From patchwork Wed Aug 9 17:22:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA317C0015E for ; Wed, 9 Aug 2023 17:22:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232442AbjHIRWV (ORCPT ); Wed, 9 Aug 2023 13:22:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232463AbjHIRWS (ORCPT ); Wed, 9 Aug 2023 13:22:18 -0400 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC9331FEF; Wed, 9 Aug 2023 10:22:17 -0700 (PDT) Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-26934bc3059so860542a91.1; Wed, 09 Aug 2023 10:22:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601737; x=1692206537; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sshxUFVbctBDVN/rzug39I/npfxRGzCIXVTdlhheim4=; b=Gm0jN3xybomHGt+nNqzWRqb/8iUt44Dh293c9zYb1NrtkeZMzYcZjLHSWCbYYMarkX OOHwWh6OE3IMZpgNO+arqQXrSA0mEkfs+q7yv81y06dlxJn4Y+lOzLpG/vy/SWxeJaO7 Wc3kGCxYXlI/AJqiTpTPsBq/sce+2EpY5k9qj3KgXjX06x1iRzD8flSDFw0mxFdATxr1 xOBx/7LpkVcXKq7cY+ZavwpXak8v84rX+F+8IlV9DYv2WmkseyV2Woi8pa12FNdBrYPV dg/dU5ZUaq3T699T37ImF33/JJKs4QczgwSWcYXUvpYE00v5h2Tu+4A5EYmtL2/g7R8r pxww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601737; x=1692206537; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sshxUFVbctBDVN/rzug39I/npfxRGzCIXVTdlhheim4=; b=YgvAnjYKWCj58Z4pR168iuLvjhO21P/RMyT9Tu8p8vB1AMe2bHem+8IPG2Zl+DQjc9 nAQuDw69U6uuOXZ/tpfMYDy5Wupjq28rDaT2+jUCJNuqlmZ84RLw6xWp2pzBM2JHWU11 QBngYQtSYLWJ744HtMAPihbQC7vvYvIFirapJQK4Afs6onUftiyfRDOWLW6BWTl8dTzi 1IdxerrsYZeH9WaaNP50k7rixX1GTvyWOgdRfqql/vzwX5gYAgrLgKepJfOOyKX+i0/a 3TbfE9LFZyqPx/i7OO0Cf4JnUs4yZFbTqLXgYlo6V22XhOeFZqfStmUmeolrequzGpSV 02hA== X-Gm-Message-State: AOJu0Yypf8EnEFvfr+JSId+Lfkg1MpbgohOm4dg/n89s16ZyhoVi0dKG bVRiCKgNiCagLiu8j5EdgYcOE541N72bug== X-Google-Smtp-Source: AGHT+IEFhOY2Y/SMcJU36puXtVrDmqBJOX0qkwOE68PlFodBd60+ge9fKE3PKiSs4QB5NUrqM+Ts/A== X-Received: by 2002:a17:90a:bb16:b0:269:3757:54bb with SMTP id u22-20020a17090abb1600b00269375754bbmr100795pjr.11.1691601737381; Wed, 09 Aug 2023 10:22:17 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:17 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 1/7] sign-file: use getopt_long_only for parsing input args Date: Wed, 9 Aug 2023 22:52:04 +0530 Message-ID: <20230809172211.343677-2-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org - getopt_long_only gives an option to use long names for options, so using it here to make the app usage easier. - Use more easy to remember command line argument names - Introduce cmd_opts structure to ease the handling of command line args Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 97 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 78 insertions(+), 19 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 598ef5465f82..94228865b6cc 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -213,15 +213,77 @@ static X509 *read_x509(const char *x509_name) return x509; } +struct cmd_opts { + char *raw_sig_name; + bool save_sig; + bool replace_orig; + bool raw_sig; + bool sign_only; +#ifndef USE_PKCS7 + unsigned int use_keyid; +#endif +}; + +static void parse_args(int argc, char **argv, struct cmd_opts *opts) +{ + struct option cmd_options[] = { + {"rawsig", required_argument, 0, 's'}, + {"savesig", no_argument, 0, 'p'}, + {"signonly", no_argument, 0, 'd'}, +#ifndef USE_PKCS7 + {"usekeyid", no_argument, 0, 'k'}, +#endif + {0, 0, 0, 0} + }; + + int opt; + int opt_index = 0; + + do { +#ifndef USE_PKCS7 + opt = getopt_long_only(argc, argv, "pds:", + cmd_options, &opt_index); +#else + opt = getopt_long_only(argc, argv, "pdks:", + cmd_options, &opt_index); +#endif + switch (opt) { + case 's': + opts->raw_sig = true; + opts->raw_sig_name = optarg; + break; + + case 'p': + opts->save_sig = true; + break; + + case 'd': + opts->sign_only = true; + opts->save_sig = true; + break; + +#ifndef USE_PKCS7 + case 'k': + opts->use_keyid = CMS_USE_KEYID; + break; +#endif + + case -1: + break; + + default: + format(); + break; + } + } while (opt != -1); +} + int main(int argc, char **argv) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; char *hash_algo = NULL; - char *private_key_name = NULL, *raw_sig_name = NULL; + char *private_key_name = NULL; char *x509_name, *module_name, *dest_name; - bool save_sig = false, replace_orig; - bool sign_only = false; - bool raw_sig = false; unsigned char buf[4096]; unsigned long module_size, sig_size; unsigned int use_signed_attrs; @@ -229,13 +291,14 @@ int main(int argc, char **argv) EVP_PKEY *private_key; #ifndef USE_PKCS7 CMS_ContentInfo *cms = NULL; - unsigned int use_keyid = 0; #else PKCS7 *pkcs7 = NULL; #endif X509 *x509; BIO *bd, *bm; - int opt, n; + int n; + struct cmd_opts opts = {}; + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); @@ -247,23 +310,19 @@ int main(int argc, char **argv) #else use_signed_attrs = PKCS7_NOATTR; #endif + parse_args(argc, argv, &opts); + argc -= optind; + argv += optind; - do { - opt = getopt(argc, argv, "sdpk"); - switch (opt) { - case 's': raw_sig = true; break; - case 'p': save_sig = true; break; - case 'd': sign_only = true; save_sig = true; break; + const char *raw_sig_name = opts.raw_sig_name; + const bool save_sig = opts.save_sig; + const bool raw_sig = opts.raw_sig; + const bool sign_only = opts.sign_only; + bool replace_orig = opts.replace_orig; #ifndef USE_PKCS7 - case 'k': use_keyid = CMS_USE_KEYID; break; + const unsigned int use_keyid = opts.use_keyid; #endif - case -1: break; - default: format(); - } - } while (opt != -1); - argc -= optind; - argv += optind; if (argc < 4 || argc > 5) format(); From patchwork Wed Aug 9 17:22:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348253 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1735AC41513 for ; Wed, 9 Aug 2023 17:22:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232925AbjHIRWV (ORCPT ); Wed, 9 Aug 2023 13:22:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231303AbjHIRWU (ORCPT ); Wed, 9 Aug 2023 13:22:20 -0400 Received: from mail-oa1-x2e.google.com (mail-oa1-x2e.google.com [IPv6:2001:4860:4864:20::2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC91ADA; Wed, 9 Aug 2023 10:22:19 -0700 (PDT) Received: by mail-oa1-x2e.google.com with SMTP id 586e51a60fabf-1bb7297c505so16724fac.1; Wed, 09 Aug 2023 10:22:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601739; x=1692206539; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hq9xqM+h7oBuIV562NdPhowrLOOfWiFKQyz9j1DoQbE=; b=aUj2Gobe5kqvBtqWChMciBQMMEoNr+G1iQCVDZS3A3YOreCXkqc9e4wo1n6MCCXAuj hxShXPvUCno9Lne0jm9KkIul+YfvyM5HfH9SVp74J1SQaVQkaWicYfKQZ8wkgl9ghzZB yWJJVEM5+j+mg22IT6Ko3YJq1xSvn3XuZKzXawTRdXH56SRTz0y3Js6I1eHp42h64IlJ TgweuIxE1kPF4/O+tyE9OIUEzPPaxtV1X7u0TzLL8/zoHGVgUV9FrS5OjduBhHyh13zT qGRJ+nRhcQGeldGqoiYROaRrQxBX78R1x1PkxAOCIKBWvn/MKuiHrAiaotIOrXJehlcg QUpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601739; x=1692206539; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hq9xqM+h7oBuIV562NdPhowrLOOfWiFKQyz9j1DoQbE=; b=kDk3dy+SMNpZsel5ED7GftY1teW47uBWamCdYf5AMFCVwLUU0Ejvj0PiFo3tQ2GT0v wEwrci9JNMKufdLdE8dSfjcFGp7ePViHtyDkIZYJpM393vUddJ6VMjbACY4Y/j0vdJai 3PybjwXugIdj8XEp+7VJu/UdpkpVPR75M4V8HRmOd0+Z/3t7UWYL6dorjT3qePX+YwfR NqojBMOuXBTUQ279u8M878nftulMRNwsk+BuNcD75FQLyaIg78ylBEQbCTYs4Qy2eBWi DNolmMBOzO4NfhUNB6PIWkkc45AiRy8oLg15wbRg3Q+V7o8ejfm7WPGTdnpj1s861Ha+ O0Ag== X-Gm-Message-State: AOJu0YxO/F4gLXpG5zmimI9wSSXQQlMOpiY6IZr0KOkGU18fLBDO/4Fv BklcezbFHjwPvhpsejd7nDg= X-Google-Smtp-Source: AGHT+IHPdWho9K41zWMrOdMQFSSWihQXJUronm52XKlW5lmVrfo1XesvLrkP8A82kTgTgdbEZ1lz3g== X-Received: by 2002:a05:6808:f16:b0:3a7:215c:e34 with SMTP id m22-20020a0568080f1600b003a7215c0e34mr4224010oiw.15.1691601739062; Wed, 09 Aug 2023 10:22:19 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:18 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 2/7] sign-file: inntroduce few new flags to make argument processing easy. Date: Wed, 9 Aug 2023 22:52:05 +0530 Message-ID: <20230809172211.343677-3-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org - Add some more options like help, x509, hashalgo to command line args - This makes it easy to handle and use command line args wherever needed Signed-off-by: Shreenidhi Shedi --- scripts/Makefile.modinst | 4 ++- scripts/sign-file.c | 63 ++++++++++++++++++++++++++++------------ 2 files changed, 48 insertions(+), 19 deletions(-) diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index ab0c5bd1a60f..e94ac9afe17a 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -72,7 +72,9 @@ else sig-key := $(CONFIG_MODULE_SIG_KEY) endif quiet_cmd_sign = SIGN $@ - cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \ + cmd_sign = scripts/sign-file -a "$(CONFIG_MODULE_SIG_HASH)" \ + -i "$(sig-key)" \ + -x certs/signing_key.x509 $@ \ $(if $(KBUILD_EXTMOD),|| true) else quiet_cmd_sign := diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 94228865b6cc..b0f340ea629b 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name) struct cmd_opts { char *raw_sig_name; + char *hash_algo; + char *dest_name; + char *private_key_name; + char *x509_name; + char *module_name; bool save_sig; bool replace_orig; bool raw_sig; @@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) #ifndef USE_PKCS7 {"usekeyid", no_argument, 0, 'k'}, #endif + {"help", no_argument, 0, 'h'}, + {"privkey", required_argument, 0, 'i'}, + {"hashalgo", required_argument, 0, 'a'}, + {"x509", required_argument, 0, 'x'}, + {"dest", required_argument, 0, 'd'}, + {"replaceorig", required_argument, 0, 'r'}, {0, 0, 0, 0} }; @@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) do { #ifndef USE_PKCS7 - opt = getopt_long_only(argc, argv, "pds:", + opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:", cmd_options, &opt_index); #else - opt = getopt_long_only(argc, argv, "pdks:", + opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:", cmd_options, &opt_index); #endif switch (opt) { @@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) break; #endif + case 'h': + format(); + break; + + case 'i': + opts->private_key_name = optarg; + break; + + case 'a': + opts->hash_algo = optarg; + break; + + case 'x': + opts->x509_name = optarg; + break; + + case 't': + opts->dest_name = optarg; + break; + + case 'r': + opts->replace_orig = true; + break; + case -1: break; @@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) int main(int argc, char **argv) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - char *hash_algo = NULL; - char *private_key_name = NULL; - char *x509_name, *module_name, *dest_name; unsigned char buf[4096]; unsigned long module_size, sig_size; unsigned int use_signed_attrs; @@ -315,32 +347,27 @@ int main(int argc, char **argv) argv += optind; const char *raw_sig_name = opts.raw_sig_name; + const char *hash_algo = opts.hash_algo; + const char *private_key_name = opts.private_key_name; + const char *x509_name = opts.x509_name; + const char *module_name = opts.module_name; const bool save_sig = opts.save_sig; const bool raw_sig = opts.raw_sig; const bool sign_only = opts.sign_only; bool replace_orig = opts.replace_orig; + char *dest_name = opts.dest_name; #ifndef USE_PKCS7 const unsigned int use_keyid = opts.use_keyid; #endif - if (argc < 4 || argc > 5) + if (!argv[0] || argc != 1) format(); - if (raw_sig) { - raw_sig_name = argv[0]; - hash_algo = argv[1]; - } else { - hash_algo = argv[0]; - private_key_name = argv[1]; - } - x509_name = argv[2]; - module_name = argv[3]; - if (argc == 5 && strcmp(argv[3], argv[4]) != 0) { - dest_name = argv[4]; + if (dest_name && strcmp(argv[0], dest_name)) { replace_orig = false; } else { ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); + "asprintf"); replace_orig = true; } From patchwork Wed Aug 9 17:22:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348254 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D605EC04FDF for ; Wed, 9 Aug 2023 17:22:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231546AbjHIRWX (ORCPT ); Wed, 9 Aug 2023 13:22:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232937AbjHIRWW (ORCPT ); Wed, 9 Aug 2023 13:22:22 -0400 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A3F9210D; Wed, 9 Aug 2023 10:22:21 -0700 (PDT) Received: by mail-pg1-x531.google.com with SMTP id 41be03b00d2f7-56546b45f30so76924a12.3; Wed, 09 Aug 2023 10:22:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601740; x=1692206540; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kc/8xA5HfVOnw4JeGBWUmNDme5l9D/HCBm9IBlclfHU=; b=ivFd19zaljOwkITr9dn0LOpN9NS6roc7rmCZqyLTvAuU4fLeGULHhhXzMNIw9RgoeG JtCNJfzFKLlWaaYDV9lu0nO7Z+BSVq7NgyJ9Rnp+xif5gpX4yWWu488o+ijttlJX+I+2 7bpDbArqlSqA2j372QJhI+oPrQLU+Fw7dtm+BIdisSk1i6zbDK6EfKaYsOwivpq8UP3e LR5tLrXBieqzRPI6G81rVIk4Zn05Nlr4qXQR7oiFk3bZ3QKvJV/qCRqDDArXcaxv6Vtv HTfFeF+/2e5WO1DH7SzIdqKarLe6MeM3j1k1yM0PI6qJgu7pQ+XIXH03mGf5FTnosr48 d+BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601740; x=1692206540; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kc/8xA5HfVOnw4JeGBWUmNDme5l9D/HCBm9IBlclfHU=; b=AXQUIQRREGS6TJJxuKN9JP41kFXA8ovqBWRwQXJP7Py9qP30P8R56nKyZO/dLGXk2v 2bIDJlGEqMH1YjWs8udEjIAc58DPZzqXLPQsn1YmeqG5LbKQVOx7V+TaIa42sBf/Q8J7 S3TBXkE1Kb8MlG+MCkduU0xBjLCTpPisgJtPbUWzFuqNdnApIH51h2HiHPwGphotSxzS j7vigv7zIvp1XdTItynSELWZG6Mlm7A1hi+2tUObXex036/jTT0FQ7BQ5voQ//GkNQ51 XWSI2cVRdBtRLfce3nyG8XMN9an8zqCgNdaNabkM+T8EWQ2Jhj0ks7z/15Ls0KsjUZ5y Z1yQ== X-Gm-Message-State: AOJu0Yz+HaHOvyWgT6yVdBlZGbIpeg8MPc5w/4AanK6yHJd9RlogF9uu NlYvi12EvSThlXDf5wyxEDo= X-Google-Smtp-Source: AGHT+IEH7lN6afl9zoESzAVbs4XVWCUBemSVs2noo5RMZxzVtOaavy/rJ/TB06c0hLILHfGFLruFrA== X-Received: by 2002:a17:90a:d48:b0:268:14d7:bc34 with SMTP id 8-20020a17090a0d4800b0026814d7bc34mr2795092pju.20.1691601740685; Wed, 09 Aug 2023 10:22:20 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:20 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 3/7] sign-file: move file signing logic to its own function Date: Wed, 9 Aug 2023 22:52:06 +0530 Message-ID: <20230809172211.343677-4-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Keep the main function bare minimal and do less in main function. This patch is pre-work for bulk module signing support. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 115 +++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 61 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index b0f340ea629b..64d5e00f08e2 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -313,10 +313,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) } while (opt != -1); } -int main(int argc, char **argv) +static int sign_single_file(struct cmd_opts *opts) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - unsigned char buf[4096]; + unsigned char buf[4096] = {}; unsigned long module_size, sig_size; unsigned int use_signed_attrs; const EVP_MD *digest_algo; @@ -329,11 +329,6 @@ int main(int argc, char **argv) X509 *x509; BIO *bd, *bm; int n; - struct cmd_opts opts = {}; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - ERR_clear_error(); key_pass = getenv("KBUILD_SIGN_PIN"); @@ -342,34 +337,6 @@ int main(int argc, char **argv) #else use_signed_attrs = PKCS7_NOATTR; #endif - parse_args(argc, argv, &opts); - argc -= optind; - argv += optind; - - const char *raw_sig_name = opts.raw_sig_name; - const char *hash_algo = opts.hash_algo; - const char *private_key_name = opts.private_key_name; - const char *x509_name = opts.x509_name; - const char *module_name = opts.module_name; - const bool save_sig = opts.save_sig; - const bool raw_sig = opts.raw_sig; - const bool sign_only = opts.sign_only; - bool replace_orig = opts.replace_orig; - char *dest_name = opts.dest_name; -#ifndef USE_PKCS7 - const unsigned int use_keyid = opts.use_keyid; -#endif - - if (!argv[0] || argc != 1) - format(); - - if (dest_name && strcmp(argv[0], dest_name)) { - replace_orig = false; - } else { - ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); - replace_orig = true; - } #ifdef USE_PKCS7 if (strcmp(hash_algo, "sha1") != 0) { @@ -380,20 +347,20 @@ int main(int argc, char **argv) #endif /* Open the module file */ - bm = BIO_new_file(module_name, "rb"); - ERR(!bm, "%s", module_name); + bm = BIO_new_file(opts->module_name, "rb"); + ERR(!bm, "%s", opts->module_name); - if (!raw_sig) { + if (!opts->raw_sig) { /* Read the private key and the X.509 cert the PKCS#7 message * will point to. */ - private_key = read_private_key(private_key_name); - x509 = read_x509(x509_name); + private_key = read_private_key(opts->private_key_name); + x509 = read_x509(opts->x509_name); /* Digest the module data. */ OpenSSL_add_all_digests(); display_openssl_errors(__LINE__); - digest_algo = EVP_get_digestbyname(hash_algo); + digest_algo = EVP_get_digestbyname(opts->hash_algo); ERR(!digest_algo, "EVP_get_digestbyname"); #ifndef USE_PKCS7 @@ -405,7 +372,7 @@ int main(int argc, char **argv) ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, CMS_NOCERTS | CMS_BINARY | - CMS_NOSMIMECAP | use_keyid | + CMS_NOSMIMECAP | opts->use_keyid | use_signed_attrs), "CMS_add1_signer"); ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, @@ -418,11 +385,11 @@ int main(int argc, char **argv) ERR(!pkcs7, "PKCS7_sign"); #endif - if (save_sig) { + if (opts->save_sig) { char *sig_file_name; BIO *b; - ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, + ERR(asprintf(&sig_file_name, "%s.p7s", opts->module_name) < 0, "asprintf"); b = BIO_new_file(sig_file_name, "wb"); ERR(!b, "%s", sig_file_name); @@ -436,7 +403,7 @@ int main(int argc, char **argv) BIO_free(b); } - if (sign_only) { + if (opts->sign_only) { BIO_free(bm); return 0; } @@ -445,24 +412,24 @@ int main(int argc, char **argv) /* Open the destination file now so that we can shovel the module data * across as we read it. */ - bd = BIO_new_file(dest_name, "wb"); - ERR(!bd, "%s", dest_name); + bd = BIO_new_file(opts->dest_name, "wb"); + ERR(!bd, "%s", opts->dest_name); /* Append the marker and the PKCS#7 message to the destination file */ - ERR(BIO_reset(bm) < 0, "%s", module_name); + ERR(BIO_reset(bm) < 0, "%s", opts->module_name); while ((n = BIO_read(bm, buf, sizeof(buf))), n > 0) { - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); } BIO_free(bm); - ERR(n < 0, "%s", module_name); + ERR(n < 0, "%s", opts->module_name); module_size = BIO_number_written(bd); - if (!raw_sig) { + if (!opts->raw_sig) { #ifndef USE_PKCS7 - ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); + ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", opts->dest_name); #else - ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", opts->dest_name); #endif } else { BIO *b; @@ -470,23 +437,49 @@ int main(int argc, char **argv) /* Read the raw signature file and write the data to the * destination file */ - b = BIO_new_file(raw_sig_name, "rb"); - ERR(!b, "%s", raw_sig_name); + b = BIO_new_file(opts->raw_sig_name, "rb"); + ERR(!b, "%s", opts->raw_sig_name); while ((n = BIO_read(b, buf, sizeof(buf))), n > 0) - ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); + ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name); BIO_free(b); } sig_size = BIO_number_written(bd) - module_size; sig_info.sig_len = htonl(sig_size); - ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); - ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); + ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", opts->dest_name); + ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", opts->dest_name); - ERR(BIO_free(bd) < 0, "%s", dest_name); + ERR(BIO_free(bd) < 0, "%s", opts->dest_name); /* Finally, if we're signing in place, replace the original. */ - if (replace_orig) - ERR(rename(dest_name, module_name) < 0, "%s", dest_name); + if (opts->replace_orig) + ERR(rename(opts->dest_name, opts->module_name) < 0, "%s", opts->dest_name); return 0; } + +int main(int argc, char **argv) +{ + struct cmd_opts opts = {}; + + parse_args(argc, argv, &opts); + argc -= optind; + argv += optind; + + if (!argv[0] || argc != 1) + format(); + + if (opts.dest_name && strcmp(argv[0], opts.dest_name)) { + opts.replace_orig = false; + } else { + ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, + "asprintf"); + opts.replace_orig = true; + } + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + ERR_clear_error(); + + return sign_single_file(&opts); +} From patchwork Wed Aug 9 17:22:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348255 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 324D0C001E0 for ; Wed, 9 Aug 2023 17:22:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233019AbjHIRW0 (ORCPT ); Wed, 9 Aug 2023 13:22:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232957AbjHIRWX (ORCPT ); Wed, 9 Aug 2023 13:22:23 -0400 Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D7301FF7; Wed, 9 Aug 2023 10:22:23 -0700 (PDT) Received: by mail-oi1-x229.google.com with SMTP id 5614622812f47-3a5ad6087a1so11124b6e.2; Wed, 09 Aug 2023 10:22:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601742; x=1692206542; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=p+Vc8KF36dvoTsxw7COLho0+o4ramvtbWDluJ7MN6HU=; b=J0tuWk2R6rxihVOM/hdSNrEOmZo2mREj82lxIZvxHqJqqkiKqQNt+B3/PPypKPakE3 Uc8S7JM2JfiH818Gft/k/QNDL/1z2hEKv9b5zXeuOifkWiubM8DAlM+FGmY4kZTzaKNe ebZBoyW1SYyrmVyeoxTkDV+vP889FCCx9eNzFtF9NaXTYmmsLnkqbsBTQqfSqsBTDWuF fba+l+tZssOxt3fa5acSbwwDbsuQbi+GZRdsSz4W8HFLZIhA4MHCsGOM6CNFgyJ7UoOz FZ6nLoH92OCD3fvoWPa8jvI8zNcLdRQB2UPkw6jXmx6I87ah0xMbxa9dV1b9dZDEipXA WbRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601742; x=1692206542; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p+Vc8KF36dvoTsxw7COLho0+o4ramvtbWDluJ7MN6HU=; b=lET/Occv49XNihAO8xJlY2NrpUlIQnLJ2Rzv36dBYYVo2Nu7264M/0SiJw2NAl8hZj gFWtAQfoUC5//ixZk4H+V3IFjPaOIRC2NI/q6dk64hMcDyKfPYvmX3gt+bSgAY2LByvL y5d0gtxx+lK9JNk41Er/iwVJtkmVmJOkj9sdN0TuuOKdf2a7Rjh6F56rsCkcRS29oHg0 C2AVJaiUvWfffDJGDf/MteJrHllyqbWBXPVFl3bsNZ6M9Ot6bAQvJc3FgCFzRhsLqNdx 3WP7dM+GDMq6BxczbUOlFdAazGlQqy90U9N45tadz68ZqPwam2znK1CuCycsrmoadMZ/ 8dWA== X-Gm-Message-State: AOJu0YxkB4cg7OWu1EmCia2s0KcfkSrxHgM4x6M/93x/ZwQM4ItP+Vkl nSn3VmsMQ/eA3PSRj2yhp/A= X-Google-Smtp-Source: AGHT+IE2KViwY+jM5mLKKZRwDXlK+iDfaAVU2o9gO2jHBaCH/jHJUN0NRgAOaNytgwSimKjzUufwvw== X-Received: by 2002:a05:6808:f16:b0:3a3:fa64:bb8d with SMTP id m22-20020a0568080f1600b003a3fa64bb8dmr4271375oiw.10.1691601742310; Wed, 09 Aug 2023 10:22:22 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:22 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 4/7] sign-file: add support to sign modules in bulk Date: Wed, 9 Aug 2023 22:52:07 +0530 Message-ID: <20230809172211.343677-5-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org In the existing system, we need to invoke sign-file binary for every module we want to sign. This patch adds support to give modules list in bulk and it will sign them all one by one. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 64d5e00f08e2..0a275256ca16 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -224,6 +224,7 @@ struct cmd_opts { bool replace_orig; bool raw_sig; bool sign_only; + bool bulk_sign; #ifndef USE_PKCS7 unsigned int use_keyid; #endif @@ -252,10 +253,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) do { #ifndef USE_PKCS7 - opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:", + opt = getopt_long_only(argc, argv, "hpdbs:i:a:x:t:r:", cmd_options, &opt_index); #else - opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:", + opt = getopt_long_only(argc, argv, "hpdkbs:i:a:x:t:r:", cmd_options, &opt_index); #endif switch (opt) { @@ -303,6 +304,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) opts->replace_orig = true; break; + case 'b': + opts->bulk_sign = true; + break; + case -1: break; @@ -460,26 +465,34 @@ static int sign_single_file(struct cmd_opts *opts) int main(int argc, char **argv) { + int i; struct cmd_opts opts = {}; parse_args(argc, argv, &opts); argc -= optind; argv += optind; - if (!argv[0] || argc != 1) - format(); - - if (opts.dest_name && strcmp(argv[0], opts.dest_name)) { - opts.replace_orig = false; - } else { - ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, - "asprintf"); - opts.replace_orig = true; - } - OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); - return sign_single_file(&opts); + for (i = 0; i < argc; ++i) { + opts.module_name = argv[i]; + + if (!opts.bulk_sign && opts.dest_name && strcmp(argv[i], opts.dest_name)) { + opts.replace_orig = false; + } else { + ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0, + "asprintf"); + if (!opts.replace_orig) + opts.replace_orig = true; + } + + if (sign_single_file(&opts)) { + fprintf(stderr, "Failed to sign: %s module\n", opts.module_name); + return -1; + } + } + + return 0; } From patchwork Wed Aug 9 17:22:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348256 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 949B1C0015E for ; Wed, 9 Aug 2023 17:22:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233099AbjHIRWd (ORCPT ); Wed, 9 Aug 2023 13:22:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233002AbjHIRWZ (ORCPT ); Wed, 9 Aug 2023 13:22:25 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D5542123; Wed, 9 Aug 2023 10:22:24 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-267fc1d776eso8281a91.2; Wed, 09 Aug 2023 10:22:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601744; x=1692206544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ig5W7IVmZukpubm43ufz7bJD8pT18xKkNxAjQ1Pkr0Y=; b=QizvGZTBUXTBDgn8psZ99xw+SOkhsWL32LWp3Fu9kLUd1sEognyZa9cqDH9ED44Iyh IjkyWhEYosGuDsyYz3k9XnSXk9MOXTW+XiYXdaAa2UI7H1ByiMpWeNpv2D/rrDQEXCwE W5zOGC4U4x2G72i7sh2W1JXKu7T9mTmtX0TSSKYl2DtHm0iW4BuXW8Lprf8yHA1ijNDv g5zh3h0E8mO6Yx2nKR92SPDub8eieH7adRpRefv0TKf7z5sxRHlOm9GHMweSIg8LT+rS nl+Pmi4SROWjEPycOfUhcqVII2FJTvxYslGZRfN+pQzLFhrUKfYVJe35ERVyFu7w7TkB jejQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601744; x=1692206544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ig5W7IVmZukpubm43ufz7bJD8pT18xKkNxAjQ1Pkr0Y=; b=By0lx8lj//4w6boV5Pg/x1FIqm5jnqawpVSPDIGM2rtAfKEVmSmJVtkEALpqoxoaGc dpF0d7BUNq9G/1cvdFdqjAbKsnQyj1GnrpH0gQJeL6ZHf+AooSinxt+v1DbyhePVqb82 mOjUPLegq0pKTBXqeHLm602RgxTBvsWCUocL8ETM3zg3wJXhcrDj6RrxR+ShjCva+6xT oexkwQma2Ekkn3QeW9IFav40p51lCPendIhSxJ/h4qmTgqclTI549m4MgZ0EA97ta8T1 J01ArOTYHZ+0VRZW3Q34k9ta4Q9aFjA2ZIGtan5YLghQfJmLGKZahck/7SkZ9kla8YxA 6OSg== X-Gm-Message-State: AOJu0YyG4vVHDRLWWxlFFMgBl3DKvQTMx1FBbFCKyywihZEH2/A8UvOl nNYLVlx/0aDGxahelmBpw0U= X-Google-Smtp-Source: AGHT+IHF2dM6O+3RGI/MhpbY8TsHJ9rMgshnsXOJNM6RF/bnsrz4PjFvxpkpEow4A/lJJULyvYL88A== X-Received: by 2002:a17:90a:c7d2:b0:268:1e95:4e25 with SMTP id gf18-20020a17090ac7d200b002681e954e25mr2680890pjb.17.1691601743953; Wed, 09 Aug 2023 10:22:23 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:23 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 5/7] sign-file: improve help message Date: Wed, 9 Aug 2023 22:52:08 +0530 Message-ID: <20230809172211.343677-6-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Add a proper help message with examples on how to use this tool. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 48 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 0a275256ca16..d3abc5721a7e 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -74,12 +74,43 @@ struct module_signature { static char magic_number[] = "~Module signature appended~\n"; static __attribute__((noreturn)) -void format(void) +void print_usage(void) { - fprintf(stderr, - "Usage: scripts/sign-file [-dp] []\n"); - fprintf(stderr, - " scripts/sign-file -s []\n"); + fprintf(stderr, "Usage: scripts/sign-file [OPTIONS]... [MODULE]...\n"); + fprintf(stderr, "Available options:\n"); + fprintf(stderr, "-h, --help Print this help message and exit\n"); + + fprintf(stderr, "\nOptional args:\n"); + fprintf(stderr, "-s, --rawsig Raw signature\n"); + fprintf(stderr, "-p, --savesig Save signature\n"); + fprintf(stderr, "-d, --signonly Sign only\n"); +#ifndef USE_PKCS7 + fprintf(stderr, "-k, --usekeyid Use key ID\n"); +#endif + fprintf(stderr, "-b, --bulksign Sign modules in bulk\n"); + fprintf(stderr, "-r, --replaceorig Replace original\n"); + fprintf(stderr, "-t, --dest Destination path "); + fprintf(stderr, "(Exclusive with bulk option)\n"); + + fprintf(stderr, "\nMandatory args:\n"); + fprintf(stderr, "-i, --privkey Private key\n"); + fprintf(stderr, "-a, --hashalgo Hash algorithm\n"); + fprintf(stderr, "-x, --x509 X509\n"); + + fprintf(stderr, "\nExamples:\n"); + + fprintf(stderr, "\n Regular signing:\n"); + fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem "); + fprintf(stderr, "-x certs/signing_key.x509 \n"); + + fprintf(stderr, "\n Signing with destination path:\n"); + fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem "); + fprintf(stderr, "-x certs/signing_key.x509 -t \n"); + + fprintf(stderr, "\n Signing modules in bulk:\n"); + fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem "); + fprintf(stderr, "-x certs/signing_key.x509 -b ...\n"); + exit(2); } @@ -281,7 +312,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) #endif case 'h': - format(); + print_usage(); break; case 'i': @@ -312,7 +343,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) break; default: - format(); + print_usage(); break; } } while (opt != -1); @@ -472,6 +503,9 @@ int main(int argc, char **argv) argc -= optind; argv += optind; + if ((opts.bulk_sign && opts.dest_name) || (!opts.bulk_sign && argc != 1)) + print_usage(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); From patchwork Wed Aug 9 17:22:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348257 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93E98C04A94 for ; Wed, 9 Aug 2023 17:22:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233048AbjHIRWf (ORCPT ); Wed, 9 Aug 2023 13:22:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233059AbjHIRWb (ORCPT ); Wed, 9 Aug 2023 13:22:31 -0400 Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CDFB2136; Wed, 9 Aug 2023 10:22:26 -0700 (PDT) Received: by mail-pg1-x536.google.com with SMTP id 41be03b00d2f7-565439b6b3fso74368a12.2; Wed, 09 Aug 2023 10:22:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601745; x=1692206545; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=21IzbhQ2qjGtr356saQ9/OyLk1G9ny5Nf5RhalLfvY4=; b=a6zpV1t5R1NQADr/jZIw4xflFyUDDEs4/PrW1oOsEYv66hRh/k422x3led/2UR7kxh 6K9+LUccbmYVxgXAI9F+Q2b5Wyikw40lGuE3a7ozGyclMa72Nw6WxgC17xt24EhVGiQm +s0S+Y8dzcjQHFV66lZZ7SlY4EH2R5b+d55/WKXpPcwt6iJnHid5bGa1HXv5LGn5zIpM XHMwzwI/Oaxmz2jOy0VnHcLMD0BziK8hBhxK7dqGdevnwWUP0mjwWstRrxO7dFrRel+Z tsChzASA/kUArYAVVmQ2L9o7zdVu/RHzPQB7Zv1nGjMpKd+p+woWXZwUL+r2jJCASrP+ dnJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601745; x=1692206545; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=21IzbhQ2qjGtr356saQ9/OyLk1G9ny5Nf5RhalLfvY4=; b=dfcBRyGtEle7NPq5X8GKa8jOVjlg6L+DQZnOdE61mdcDsCUnOxP3aiMKKR5M3Ib0Ud fKML143C6DbG8hWcwRMTruGTuJU1c9Y159ngYGUmG2W1jnti1rU5gsZgW5QnSAC6kDzZ 6KaBNH1n/+2VA/ngxb7IPtHJ2Jy89L9s9XAMdLX9DHtGmWb+2LzVlIhU5tPj7kErXr0o uHvx7/gdHjbowEjfGOmpVmknWpWqMplPB0K+NYGQ5sVb/dIAYSm7CKftfIOk4wIstSlQ /rEONIuyg93iqSVMB9aIARJrx69J8eAM5uzgQkjUS7vERgr87RGLY2oQ42qcePVS+hdZ hsPg== X-Gm-Message-State: AOJu0Yw167hzKVXcXGHqeQU3Vp2idfdUT9egRU/DNFMPStcSR9p6aEr/ 69a/ed/CuGwZDARkpefcZ7dz8e4ivY4FvA== X-Google-Smtp-Source: AGHT+IHvBwUV6GQxEpE9JPR10Mb4LwY+GRArhzuhC4WOHp0TymnHuJVTiQ83Tuxq8mT2NGFQiZWbOQ== X-Received: by 2002:a17:90b:224b:b0:269:228b:ef6 with SMTP id hk11-20020a17090b224b00b00269228b0ef6mr2609891pjb.32.1691601745560; Wed, 09 Aug 2023 10:22:25 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:25 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 6/7] sign-file: use const with a global string constant Date: Wed, 9 Aug 2023 22:52:09 +0530 Message-ID: <20230809172211.343677-7-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Reported by checkpatch. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index d3abc5721a7e..e8dfbdd3eea3 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -71,7 +71,7 @@ struct module_signature { #define PKEY_ID_PKCS7 2 -static char magic_number[] = "~Module signature appended~\n"; +static const char magic_number[] = "~Module signature appended~\n"; static __attribute__((noreturn)) void print_usage(void) From patchwork Wed Aug 9 17:22:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shreenidhi Shedi X-Patchwork-Id: 13348258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BF76C0015E for ; Wed, 9 Aug 2023 17:22:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232971AbjHIRWn (ORCPT ); Wed, 9 Aug 2023 13:22:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233076AbjHIRWb (ORCPT ); Wed, 9 Aug 2023 13:22:31 -0400 Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B0EA2683; Wed, 9 Aug 2023 10:22:28 -0700 (PDT) Received: by mail-oi1-x22c.google.com with SMTP id 5614622812f47-3a76cbd4bbfso9057b6e.3; Wed, 09 Aug 2023 10:22:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691601747; x=1692206547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HGa/E1EozA1ONh5cNmJYBRSriG6HQN403JbmkXULwlo=; b=QHkxL4RrQNx9OFCHyFpBvsk44awf/Vq6clj94licRmVmCjiBfLy9cpQdUOx9HGPA1o AS9veoNcWrXJsy+wJBJRurQ/z2luyCbWDxJrfPQQrpSyov9+HP2LZZ8LRt5pupuwbwVW LPUGX2gk6DVrH6qJP30yCFAZu/ik4PJfYn4mNUUxcU58HAO4MiY/dFWVOithnvHr+i43 rfvuOtzwlH3NaoL4gdgCryaVJSl8zRasS/12R1b0Jb0qPrz/14ae3gD7koXARt+Tuw4s I36gTT2G9ZHSpGs42n9V1DqUhWa0Dc6Av1xCKgaQF3BH69//oYAKCbt6a5tywhyYMWEY 4WkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691601747; x=1692206547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HGa/E1EozA1ONh5cNmJYBRSriG6HQN403JbmkXULwlo=; b=iN+nxmTUfQjBPBHd/hE6wcRoAc2zsMWthDdUiSdoDT6B20Nz8yLne/yC9JbLVuqNmE Q9G9+PZQavolllKDQJDD6nQCTkVPRDFYyukxrfUZH6mHzRqnCwRt4Prvr+klDgetKV5s S77T8D7G32/IqqX8VlDX7YTMTx9+sqveWZs12PLEdCi28GuEPHVqXIHDehSBnk1h250x YwGVe6USdXexj6YF/Or6W0ttd7rHUjEKxsxyUeFVAzx5saBc5kCLIXtWvBlG18lvixBr O+Y/V8fIQZ0VEQzCr+oxEaVOrosGN84cUbUy/fPhTqW3ftBvAXtiyWmpKvOC8fPjB/f5 6qrA== X-Gm-Message-State: AOJu0YzlekPtBhj00MZPz5wOHv9o5GFAtC1KK/RQLFEobSEs2c/f+tm6 LZp6/skhfnrmezYoFi56Ul8= X-Google-Smtp-Source: AGHT+IGVYM4ayxgJYOFMMrI8a+sb9DiES6iTlzPS37y2LsQJG2LZjievm2hKR9+m5X436P5IfivuQQ== X-Received: by 2002:aca:1c06:0:b0:3a1:e85f:33c3 with SMTP id c6-20020aca1c06000000b003a1e85f33c3mr3190053oic.50.1691601747196; Wed, 09 Aug 2023 10:22:27 -0700 (PDT) Received: from f38.eng.vmware.com ([66.170.99.1]) by smtp.googlemail.com with ESMTPSA id a1-20020a17090abe0100b00268040bbc6asm1739080pjs.4.2023.08.09.10.22.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 10:22:26 -0700 (PDT) From: Shreenidhi Shedi To: dhowells@redhat.com, dwmw2@infradead.org, gregkh@linuxfoundation.org, masahiroy@kernel.org, nathan@kernel.org, ndesaulniers@google.com, nicolas@fjasle.eu Cc: yesshedi@gmail.com, linux-kernel@vger.kernel.org, sshedi@vmware.com, linux-kbuild@vger.kernel.org Subject: [PATCH v9 7/7] sign-file: fix do while styling issue Date: Wed, 9 Aug 2023 22:52:10 +0530 Message-ID: <20230809172211.343677-8-yesshedi@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809172211.343677-1-yesshedi@gmail.com> References: <20230809172211.343677-1-yesshedi@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Reported by checkpatch. Signed-off-by: Shreenidhi Shedi --- scripts/sign-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index e8dfbdd3eea3..0c95275c4564 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -147,7 +147,7 @@ static void drain_openssl_errors(void) if (__cond) { \ errx(1, fmt, ## __VA_ARGS__); \ } \ - } while(0) + } while (0) static const char *key_pass;