Rename upload_digest_lists to manage_digest_lists

d43b5806 · Roberto Sassu · fe575a00 · d43b5806 · d43b5806 · d43b5806
14 changed file
--- a/.gitignore
+++ b/.gitignore
 *.o
 src/gen_digest_lists
-src/upload_digest_lists
+src/manage_digest_lists
 src/verify_digest_lists

 tests/lib

--- a/README.en.md
+++ b/README.en.md
@@ -48,9 +48,9 @@ Lists extension:
  Generates digest lists from different sources, e.g. the RPM database, a RPM
  package or a directory;

- upload_digest_lists:
-  Converts digest lists of arbitrary formats to the format supported by the
-  kernel; it can also upload converted digest lists to the kernel;
+- manage_digest_lists:
+  Manages digest lists and converts digest lists of arbitrary formats to the
+  format supported by the kernel;

 - verify_digest_lists:
  Verifies the integrity of digest lists;
@@ -62,7 +62,7 @@ Lists extension:
 - setup_ima_digest_list_demo:
  Script with a predefined workflow to create digest lists.

-Both upload_digest_lists and gen_digest_lists have a modular design: they can
+Both manage_digest_lists and gen_digest_lists have a modular design: they can
 support additional parsers/generators. Third-party libraries should be placed in
 the $libdir/digestlist directory.

@@ -83,11 +83,11 @@ the $libdir/digestlist directory.
    | Base library (I/O, xattr, crypto) | <---- | Signing Key |            |
    +-----------------------------------+       +-------------+            |
                                           (2) provide signing key         |
-                                                             +------+--------------+
-                                                             | Sig  |  Digest list |
-                                                             |      |    (fmt N)   |
-                                                             +------+--------------+
-        upload_digest_lists:                                                   |
+                                                         +------+--------------+
+                                                         | Sig  |  Digest list |
+                                                         |      |    (fmt N)   |
+                                                         +------+--------------+
+    manage_digest_lists:                                                   |
                             (4) parse digest list (fmt N)                 |
    +----------+             +----------+                                  |
    | Parser 1 |     ...     | Parser N | <--------------------------------|
@@ -95,10 +95,10 @@ the $libdir/digestlist directory.
    +-----------------------------------+
    |    Compact list API (generator)   | (5) convert to compact list
    +-----------------------------------+
-    +-----------------------------------+             +--------+
-    |         Base library (I/O)        | ----------> | Kernel |
-    +-----------------------------------+             +--------+
-                                          (6) upload compact list
+    +-----------------------------------+
+    |         Base library (I/O)        |
+    +-----------------------------------+
+



@@ -487,15 +487,6 @@ this command can be obtained by executing the command:
 $ man gen_digest_lists
 ```

-#### Upload
-
-After digest lists have been generated, they can be uploaded by executing the
-command:
-
-```
-# upload_digest_lists
-```
-
 ### Integrity Verification

 The measurement list, after loading the digest lists, will look like:
@@ -503,7 +494,7 @@ The measurement list, after loading the digest lists, will look like:
 ```
 11 <digest> ima-ng <digest> boot_aggregate
 11 <digest> ima-ng <digest> /etc/keys/x509_ima.der
-11 <digest> ima-ng <digest> [...]/0-parser_list-compact-upload_digest_lists
+11 <digest> ima-ng <digest> [...]/0-parser_list-compact-manage_digest_lists
 11 <digest> ima-ng <digest> [...]/0-key_list-signing_key.der
 11 <digest> ima-ng <digest> [...]/1-parser_list-compact-libparser-ima.so
 11 <digest> ima-ng <digest> [...]/2-parser_list-compact-libparser-rpm.so

--- a/digest-list-tools.1
+++ b/digest-list-tools.1
 .\" Text automatically generated by txt2man
-.TH digest-list-tools  "03 June 2020" "" ""
+.TH untitled  "07 July 2020" "" ""
 .RS
 # digest-list-tools
 .PP
@@ -54,9 +54,9 @@ gen_digest_lists:
 Generates digest lists from different sources, e.g. the RPM database, a RPM
 package or a directory;
 .IP \(bu 3
-upload_digest_lists:
-Converts digest lists of arbitrary formats to the format supported by the
-kernel; it can also upload converted digest lists to the kernel;
+manage_digest_lists:
+Manages digest lists and converts digest lists of arbitrary formats to the
+format supported by the kernel;
 .IP \(bu 3
 verify_digest_lists:
 Verifies the integrity of digest lists;
@@ -68,7 +68,7 @@ the digest lists just created;
 setup_ima_digest_list_demo:
 Script with a predefined workflow to create digest lists.
 .PP
-Both upload_digest_lists and gen_digest_lists have a modular design: they can
+Both manage_digest_lists and gen_digest_lists have a modular design: they can
 support additional parsers/generators. Third-party libraries should be placed in
 the $libdir/digestlist directory.
 .RE
@@ -93,11 +93,11 @@ the $libdir/digestlist directory.
    | Base library (I/O, xattr, crypto) | <---- | Signing Key |            |
    +-----------------------------------+       +-------------+            |
                                           (2) provide signing key         |
-                                                             +------+--------------+
-                                                             | Sig  |  Digest list |
-                                                             |      |    (fmt N)   |
-                                                             +------+--------------+
-        upload_digest_lists:                                                   |
+                                                         +------+--------------+
+                                                         | Sig  |  Digest list |
+                                                         |      |    (fmt N)   |
+                                                         +------+--------------+
+    manage_digest_lists:                                                   |
                             (4) parse digest list (fmt N)                 |
    +----------+             +----------+                                  |
    | Parser 1 |     \.\.\.     | Parser N | <--------------------------------|
@@ -105,10 +105,10 @@ the $libdir/digestlist directory.
    +-----------------------------------+
    |    Compact list API (generator)   | (5) convert to compact list
    +-----------------------------------+
-    +-----------------------------------+             +--------+
-    |         Base library (I/O)        | ----------> | Kernel |
-    +-----------------------------------+             +--------+
-                                          (6) upload compact list
+    +-----------------------------------+
+    |         Base library (I/O)        |
+    +-----------------------------------+
+



@@ -543,15 +543,6 @@ this command can be obtained by executing the command:
 $ man gen_digest_lists
 ```
 .PP
-#### Upload
-.PP
-After digest lists have been generated, they can be uploaded by executing the
-command:
-.PP
-```
-# upload_digest_lists
-```
-.PP
 ### Integrity Verification
 .PP
 The measurement list, after loading the digest lists, will look like:
@@ -559,7 +550,7 @@ The measurement list, after loading the digest lists, will look like:
 ```
 11 <digest> ima-ng <digest> boot_aggregate
 11 <digest> ima-ng <digest> /etc/keys/x509_ima.der
-11 <digest> ima-ng <digest> [\.\.\.]/0-parser_list-compact-upload_digest_lists
+11 <digest> ima-ng <digest> [\.\.\.]/0-parser_list-compact-manage_digest_lists
 11 <digest> ima-ng <digest> [\.\.\.]/0-key_list-signing_key.der
 11 <digest> ima-ng <digest> [\.\.\.]/1-parser_list-compact-libparser-ima.so
 11 <digest> ima-ng <digest> [\.\.\.]/2-parser_list-compact-libparser-rpm.so

--- a/dist/rpm/digest-list-tools.spec
+++ b/dist/rpm/digest-list-tools.spec
@@ -54,7 +54,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/gen_digest_lists
 %{_bindir}/setup_ima_digest_lists
 %{_bindir}/setup_ima_digest_lists_demo
-%{_bindir}/upload_digest_lists
+%{_bindir}/manage_digest_lists
 %{_bindir}/verify_digest_lists
 %{_bindir}/write_rpm_pgp_sig
 %{_libdir}/libdigestlist-base.so
@@ -83,14 +83,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_datarootdir}/digest-list-tools/gen_digest_lists.txt
 %{_datarootdir}/digest-list-tools/setup_ima_digest_lists.txt
 %{_datarootdir}/digest-list-tools/setup_ima_digest_lists_demo.txt
-%{_datarootdir}/digest-list-tools/upload_digest_lists.txt
+%{_datarootdir}/digest-list-tools/manage_digest_lists.txt
 %{_datarootdir}/digest-list-tools/verify_digest_lists.txt
 %{_datarootdir}/digest-list-tools/write_rpm_pgp_sig.txt
 %{_mandir}/man1/gen_digest_lists.1.gz
 %{_mandir}/man1/setup_ima_digest_lists.1.gz
 %{_mandir}/man1/setup_ima_digest_lists_demo.1.gz
 %{_mandir}/man1/verify_digest_lists.1.gz
-%{_mandir}/man1/upload_digest_lists.1.gz
+%{_mandir}/man1/manage_digest_lists.1.gz
 %{_mandir}/man1/write_rpm_pgp_sig.1.gz
 %{_mandir}/man1/%{name}.1.gz


--- a/docs/Makefile.am
+++ b/docs/Makefile.am
 dist_pkgdata_DATA = gen_digest_lists.txt \
 		    setup_ima_digest_lists.txt \
 		    setup_ima_digest_lists_demo.txt \
-		    upload_digest_lists.txt \
+		    manage_digest_lists.txt \
 		    verify_digest_lists.txt \
 		    write_rpm_pgp_sig.txt

 man1_MANS = gen_digest_lists.1 \
 	    setup_ima_digest_lists.1 \
 	    setup_ima_digest_lists_demo.1 \
-	    upload_digest_lists.1 \
+	    manage_digest_lists.1 \
 	    verify_digest_lists.1 \
 	    write_rpm_pgp_sig.1
--- a/docs/upload_digest_lists.1
+++ b/docs/upload_digest_lists.1
 .\" Text automatically generated by txt2man
-.TH upload_digest_lists  "03 June 2020" "" ""
+.TH untitled  "07 July 2020" "" ""
 .SH NAME
-\fBupload_digest_lists \fP- upload digest lists
+\fBmanage_digest_lists \fP- manage and convert digest lists
 \fB
 .RE
 \fB
 .SH SYNOPSIS
 .nf
 .fam C
-\fBupload_digest_lists\fP [\fIoptions\fP]
+\fBmanage_digest_lists\fP [\fIoptions\fP]


 .fam T
@@ -16,7 +16,7 @@
 .fam T
 .fi
 .SH DESCRIPTION
-\fBupload_digest_lists\fP uploads digest lists to IMA or write the converted digest
+\fBmanage_digest_lists\fP manages the digest lists or write converted digest
 lists to a file.
 .RE
 .PP
@@ -29,8 +29,8 @@ lists to a file.
 \fB-o\fP <file>: write converted digest list to a file
 .PP
 \fB-p\fP <op>: specify parser operation:
-add-digest: add IMA digest to kernel/output file
-add-meta-digest: add EVM digest to kernel/output file
+add-digest: add IMA digest to output file
+add-meta-digest: add EVM digest to output file
 add-ima-xattr: set IMA xattr for files in the digest lists
 rm-ima-xattr: remove IMA xattr for files in the digest lists
 add-evm-xattr: set EVM xattr for files in the digest lists
@@ -49,14 +49,11 @@ repair-meta-digest-lists: set digest lists metadata
 .PP

 .SH EXAMPLES
-Upload digest lists stored in /etc/ima/digest_lists.
-.PP
-# \fBupload_digest_lists\fP \fB-d\fP /etc/ima/digest_lists \fB-p\fP add-digest
-.PP
 Convert all digest lists in /etc/ima/digest_lists to the compact format and
 save the converted lists to converted_lists.
 .PP
-# \fBupload_digest_lists\fP \fB-d\fP /etc/ima/digest_lists \fB-p\fP add-digest \fB-o\fP converted_lists
+# \fBmanage_digest_lists\fP \fB-d\fP /etc/ima/digest_lists \fB-p\fP add-digest \
+\fB-o\fP converted_lists
 .RE
 .PP


--- a/docs/upload_digest_lists.txt
+++ b/docs/upload_digest_lists.txt
 NAME
-upload_digest_lists - upload digest lists
+manage_digest_lists - manage and convert digest lists


 SYNOPSIS
-upload_digest_lists [options]
+manage_digest_lists [options]


 DESCRIPTION
-upload_digest_lists uploads digest lists to IMA or write the converted digest
+manage_digest_lists manages the digest lists or write converted digest
 lists to a file.


@@ -19,8 +19,8 @@ OPTIONS
 -o <file>: write converted digest list to a file

 -p <op>: specify parser operation:
-	 add-digest: add IMA digest to kernel/output file
-	 add-meta-digest: add EVM digest to kernel/output file
+	 add-digest: add IMA digest to output file
+	 add-meta-digest: add EVM digest to output file
 	 add-ima-xattr: set IMA xattr for files in the digest lists
 	 rm-ima-xattr: remove IMA xattr for files in the digest lists
 	 add-evm-xattr: set EVM xattr for files in the digest lists
@@ -38,14 +38,11 @@ OPTIONS


 EXAMPLES
-Upload digest lists stored in /etc/ima/digest_lists.
-
-# upload_digest_lists -d /etc/ima/digest_lists -p add-digest
-
 Convert all digest lists in /etc/ima/digest_lists to the compact format and
 save the converted lists to converted_lists.

-# upload_digest_lists -d /etc/ima/digest_lists -p add-digest -o converted_lists
+# manage_digest_lists -d /etc/ima/digest_lists -p add-digest \
+		      -o converted_lists


 AUTHOR

--- a/generators/compact.c
+++ b/generators/compact.c
@@ -521,7 +521,7 @@ out_close:
 	if (ret < 0 || unlink) {
 		unlinkat(dirfd, filename, 0);
 	} else if (!gen_list_path) {
-		if (!tlv && !strcmp(basename, "upload_digest_lists")) {
+		if (!tlv && !strcmp(basename, "manage_digest_lists")) {
 			link = strchr(strchr(filename, '-') + 1, '-') + 1;
 			unlinkat(dirfd, link, 0);
 			ret = symlinkat(filename, dirfd, link);

--- a/initrd/dracut/upload_meta_digest_lists.sh
+++ b/initrd/dracut/upload_meta_digest_lists.sh
@@ -6,4 +6,4 @@ if [ $? -eq 0 ]; then
 	exit 0
 fi

-upload_digest_lists -p add-meta-digest
+manage_digest_lists -p add-meta-digest
--- a/scripts/setup_ima_digest_lists
+++ b/scripts/setup_ima_digest_lists
@@ -15,7 +15,7 @@

 OPTIND=2
 digest_lists_dir="/etc/ima/digest_lists"
-parser_path="/usr/bin/upload_digest_lists"
+parser_path="/usr/bin/manage_digest_lists"
 gen_digest_lists_result=0
 use_current_ima_list=0
 sign_opt=""
@@ -167,7 +167,7 @@ if [ $no_default_type -eq 1 ]; then
 fi

 if [ "$1" = "parser" ] || \
-   [ ! -e $digest_lists_dir/compact-upload_digest_lists ]; then
+   [ ! -e $digest_lists_dir/compact-manage_digest_lists ]; then
    if [ -n "$sign_opts" ]; then
        temp_cert="/tmp/$(basename ${cert%%.pem}.der)"
        openssl x509 -in $cert -out $temp_cert -outform der 2> /dev/null

--- a/scripts/setup_ima_digest_lists_demo
+++ b/scripts/setup_ima_digest_lists_demo
@@ -69,12 +69,12 @@ if [ "$1" = "initial" ]; then
        $sign_opt

    echo "Remove old IMA/EVM/INFOFLOW xattrs..."
-    upload_digest_lists -p rm-ima-xattr
-    upload_digest_lists -p rm-evm-xattr
-    upload_digest_lists -p rm-infoflow-xattr
+    manage_digest_lists -p rm-ima-xattr
+    manage_digest_lists -p rm-evm-xattr
+    manage_digest_lists -p rm-infoflow-xattr

    echo "Generate IMA measurements list..."
-    upload_digest_lists -p gen-ima-list -o binary_runtime_measurements
+    manage_digest_lists -p gen-ima-list -o binary_runtime_measurements

    if [ -f /usr/bin/attest_ra_client ]; then
        echo "Generate EVM key..."
@@ -86,7 +86,7 @@ if [ "$1" = "initial" ]; then
    dracut -f -e xattr

    echo "Add IMA xattr from digest lists..."
-    upload_digest_lists -p add-ima-xattr
+    manage_digest_lists -p add-ima-xattr

    echo "Fix SELinux label of digest lists..."
    restorecon -R -F /etc/ima/digest_lists
@@ -94,5 +94,5 @@ if [ "$1" = "initial" ]; then
    echo "Remount / read-only..."
    mount -oremount,ro /
 elif [ "$1" = "final" ]; then
-    upload_digest_lists -p add-evm-xattr
+    manage_digest_lists -p add-evm-xattr
 fi
--- a/src/Makefile.am
+++ b/src/Makefile.am
-bin_PROGRAMS=upload_digest_lists gen_digest_lists verify_digest_lists \
+bin_PROGRAMS=manage_digest_lists gen_digest_lists verify_digest_lists \
 	     write_rpm_pgp_sig

-upload_digest_lists_CFLAGS=-I$(top_srcdir)/include
-upload_digest_lists_LDFLAGS=$(top_srcdir)/lib/libdigestlist-base.la
-upload_digest_lists_SOURCES=upload_digest_lists.c
+manage_digest_lists_CFLAGS=-I$(top_srcdir)/include
+manage_digest_lists_LDFLAGS=$(top_srcdir)/lib/libdigestlist-base.la
+manage_digest_lists_SOURCES=manage_digest_lists.c

 gen_digest_lists_CFLAGS=-I$(top_srcdir)/include
 gen_digest_lists_LDFLAGS=$(top_srcdir)/lib/libdigestlist-base.la

--- a/src/upload_digest_lists.c
+++ b/src/upload_digest_lists.c
@@ -8,8 +8,8 @@
 * published by the Free Software Foundation, version 2 of the
 * License.
 *
- * File: upload_digest_lists.c
- *      Parse and upload digest lists
+ * File: manage_digest_lists.c
+ *      Manage and convert digest lists
 */

 #define _GNU_SOURCE

--- a/tests/gen.c
+++ b/tests/gen.c
@@ -29,23 +29,23 @@ static void test_gen(void **state)
 	if (fork() == 0) {
 		execlp("../src/gen_digest_lists", "gen_digest_lists",
 		       "-t", "parser", "-o", "append", "-f", "compact",
-		       "-i", "I:../src/upload_digest_lists", "-d", "test", NULL);
+		       "-i", "I:../src/manage_digest_lists", "-d", "test", NULL);
 	}

 	wait(NULL);

-	ret = stat("test/0-parser_list-compact-upload_digest_lists", &st);
+	ret = stat("test/0-parser_list-compact-manage_digest_lists", &st);
 	assert_return_code(ret, 0);

 	if (fork() == 0) {
 		execlp("../src/gen_digest_lists", "gen_digest_lists",
 		       "-t", "parser", "-o", "add", "-f", "compact", "-p", "0",
-		       "-i", "I:../src/upload_digest_lists", "-d", "test", NULL);
+		       "-i", "I:../src/manage_digest_lists", "-d", "test", NULL);
 	}

 	wait(NULL);

-	ret = stat("test/1-parser_list-compact-upload_digest_lists", &st);
+	ret = stat("test/1-parser_list-compact-manage_digest_lists", &st);
 	assert_return_code(ret, 0);

 	if (fork() == 0) {