From patchwork Mon Aug 7 11:13:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343638 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5C86C001DF for ; Mon, 7 Aug 2023 11:16:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232229AbjHGLQZ (ORCPT ); Mon, 7 Aug 2023 07:16:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232206AbjHGLQL (ORCPT ); Mon, 7 Aug 2023 07:16:11 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 750E92D42; Mon, 7 Aug 2023 04:14:50 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-686efb9ee3cso4205288b3a.3; Mon, 07 Aug 2023 04:14:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406802; x=1692011602; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sshxUFVbctBDVN/rzug39I/npfxRGzCIXVTdlhheim4=; b=QK/zubLdZZoZP6gIBKll8Bu1c0ZW4s26X+pmcAjKk7aKp87JjNJHvan60ekq0fxM/3 8rBlrw8ymXTrQV3kypJvf68/gadP19Hrit8zQkGUAAjmFthnxjuOyJFGKBpAVWMlKZ9w 4S2G0kR+nQZ3r8S02PZxb/XTI9Y6cJCI4Z+CQQbxCDMsv50iWJJFox/e+rmNIdkF13mR gmUy1RW183vTiNh22GiC7aYlK0GqGlAi9qGfbWH3Bw8oJtyLo7c63ZaR6fY4poBgcMgO jwUucRyITbL8BdyJERcdrPWZLe6xGBl2p7azg9I1nXElJjZIHNA6AE95YqPg5Yfz5nyY NzsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406802; x=1692011602; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sshxUFVbctBDVN/rzug39I/npfxRGzCIXVTdlhheim4=; b=ioUy6GG8JidZg6CFTWeXyWZRZYAronksLn9G/nmA5Asp2YshDLHde/LxJQVOau4S0g kfyJy/KZHS7f6/72XfWiBmlSpt5LduU1wdFy//ff96XwQWIs7WtLRC4E2dRzoQuJU1Xg tIFJpYD5Z8S359VlApwLom4mN92+S4dkUnGLP35SxiRUMxouVMmfKt1TbH4Yfe8QDv/r 1NtM/HTn4OMQz9Gl2TBbH1IJnAfpQ7ynTH11KFlSMhkTjhE2wP8CWkZtSD1Zf44eM6+R fuOCqg7pBz8FUI5B5RuNzelzs0e1UU9/DkatY/IzLpsqqCIq/45fG2zeycrJwSv1ufnU n+Fg== X-Gm-Message-State: AOJu0YwjJ3YtO2sr5jOB/i6hOAC/+aR9zyZN5w7i8Bws5HYuJsVanrNw n6YUmW/Mhkawv71pc5CkM3I= X-Google-Smtp-Source: AGHT+IEsERBFZP3UIISrmaZikUwTc5ArhwjO+MU9vrxHAAF3rZinitGAg6jh86hMdNOyUtjcAA9m/w== X-Received: by 2002:a05:6a00:1488:b0:687:6184:def4 with SMTP id v8-20020a056a00148800b006876184def4mr11462825pfu.21.1691406802248; Mon, 07 Aug 2023 04:13:22 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:21 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 1/8] sign-file: use getopt_long_only for parsing input args Date: Mon, 7 Aug 2023 16:43:09 +0530 Message-ID: <20230807111316.315836-2-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org - getopt_long_only gives an option to use long names for options, so using it here to make the app usage easier. - Use more easy to remember command line argument names - Introduce cmd_opts structure to ease the handling of command line args Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 97 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 78 insertions(+), 19 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 598ef5465f82..94228865b6cc 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -213,15 +213,77 @@ static X509 *read_x509(const char *x509_name) return x509; } +struct cmd_opts { + char *raw_sig_name; + bool save_sig; + bool replace_orig; + bool raw_sig; + bool sign_only; +#ifndef USE_PKCS7 + unsigned int use_keyid; +#endif +}; + +static void parse_args(int argc, char **argv, struct cmd_opts *opts) +{ + struct option cmd_options[] = { + {"rawsig", required_argument, 0, 's'}, + {"savesig", no_argument, 0, 'p'}, + {"signonly", no_argument, 0, 'd'}, +#ifndef USE_PKCS7 + {"usekeyid", no_argument, 0, 'k'}, +#endif + {0, 0, 0, 0} + }; + + int opt; + int opt_index = 0; + + do { +#ifndef USE_PKCS7 + opt = getopt_long_only(argc, argv, "pds:", + cmd_options, &opt_index); +#else + opt = getopt_long_only(argc, argv, "pdks:", + cmd_options, &opt_index); +#endif + switch (opt) { + case 's': + opts->raw_sig = true; + opts->raw_sig_name = optarg; + break; + + case 'p': + opts->save_sig = true; + break; + + case 'd': + opts->sign_only = true; + opts->save_sig = true; + break; + +#ifndef USE_PKCS7 + case 'k': + opts->use_keyid = CMS_USE_KEYID; + break; +#endif + + case -1: + break; + + default: + format(); + break; + } + } while (opt != -1); +} + int main(int argc, char **argv) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; char *hash_algo = NULL; - char *private_key_name = NULL, *raw_sig_name = NULL; + char *private_key_name = NULL; char *x509_name, *module_name, *dest_name; - bool save_sig = false, replace_orig; - bool sign_only = false; - bool raw_sig = false; unsigned char buf[4096]; unsigned long module_size, sig_size; unsigned int use_signed_attrs; @@ -229,13 +291,14 @@ int main(int argc, char **argv) EVP_PKEY *private_key; #ifndef USE_PKCS7 CMS_ContentInfo *cms = NULL; - unsigned int use_keyid = 0; #else PKCS7 *pkcs7 = NULL; #endif X509 *x509; BIO *bd, *bm; - int opt, n; + int n; + struct cmd_opts opts = {}; + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); @@ -247,23 +310,19 @@ int main(int argc, char **argv) #else use_signed_attrs = PKCS7_NOATTR; #endif + parse_args(argc, argv, &opts); + argc -= optind; + argv += optind; - do { - opt = getopt(argc, argv, "sdpk"); - switch (opt) { - case 's': raw_sig = true; break; - case 'p': save_sig = true; break; - case 'd': sign_only = true; save_sig = true; break; + const char *raw_sig_name = opts.raw_sig_name; + const bool save_sig = opts.save_sig; + const bool raw_sig = opts.raw_sig; + const bool sign_only = opts.sign_only; + bool replace_orig = opts.replace_orig; #ifndef USE_PKCS7 - case 'k': use_keyid = CMS_USE_KEYID; break; + const unsigned int use_keyid = opts.use_keyid; #endif - case -1: break; - default: format(); - } - } while (opt != -1); - argc -= optind; - argv += optind; if (argc < 4 || argc > 5) format(); From patchwork Mon Aug 7 11:13:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343632 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E1F7C04A94 for ; Mon, 7 Aug 2023 11:15:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232154AbjHGLPo (ORCPT ); Mon, 7 Aug 2023 07:15:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231941AbjHGLPX (ORCPT ); Mon, 7 Aug 2023 07:15:23 -0400 Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E0291FCD; Mon, 7 Aug 2023 04:14:21 -0700 (PDT) Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-6873a30d02eso2755534b3a.3; Mon, 07 Aug 2023 04:14:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406804; x=1692011604; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hq9xqM+h7oBuIV562NdPhowrLOOfWiFKQyz9j1DoQbE=; b=YiT+owHw71OGpQy47WSnHvtx8Gzw/fcDxxyU0B7ZIlDrorillFDYC+QS6AR9g63BqR jMZGXURDqRQiHCJUB+tXBF5CBUjHs6bSUYqAzsMzKPOw3i40Hmh2Q0StLhlbNhRfQ0BO 6URA4CnSYVJ1NFR4M/hPyC4C6wZ7AZ1KoFlCi+IA5R867gzJRXMksD8Boz2m31J7KOVq jDmDcyBfO1tAcBBei3TQPixClEoTd5P2N0uGtGFmJG8g5vvPMXP0kcZCNWYYvinFupSx aEoAER4/pzlefEch1AWN9DLbTyQR+q4lVK4ZKYomgRrZlGeMSE523yA8yQArtA3T6Wcs ltyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406804; x=1692011604; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hq9xqM+h7oBuIV562NdPhowrLOOfWiFKQyz9j1DoQbE=; b=I5lOTHrjUV6dgW5DRAYGBDO9DMcjX0RQu6ObkDqEJouNQz5NRHYuORyzlohPnOOIqN YefMNChHGN2Mt24++YJR2tPUwm2nM+UCBbN8ui112QOt3cW8/YnI6RE/EViLSawIMJBI FekpsVgRigRcwLcONydHH3r28FZbLE5c5tG5xx942HO4bv5q4AvodN73R6rYq0ntBvbI oXFIGr0rD00LdOw6vKzMquG3n7Mo+nYzw1X1RxhEGV2dpWtbZzHJR7T/Xp/tmfsp1stG HkiHbOKY6j/UoMzRlqNE1isrlbBZUkbWdPf4pbGefB9VjUE6jSZlRQzQvkaWFyurRAgV ESMQ== X-Gm-Message-State: AOJu0YwftWKstiTnxIfZz+4eU4r6mqI9CVKtk/JfkC08IHn4v1b8WtJT W3eEDpFv+ojRSlTulBCfVTk= X-Google-Smtp-Source: AGHT+IGopZBTYTH9pieDHPGQfec+2ZOXfVENmP17Q23x5S83SAabmtYulCWBQhihwxCRUCbs5SgoWg== X-Received: by 2002:a05:6a00:23c5:b0:686:bd88:6062 with SMTP id g5-20020a056a0023c500b00686bd886062mr8456670pfc.24.1691406803751; Mon, 07 Aug 2023 04:13:23 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:23 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 2/8] sign-file: inntroduce few new flags to make argument processing easy. Date: Mon, 7 Aug 2023 16:43:10 +0530 Message-ID: <20230807111316.315836-3-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org - Add some more options like help, x509, hashalgo to command line args - This makes it easy to handle and use command line args wherever needed Signed-off-by: Shreenidhi Shedi --- scripts/Makefile.modinst | 4 ++- scripts/sign-file.c | 63 ++++++++++++++++++++++++++++------------ 2 files changed, 48 insertions(+), 19 deletions(-) diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index ab0c5bd1a60f..e94ac9afe17a 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -72,7 +72,9 @@ else sig-key := $(CONFIG_MODULE_SIG_KEY) endif quiet_cmd_sign = SIGN $@ - cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \ + cmd_sign = scripts/sign-file -a "$(CONFIG_MODULE_SIG_HASH)" \ + -i "$(sig-key)" \ + -x certs/signing_key.x509 $@ \ $(if $(KBUILD_EXTMOD),|| true) else quiet_cmd_sign := diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 94228865b6cc..b0f340ea629b 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name) struct cmd_opts { char *raw_sig_name; + char *hash_algo; + char *dest_name; + char *private_key_name; + char *x509_name; + char *module_name; bool save_sig; bool replace_orig; bool raw_sig; @@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) #ifndef USE_PKCS7 {"usekeyid", no_argument, 0, 'k'}, #endif + {"help", no_argument, 0, 'h'}, + {"privkey", required_argument, 0, 'i'}, + {"hashalgo", required_argument, 0, 'a'}, + {"x509", required_argument, 0, 'x'}, + {"dest", required_argument, 0, 'd'}, + {"replaceorig", required_argument, 0, 'r'}, {0, 0, 0, 0} }; @@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) do { #ifndef USE_PKCS7 - opt = getopt_long_only(argc, argv, "pds:", + opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:", cmd_options, &opt_index); #else - opt = getopt_long_only(argc, argv, "pdks:", + opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:", cmd_options, &opt_index); #endif switch (opt) { @@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) break; #endif + case 'h': + format(); + break; + + case 'i': + opts->private_key_name = optarg; + break; + + case 'a': + opts->hash_algo = optarg; + break; + + case 'x': + opts->x509_name = optarg; + break; + + case 't': + opts->dest_name = optarg; + break; + + case 'r': + opts->replace_orig = true; + break; + case -1: break; @@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) int main(int argc, char **argv) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - char *hash_algo = NULL; - char *private_key_name = NULL; - char *x509_name, *module_name, *dest_name; unsigned char buf[4096]; unsigned long module_size, sig_size; unsigned int use_signed_attrs; @@ -315,32 +347,27 @@ int main(int argc, char **argv) argv += optind; const char *raw_sig_name = opts.raw_sig_name; + const char *hash_algo = opts.hash_algo; + const char *private_key_name = opts.private_key_name; + const char *x509_name = opts.x509_name; + const char *module_name = opts.module_name; const bool save_sig = opts.save_sig; const bool raw_sig = opts.raw_sig; const bool sign_only = opts.sign_only; bool replace_orig = opts.replace_orig; + char *dest_name = opts.dest_name; #ifndef USE_PKCS7 const unsigned int use_keyid = opts.use_keyid; #endif - if (argc < 4 || argc > 5) + if (!argv[0] || argc != 1) format(); - if (raw_sig) { - raw_sig_name = argv[0]; - hash_algo = argv[1]; - } else { - hash_algo = argv[0]; - private_key_name = argv[1]; - } - x509_name = argv[2]; - module_name = argv[3]; - if (argc == 5 && strcmp(argv[3], argv[4]) != 0) { - dest_name = argv[4]; + if (dest_name && strcmp(argv[0], dest_name)) { replace_orig = false; } else { ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); + "asprintf"); replace_orig = true; } From patchwork Mon Aug 7 11:13:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343634 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2253CC05052 for ; Mon, 7 Aug 2023 11:15:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232021AbjHGLPq (ORCPT ); Mon, 7 Aug 2023 07:15:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49254 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232151AbjHGLPX (ORCPT ); Mon, 7 Aug 2023 07:15:23 -0400 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 133F91FF3; Mon, 7 Aug 2023 04:14:22 -0700 (PDT) Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-686b9964ae2so2966930b3a.3; Mon, 07 Aug 2023 04:14:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406805; x=1692011605; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kc/8xA5HfVOnw4JeGBWUmNDme5l9D/HCBm9IBlclfHU=; b=B7b5XC9oRTHEmdvmN1Cg2rBTot/0VcL2KeQOZBaPjEqeHyXG6SqdiTGVllXz6gUw2d gBjK4LwV0ixCDSwm6ptYdyl9GVHRxP73uMUVp+qQpiZJmKuRBybgKs7Mrmo43f5uqetG yxQDdMF0ZM5F4tN6d4QWqW3/MxTrhbm8fE15mVXvPplJd4MNv0n/az/++RUYDFMkn+Q0 ACOpvTUqsebmONuy2tmjrozhXKNbkAjGx9RnHd+kimh6k6bGs98icRZ/W0TazrxILAL0 oFVwmEw/HFAsYNoALKepLH4UggPnAjYNQwcxWQnOCIR1LTxTU7LmYyzNiOedRA7N8e2Y pg0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406805; x=1692011605; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kc/8xA5HfVOnw4JeGBWUmNDme5l9D/HCBm9IBlclfHU=; b=kUNhbs98UZztnwBz+MY0VWnfVdP0UlaQv0E44E5g5bUIXv7IB11QfsJic8SaDYMYg3 lx//VqUKzH2FXnaMhyDyRHsy3ELIq86qfBPcQvij7UDCyQcKUKP/kWo6BcNDurn+7T1x eDxYHJtP6Ifpj3RMa/W80NWYkLR3K3BrTsnXDTgaWEfu45WMdjv6Ez7jLlpBVKcCCgue 9HtFeLHnYe6tMO0pGa9OILUh0RTy71OGeaqagQ46/9JMhgqNpZhogHWr7feh97SDaXUo lArOE18jT/PQ5XvC2Xs65h1MRwwvnzSuOQG2+QytuiI2wq+wQ91apv3O9C9liVh7g+0C WGHQ== X-Gm-Message-State: AOJu0Yx3qkBMBOQlzyZXY9ggNufwnbjYM/eprkueahzuYwcmxkGHnI9S AWDn8u3Nx6tyy98kaeC1paU= X-Google-Smtp-Source: AGHT+IH8fc9aWJDkoo2gQaVPXvh+KjdNoGGcsAFtv29JR6tDJSVPUVSx2ofwdUSrtmeJV852qg0RGA== X-Received: by 2002:a05:6a00:14cc:b0:668:8596:752f with SMTP id w12-20020a056a0014cc00b006688596752fmr8610952pfu.4.1691406805285; Mon, 07 Aug 2023 04:13:25 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:25 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 3/8] sign-file: move file signing logic to its own function Date: Mon, 7 Aug 2023 16:43:11 +0530 Message-ID: <20230807111316.315836-4-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Keep the main function bare minimal and do less in main function. This patch is pre-work for bulk module signing support. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 115 +++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 61 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index b0f340ea629b..64d5e00f08e2 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -313,10 +313,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) } while (opt != -1); } -int main(int argc, char **argv) +static int sign_single_file(struct cmd_opts *opts) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - unsigned char buf[4096]; + unsigned char buf[4096] = {}; unsigned long module_size, sig_size; unsigned int use_signed_attrs; const EVP_MD *digest_algo; @@ -329,11 +329,6 @@ int main(int argc, char **argv) X509 *x509; BIO *bd, *bm; int n; - struct cmd_opts opts = {}; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - ERR_clear_error(); key_pass = getenv("KBUILD_SIGN_PIN"); @@ -342,34 +337,6 @@ int main(int argc, char **argv) #else use_signed_attrs = PKCS7_NOATTR; #endif - parse_args(argc, argv, &opts); - argc -= optind; - argv += optind; - - const char *raw_sig_name = opts.raw_sig_name; - const char *hash_algo = opts.hash_algo; - const char *private_key_name = opts.private_key_name; - const char *x509_name = opts.x509_name; - const char *module_name = opts.module_name; - const bool save_sig = opts.save_sig; - const bool raw_sig = opts.raw_sig; - const bool sign_only = opts.sign_only; - bool replace_orig = opts.replace_orig; - char *dest_name = opts.dest_name; -#ifndef USE_PKCS7 - const unsigned int use_keyid = opts.use_keyid; -#endif - - if (!argv[0] || argc != 1) - format(); - - if (dest_name && strcmp(argv[0], dest_name)) { - replace_orig = false; - } else { - ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); - replace_orig = true; - } #ifdef USE_PKCS7 if (strcmp(hash_algo, "sha1") != 0) { @@ -380,20 +347,20 @@ int main(int argc, char **argv) #endif /* Open the module file */ - bm = BIO_new_file(module_name, "rb"); - ERR(!bm, "%s", module_name); + bm = BIO_new_file(opts->module_name, "rb"); + ERR(!bm, "%s", opts->module_name); - if (!raw_sig) { + if (!opts->raw_sig) { /* Read the private key and the X.509 cert the PKCS#7 message * will point to. */ - private_key = read_private_key(private_key_name); - x509 = read_x509(x509_name); + private_key = read_private_key(opts->private_key_name); + x509 = read_x509(opts->x509_name); /* Digest the module data. */ OpenSSL_add_all_digests(); display_openssl_errors(__LINE__); - digest_algo = EVP_get_digestbyname(hash_algo); + digest_algo = EVP_get_digestbyname(opts->hash_algo); ERR(!digest_algo, "EVP_get_digestbyname"); #ifndef USE_PKCS7 @@ -405,7 +372,7 @@ int main(int argc, char **argv) ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, CMS_NOCERTS | CMS_BINARY | - CMS_NOSMIMECAP | use_keyid | + CMS_NOSMIMECAP | opts->use_keyid | use_signed_attrs), "CMS_add1_signer"); ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, @@ -418,11 +385,11 @@ int main(int argc, char **argv) ERR(!pkcs7, "PKCS7_sign"); #endif - if (save_sig) { + if (opts->save_sig) { char *sig_file_name; BIO *b; - ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, + ERR(asprintf(&sig_file_name, "%s.p7s", opts->module_name) < 0, "asprintf"); b = BIO_new_file(sig_file_name, "wb"); ERR(!b, "%s", sig_file_name); @@ -436,7 +403,7 @@ int main(int argc, char **argv) BIO_free(b); } - if (sign_only) { + if (opts->sign_only) { BIO_free(bm); return 0; } @@ -445,24 +412,24 @@ int main(int argc, char **argv) /* Open the destination file now so that we can shovel the module data * across as we read it. */ - bd = BIO_new_file(dest_name, "wb"); - ERR(!bd, "%s", dest_name); + bd = BIO_new_file(opts->dest_name, "wb"); + ERR(!bd, "%s", opts->dest_name); /* Append the marker and the PKCS#7 message to the destination file */ - ERR(BIO_reset(bm) < 0, "%s", module_name); + ERR(BIO_reset(bm) < 0, "%s", opts->module_name); while ((n = BIO_read(bm, buf, sizeof(buf))), n > 0) { - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); } BIO_free(bm); - ERR(n < 0, "%s", module_name); + ERR(n < 0, "%s", opts->module_name); module_size = BIO_number_written(bd); - if (!raw_sig) { + if (!opts->raw_sig) { #ifndef USE_PKCS7 - ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); + ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", opts->dest_name); #else - ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", opts->dest_name); #endif } else { BIO *b; @@ -470,23 +437,49 @@ int main(int argc, char **argv) /* Read the raw signature file and write the data to the * destination file */ - b = BIO_new_file(raw_sig_name, "rb"); - ERR(!b, "%s", raw_sig_name); + b = BIO_new_file(opts->raw_sig_name, "rb"); + ERR(!b, "%s", opts->raw_sig_name); while ((n = BIO_read(b, buf, sizeof(buf))), n > 0) - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); BIO_free(b); } sig_size = BIO_number_written(bd) - module_size; sig_info.sig_len = htonl(sig_size); - ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); + ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", opts->dest_name); + ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", opts->dest_name); - ERR(BIO_free(bd) < 0, "%s", dest_name); + ERR(BIO_free(bd) < 0, "%s", opts->dest_name); /* Finally, if we're signing in place, replace the original. */ - if (replace_orig) - ERR(rename(dest_name, module_name) < 0, "%s", dest_name); + if (opts->replace_orig) + ERR(rename(opts->dest_name, opts->module_name) < 0, "%s", opts->dest_name); return 0; } + +int main(int argc, char **argv) +{ + struct cmd_opts opts = {}; + + parse_args(argc, argv, &opts); + argc -= optind; + argv += optind; + + if (!argv[0] || argc != 1) + format(); + + if (opts.dest_name && strcmp(argv[0], opts.dest_name)) { + opts.replace_orig = false; + } else { + ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, + "asprintf"); + opts.replace_orig = true; + } + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + ERR_clear_error(); + + return sign_single_file(&opts); +} From patchwork Mon Aug 7 11:13:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343633 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C63EC04FE1 for ; Mon, 7 Aug 2023 11:15:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232166AbjHGLPq (ORCPT ); Mon, 7 Aug 2023 07:15:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231982AbjHGLPZ (ORCPT ); Mon, 7 Aug 2023 07:15:25 -0400 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4369B210B; Mon, 7 Aug 2023 04:14:23 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-68706d67ed9so2973724b3a.2; Mon, 07 Aug 2023 04:14:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406807; x=1692011607; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=p+Vc8KF36dvoTsxw7COLho0+o4ramvtbWDluJ7MN6HU=; b=l51fYZkxHl9K4Y59a0c3A7vbtiezSQTvBodFreFQDQytaS8OMg9T7+rtzVwhGCjwDS hE1S4pXEJ1F8WN8J70p0U23SdwVTUDMCcSTiKOuQRTz6bE5q8L4LNRfQ3RcyY6zlwn92 2Fn3gKbSmmFdVycAOhZeCHhiJUE1Y0cWhqQP0gqmavvl5/6GxZNOEAdmfe9M034oqsQF 1oB+ngtHFYDGpqm7aUeApdVHHhxSISm1qqtdV4ugQ6N/s1LBS2j+cFOJtJX552OC+EdT d88Wc5eO76VOE2fR9SbnS/uSvjVt1YUCQTPJGVn5erGMAu6cdf/bR0N3q/WkKnil5JqL h3ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406807; x=1692011607; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p+Vc8KF36dvoTsxw7COLho0+o4ramvtbWDluJ7MN6HU=; b=QO0yT03n9YB05K3Y+SdBkGDo6f8/RAQI1AcEP8Y68tTOvqvw0SUGCCc2DmdVJlWycI HaH6ujM2SvjIekPqln3S5e1I4juXMYgbCWSJjQclxyueMholpiyyTAVBsmxc0a69TURA LAMpQ4WvLBwssYLq9LNU2ysed9QOKpqf6B96b0yW5fXILyvHvQRTeL7u5uivZDPLTCrY O2fC6gqVuhWLYbatQXK3QalKcczuu3+9T7pAT/NrK4ReLfzHntuo2EcIP0ScAD+mYrrF OUxYaQ32VObEzHYRc9e35EesMIqhfe4XvkugoAICkiVj/L9ncQBvivQqzA61bhP4Ds04 KHTQ== X-Gm-Message-State: AOJu0Yyhazo/5LV/Rgt8loodwdH7DFYxPeg0aKP+ZhsuA5xEZe2LNrB1 zZLLiNUyok2LaAPwZdnXkSQ= X-Google-Smtp-Source: AGHT+IF6SbqSkfp04TcijVoF3wideRn7HDJUeWbvyxegcyJnmXCe3x3MtMnGygLXfch2DM6DKzHF2w== X-Received: by 2002:a05:6a20:734f:b0:13d:ea25:9642 with SMTP id v15-20020a056a20734f00b0013dea259642mr9987547pzc.6.1691406806914; Mon, 07 Aug 2023 04:13:26 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:26 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 4/8] sign-file: add support to sign modules in bulk Date: Mon, 7 Aug 2023 16:43:12 +0530 Message-ID: <20230807111316.315836-5-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org In the existing system, we need to invoke sign-file binary for every module we want to sign. This patch adds support to give modules list in bulk and it will sign them all one by one. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 64d5e00f08e2..0a275256ca16 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -224,6 +224,7 @@ struct cmd_opts { bool replace_orig; bool raw_sig; bool sign_only; + bool bulk_sign; #ifndef USE_PKCS7 unsigned int use_keyid; #endif @@ -252,10 +253,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) do { #ifndef USE_PKCS7 - opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:", + opt = getopt_long_only(argc, argv, "hpdbs:i:a:x:t:r:", cmd_options, &opt_index); #else - opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:", + opt = getopt_long_only(argc, argv, "hpdkbs:i:a:x:t:r:", cmd_options, &opt_index); #endif switch (opt) { @@ -303,6 +304,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) opts->replace_orig = true; break; + case 'b': + opts->bulk_sign = true; + break; + case -1: break; @@ -460,26 +465,34 @@ static int sign_single_file(struct cmd_opts *opts) int main(int argc, char **argv) { + int i; struct cmd_opts opts = {}; parse_args(argc, argv, &opts); argc -= optind; argv += optind; - if (!argv[0] || argc != 1) - format(); - - if (opts.dest_name && strcmp(argv[0], opts.dest_name)) { - opts.replace_orig = false; - } else { - ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, - "asprintf"); - opts.replace_orig = true; - } - OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); - return sign_single_file(&opts); + for (i = 0; i < argc; ++i) { + opts.module_name = argv[i]; + + if (!opts.bulk_sign && opts.dest_name && strcmp(argv[i], opts.dest_name)) { + opts.replace_orig = false; + } else { + ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, + "asprintf"); + if (!opts.replace_orig) + opts.replace_orig = true; + } + + if (sign_single_file(&opts)) { + fprintf(stderr, "Failed to sign: %s module\n", opts.module_name); + return -1; + } + } + + return 0; } From patchwork Mon Aug 7 11:13:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343637 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D89BC41513 for ; Mon, 7 Aug 2023 11:16:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232142AbjHGLQD (ORCPT ); Mon, 7 Aug 2023 07:16:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232152AbjHGLPj (ORCPT ); Mon, 7 Aug 2023 07:15:39 -0400 Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4236C1998; Mon, 7 Aug 2023 04:14:33 -0700 (PDT) Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-686efb9ee0cso4186225b3a.3; Mon, 07 Aug 2023 04:14:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406808; x=1692011608; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ig5W7IVmZukpubm43ufz7bJD8pT18xKkNxAjQ1Pkr0Y=; b=Nxsxc2gtfadujSZDWH7cc/dc7W+ZNp114hMajuoIKwCi17Mfc4/P0yHFCE7sUTvcix qqPMTqdG3QyGE2SBMPcnmpIonHmZdbaYqFou1wsKUs/O2aB5YJaJCiytoKlHcKNwkj3d qvUbuRekv2TrTamHt7fgnRYlS8Qc+AuRRigcqvZSNvdJQFeQvBXJ1fbwm7ZuQ1x9P7H7 UAbkL8lh/zxBNrb1z6yzDX9cl9evUuvoETb7Cw/E92QvHTDStspHeQq48Gk+1F/mj7BO dxnhO/QPLP/etVNAiBvrW5HjcpQasZ6cG3CNophVUU86v7fAmxlmjetfpZDthR/PQdRP yawA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406808; x=1692011608; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ig5W7IVmZukpubm43ufz7bJD8pT18xKkNxAjQ1Pkr0Y=; b=Hl3sDcpAMV8y8nzlFXR0jrcx3cc0BT0XZ6iwPjAa+1/H7aFibmvEaR4JPMM0fPwBph H/etwi8v6LoC9DyE3SjZh5eHSgiGyHGA6tGB0FY37z34BLtlnqNi1GACXK7PbA/uN2CA SMUaC3POqFOBXWWtqatpdJUzXurRtuyWOguD4MdNsohes2OqWL7kuGRUOY7Ab9c477dL 7vEVuUbdVLHyMBJM9BHqaYoR/ozmltxhIOuQr4YpnL7FeNUMwH9jRZWWduoPTV8+/kFt EVBvujiuSAqVBPH5XZYqgGAcNT/8BRD1nzFY+HOmnuECnXhKXFm/Wy0xsf7FmnLUFldD 52wA== X-Gm-Message-State: AOJu0YxsfYEdtWh/YKAplf4lDiHU/nUNszBih4uuohmRIVYDEwKm1ztL KZrzAS19BmRuzqOt2LHsMnc= X-Google-Smtp-Source: AGHT+IFRe/K/CpxkThSa7MFgXDiNocYf6+yZh2HUY05rxMAr7ugegSi2NlisoesFfCHknUQ62NZqNg== X-Received: by 2002:a05:6a20:728e:b0:138:48d7:4a31 with SMTP id o14-20020a056a20728e00b0013848d74a31mr11880590pzk.62.1691406808410; Mon, 07 Aug 2023 04:13:28 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:28 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 5/8] sign-file: improve help message Date: Mon, 7 Aug 2023 16:43:13 +0530 Message-ID: <20230807111316.315836-6-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Add a proper help message with examples on how to use this tool. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 48 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 0a275256ca16..d3abc5721a7e 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -74,12 +74,43 @@ struct module_signature { static char magic_number[] = "~Module signature appended~\n"; static __attribute__((noreturn)) -void format(void) +void print_usage(void) { - fprintf(stderr, - "Usage: scripts/sign-file [-dp] []\n"); - fprintf(stderr, - " scripts/sign-file -s []\n"); + fprintf(stderr, "Usage: scripts/sign-file [OPTIONS]... [MODULE]...\n"); + fprintf(stderr, "Available options:\n"); + fprintf(stderr, "-h, --help Print this help message and exit\n"); + + fprintf(stderr, "\nOptional args:\n"); + fprintf(stderr, "-s, --rawsig Raw signature\n"); + fprintf(stderr, "-p, --savesig Save signature\n"); + fprintf(stderr, "-d, --signonly Sign only\n"); +#ifndef USE_PKCS7 + fprintf(stderr, "-k, --usekeyid Use key ID\n"); +#endif + fprintf(stderr, "-b, --bulksign Sign modules in bulk\n"); + fprintf(stderr, "-r, --replaceorig Replace original\n"); + fprintf(stderr, "-t, --dest Destination path "); + fprintf(stderr, "(Exclusive with bulk option)\n"); + + fprintf(stderr, "\nMandatory args:\n"); + fprintf(stderr, "-i, --privkey Private key\n"); + fprintf(stderr, "-a, --hashalgo Hash algorithm\n"); + fprintf(stderr, "-x, --x509 X509\n"); + + fprintf(stderr, "\nExamples:\n"); + + fprintf(stderr, "\n Regular signing:\n"); + fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem "); + fprintf(stderr, "-x certs/signing_key.x509 \n"); + + fprintf(stderr, "\n Signing with destination path:\n"); + fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem "); + fprintf(stderr, "-x certs/signing_key.x509 -t \n"); + + fprintf(stderr, "\n Signing modules in bulk:\n"); + fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem "); + fprintf(stderr, "-x certs/signing_key.x509 -b ...\n"); + exit(2); } @@ -281,7 +312,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) #endif case 'h': - format(); + print_usage(); break; case 'i': @@ -312,7 +343,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) break; default: - format(); + print_usage(); break; } } while (opt != -1); @@ -472,6 +503,9 @@ int main(int argc, char **argv) argc -= optind; argv += optind; + if ((opts.bulk_sign && opts.dest_name) || (!opts.bulk_sign && argc != 1)) + print_usage(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); From patchwork Mon Aug 7 11:13:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343635 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5D49EB64DD for ; Mon, 7 Aug 2023 11:15:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232135AbjHGLPw (ORCPT ); Mon, 7 Aug 2023 07:15:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232140AbjHGLPh (ORCPT ); Mon, 7 Aug 2023 07:15:37 -0400 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 358C31FCA; Mon, 7 Aug 2023 04:14:29 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-686ea67195dso3073689b3a.2; Mon, 07 Aug 2023 04:14:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406810; x=1692011610; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=21IzbhQ2qjGtr356saQ9/OyLk1G9ny5Nf5RhalLfvY4=; b=P9rgXifauC5Zfo4AGI8Tc/duItoQ62OzWivkZrp68U0630cNxUVC1JFNMayn+xcahP RZU9uNB2lnzsrP97yiCwzruGMWLfEwxkVxaK5SW0k1Uw38OnWOO0KvisigRyK4xoT4SV ykzbIkrGrxGebNQmsg00aAvVByVnLjJZLNd9SwnH+/ihU/BFgVWvc4pwgp9uuRqnyaVw VSs7dZBC3mkNhxig5SD5VDrgPT03aplUpzg9YBl3YE89/EoNgvuoUBg4ZH8Q3OlLJdjl 7eEq6N68rbYn6FfkFCEkE1zEBFUWjNjsSHGhLu41WHyga0b3x7ncpTBz1NURxx/UPzHu UTOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406810; x=1692011610; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=21IzbhQ2qjGtr356saQ9/OyLk1G9ny5Nf5RhalLfvY4=; b=as2iTK2YLpptX5sItaxDwjAjLsAlcAXZp9+o56iZZTitCYL/XoB1kS0MtI8XUopOs1 JX5r8qE8kHnEh8MsOKe+kFdMbFrqG0O0OCtYxM6M0SHf07Y5yuyyYIcBD+Lmx6uq1n4a zYlCYTlfTCg0a7JS6rjH6CjBrlR4FKb094P3zv0qsqe/zqyPJ7s3bU+rMtntrbBGYrJR EPsYCZub/j1302XP9n8NbYxuBgFP0sGNipJ1yboW+VPEHRAPBaiC0ILMHEWw9lSGSkTv gqZA7VEYH2GkE/OdHISrBkCnvlo3mDMQ0v9vLAEOKR0tq/lqEWgMUPch9SlT6IPCm/PO wZGA== X-Gm-Message-State: AOJu0YwL4+vpDu28ufvP7CiqRsEFMuU7eWnP4Ax0uYjCNaYDUbY6ybao BndlrPAgPBsUy3aQx2SF0T8= X-Google-Smtp-Source: AGHT+IHe0gdNpfHxdLQBJS5MXgEwnuJsAsf2syMt6CcS2tr6LlNStREhwl2S8Iwzh0o1r6KeWEoPzQ== X-Received: by 2002:a05:6a00:178c:b0:64f:aea5:7b49 with SMTP id s12-20020a056a00178c00b0064faea57b49mr10514361pfg.17.1691406809931; Mon, 07 Aug 2023 04:13:29 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:29 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 6/8] sign-file: use const with a global string constant Date: Mon, 7 Aug 2023 16:43:14 +0530 Message-ID: <20230807111316.315836-7-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Reported by checkpatch. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index d3abc5721a7e..e8dfbdd3eea3 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -71,7 +71,7 @@ struct module_signature { #define PKEY_ID_PKCS7 2 -static char magic_number[] = "~Module signature appended~\n"; +static const char magic_number[] = "~Module signature appended~\n"; static __attribute__((noreturn)) void print_usage(void) From patchwork Mon Aug 7 11:13:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343639 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D3F8EB64DD for ; Mon, 7 Aug 2023 11:16:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232158AbjHGLQk (ORCPT ); Mon, 7 Aug 2023 07:16:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230362AbjHGLQT (ORCPT ); Mon, 7 Aug 2023 07:16:19 -0400 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7469A35B1; Mon, 7 Aug 2023 04:15:00 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-6877eb31261so3085420b3a.1; Mon, 07 Aug 2023 04:15:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406811; x=1692011611; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HGa/E1EozA1ONh5cNmJYBRSriG6HQN403JbmkXULwlo=; b=W5NONcAa53RYBrRsow+PWQqRgcGYe+SPRzGizcFTxMGTDCbJxO9kTJLoWYLv/h2PrQ XtdZF1EbSWyzTBiKD7OSWg1tvoW0G5z1VDNIGXylWvZ4PcB81M1XifZ0xBRBXI3vyXAj OFsejLaYVpqM71t/DvrAAey0cC3eVvpO6Vqub/oTvfOvKiZKlENSau5Zly0QGepwo6DX kM1d4cXVWe7L47hBcj8xo2jKowaxwEe/caU9gWCKv4URQbi9L2bPDtkS8unCsS8n1NRn 0OyhcR6uwQ1V9y365+xRIj1nAVPbYBc5zlYJuJ/in5uU95LaCnXcUhHtkVrhoAhvyZvc kLDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406811; x=1692011611; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HGa/E1EozA1ONh5cNmJYBRSriG6HQN403JbmkXULwlo=; b=IdqR38UNJKNtgn0UF+o2EIxfE2D7wvb2Hip34y/B8e7RIQdHawll0tPIL6YrxzGaMz oBx+oFloU7UOcYrQalKZOFsIqLfIyCRkk19ROpbC1s82gji4EpYZj9YsysugstxPQeRL 5YcpYNFzHoGd1fp2UOvfGM+5IjpelaA/HpsyfJRi8wu2xA/hzMbBvY6zzMJDyrtWYA+G iN9ygrLuDUJdTZPd96xquyfy2ePx6KkRmqG5d7cZ4nUvVYYBDPkgzP5h7BDDtRTSxC0s /rIlN2Dr7kQkvXN9OGJ2mABQtxsNGP01G5RpVvSGpUOMg8QWTle/+j5zG9P4trI35jt9 UsOA== X-Gm-Message-State: AOJu0YwSNRK6jT0+CEHm20xVHhLW6JNUIFc9Ck1OFgCMQ5oDrCiUCLfj PGto+gJy+aS2bpy0ZWZWEc4= X-Google-Smtp-Source: AGHT+IGOKi9NZosuGYSGmWIhoAOLuLv9OD9JdBKrKUaVtumn/F8c5tQTBVWMf6D5fdvs4ksf1a/6kA== X-Received: by 2002:a05:6a00:1816:b0:672:264c:e8cf with SMTP id y22-20020a056a00181600b00672264ce8cfmr11441118pfa.7.1691406811440; Mon, 07 Aug 2023 04:13:31 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:31 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 7/8] sign-file: fix do while styling issue Date: Mon, 7 Aug 2023 16:43:15 +0530 Message-ID: <20230807111316.315836-8-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Reported by checkpatch. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index e8dfbdd3eea3..0c95275c4564 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -147,7 +147,7 @@ static void drain_openssl_errors(void) if (__cond) { \ errx(1, fmt, ## __VA_ARGS__); \ } \ - } while(0) + } while (0) static const char *key_pass; From patchwork Mon Aug 7 11:13:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13343636 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56A5FEB64DD for ; Mon, 7 Aug 2023 11:16:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231493AbjHGLP7 (ORCPT ); Mon, 7 Aug 2023 07:15:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232142AbjHGLPj (ORCPT ); Mon, 7 Aug 2023 07:15:39 -0400 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BD192684; Mon, 7 Aug 2023 04:14:30 -0700 (PDT) Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-68783004143so2969639b3a.2; Mon, 07 Aug 2023 04:14:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691406813; x=1692011613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IbHv3wvRcvM75BkSn4zM3JPIA0eKalklIcdZaiMIV1Y=; b=UWiLYD69U/Ptu1IqP/NqT9pb/7DkkiWX1cUe2kV04iEBjPOM2p/QSjE2mc70FuQsPA I6Xto/Zk8ZHdmeKqABoppPi5SAWcnpfTOdOTjiI9oSaTImVPdubQHPDpw0Pkx7IKtKc0 lAMcMbO5S+RYePUcw0D41vIS5cEU2PVMRyGTR25m4d1gOpfW54ffpnStaQeLJfY4t5SU S6WYE89u97HmU/rUNdIVim4amJxUnOZoKU4nlLz8DbFS2GShyWQWb6PAhwUztt7UFMZx L/wJ2u0XRJrOmJSetW2f+jcRT/xhog5fLx4XxKJiMAt8UKX3KMV1gcJvnNowy2UQwvEr 3NGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691406813; x=1692011613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IbHv3wvRcvM75BkSn4zM3JPIA0eKalklIcdZaiMIV1Y=; b=jHb9uE+z1UAVbJONQ6oMPDMo0L6gKj6+agR3E6xGAokqLhRUwpwVuwXw0CPGbcXREV tunbhm+E+GR5ISDzzXYgy0sL0HD196VmeyhxEu1LhFqdw1Wv1tlJe8mFYR/skmoWVR82 k1mgj0Q5XWxVUKBcdfA5IOEYZCMpdxt463CvqxKIMcmjxDd2ZHhgnye0jHIJmPqnEMUK Vpp6y9M43402sDE8ZtHKhoctE1PoEur5IfVxM7xq51WH/yOF+vUTZcwHi5ghYPjKsdv7 qwGUbbXlujQOM7r8qDoEH+WSVwn1LypHkNn5NnFMfWB9WfFCyQ1xAaH8CwyQ1lW93O1F hv6A== X-Gm-Message-State: AOJu0Yzz7KJnXidB2wiyMnr042vd/E6YUwUBb08iccZSGRbLDhIRjAe1 q1iqSkQO1fei4CCoHalTW/g= X-Google-Smtp-Source: AGHT+IEskgGrBWYJ6PO6WkImYpM8S+918p7wYiwq3v4Owtm78MeN/hL58EHQJMCVSDyWZbuEfZDtyg== X-Received: by 2002:a05:6a21:8187:b0:137:bc72:9c08 with SMTP id pd7-20020a056a21818700b00137bc729c08mr7722973pzb.16.1691406812946; Mon, 07 Aug 2023 04:13:32 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id 4-20020aa79144000000b00660d80087a8sm5939173pfi.187.2023.08.07.04.13.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 04:13:32 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v8 8/8] kbuild: modinst: do modules_install step by step Date: Mon, 7 Aug 2023 16:43:16 +0530 Message-ID: <20230807111316.315836-9-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230807111316.315836-1-yesshedi@gmail.com> References: <20230807111316.315836-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Currently Makefile.modinst does three tasks on each module built: - Install modules - Sign modules - Compress modules All the above tasks happen from a single place. This patch divides this task further and uses a different makefile for each task. Signing module logic is completely refactored and everything happens from a shell script now. Signed-off-by: Shreenidhi Shedi --- scripts/Makefile.compress | 53 +++++++++++++++++++ scripts/Makefile.install | 66 +++++++++++++++++++++++ scripts/Makefile.modinst | 108 +++----------------------------------- scripts/Makefile.sign | 37 +++++++++++++ scripts/signfile.sh | 24 +++++++++ 5 files changed, 188 insertions(+), 100 deletions(-) create mode 100644 scripts/Makefile.compress create mode 100644 scripts/Makefile.install create mode 100644 scripts/Makefile.sign create mode 100755 scripts/signfile.sh diff --git a/scripts/Makefile.compress b/scripts/Makefile.compress new file mode 100644 index 000000000000..35d337ac9b6c --- /dev/null +++ b/scripts/Makefile.compress @@ -0,0 +1,53 @@ +# SPDX-License-Identifier: GPL-2.0 +# ========================================================================== +# Compressing modules +# ========================================================================== + +PHONY := __modcompress +__modcompress: + +include include/config/auto.conf +include $(srctree)/scripts/Kbuild.include + +modules := $(call read-file, $(MODORDER)) + +ifeq ($(KBUILD_EXTMOD),) +dst := $(MODLIB)/kernel +else +INSTALL_MOD_DIR ?= updates +dst := $(MODLIB)/$(INSTALL_MOD_DIR) +endif + +suffix-y := +suffix-$(CONFIG_MODULE_COMPRESS_GZIP) := .gz +suffix-$(CONFIG_MODULE_COMPRESS_XZ) := .xz +suffix-$(CONFIG_MODULE_COMPRESS_ZSTD) := .zst + +modules := $(patsubst $(extmod_prefix)%.o, $(dst)/%.ko$(suffix-y), $(modules)) + +__modcompress: $(modules) + @: + +# +# Compression +# +quiet_cmd_gzip = GZIP $@ + cmd_gzip = $(KGZIP) -n -f $< +quiet_cmd_xz = XZ $@ + cmd_xz = $(XZ) --lzma2=dict=2MiB -f $< +quiet_cmd_zstd = ZSTD $@ + cmd_zstd = $(ZSTD) -T0 --rm -f -q $< + +$(dst)/%.ko.gz: $(dst)/%.ko FORCE + $(call cmd,gzip) + +$(dst)/%.ko.xz: $(dst)/%.ko FORCE + $(call cmd,xz) + +$(dst)/%.ko.zst: $(dst)/%.ko FORCE + $(call cmd,zstd) + +PHONY += FORCE +FORCE: + +.PHONY: $(PHONY) diff --git a/scripts/Makefile.install b/scripts/Makefile.install new file mode 100644 index 000000000000..40c496cb99dc --- /dev/null +++ b/scripts/Makefile.install @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: GPL-2.0 +# ========================================================================== +# Installing modules +# ========================================================================== + +PHONY := __modinstall +__modinstall: + +include include/config/auto.conf +include $(srctree)/scripts/Kbuild.include + +modules := $(call read-file, $(MODORDER)) + +ifeq ($(KBUILD_EXTMOD),) +dst := $(MODLIB)/kernel +else +INSTALL_MOD_DIR ?= updates +dst := $(MODLIB)/$(INSTALL_MOD_DIR) +endif + +$(foreach x, % :, $(if $(findstring $x, $(dst)), \ + $(error module installation path cannot contain '$x'))) + +modules := $(patsubst $(extmod_prefix)%.o, $(dst)/%.ko$(suffix-y), $(modules)) + +__modinstall: $(modules) + @: + +# +# Installation +# +quiet_cmd_install = INSTALL $@ + cmd_install = mkdir -p $(dir $@); cp $< $@ + +# Strip +# +# INSTALL_MOD_STRIP, if defined, will cause modules to be stripped after they +# are installed. If INSTALL_MOD_STRIP is '1', then the default option +# --strip-debug will be used. Otherwise, INSTALL_MOD_STRIP value will be used +# as the options to the strip command. +ifdef INSTALL_MOD_STRIP + +ifeq ($(INSTALL_MOD_STRIP),1) +strip-option := --strip-debug +else +strip-option := $(INSTALL_MOD_STRIP) +endif + +quiet_cmd_strip = STRIP $@ + cmd_strip = $(STRIP) $(strip-option) $@ + +else + +quiet_cmd_strip = + cmd_strip = : + +endif + +$(dst)/%.ko: $(extmod_prefix)%.ko FORCE + $(call cmd,install) + $(call cmd,strip) + +PHONY += FORCE +FORCE: + +.PHONY: $(PHONY) diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index e94ac9afe17a..fc9cd7638ea5 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -1,119 +1,27 @@ # SPDX-License-Identifier: GPL-2.0 # ========================================================================== -# Installing modules +# Install, Sign & Compress modules # ========================================================================== -PHONY := __modinst -__modinst: - include include/config/auto.conf include $(srctree)/scripts/Kbuild.include -modules := $(call read-file, $(MODORDER)) - -ifeq ($(KBUILD_EXTMOD),) -dst := $(MODLIB)/kernel -else -INSTALL_MOD_DIR ?= updates -dst := $(MODLIB)/$(INSTALL_MOD_DIR) -endif - -$(foreach x, % :, $(if $(findstring $x, $(dst)), \ - $(error module installation path cannot contain '$x'))) - -suffix-y := -suffix-$(CONFIG_MODULE_COMPRESS_GZIP) := .gz -suffix-$(CONFIG_MODULE_COMPRESS_XZ) := .xz -suffix-$(CONFIG_MODULE_COMPRESS_ZSTD) := .zst - -modules := $(patsubst $(extmod_prefix)%.o, $(dst)/%.ko$(suffix-y), $(modules)) - -__modinst: $(modules) - @: - -# -# Installation -# -quiet_cmd_install = INSTALL $@ - cmd_install = mkdir -p $(dir $@); cp $< $@ - -# Strip -# -# INSTALL_MOD_STRIP, if defined, will cause modules to be stripped after they -# are installed. If INSTALL_MOD_STRIP is '1', then the default option -# --strip-debug will be used. Otherwise, INSTALL_MOD_STRIP value will be used -# as the options to the strip command. -ifdef INSTALL_MOD_STRIP - -ifeq ($(INSTALL_MOD_STRIP),1) -strip-option := --strip-debug -else -strip-option := $(INSTALL_MOD_STRIP) -endif - -quiet_cmd_strip = STRIP $@ - cmd_strip = $(STRIP) $(strip-option) $@ - -else - -quiet_cmd_strip = - cmd_strip = : - -endif - -# -# Signing -# Don't stop modules_install even if we can't sign external modules. -# -ifeq ($(CONFIG_MODULE_SIG_ALL),y) -ifeq ($(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),) -sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY) -else -sig-key := $(CONFIG_MODULE_SIG_KEY) -endif -quiet_cmd_sign = SIGN $@ - cmd_sign = scripts/sign-file -a "$(CONFIG_MODULE_SIG_HASH)" \ - -i "$(sig-key)" \ - -x certs/signing_key.x509 $@ \ - $(if $(KBUILD_EXTMOD),|| true) -else -quiet_cmd_sign := - cmd_sign := : -endif +PHONY := __modinst ifeq ($(modules_sign_only),) -$(dst)/%.ko: $(extmod_prefix)%.ko FORCE - $(call cmd,install) - $(call cmd,strip) - $(call cmd,sign) +__modinst: FORCE + $(MAKE) -f scripts/Makefile.install + $(MAKE) -f scripts/Makefile.sign + $(MAKE) -f scripts/Makefile.compress else -$(dst)/%.ko: FORCE - $(call cmd,sign) +__modinst: FORCE + $(MAKE) -f scripts/Makefile.sign endif -# -# Compression -# -quiet_cmd_gzip = GZIP $@ - cmd_gzip = $(KGZIP) -n -f $< -quiet_cmd_xz = XZ $@ - cmd_xz = $(XZ) --lzma2=dict=2MiB -f $< -quiet_cmd_zstd = ZSTD $@ - cmd_zstd = $(ZSTD) -T0 --rm -f -q $< - -$(dst)/%.ko.gz: $(dst)/%.ko FORCE - $(call cmd,gzip) - -$(dst)/%.ko.xz: $(dst)/%.ko FORCE - $(call cmd,xz) - -$(dst)/%.ko.zst: $(dst)/%.ko FORCE - $(call cmd,zstd) - PHONY += FORCE FORCE: diff --git a/scripts/Makefile.sign b/scripts/Makefile.sign new file mode 100644 index 000000000000..d6b242b16657 --- /dev/null +++ b/scripts/Makefile.sign @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: GPL-2.0 +# ========================================================================== +# Signing modules +# ========================================================================== + +PHONY := __modsign +__modsign: + +include include/config/auto.conf +include $(srctree)/scripts/Kbuild.include + +# +# Signing +# Don't stop modules_install even if we can't sign external modules. +# +ifeq ($(CONFIG_MODULE_SIG_ALL),y) +ifeq ($(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),) +sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY) +else +sig-key := $(CONFIG_MODULE_SIG_KEY) +endif +quiet_cmd_sign = SIGNING ALL MODULES ... + cmd_sign = $(CONFIG_SHELL) $(srctree)/scripts/signfile.sh \ + "$(CONFIG_MODULE_SIG_HASH)" \ + "$(sig-key)" +else +quiet_cmd_sign := + cmd_sign := : +endif + +__modsign: FORCE + $(call cmd,sign) + +PHONY += FORCE +FORCE: + +.PHONY: $(PHONY) diff --git a/scripts/signfile.sh b/scripts/signfile.sh new file mode 100755 index 000000000000..b2b58bfbd5ba --- /dev/null +++ b/scripts/signfile.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# +# A sign-file wrapper used by scripts/Makefile.sign + +#set -x + +if test $# -ne 2; then + echo "Usage: $0 " >&2 + exit 1 +fi + +SIG_HASH="$1" +SIG_KEY="$2" + +MODULES_PATH="${INSTALL_MOD_PATH}/lib/modules/${KERNELRELEASE}" + +find "${MODULES_PATH}" -name *.ko -type f -print0 | \ + xargs -r -0 -P$(nproc) -x -n32 sh -c "\ +${srctree}/scripts/sign-file \ +-a \"${SIG_HASH}\" \ +-i \"${SIG_KEY}\" \ +-x ${srctree}/certs/signing_key.x509 \ +-b \$@ \$0"