Skip to content

Commit

Permalink
Use imaevm_signhash if available
Browse files Browse the repository at this point in the history
sign_hash is deprecated in the newest libimaevm

Co-authored-by: Michal Domonkos <[email protected]>
Resolves: #3419
  • Loading branch information
ffesti and dmnks committed Nov 21, 2024
1 parent 4806340 commit 93f2d30
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 0 deletions.
1 change: 1 addition & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ endif()

if (WITH_IMAEVM)
list(APPEND REQFUNCS lsetxattr)
check_library_exists(imaevm imaevm_signhash "" HAVE_IMAEVM_SIGNHASH)
add_library(IMA::IMA UNKNOWN IMPORTED)
find_path(IMA_INCLUDE_DIR NAMES imaevm.h REQUIRED)
find_library(IMA_LIBRARY NAMES imaevm REQUIRED)
Expand Down
1 change: 1 addition & 0 deletions config.h.in
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
#cmakedefine HAVE_LINUX_FSVERITY_H @HAVE_LINUX_FSVERITY_H@
#cmakedefine HAVE_LOCALTIME_R @HAVE_LOCALTIME_R@
#cmakedefine HAVE_LSETXATTR @HAVE_LSETXATTR@
#cmakedefine HAVE_IMAEVM_SIGNHASH @HAVE_IMAEVM_SIGNHASH@
#cmakedefine HAVE_LUTIMES @HAVE_LUTIMES@
#cmakedefine HAVE_LZMA_H @HAVE_LZMA_H@
#cmakedefine HAVE_MEMORY_H @HAVE_MEMORY_H@
Expand Down
9 changes: 9 additions & 0 deletions sign/rpmsignfiles.cc
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,16 @@ const char *key, char *keypass, uint32_t *siglenp)
signature[0] = '\x03';

/* calculate file signature */
#if HAVE_IMAEVM_SIGNHASH
imaevm_ossl_access access_info = {
.type = IMAEVM_OSSL_ACCESS_TYPE_NONE,
};
siglen = imaevm_signhash(algo, fdigest, diglen, key, keypass, signature+1, 0, &access_info, 0);

#else
siglen = sign_hash(algo, fdigest, diglen, key, keypass, signature+1);
#endif

if (siglen < 0) {
rpmlog(RPMLOG_ERR, _("sign_hash failed\n"));
return NULL;
Expand Down

0 comments on commit 93f2d30

Please sign in to comment.