* ima-evm-utils: library version @ 2019-07-24 12:51 Mimi Zohar 2019-07-24 17:28 ` Vitaly Chikunov 0 siblings, 1 reply; 6+ messages in thread From: Mimi Zohar @ 2019-07-24 12:51 UTC (permalink / raw) To: Petr Vorel, BrunoE.O.Meneguele, Dmitry Eremin-Solenikov, Vitaly Chikunov Cc: linux-integrity Hi - In preparing the ima-evm-utils v1.2 release, I noticed that the library version was never updated. It is still "0.0.0". Should I set it to something? If so, what versioning scheme do you recommend - using the libtool current[:revision[:age]], prepending the release version on the .so, or suffixing the release version on the .so? The other option is to leave the version as 0.0.0 and let the distro package maintainers deal with it. Posting a patch that sets the library version would be most welcome. thanks! Mimi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ima-evm-utils: library version 2019-07-24 12:51 ima-evm-utils: library version Mimi Zohar @ 2019-07-24 17:28 ` Vitaly Chikunov 2019-07-24 18:04 ` Bruno E. O. Meneguele 2019-07-24 19:17 ` Vitaly Chikunov 0 siblings, 2 replies; 6+ messages in thread From: Vitaly Chikunov @ 2019-07-24 17:28 UTC (permalink / raw) To: Mimi Zohar Cc: Petr Vorel, BrunoE.O.Meneguele, Dmitry Eremin-Solenikov, linux-integrity Mimi, On Wed, Jul 24, 2019 at 08:51:38AM -0400, Mimi Zohar wrote: > > In preparing the ima-evm-utils v1.2 release, I noticed that the > library version was never updated. It is still "0.0.0". Should I set > it to something? If so, what versioning scheme do you recommend - > using the libtool current[:revision[:age]], prepending the release > version on the .so, or suffixing the release version on the .so? libtool rules should be followed: https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html I think you should change 0.0.0 to 1.0.0 just before release. Since we are changed ABI of calc_keyid_v2 (RSA *key -> EVP_PKEY *pkey). (There is also changes to read_pub_pkey and get_filesize.) > The other option is to leave the version as 0.0.0 and let the distro > package maintainers deal with it. I think you should update it properly. > Posting a patch that sets the library version would be most welcome. diff --git a/src/Makefile.am b/src/Makefile.am index 9c037e2..b794c50 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,7 +4,7 @@ libimaevm_la_SOURCES = libimaevm.c libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) # current[:revision[:age]] # result: [current-age].age.revision -libimaevm_la_LDFLAGS = -version-info 0:0:0 +libimaevm_la_LDFLAGS = -version-info 1:0:0 libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) Thanks, ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: ima-evm-utils: library version 2019-07-24 17:28 ` Vitaly Chikunov @ 2019-07-24 18:04 ` Bruno E. O. Meneguele 2019-07-25 0:36 ` Mimi Zohar 2019-07-24 19:17 ` Vitaly Chikunov 1 sibling, 1 reply; 6+ messages in thread From: Bruno E. O. Meneguele @ 2019-07-24 18:04 UTC (permalink / raw) To: Mimi Zohar, Petr Vorel, Dmitry Eremin-Solenikov, linux-integrity [-- Attachment #1: Type: text/plain, Size: 2310 bytes --] Hi Mimi, On Wed, Jul 24, 2019 at 08:28:01PM +0300, Vitaly Chikunov wrote: > Mimi, > > On Wed, Jul 24, 2019 at 08:51:38AM -0400, Mimi Zohar wrote: > > > > In preparing the ima-evm-utils v1.2 release, I noticed that the > > library version was never updated. It is still "0.0.0". Should I set > > it to something? If so, what versioning scheme do you recommend - > > using the libtool current[:revision[:age]], prepending the release > > version on the .so, or suffixing the release version on the .so? > > libtool rules should be followed: > > https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html > > I think you should change 0.0.0 to 1.0.0 just before release. Since we are > changed ABI of calc_keyid_v2 (RSA *key -> EVP_PKEY *pkey). (There is also > changes to read_pub_pkey and get_filesize.) > Yep, I agree with that: libtool scheme for sure, thus the linker can easily handle the dependency without the need for manual relinkage from our users whenever possible, i.e. "current" and "age" getting increased by 1 means the interface is backward compatible to the last release and don't require a new linkage step of user's tool. > > The other option is to leave the version as 0.0.0 and let the distro > > package maintainers deal with it. > > I think you should update it properly. > Not every packager is aware of tool's internals/source code, and let them face possible user crashes due to "invalid interface calls" is pretty bad to the tool community itself. > > Posting a patch that sets the library version would be most welcome. > > diff --git a/src/Makefile.am b/src/Makefile.am > index 9c037e2..b794c50 100644 > --- a/src/Makefile.am > +++ b/src/Makefile.am > @@ -4,7 +4,7 @@ libimaevm_la_SOURCES = libimaevm.c > libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) > # current[:revision[:age]] > # result: [current-age].age.revision > -libimaevm_la_LDFLAGS = -version-info 0:0:0 > +libimaevm_la_LDFLAGS = -version-info 1:0:0 > libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) > > Thanks, And I also agree with his patch, changing -version-info to 1:0:0, bumping "current" number, since the interface was indeed changed since v1.1 release of ima-evm-utils. Thanks for catching that :)) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ima-evm-utils: library version 2019-07-24 18:04 ` Bruno E. O. Meneguele @ 2019-07-25 0:36 ` Mimi Zohar 0 siblings, 0 replies; 6+ messages in thread From: Mimi Zohar @ 2019-07-25 0:36 UTC (permalink / raw) To: Bruno E. O. Meneguele, Petr Vorel, Dmitry Eremin-Solenikov, linux-integrity On Wed, 2019-07-24 at 15:04 -0300, Bruno E. O. Meneguele wrote: > On Wed, Jul 24, 2019 at 08:28:01PM +0300, Vitaly Chikunov wrote: > > diff --git a/src/Makefile.am b/src/Makefile.am > > index 9c037e2..b794c50 100644 > > --- a/src/Makefile.am > > +++ b/src/Makefile.am > > @@ -4,7 +4,7 @@ libimaevm_la_SOURCES = libimaevm.c > > libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) > > # current[:revision[:age]] > > # result: [current-age].age.revision > > -libimaevm_la_LDFLAGS = -version-info 0:0:0 > > +libimaevm_la_LDFLAGS = -version-info 1:0:0 > > libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) > > > > Thanks, > > And I also agree with his patch, changing -version-info to 1:0:0, > bumping "current" number, since the interface was indeed changed since > v1.1 release of ima-evm-utils. > > Thanks for catching that :)) Thanks! We'll use the libtool versioning. Mimi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ima-evm-utils: library version 2019-07-24 17:28 ` Vitaly Chikunov 2019-07-24 18:04 ` Bruno E. O. Meneguele @ 2019-07-24 19:17 ` Vitaly Chikunov 2019-07-24 22:27 ` Mimi Zohar 1 sibling, 1 reply; 6+ messages in thread From: Vitaly Chikunov @ 2019-07-24 19:17 UTC (permalink / raw) To: Mimi Zohar, Petr Vorel, BrunoE.O.Meneguele, Dmitry Eremin-Solenikov, linux-integrity Btw, On Wed, Jul 24, 2019 at 08:28:01PM +0300, Vitaly Chikunov wrote: > On Wed, Jul 24, 2019 at 08:51:38AM -0400, Mimi Zohar wrote: > > > > In preparing the ima-evm-utils v1.2 release, I noticed that the > > library version was never updated. It is still "0.0.0". Should I set > > it to something? If so, what versioning scheme do you recommend - > > using the libtool current[:revision[:age]], prepending the release > > version on the .so, or suffixing the release version on the .so? > > libtool rules should be followed: > > https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html > > I think you should change 0.0.0 to 1.0.0 just before release. Since we are > changed ABI of calc_keyid_v2 (RSA *key -> EVP_PKEY *pkey). (There is also > changes to read_pub_pkey and get_filesize.) Speaking about ABI: src/ima-evm-utils (tests)$ readelf --dyn-syms src/.libs/libimaevm.so | egrep -vw 'UND|_edata|_fini|_init|_end|__bss_start' Num: Value Size Type Bind Vis Ndx Name 74: 0000000000003bf6 1047 FUNC GLOBAL DEFAULT 12 sign_hash_v1 75: 0000000000002c5b 783 FUNC GLOBAL DEFAULT 12 read_pub_pkey 77: 000000000000400d 836 FUNC GLOBAL DEFAULT 12 sign_hash_v2 78: 0000000000004351 56 FUNC GLOBAL DEFAULT 12 sign_hash 81: 0000000000003795 198 FUNC GLOBAL DEFAULT 12 key2bin 83: 00000000000025f3 1640 FUNC GLOBAL DEFAULT 12 ima_calc_hash 84: 0000000000003204 232 FUNC GLOBAL DEFAULT 12 get_hash_algo 85: 00000000000032ec 836 FUNC GLOBAL DEFAULT 12 verify_hash 87: 0000000000003630 357 FUNC GLOBAL DEFAULT 12 ima_verify_signature 88: 000000000000385b 204 FUNC GLOBAL DEFAULT 12 calc_keyid_v1 89: 0000000000205d20 144 OBJECT GLOBAL DEFAULT 20 hash_algo_name 90: 0000000000003927 308 FUNC GLOBAL DEFAULT 12 calc_keyid_v2 91: 0000000000002566 34 FUNC GLOBAL DEFAULT 12 dump 92: 0000000000003a5b 411 FUNC GLOBAL DEFAULT 12 init_public_keys 93: 0000000000205c80 160 OBJECT GLOBAL DEFAULT 20 pkey_hash_algo 94: 00000000002062c0 32 OBJECT GLOBAL DEFAULT 24 params 95: 0000000000205be0 160 OBJECT GLOBAL DEFAULT 20 pkey_hash_algo_kern 96: 0000000000002588 107 FUNC GLOBAL DEFAULT 12 get_hash_algo_by_id 97: 0000000000002f6a 113 FUNC GLOBAL DEFAULT 12 read_pub_key 98: 0000000000002509 93 FUNC GLOBAL DEFAULT 12 do_dump This looks not very good. Names like `dump', `do_dump', `params' aren't good for public ABI. And should be prefixed, or removed. Probably, some (or all) others too. Prefix could be something like `ima_', like in `ima_calc_hash'. Thanks, ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ima-evm-utils: library version 2019-07-24 19:17 ` Vitaly Chikunov @ 2019-07-24 22:27 ` Mimi Zohar 0 siblings, 0 replies; 6+ messages in thread From: Mimi Zohar @ 2019-07-24 22:27 UTC (permalink / raw) To: Vitaly Chikunov, Petr Vorel, BrunoE.O.Meneguele, Dmitry Eremin-Solenikov, linux-integrity On Wed, 2019-07-24 at 22:17 +0300, Vitaly Chikunov wrote: > Btw, > > On Wed, Jul 24, 2019 at 08:28:01PM +0300, Vitaly Chikunov wrote: > > On Wed, Jul 24, 2019 at 08:51:38AM -0400, Mimi Zohar wrote: > > > > > > In preparing the ima-evm-utils v1.2 release, I noticed that the > > > library version was never updated. It is still "0.0.0". Should I set > > > it to something? If so, what versioning scheme do you recommend - > > > using the libtool current[:revision[:age]], prepending the release > > > version on the .so, or suffixing the release version on the .so? > > > > libtool rules should be followed: > > > > https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html > > > > I think you should change 0.0.0 to 1.0.0 just before release. Since we are > > changed ABI of calc_keyid_v2 (RSA *key -> EVP_PKEY *pkey). (There is also > > changes to read_pub_pkey and get_filesize.) > > Speaking about ABI: > > src/ima-evm-utils (tests)$ readelf --dyn-syms src/.libs/libimaevm.so | egrep -vw 'UND|_edata|_fini|_init|_end|__bss_start' > Num: Value Size Type Bind Vis Ndx Name > 74: 0000000000003bf6 1047 FUNC GLOBAL DEFAULT 12 sign_hash_v1 > 75: 0000000000002c5b 783 FUNC GLOBAL DEFAULT 12 read_pub_pkey > 77: 000000000000400d 836 FUNC GLOBAL DEFAULT 12 sign_hash_v2 > 78: 0000000000004351 56 FUNC GLOBAL DEFAULT 12 sign_hash > 81: 0000000000003795 198 FUNC GLOBAL DEFAULT 12 key2bin > 83: 00000000000025f3 1640 FUNC GLOBAL DEFAULT 12 ima_calc_hash > 84: 0000000000003204 232 FUNC GLOBAL DEFAULT 12 get_hash_algo > 85: 00000000000032ec 836 FUNC GLOBAL DEFAULT 12 verify_hash > 87: 0000000000003630 357 FUNC GLOBAL DEFAULT 12 ima_verify_signature > 88: 000000000000385b 204 FUNC GLOBAL DEFAULT 12 calc_keyid_v1 > 89: 0000000000205d20 144 OBJECT GLOBAL DEFAULT 20 hash_algo_name > 90: 0000000000003927 308 FUNC GLOBAL DEFAULT 12 calc_keyid_v2 > 91: 0000000000002566 34 FUNC GLOBAL DEFAULT 12 dump > 92: 0000000000003a5b 411 FUNC GLOBAL DEFAULT 12 init_public_keys > 93: 0000000000205c80 160 OBJECT GLOBAL DEFAULT 20 pkey_hash_algo > 94: 00000000002062c0 32 OBJECT GLOBAL DEFAULT 24 params > 95: 0000000000205be0 160 OBJECT GLOBAL DEFAULT 20 pkey_hash_algo_kern > 96: 0000000000002588 107 FUNC GLOBAL DEFAULT 12 get_hash_algo_by_id > 97: 0000000000002f6a 113 FUNC GLOBAL DEFAULT 12 read_pub_key > 98: 0000000000002509 93 FUNC GLOBAL DEFAULT 12 do_dump > > This looks not very good. Names like `dump', `do_dump', `params' aren't good > for public ABI. And should be prefixed, or removed. Probably, some (or all) > others too. Prefix could be something like `ima_', like in `ima_calc_hash'. At least sign_hash_v1() and sign_hash_v2() can be addressed by making them static. Looking to see if there are others. Mimi ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-07-25 0:37 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-07-24 12:51 ima-evm-utils: library version Mimi Zohar 2019-07-24 17:28 ` Vitaly Chikunov 2019-07-24 18:04 ` Bruno E. O. Meneguele 2019-07-25 0:36 ` Mimi Zohar 2019-07-24 19:17 ` Vitaly Chikunov 2019-07-24 22:27 ` Mimi Zohar
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).