Re: ima-evm-utils: library version

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: Vitaly Chikunov <vt@altlinux.org>, Petr Vorel <pvorel@suse.cz>,
	"BrunoE.O.Meneguele" <bmeneg@redhat.com>,
	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>,
	linux-integrity <linux-integrity@vger.kernel.org>
Subject: Re: ima-evm-utils:  library version
Date: Wed, 24 Jul 2019 18:27:59 -0400	[thread overview]
Message-ID: <1564007279.4245.59.camel@linux.ibm.com> (raw)
In-Reply-To: <20190724191733.466tex2pqoikmyfl@altlinux.org>

On Wed, 2019-07-24 at 22:17 +0300, Vitaly Chikunov wrote:
> Btw,
> 
> On Wed, Jul 24, 2019 at 08:28:01PM +0300, Vitaly Chikunov wrote:
> > On Wed, Jul 24, 2019 at 08:51:38AM -0400, Mimi Zohar wrote:
> > > 
> > > In preparing the ima-evm-utils v1.2 release, I noticed that the
> > > library version was never updated.  It is still "0.0.0".  Should I set
> > > it to something?  If so, what versioning scheme do you recommend -
> > > using the libtool current[:revision[:age]], prepending the release
> > > version on the .so, or suffixing the release version on the .so?
> > 
> > libtool rules should be followed:
> > 
> >   https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
> > 
> > I think you should change 0.0.0 to 1.0.0 just before release. Since we are
> > changed ABI of calc_keyid_v2 (RSA *key -> EVP_PKEY *pkey). (There is also
> > changes to read_pub_pkey and get_filesize.)
> 
> Speaking about ABI:
> 
>    src/ima-evm-utils (tests)$ readelf --dyn-syms src/.libs/libimaevm.so | egrep -vw 'UND|_edata|_fini|_init|_end|__bss_start'
>    Num:    Value          Size Type    Bind   Vis      Ndx Name
>     74: 0000000000003bf6  1047 FUNC    GLOBAL DEFAULT   12 sign_hash_v1
>     75: 0000000000002c5b   783 FUNC    GLOBAL DEFAULT   12 read_pub_pkey
>     77: 000000000000400d   836 FUNC    GLOBAL DEFAULT   12 sign_hash_v2
>     78: 0000000000004351    56 FUNC    GLOBAL DEFAULT   12 sign_hash
>     81: 0000000000003795   198 FUNC    GLOBAL DEFAULT   12 key2bin
>     83: 00000000000025f3  1640 FUNC    GLOBAL DEFAULT   12 ima_calc_hash
>     84: 0000000000003204   232 FUNC    GLOBAL DEFAULT   12 get_hash_algo
>     85: 00000000000032ec   836 FUNC    GLOBAL DEFAULT   12 verify_hash
>     87: 0000000000003630   357 FUNC    GLOBAL DEFAULT   12 ima_verify_signature
>     88: 000000000000385b   204 FUNC    GLOBAL DEFAULT   12 calc_keyid_v1
>     89: 0000000000205d20   144 OBJECT  GLOBAL DEFAULT   20 hash_algo_name
>     90: 0000000000003927   308 FUNC    GLOBAL DEFAULT   12 calc_keyid_v2
>     91: 0000000000002566    34 FUNC    GLOBAL DEFAULT   12 dump
>     92: 0000000000003a5b   411 FUNC    GLOBAL DEFAULT   12 init_public_keys
>     93: 0000000000205c80   160 OBJECT  GLOBAL DEFAULT   20 pkey_hash_algo
>     94: 00000000002062c0    32 OBJECT  GLOBAL DEFAULT   24 params
>     95: 0000000000205be0   160 OBJECT  GLOBAL DEFAULT   20 pkey_hash_algo_kern
>     96: 0000000000002588   107 FUNC    GLOBAL DEFAULT   12 get_hash_algo_by_id
>     97: 0000000000002f6a   113 FUNC    GLOBAL DEFAULT   12 read_pub_key
>     98: 0000000000002509    93 FUNC    GLOBAL DEFAULT   12 do_dump
> 
> This looks not very good. Names like `dump', `do_dump', `params' aren't good
> for public ABI. And should be prefixed, or removed. Probably, some (or all)
> others too. Prefix could be something like `ima_', like in `ima_calc_hash'.

At least sign_hash_v1() and sign_hash_v2() can be addressed by making
them static.  Looking to see if there are others.

Mimi

     prev parent reply	other threads:[~2019-07-24 22:28 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-24 12:51 ima-evm-utils: library version Mimi Zohar
2019-07-24 17:28 ` Vitaly Chikunov
2019-07-24 18:04   ` Bruno E. O. Meneguele
2019-07-25  0:36     ` Mimi Zohar
2019-07-24 19:17   ` Vitaly Chikunov
2019-07-24 22:27     ` Mimi Zohar [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1564007279.4245.59.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=bmeneg@redhat.com \
    --cc=dbaryshkov@gmail.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=pvorel@suse.cz \
    --cc=vt@altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.