch and the other three.  They're all now in the
> next branch.

Thank you!

-- 
With best wishes
Dmitry

Re: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL

[Vitaly Chikunov]

Dmitry,

On Thu, May 23, 2019 at 03:26:20PM +0300, Dmitry Eremin-Solenikov wrote:
> There is no need to link to full libssl. evmctl uses functions from
> libcrypto, so let's link only against that library.

Btw, this breaks my tests in my set up with gost-engine, making evmctl
crash on OPENSSL_init_crypto (in bind_gost). Did not investigate real
cause yet. I test with latest version of gost-engine (e372739) and
openssl 0fc4d00a00.


> 
> Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
> ---
>  configure.ac    | 4 +---
>  src/Makefile.am | 9 ++++-----
>  2 files changed, 5 insertions(+), 8 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 10d1d88ccdc7..9beb4b6c2377 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -24,9 +24,7 @@ LT_INIT
>  # Checks for header files.
>  AC_HEADER_STDC
>  
> -PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ])
> -AC_SUBST(OPENSSL_CFLAGS)
> -AC_SUBST(OPENSSL_LIBS)
> +PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ])
>  AC_SUBST(KERNEL_HEADERS)
>  AC_CHECK_HEADER(unistd.h)
>  AC_CHECK_HEADERS(openssl/conf.h)
> diff --git a/src/Makefile.am b/src/Makefile.am
> index d74fc6f6e190..b81281a31d9b 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -1,11 +1,11 @@
>  lib_LTLIBRARIES = libimaevm.la
>  
>  libimaevm_la_SOURCES = libimaevm.c
> -libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
> +libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
>  # current[:revision[:age]]
>  # result: [current-age].age.revision
>  libimaevm_la_LDFLAGS = -version-info 0:0:0
> -libimaevm_la_LIBADD =  $(OPENSSL_LIBS)
> +libimaevm_la_LIBADD =  $(LIBCRYPTO_LIBS)
>  
>  include_HEADERS = imaevm.h
>  
> @@ -17,12 +17,11 @@ hash_info.h: Makefile
>  bin_PROGRAMS = evmctl
>  
>  evmctl_SOURCES = evmctl.c
> -evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
> +evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
>  evmctl_LDFLAGS = $(LDFLAGS_READLINE)
> -evmctl_LDADD =  $(OPENSSL_LIBS) -lkeyutils libimaevm.la
> +evmctl_LDADD =  $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
>  
>  INCLUDES = -I$(top_srcdir) -include config.h
>  
>  CLEANFILES = hash_info.h
>  DISTCLEANFILES = @DISTCLEANFILES@
> -
> -- 
> 2.20.1

Re: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL

[Vitaly Chikunov]

Dmitry,

On Thu, Jul 11, 2019 at 06:07:32PM +0300, Vitaly Chikunov wrote:
> On Thu, May 23, 2019 at 03:26:20PM +0300, Dmitry Eremin-Solenikov wrote:
> > There is no need to link to full libssl. evmctl uses functions from
> > libcrypto, so let's link only against that library.
> 
> Btw, this breaks my tests in my set up with gost-engine, making evmctl
> crash on OPENSSL_init_crypto (in bind_gost). Did not investigate real
> cause yet. I test with latest version of gost-engine (e372739) and
> openssl 0fc4d00a00.

Sorry, this was my set up failure. Previously I was defining
`OPENSSL_LIBS="-L$HOME/src/openssl -lssl -lcrypto"` to link with custom
OpenSSL build. Now I should just define
`LIBCRYPTO_LIBS="-L$HOME/src/openssl -lcrypto"` instead.

So there is no error in these commits.

Thanks,