* [PATCH v2 1/6] sign-file: refactor argument parsing logic
@ 2023-02-13 18:50 Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 2/6] sign-file: move file signing logic to its own function Shreenidhi Shedi
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
- Use getopt_long_only for parsing input args
- Use more easy to remember command line argument names
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 156 ++++++++++++++++++++++++++++++++++----------
1 file changed, 122 insertions(+), 34 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 598ef5465f82..cf3acbb13013 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -213,15 +213,111 @@ static X509 *read_x509(const char *x509_name)
return x509;
}
+struct cmd_opts {
+ char *hash_algo;
+ char *dest_name;
+ char *private_key_name;
+ char *raw_sig_name;
+ char *x509_name;
+ char *module_name;
+ bool save_sig;
+ bool replace_orig;
+ bool raw_sig;
+ bool sign_only;
+
+#ifndef USE_PKCS7
+ unsigned int use_keyid;
+#endif
+};
+
+void parse_args(int argc, char **argv, struct cmd_opts *opts)
+{
+ struct option cmd_options[] = {
+ /* These options set a flag. */
+ {"help", no_argument, 0, 'h'},
+ {"savesig", no_argument, 0, 's'},
+ {"signonly", no_argument, 0, 'o'},
+#ifndef USE_PKCS7
+ {"usekeyid", no_argument, 0, 'k'},
+#endif
+ {"rawsig", required_argument, 0, 'r'},
+ {"privkey", required_argument, 0, 'p'},
+ {"hashalgo", required_argument, 0, 'a'},
+ {"x509", required_argument, 0, 'x'},
+ {"dest", required_argument, 0, 'd'},
+ {"replaceorig", required_argument, 0, 'l'},
+ {0, 0, 0, 0}
+ };
+
+ int opt;
+ int opt_index = 0;
+
+ do {
+#ifndef USE_PKCS7
+ opt = getopt_long_only(argc, argv, "hsobr:p:a:x:d:l:",
+ cmd_options, &opt_index);
+#else
+ opt = getopt_long_only(argc, argv, "hsobkr:p:a:x:d:l:",
+ cmd_options, &opt_index);
+#endif
+ switch (opt) {
+ case 'h':
+ format();
+ break;
+
+ case 'r':
+ opts->raw_sig = true;
+ opts->raw_sig_name = optarg;
+ break;
+
+ case 's':
+ opts->save_sig = true;
+ break;
+
+ case 'o':
+ opts->sign_only = true;
+ opts->save_sig = true;
+ break;
+
+#ifndef USE_PKCS7
+ case 'k':
+ opts->use_keyid = CMS_USE_KEYID;
+ break;
+#endif
+
+ case 'p':
+ opts->private_key_name = optarg;
+ break;
+
+ case 'a':
+ opts->hash_algo = optarg;
+ break;
+
+ case 'x':
+ opts->x509_name = optarg;
+ break;
+
+ case 'd':
+ opts->dest_name = optarg;
+ break;
+
+ case 'l':
+ opts->replace_orig = true;
+ break;
+
+ case -1:
+ break;
+
+ default:
+ format();
+ break;
+ }
+ } while (opt != -1);
+}
+
int main(int argc, char **argv)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
- char *hash_algo = NULL;
- char *private_key_name = NULL, *raw_sig_name = NULL;
- char *x509_name, *module_name, *dest_name;
- bool save_sig = false, replace_orig;
- bool sign_only = false;
- bool raw_sig = false;
unsigned char buf[4096];
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
@@ -229,13 +325,14 @@ int main(int argc, char **argv)
EVP_PKEY *private_key;
#ifndef USE_PKCS7
CMS_ContentInfo *cms = NULL;
- unsigned int use_keyid = 0;
#else
PKCS7 *pkcs7 = NULL;
#endif
X509 *x509;
BIO *bd, *bm;
- int opt, n;
+ int i, n;
+ struct cmd_opts opts = {0};
+
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
@@ -247,37 +344,29 @@ int main(int argc, char **argv)
#else
use_signed_attrs = PKCS7_NOATTR;
#endif
+ parse_args(argc, argv, &opts);
+ argc -= optind;
+ argv += optind;
+
+ char *hash_algo = opts.hash_algo;
+ char *dest_name = opts.dest_name;
+ char *private_key_name = opts.private_key_name;
+ char *raw_sig_name = opts.raw_sig_name;
+ char *x509_name = opts.x509_name;
+ char *module_name = opts.module_name;
+ bool save_sig = opts.save_sig;
+ bool replace_orig = opts.replace_orig;
+ bool raw_sig = opts.raw_sig;
+ bool sign_only = opts.sign_only;
- do {
- opt = getopt(argc, argv, "sdpk");
- switch (opt) {
- case 's': raw_sig = true; break;
- case 'p': save_sig = true; break;
- case 'd': sign_only = true; save_sig = true; break;
#ifndef USE_PKCS7
- case 'k': use_keyid = CMS_USE_KEYID; break;
+ unsigned int use_keyid = opts.use_keyid;
#endif
- case -1: break;
- default: format();
- }
- } while (opt != -1);
- argc -= optind;
- argv += optind;
- if (argc < 4 || argc > 5)
+ if (!argv[0] || argc != 1)
format();
- if (raw_sig) {
- raw_sig_name = argv[0];
- hash_algo = argv[1];
- } else {
- hash_algo = argv[0];
- private_key_name = argv[1];
- }
- x509_name = argv[2];
- module_name = argv[3];
- if (argc == 5 && strcmp(argv[3], argv[4]) != 0) {
- dest_name = argv[4];
+ if (dest_name && strcmp(argv[0], dest_name)) {
replace_orig = false;
} else {
ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
@@ -292,7 +381,6 @@ int main(int argc, char **argv)
exit(3);
}
#endif
-
/* Open the module file */
bm = BIO_new_file(module_name, "rb");
ERR(!bm, "%s", module_name);
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 2/6] sign-file: move file signing logic to its own function
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
@ 2023-02-13 18:50 ` Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 3/6] sign-file: add support sign modules in bulk Shreenidhi Shedi
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
Keep the main function bare minimal and do less in main function.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 69 +++++++++++++++++++++++++--------------------
1 file changed, 39 insertions(+), 30 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index cf3acbb13013..4732201feb96 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -230,7 +230,7 @@ struct cmd_opts {
#endif
};
-void parse_args(int argc, char **argv, struct cmd_opts *opts)
+static void parse_args(int argc, char **argv, struct cmd_opts *opts)
{
struct option cmd_options[] = {
/* These options set a flag. */
@@ -315,10 +315,10 @@ void parse_args(int argc, char **argv, struct cmd_opts *opts)
} while (opt != -1);
}
-int main(int argc, char **argv)
+int sign_file(int argc, char **argv, struct cmd_opts *opts)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
- unsigned char buf[4096];
+ unsigned char buf[4096] = {0};
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
const EVP_MD *digest_algo;
@@ -331,36 +331,20 @@ int main(int argc, char **argv)
X509 *x509;
BIO *bd, *bm;
int i, n;
- struct cmd_opts opts = {0};
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
- ERR_clear_error();
-
- key_pass = getenv("KBUILD_SIGN_PIN");
+ char *hash_algo = opts->hash_algo;
+ char *dest_name = opts->dest_name;
+ char *private_key_name = opts->private_key_name;
+ char *raw_sig_name = opts->raw_sig_name;
+ char *x509_name = opts->x509_name;
+ char *module_name = opts->module_name;
+ bool save_sig = opts->save_sig;
+ bool replace_orig = opts->replace_orig;
+ bool raw_sig = opts->raw_sig;
+ bool sign_only = opts->sign_only;
#ifndef USE_PKCS7
- use_signed_attrs = CMS_NOATTR;
-#else
- use_signed_attrs = PKCS7_NOATTR;
-#endif
- parse_args(argc, argv, &opts);
- argc -= optind;
- argv += optind;
-
- char *hash_algo = opts.hash_algo;
- char *dest_name = opts.dest_name;
- char *private_key_name = opts.private_key_name;
- char *raw_sig_name = opts.raw_sig_name;
- char *x509_name = opts.x509_name;
- char *module_name = opts.module_name;
- bool save_sig = opts.save_sig;
- bool replace_orig = opts.replace_orig;
- bool raw_sig = opts.raw_sig;
- bool sign_only = opts.sign_only;
-
-#ifndef USE_PKCS7
- unsigned int use_keyid = opts.use_keyid;
+ unsigned int use_keyid = opts->use_keyid;
#endif
if (!argv[0] || argc != 1)
@@ -381,6 +365,19 @@ int main(int argc, char **argv)
exit(3);
}
#endif
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+ ERR_clear_error();
+
+ key_pass = getenv("KBUILD_SIGN_PIN");
+
+#ifndef USE_PKCS7
+ use_signed_attrs = CMS_NOATTR;
+#else
+ use_signed_attrs = PKCS7_NOATTR;
+#endif
+
/* Open the module file */
bm = BIO_new_file(module_name, "rb");
ERR(!bm, "%s", module_name);
@@ -492,3 +489,15 @@ int main(int argc, char **argv)
return 0;
}
+
+int main(int argc, char **argv)
+{
+ struct cmd_opts opts = {0};
+
+ parse_args(argc, argv, &opts);
+
+ argc -= optind;
+ argv += optind;
+
+ return sign_file(argc, argv, &opts);
+}
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 3/6] sign-file: add support sign modules in bulk
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 2/6] sign-file: move file signing logic to its own function Shreenidhi Shedi
@ 2023-02-13 18:50 ` Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 4/6] sign-file: cosmetic fix Shreenidhi Shedi
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
In the existing system, we need to invoke sign-file binary for every
module we want to sign. This patch adds support to give modules in bulk
and it will sign them all one by one.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 4732201feb96..7ad330b47d64 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -224,6 +224,7 @@ struct cmd_opts {
bool replace_orig;
bool raw_sig;
bool sign_only;
+ bool bulk_sign;
#ifndef USE_PKCS7
unsigned int use_keyid;
@@ -237,6 +238,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
{"help", no_argument, 0, 'h'},
{"savesig", no_argument, 0, 's'},
{"signonly", no_argument, 0, 'o'},
+ {"bulksign", no_argument, 0, 'b'},
#ifndef USE_PKCS7
{"usekeyid", no_argument, 0, 'k'},
#endif
@@ -305,6 +307,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
opts->replace_orig = true;
break;
+ case 'b':
+ opts->bulk_sign = true;
+ break;
+
case -1:
break;
@@ -342,12 +348,13 @@ int sign_file(int argc, char **argv, struct cmd_opts *opts)
bool replace_orig = opts->replace_orig;
bool raw_sig = opts->raw_sig;
bool sign_only = opts->sign_only;
+ bool bulk_sign = opts->bulk_sign;
#ifndef USE_PKCS7
unsigned int use_keyid = opts->use_keyid;
#endif
- if (!argv[0] || argc != 1)
+ if ((bulk_sign && dest_name) || (!bulk_sign && argc != 1))
format();
if (dest_name && strcmp(argv[0], dest_name)) {
@@ -378,6 +385,16 @@ int sign_file(int argc, char **argv, struct cmd_opts *opts)
use_signed_attrs = PKCS7_NOATTR;
#endif
+ for (i = 0; i < argc; i++) {
+ module_name = argv[i];
+
+ if (bulk_sign) {
+ ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
+ "asprintf");
+ if (!replace_orig)
+ replace_orig = true;
+ }
+
/* Open the module file */
bm = BIO_new_file(module_name, "rb");
ERR(!bm, "%s", module_name);
@@ -486,6 +503,7 @@ int sign_file(int argc, char **argv, struct cmd_opts *opts)
/* Finally, if we're signing in place, replace the original. */
if (replace_orig)
ERR(rename(dest_name, module_name) < 0, "%s", dest_name);
+ }
return 0;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 4/6] sign-file: cosmetic fix
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 2/6] sign-file: move file signing logic to its own function Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 3/6] sign-file: add support sign modules in bulk Shreenidhi Shedi
@ 2023-02-13 18:50 ` Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 v25/6] sign-file: fix few checkpatch issues Shreenidhi Shedi
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
In the previous patch for adding bulk modules support, this was not done
because it will add a lot to review in one patch.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 174 ++++++++++++++++++++++----------------------
1 file changed, 87 insertions(+), 87 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 7ad330b47d64..b48832d54f45 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -395,114 +395,114 @@ int sign_file(int argc, char **argv, struct cmd_opts *opts)
replace_orig = true;
}
- /* Open the module file */
- bm = BIO_new_file(module_name, "rb");
- ERR(!bm, "%s", module_name);
-
- if (!raw_sig) {
- /* Read the private key and the X.509 cert the PKCS#7 message
- * will point to.
- */
- private_key = read_private_key(private_key_name);
- x509 = read_x509(x509_name);
-
- /* Digest the module data. */
- OpenSSL_add_all_digests();
- display_openssl_errors(__LINE__);
- digest_algo = EVP_get_digestbyname(hash_algo);
- ERR(!digest_algo, "EVP_get_digestbyname");
+ /* Open the module file */
+ bm = BIO_new_file(module_name, "rb");
+ ERR(!bm, "%s", module_name);
+
+ if (!raw_sig) {
+ /* Read the private key and the X.509 cert the PKCS#7 message
+ * will point to.
+ */
+ private_key = read_private_key(private_key_name);
+ x509 = read_x509(x509_name);
+
+ /* Digest the module data. */
+ OpenSSL_add_all_digests();
+ display_openssl_errors(__LINE__);
+ digest_algo = EVP_get_digestbyname(hash_algo);
+ ERR(!digest_algo, "EVP_get_digestbyname");
#ifndef USE_PKCS7
- /* Load the signature message from the digest buffer. */
- cms = CMS_sign(NULL, NULL, NULL, NULL,
- CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY |
- CMS_DETACHED | CMS_STREAM);
- ERR(!cms, "CMS_sign");
-
- ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo,
- CMS_NOCERTS | CMS_BINARY |
- CMS_NOSMIMECAP | use_keyid |
- use_signed_attrs),
- "CMS_add1_signer");
- ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0,
- "CMS_final");
+ /* Load the signature message from the digest buffer. */
+ cms = CMS_sign(NULL, NULL, NULL, NULL,
+ CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY |
+ CMS_DETACHED | CMS_STREAM);
+ ERR(!cms, "CMS_sign");
+
+ ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo,
+ CMS_NOCERTS | CMS_BINARY |
+ CMS_NOSMIMECAP | use_keyid |
+ use_signed_attrs),
+ "CMS_add1_signer");
+ ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0,
+ "CMS_final");
#else
- pkcs7 = PKCS7_sign(x509, private_key, NULL, bm,
- PKCS7_NOCERTS | PKCS7_BINARY |
- PKCS7_DETACHED | use_signed_attrs);
- ERR(!pkcs7, "PKCS7_sign");
+ pkcs7 = PKCS7_sign(x509, private_key, NULL, bm,
+ PKCS7_NOCERTS | PKCS7_BINARY |
+ PKCS7_DETACHED | use_signed_attrs);
+ ERR(!pkcs7, "PKCS7_sign");
#endif
- if (save_sig) {
- char *sig_file_name;
- BIO *b;
+ if (save_sig) {
+ char *sig_file_name;
+ BIO *b;
- ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0,
- "asprintf");
- b = BIO_new_file(sig_file_name, "wb");
- ERR(!b, "%s", sig_file_name);
+ ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0,
+ "asprintf");
+ b = BIO_new_file(sig_file_name, "wb");
+ ERR(!b, "%s", sig_file_name);
#ifndef USE_PKCS7
- ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0,
- "%s", sig_file_name);
+ ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0,
+ "%s", sig_file_name);
#else
- ERR(i2d_PKCS7_bio(b, pkcs7) < 0,
- "%s", sig_file_name);
+ ERR(i2d_PKCS7_bio(b, pkcs7) < 0,
+ "%s", sig_file_name);
#endif
- BIO_free(b);
- }
+ BIO_free(b);
+ }
- if (sign_only) {
- BIO_free(bm);
- return 0;
+ if (sign_only) {
+ BIO_free(bm);
+ return 0;
+ }
}
- }
- /* Open the destination file now so that we can shovel the module data
- * across as we read it.
- */
- bd = BIO_new_file(dest_name, "wb");
- ERR(!bd, "%s", dest_name);
-
- /* Append the marker and the PKCS#7 message to the destination file */
- ERR(BIO_reset(bm) < 0, "%s", module_name);
- while ((n = BIO_read(bm, buf, sizeof(buf))),
- n > 0) {
- ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
- }
- BIO_free(bm);
- ERR(n < 0, "%s", module_name);
- module_size = BIO_number_written(bd);
+ /* Open the destination file now so that we can shovel the module data
+ * across as we read it.
+ */
+ bd = BIO_new_file(dest_name, "wb");
+ ERR(!bd, "%s", dest_name);
- if (!raw_sig) {
+ /* Append the marker and the PKCS#7 message to the destination file */
+ ERR(BIO_reset(bm) < 0, "%s", module_name);
+ while ((n = BIO_read(bm, buf, sizeof(buf))),
+ n > 0) {
+ ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
+ }
+ BIO_free(bm);
+ ERR(n < 0, "%s", module_name);
+ module_size = BIO_number_written(bd);
+
+ if (!raw_sig) {
#ifndef USE_PKCS7
- ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name);
+ ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name);
#else
- ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name);
+ ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name);
#endif
- } else {
- BIO *b;
+ } else {
+ BIO *b;
- /* Read the raw signature file and write the data to the
- * destination file
- */
- b = BIO_new_file(raw_sig_name, "rb");
- ERR(!b, "%s", raw_sig_name);
- while ((n = BIO_read(b, buf, sizeof(buf))), n > 0)
- ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
- BIO_free(b);
- }
+ /* Read the raw signature file and write the data to the
+ * destination file
+ */
+ b = BIO_new_file(raw_sig_name, "rb");
+ ERR(!b, "%s", raw_sig_name);
+ while ((n = BIO_read(b, buf, sizeof(buf))), n > 0)
+ ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
+ BIO_free(b);
+ }
- sig_size = BIO_number_written(bd) - module_size;
- sig_info.sig_len = htonl(sig_size);
- ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
- ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
+ sig_size = BIO_number_written(bd) - module_size;
+ sig_info.sig_len = htonl(sig_size);
+ ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
+ ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
- ERR(BIO_free(bd) < 0, "%s", dest_name);
+ ERR(BIO_free(bd) < 0, "%s", dest_name);
- /* Finally, if we're signing in place, replace the original. */
- if (replace_orig)
- ERR(rename(dest_name, module_name) < 0, "%s", dest_name);
+ /* Finally, if we're signing in place, replace the original. */
+ if (replace_orig)
+ ERR(rename(dest_name, module_name) < 0, "%s", dest_name);
}
return 0;
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 v25/6] sign-file: fix few checkpatch issues
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
` (2 preceding siblings ...)
2023-02-13 18:50 ` [PATCH v2 4/6] sign-file: cosmetic fix Shreenidhi Shedi
@ 2023-02-13 18:50 ` Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 5/6] sign-file: use const with a global string constant Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 6/6] sign-file: improve help message Shreenidhi Shedi
5 siblings, 0 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index b48832d54f45..0729d8df5660 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -71,7 +71,7 @@ struct module_signature {
#define PKEY_ID_PKCS7 2
-static char magic_number[] = "~Module signature appended~\n";
+static const char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
void format(void)
@@ -116,7 +116,7 @@ static void drain_openssl_errors(void)
if (__cond) { \
errx(1, fmt, ## __VA_ARGS__); \
} \
- } while(0)
+ } while (0)
static const char *key_pass;
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 5/6] sign-file: use const with a global string constant
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
` (3 preceding siblings ...)
2023-02-13 18:50 ` [PATCH v2 v25/6] sign-file: fix few checkpatch issues Shreenidhi Shedi
@ 2023-02-13 18:50 ` Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 6/6] sign-file: improve help message Shreenidhi Shedi
5 siblings, 0 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
Fix a space issue (cosmetic)
Both reported by checkpatch.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index b48832d54f45..0729d8df5660 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -71,7 +71,7 @@ struct module_signature {
#define PKEY_ID_PKCS7 2
-static char magic_number[] = "~Module signature appended~\n";
+static const char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
void format(void)
@@ -116,7 +116,7 @@ static void drain_openssl_errors(void)
if (__cond) { \
errx(1, fmt, ## __VA_ARGS__); \
} \
- } while(0)
+ } while (0)
static const char *key_pass;
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 6/6] sign-file: improve help message
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
` (4 preceding siblings ...)
2023-02-13 18:50 ` [PATCH v2 5/6] sign-file: use const with a global string constant Shreenidhi Shedi
@ 2023-02-13 18:50 ` Shreenidhi Shedi
5 siblings, 0 replies; 7+ messages in thread
From: Shreenidhi Shedi @ 2023-02-13 18:50 UTC (permalink / raw)
To: dhowells, dwmw2, gregkh; +Cc: linux-kernel, Shreenidhi Shedi
Add a proper help message with examples on how to use this tool.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
scripts/sign-file.c | 49 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 0729d8df5660..d9499ea5c8cc 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -74,13 +74,44 @@ struct module_signature {
static const char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
-void format(void)
+void print_usage(int retval)
{
- fprintf(stderr,
- "Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n");
- fprintf(stderr,
- " scripts/sign-file -s <raw sig> <hash algo> <x509> <module> [<dest>]\n");
- exit(2);
+ fprintf(stderr, "Usage: scripts/sign-file [OPTIONS]... [MODULE]...\n");
+ fprintf(stderr, "Available options:\n");
+ fprintf(stderr, "-h, --help Print this help message and exit\n");
+
+ fprintf(stderr, "\nOptional args:\n");
+ fprintf(stderr, "-s, --savesig Save signature\n");
+ fprintf(stderr, "-o, --signonly Sign only\n");
+ fprintf(stderr, "-b, --bulksign Sign modules in bulk\n");
+ fprintf(stderr, "-l, --replaceorig Replace original\n");
+#ifndef USE_PKCS7
+ fprintf(stderr, "-k, --usekeyid Use key ID\n");
+#endif
+ fprintf(stderr, "-r, --rawsig <sig> Raw signature\n");
+ fprintf(stderr, "-d, --dest <dest> Destination path ");
+ fprintf(stderr, "(Exclusive with bulk option)\n");
+
+ fprintf(stderr, "\nMandatory args:\n");
+ fprintf(stderr, "-p, --privkey <key> Private key\n");
+ fprintf(stderr, "-a, --hashalgo <alg> Hash algorithm\n");
+ fprintf(stderr, "-x, --x509 <x509> X509\n");
+
+ fprintf(stderr, "\nExamples:\n");
+
+ fprintf(stderr, "\nRegular signing:\n");
+ fprintf(stderr, "scripts/sign-file -a sha512 -p certs/signing_key.pem ");
+ fprintf(stderr, "-x certs/signing_key.x509 <module>\n");
+
+ fprintf(stderr, "\nSigning with destination path:\n");
+ fprintf(stderr, "scripts/sign-file -a sha512 -p certs/signing_key.pem ");
+ fprintf(stderr, "-x certs/signing_key.x509 <module> -d <path>\n");
+
+ fprintf(stderr, "\nSigning modules in bulk:\n");
+ fprintf(stderr, "scripts/sign-file -a sha512 -p certs/signing_key.pem ");
+ fprintf(stderr, "-x certs/signing_key.x509 -b <module1> <module2> ...\n");
+
+ exit(retval);
}
static void display_openssl_errors(int l)
@@ -264,7 +295,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
#endif
switch (opt) {
case 'h':
- format();
+ print_usage(0);
break;
case 'r':
@@ -315,7 +346,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
break;
default:
- format();
+ print_usage(2);
break;
}
} while (opt != -1);
@@ -355,7 +386,7 @@ int sign_file(int argc, char **argv, struct cmd_opts *opts)
#endif
if ((bulk_sign && dest_name) || (!bulk_sign && argc != 1))
- format();
+ print_usage(2);
if (dest_name && strcmp(argv[0], dest_name)) {
replace_orig = false;
--
2.39.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-02-13 18:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-13 18:50 [PATCH v2 1/6] sign-file: refactor argument parsing logic Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 2/6] sign-file: move file signing logic to its own function Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 3/6] sign-file: add support sign modules in bulk Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 4/6] sign-file: cosmetic fix Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 v25/6] sign-file: fix few checkpatch issues Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 5/6] sign-file: use const with a global string constant Shreenidhi Shedi
2023-02-13 18:50 ` [PATCH v2 6/6] sign-file: improve help message Shreenidhi Shedi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).