* [PATCH v5 0/7] refactor file signing program
@ 2023-03-20 18:43 Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 Shreenidhi Shedi
` (9 more replies)
0 siblings, 10 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
This patch series refactors the sign-file program, like:
- Improve argument parsing logic.
- Add few more easy to remember arguments.
- Add support to sign bunch of modules at once.
- Improve the help message with examples.
- Few trivial checkpatch reported issue fixes.
Version 5 changes:
- Addressed review comments from David Howells.
- Framgmented the patches into further small units.
Link:
v4: https://lore.kernel.org/all/20230221170804.3267242-1-yesshedi@gmail.com/
Version 1 - Version 4 changes:
Did some back and forth changes. Getting familiar with patch submission
process, nothing significant happened.
Links:
v1: https://lore.kernel.org/all/dc852d8e-816a-0fb2-f50e-ff6c2aa11dd8@gmail.com/
v2: https://lore.kernel.org/all/20230213185019.56902-1-yesshedi@gmail.com/
v3: https://lore.kernel.org/all/20230213190034.57097-1-yesshedi@gmail.com/
Shreenidhi Shedi (7):
sign-file: refactor argument parsing logic - 1
sign-file: refactor argument parsing logic - 2
sign-file: refactor argument parsing logic - 3
sign-file: add support to sign modules in bulk
sign-file: improve help message
sign-file: use const with a global string constant
sign-file: fix do while styling issue
scripts/sign-file.c | 292 +++++++++++++++++++++++++++++++-------------
1 file changed, 209 insertions(+), 83 deletions(-)
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 2/7] sign-file: refactor argument parsing logic - 2 Shreenidhi Shedi
` (8 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
- Use getopt_long_only for parsing input args
- Use more easy to remember command line argument names
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 97 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 78 insertions(+), 19 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 598ef5465f82..94228865b6cc 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -213,15 +213,77 @@ static X509 *read_x509(const char *x509_name)
return x509;
}
+struct cmd_opts {
+ char *raw_sig_name;
+ bool save_sig;
+ bool replace_orig;
+ bool raw_sig;
+ bool sign_only;
+#ifndef USE_PKCS7
+ unsigned int use_keyid;
+#endif
+};
+
+static void parse_args(int argc, char **argv, struct cmd_opts *opts)
+{
+ struct option cmd_options[] = {
+ {"rawsig", required_argument, 0, 's'},
+ {"savesig", no_argument, 0, 'p'},
+ {"signonly", no_argument, 0, 'd'},
+#ifndef USE_PKCS7
+ {"usekeyid", no_argument, 0, 'k'},
+#endif
+ {0, 0, 0, 0}
+ };
+
+ int opt;
+ int opt_index = 0;
+
+ do {
+#ifndef USE_PKCS7
+ opt = getopt_long_only(argc, argv, "pds:",
+ cmd_options, &opt_index);
+#else
+ opt = getopt_long_only(argc, argv, "pdks:",
+ cmd_options, &opt_index);
+#endif
+ switch (opt) {
+ case 's':
+ opts->raw_sig = true;
+ opts->raw_sig_name = optarg;
+ break;
+
+ case 'p':
+ opts->save_sig = true;
+ break;
+
+ case 'd':
+ opts->sign_only = true;
+ opts->save_sig = true;
+ break;
+
+#ifndef USE_PKCS7
+ case 'k':
+ opts->use_keyid = CMS_USE_KEYID;
+ break;
+#endif
+
+ case -1:
+ break;
+
+ default:
+ format();
+ break;
+ }
+ } while (opt != -1);
+}
+
int main(int argc, char **argv)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
char *hash_algo = NULL;
- char *private_key_name = NULL, *raw_sig_name = NULL;
+ char *private_key_name = NULL;
char *x509_name, *module_name, *dest_name;
- bool save_sig = false, replace_orig;
- bool sign_only = false;
- bool raw_sig = false;
unsigned char buf[4096];
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
@@ -229,13 +291,14 @@ int main(int argc, char **argv)
EVP_PKEY *private_key;
#ifndef USE_PKCS7
CMS_ContentInfo *cms = NULL;
- unsigned int use_keyid = 0;
#else
PKCS7 *pkcs7 = NULL;
#endif
X509 *x509;
BIO *bd, *bm;
- int opt, n;
+ int n;
+ struct cmd_opts opts = {};
+
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
@@ -247,23 +310,19 @@ int main(int argc, char **argv)
#else
use_signed_attrs = PKCS7_NOATTR;
#endif
+ parse_args(argc, argv, &opts);
+ argc -= optind;
+ argv += optind;
- do {
- opt = getopt(argc, argv, "sdpk");
- switch (opt) {
- case 's': raw_sig = true; break;
- case 'p': save_sig = true; break;
- case 'd': sign_only = true; save_sig = true; break;
+ const char *raw_sig_name = opts.raw_sig_name;
+ const bool save_sig = opts.save_sig;
+ const bool raw_sig = opts.raw_sig;
+ const bool sign_only = opts.sign_only;
+ bool replace_orig = opts.replace_orig;
#ifndef USE_PKCS7
- case 'k': use_keyid = CMS_USE_KEYID; break;
+ const unsigned int use_keyid = opts.use_keyid;
#endif
- case -1: break;
- default: format();
- }
- } while (opt != -1);
- argc -= optind;
- argv += optind;
if (argc < 4 || argc > 5)
format();
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 2/7] sign-file: refactor argument parsing logic - 2
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 3/7] sign-file: refactor argument parsing logic - 3 Shreenidhi Shedi
` (7 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
Introduce few new flags to make argument processing easy.
Also makes it easy to remember the options.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 63 ++++++++++++++++++++++++++++++++-------------
1 file changed, 45 insertions(+), 18 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 94228865b6cc..b0f340ea629b 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name)
struct cmd_opts {
char *raw_sig_name;
+ char *hash_algo;
+ char *dest_name;
+ char *private_key_name;
+ char *x509_name;
+ char *module_name;
bool save_sig;
bool replace_orig;
bool raw_sig;
@@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
#ifndef USE_PKCS7
{"usekeyid", no_argument, 0, 'k'},
#endif
+ {"help", no_argument, 0, 'h'},
+ {"privkey", required_argument, 0, 'i'},
+ {"hashalgo", required_argument, 0, 'a'},
+ {"x509", required_argument, 0, 'x'},
+ {"dest", required_argument, 0, 'd'},
+ {"replaceorig", required_argument, 0, 'r'},
{0, 0, 0, 0}
};
@@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
do {
#ifndef USE_PKCS7
- opt = getopt_long_only(argc, argv, "pds:",
+ opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:",
cmd_options, &opt_index);
#else
- opt = getopt_long_only(argc, argv, "pdks:",
+ opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:",
cmd_options, &opt_index);
#endif
switch (opt) {
@@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
break;
#endif
+ case 'h':
+ format();
+ break;
+
+ case 'i':
+ opts->private_key_name = optarg;
+ break;
+
+ case 'a':
+ opts->hash_algo = optarg;
+ break;
+
+ case 'x':
+ opts->x509_name = optarg;
+ break;
+
+ case 't':
+ opts->dest_name = optarg;
+ break;
+
+ case 'r':
+ opts->replace_orig = true;
+ break;
+
case -1:
break;
@@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
int main(int argc, char **argv)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
- char *hash_algo = NULL;
- char *private_key_name = NULL;
- char *x509_name, *module_name, *dest_name;
unsigned char buf[4096];
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
@@ -315,32 +347,27 @@ int main(int argc, char **argv)
argv += optind;
const char *raw_sig_name = opts.raw_sig_name;
+ const char *hash_algo = opts.hash_algo;
+ const char *private_key_name = opts.private_key_name;
+ const char *x509_name = opts.x509_name;
+ const char *module_name = opts.module_name;
const bool save_sig = opts.save_sig;
const bool raw_sig = opts.raw_sig;
const bool sign_only = opts.sign_only;
bool replace_orig = opts.replace_orig;
+ char *dest_name = opts.dest_name;
#ifndef USE_PKCS7
const unsigned int use_keyid = opts.use_keyid;
#endif
- if (argc < 4 || argc > 5)
+ if (!argv[0] || argc != 1)
format();
- if (raw_sig) {
- raw_sig_name = argv[0];
- hash_algo = argv[1];
- } else {
- hash_algo = argv[0];
- private_key_name = argv[1];
- }
- x509_name = argv[2];
- module_name = argv[3];
- if (argc == 5 && strcmp(argv[3], argv[4]) != 0) {
- dest_name = argv[4];
+ if (dest_name && strcmp(argv[0], dest_name)) {
replace_orig = false;
} else {
ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
- "asprintf");
+ "asprintf");
replace_orig = true;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 3/7] sign-file: refactor argument parsing logic - 3
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 2/7] sign-file: refactor argument parsing logic - 2 Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 4/7] sign-file: add support to sign modules in bulk Shreenidhi Shedi
` (6 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
Move file signing logic to its own function
Keep the main function bare minimal and do less in main function.
This patch is pre-work for bulk module signing support.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 115 +++++++++++++++++++++-----------------------
1 file changed, 54 insertions(+), 61 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index b0f340ea629b..64d5e00f08e2 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -313,10 +313,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
} while (opt != -1);
}
-int main(int argc, char **argv)
+static int sign_single_file(struct cmd_opts *opts)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
- unsigned char buf[4096];
+ unsigned char buf[4096] = {};
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
const EVP_MD *digest_algo;
@@ -329,11 +329,6 @@ int main(int argc, char **argv)
X509 *x509;
BIO *bd, *bm;
int n;
- struct cmd_opts opts = {};
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
- ERR_clear_error();
key_pass = getenv("KBUILD_SIGN_PIN");
@@ -342,34 +337,6 @@ int main(int argc, char **argv)
#else
use_signed_attrs = PKCS7_NOATTR;
#endif
- parse_args(argc, argv, &opts);
- argc -= optind;
- argv += optind;
-
- const char *raw_sig_name = opts.raw_sig_name;
- const char *hash_algo = opts.hash_algo;
- const char *private_key_name = opts.private_key_name;
- const char *x509_name = opts.x509_name;
- const char *module_name = opts.module_name;
- const bool save_sig = opts.save_sig;
- const bool raw_sig = opts.raw_sig;
- const bool sign_only = opts.sign_only;
- bool replace_orig = opts.replace_orig;
- char *dest_name = opts.dest_name;
-#ifndef USE_PKCS7
- const unsigned int use_keyid = opts.use_keyid;
-#endif
-
- if (!argv[0] || argc != 1)
- format();
-
- if (dest_name && strcmp(argv[0], dest_name)) {
- replace_orig = false;
- } else {
- ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
- "asprintf");
- replace_orig = true;
- }
#ifdef USE_PKCS7
if (strcmp(hash_algo, "sha1") != 0) {
@@ -380,20 +347,20 @@ int main(int argc, char **argv)
#endif
/* Open the module file */
- bm = BIO_new_file(module_name, "rb");
- ERR(!bm, "%s", module_name);
+ bm = BIO_new_file(opts->module_name, "rb");
+ ERR(!bm, "%s", opts->module_name);
- if (!raw_sig) {
+ if (!opts->raw_sig) {
/* Read the private key and the X.509 cert the PKCS#7 message
* will point to.
*/
- private_key = read_private_key(private_key_name);
- x509 = read_x509(x509_name);
+ private_key = read_private_key(opts->private_key_name);
+ x509 = read_x509(opts->x509_name);
/* Digest the module data. */
OpenSSL_add_all_digests();
display_openssl_errors(__LINE__);
- digest_algo = EVP_get_digestbyname(hash_algo);
+ digest_algo = EVP_get_digestbyname(opts->hash_algo);
ERR(!digest_algo, "EVP_get_digestbyname");
#ifndef USE_PKCS7
@@ -405,7 +372,7 @@ int main(int argc, char **argv)
ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo,
CMS_NOCERTS | CMS_BINARY |
- CMS_NOSMIMECAP | use_keyid |
+ CMS_NOSMIMECAP | opts->use_keyid |
use_signed_attrs),
"CMS_add1_signer");
ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0,
@@ -418,11 +385,11 @@ int main(int argc, char **argv)
ERR(!pkcs7, "PKCS7_sign");
#endif
- if (save_sig) {
+ if (opts->save_sig) {
char *sig_file_name;
BIO *b;
- ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0,
+ ERR(asprintf(&sig_file_name, "%s.p7s", opts->module_name) < 0,
"asprintf");
b = BIO_new_file(sig_file_name, "wb");
ERR(!b, "%s", sig_file_name);
@@ -436,7 +403,7 @@ int main(int argc, char **argv)
BIO_free(b);
}
- if (sign_only) {
+ if (opts->sign_only) {
BIO_free(bm);
return 0;
}
@@ -445,24 +412,24 @@ int main(int argc, char **argv)
/* Open the destination file now so that we can shovel the module data
* across as we read it.
*/
- bd = BIO_new_file(dest_name, "wb");
- ERR(!bd, "%s", dest_name);
+ bd = BIO_new_file(opts->dest_name, "wb");
+ ERR(!bd, "%s", opts->dest_name);
/* Append the marker and the PKCS#7 message to the destination file */
- ERR(BIO_reset(bm) < 0, "%s", module_name);
+ ERR(BIO_reset(bm) < 0, "%s", opts->module_name);
while ((n = BIO_read(bm, buf, sizeof(buf))),
n > 0) {
- ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
+ ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name);
}
BIO_free(bm);
- ERR(n < 0, "%s", module_name);
+ ERR(n < 0, "%s", opts->module_name);
module_size = BIO_number_written(bd);
- if (!raw_sig) {
+ if (!opts->raw_sig) {
#ifndef USE_PKCS7
- ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name);
+ ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", opts->dest_name);
#else
- ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name);
+ ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", opts->dest_name);
#endif
} else {
BIO *b;
@@ -470,23 +437,49 @@ int main(int argc, char **argv)
/* Read the raw signature file and write the data to the
* destination file
*/
- b = BIO_new_file(raw_sig_name, "rb");
- ERR(!b, "%s", raw_sig_name);
+ b = BIO_new_file(opts->raw_sig_name, "rb");
+ ERR(!b, "%s", opts->raw_sig_name);
while ((n = BIO_read(b, buf, sizeof(buf))), n > 0)
- ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name);
+ ERR(BIO_write(bd, buf, n) < 0, "%s", opts->dest_name);
BIO_free(b);
}
sig_size = BIO_number_written(bd) - module_size;
sig_info.sig_len = htonl(sig_size);
- ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
- ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
+ ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", opts->dest_name);
+ ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", opts->dest_name);
- ERR(BIO_free(bd) < 0, "%s", dest_name);
+ ERR(BIO_free(bd) < 0, "%s", opts->dest_name);
/* Finally, if we're signing in place, replace the original. */
- if (replace_orig)
- ERR(rename(dest_name, module_name) < 0, "%s", dest_name);
+ if (opts->replace_orig)
+ ERR(rename(opts->dest_name, opts->module_name) < 0, "%s", opts->dest_name);
return 0;
}
+
+int main(int argc, char **argv)
+{
+ struct cmd_opts opts = {};
+
+ parse_args(argc, argv, &opts);
+ argc -= optind;
+ argv += optind;
+
+ if (!argv[0] || argc != 1)
+ format();
+
+ if (opts.dest_name && strcmp(argv[0], opts.dest_name)) {
+ opts.replace_orig = false;
+ } else {
+ ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0,
+ "asprintf");
+ opts.replace_orig = true;
+ }
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+ ERR_clear_error();
+
+ return sign_single_file(&opts);
+}
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 4/7] sign-file: add support to sign modules in bulk
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (2 preceding siblings ...)
2023-03-20 18:43 ` [PATCH v5 3/7] sign-file: refactor argument parsing logic - 3 Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 5/7] sign-file: improve help message Shreenidhi Shedi
` (5 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
In the existing system, we need to invoke sign-file binary for every
module we want to sign. This patch adds support to give modules list
in bulk and it will sign them all one by one.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 41 +++++++++++++++++++++++++++--------------
1 file changed, 27 insertions(+), 14 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 64d5e00f08e2..0a275256ca16 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -224,6 +224,7 @@ struct cmd_opts {
bool replace_orig;
bool raw_sig;
bool sign_only;
+ bool bulk_sign;
#ifndef USE_PKCS7
unsigned int use_keyid;
#endif
@@ -252,10 +253,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
do {
#ifndef USE_PKCS7
- opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:",
+ opt = getopt_long_only(argc, argv, "hpdbs:i:a:x:t:r:",
cmd_options, &opt_index);
#else
- opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:",
+ opt = getopt_long_only(argc, argv, "hpdkbs:i:a:x:t:r:",
cmd_options, &opt_index);
#endif
switch (opt) {
@@ -303,6 +304,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
opts->replace_orig = true;
break;
+ case 'b':
+ opts->bulk_sign = true;
+ break;
+
case -1:
break;
@@ -460,26 +465,34 @@ static int sign_single_file(struct cmd_opts *opts)
int main(int argc, char **argv)
{
+ int i;
struct cmd_opts opts = {};
parse_args(argc, argv, &opts);
argc -= optind;
argv += optind;
- if (!argv[0] || argc != 1)
- format();
-
- if (opts.dest_name && strcmp(argv[0], opts.dest_name)) {
- opts.replace_orig = false;
- } else {
- ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0,
- "asprintf");
- opts.replace_orig = true;
- }
-
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
- return sign_single_file(&opts);
+ for (i = 0; i < argc; ++i) {
+ opts.module_name = argv[i];
+
+ if (!opts.bulk_sign && opts.dest_name && strcmp(argv[i], opts.dest_name)) {
+ opts.replace_orig = false;
+ } else {
+ ERR(asprintf(&opts.dest_name, "%s.~signed~", opts.module_name) < 0,
+ "asprintf");
+ if (!opts.replace_orig)
+ opts.replace_orig = true;
+ }
+
+ if (sign_single_file(&opts)) {
+ fprintf(stderr, "Failed to sign: %s module\n", opts.module_name);
+ return -1;
+ }
+ }
+
+ return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 5/7] sign-file: improve help message
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (3 preceding siblings ...)
2023-03-20 18:43 ` [PATCH v5 4/7] sign-file: add support to sign modules in bulk Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 6/7] sign-file: use const with a global string constant Shreenidhi Shedi
` (4 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
Add a proper help message with examples on how to use this tool.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 48 ++++++++++++++++++++++++++++++++++++++-------
1 file changed, 41 insertions(+), 7 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 0a275256ca16..d3abc5721a7e 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -74,12 +74,43 @@ struct module_signature {
static char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
-void format(void)
+void print_usage(void)
{
- fprintf(stderr,
- "Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n");
- fprintf(stderr,
- " scripts/sign-file -s <raw sig> <hash algo> <x509> <module> [<dest>]\n");
+ fprintf(stderr, "Usage: scripts/sign-file [OPTIONS]... [MODULE]...\n");
+ fprintf(stderr, "Available options:\n");
+ fprintf(stderr, "-h, --help Print this help message and exit\n");
+
+ fprintf(stderr, "\nOptional args:\n");
+ fprintf(stderr, "-s, --rawsig <sig> Raw signature\n");
+ fprintf(stderr, "-p, --savesig Save signature\n");
+ fprintf(stderr, "-d, --signonly Sign only\n");
+#ifndef USE_PKCS7
+ fprintf(stderr, "-k, --usekeyid Use key ID\n");
+#endif
+ fprintf(stderr, "-b, --bulksign Sign modules in bulk\n");
+ fprintf(stderr, "-r, --replaceorig Replace original\n");
+ fprintf(stderr, "-t, --dest <dest> Destination path ");
+ fprintf(stderr, "(Exclusive with bulk option)\n");
+
+ fprintf(stderr, "\nMandatory args:\n");
+ fprintf(stderr, "-i, --privkey <key> Private key\n");
+ fprintf(stderr, "-a, --hashalgo <alg> Hash algorithm\n");
+ fprintf(stderr, "-x, --x509 <x509> X509\n");
+
+ fprintf(stderr, "\nExamples:\n");
+
+ fprintf(stderr, "\n Regular signing:\n");
+ fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem ");
+ fprintf(stderr, "-x certs/signing_key.x509 <module>\n");
+
+ fprintf(stderr, "\n Signing with destination path:\n");
+ fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem ");
+ fprintf(stderr, "-x certs/signing_key.x509 <module> -t <path>\n");
+
+ fprintf(stderr, "\n Signing modules in bulk:\n");
+ fprintf(stderr, " scripts/sign-file -a sha512 -i certs/signing_key.pem ");
+ fprintf(stderr, "-x certs/signing_key.x509 -b <module1> <module2> ...\n");
+
exit(2);
}
@@ -281,7 +312,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
#endif
case 'h':
- format();
+ print_usage();
break;
case 'i':
@@ -312,7 +343,7 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
break;
default:
- format();
+ print_usage();
break;
}
} while (opt != -1);
@@ -472,6 +503,9 @@ int main(int argc, char **argv)
argc -= optind;
argv += optind;
+ if ((opts.bulk_sign && opts.dest_name) || (!opts.bulk_sign && argc != 1))
+ print_usage();
+
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 6/7] sign-file: use const with a global string constant
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (4 preceding siblings ...)
2023-03-20 18:43 ` [PATCH v5 5/7] sign-file: improve help message Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 7/7] sign-file: fix do while styling issue Shreenidhi Shedi
` (3 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
Reported by checkpatch.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index d3abc5721a7e..e8dfbdd3eea3 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -71,7 +71,7 @@ struct module_signature {
#define PKEY_ID_PKCS7 2
-static char magic_number[] = "~Module signature appended~\n";
+static const char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
void print_usage(void)
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 7/7] sign-file: fix do while styling issue
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (5 preceding siblings ...)
2023-03-20 18:43 ` [PATCH v5 6/7] sign-file: use const with a global string constant Shreenidhi Shedi
@ 2023-03-20 18:43 ` Shreenidhi Shedi
2023-03-20 18:49 ` [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (2 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:43 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
Reported by checkpatch.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index e8dfbdd3eea3..0c95275c4564 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -147,7 +147,7 @@ static void drain_openssl_errors(void)
if (__cond) { \
errx(1, fmt, ## __VA_ARGS__); \
} \
- } while(0)
+ } while (0)
static const char *key_pass;
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v5 0/7] refactor file signing program
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (6 preceding siblings ...)
2023-03-20 18:43 ` [PATCH v5 7/7] sign-file: fix do while styling issue Shreenidhi Shedi
@ 2023-03-20 18:49 ` Shreenidhi Shedi
2023-03-21 7:00 ` Greg KH
2023-03-21 7:04 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 David Howells
9 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 18:49 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: linux-kernel, sshedi
On Tue, 21-Mar-2023 00:13, Shreenidhi Shedi wrote:
> From: Shreenidhi Shedi <yesshedi@gmail.com>
>
> This patch series refactors the sign-file program, like:
>
> - Improve argument parsing logic.
> - Add few more easy to remember arguments.
> - Add support to sign bunch of modules at once.
> - Improve the help message with examples.
> - Few trivial checkpatch reported issue fixes.
>
> Version 5 changes:
> - Addressed review comments from David Howells.
> - Framgmented the patches into further small units.
> Link:
> v4: https://lore.kernel.org/all/20230221170804.3267242-1-yesshedi@gmail.com/
>
> Version 1 - Version 4 changes:
> Did some back and forth changes. Getting familiar with patch submission
> process, nothing significant happened.
>
> Links:
> v1: https://lore.kernel.org/all/dc852d8e-816a-0fb2-f50e-ff6c2aa11dd8@gmail.com/
> v2: https://lore.kernel.org/all/20230213185019.56902-1-yesshedi@gmail.com/
> v3: https://lore.kernel.org/all/20230213190034.57097-1-yesshedi@gmail.com/
>
> Shreenidhi Shedi (7):
> sign-file: refactor argument parsing logic - 1
> sign-file: refactor argument parsing logic - 2
> sign-file: refactor argument parsing logic - 3
> sign-file: add support to sign modules in bulk
> sign-file: improve help message
> sign-file: use const with a global string constant
> sign-file: fix do while styling issue
>
> scripts/sign-file.c | 292 +++++++++++++++++++++++++++++++-------------
> 1 file changed, 209 insertions(+), 83 deletions(-)
>
> --
> 2.39.2
Hi David,
Please review this change. I missed to add cover letter in my previous
mail series. Apologies.
--
Shedi
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 0/7] refactor file signing program
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (7 preceding siblings ...)
2023-03-20 18:49 ` [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
@ 2023-03-21 7:00 ` Greg KH
2023-03-21 7:04 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 David Howells
9 siblings, 0 replies; 13+ messages in thread
From: Greg KH @ 2023-03-21 7:00 UTC (permalink / raw)
To: Shreenidhi Shedi; +Cc: dhowells, dwmw2, linux-kernel, sshedi
On Tue, Mar 21, 2023 at 12:13:38AM +0530, Shreenidhi Shedi wrote:
> From: Shreenidhi Shedi <yesshedi@gmail.com>
>
> This patch series refactors the sign-file program, like:
>
> - Improve argument parsing logic.
> - Add few more easy to remember arguments.
> - Add support to sign bunch of modules at once.
> - Improve the help message with examples.
> - Few trivial checkpatch reported issue fixes.
>
> Version 5 changes:
> - Addressed review comments from David Howells.
> - Framgmented the patches into further small units.
> Link:
> v4: https://lore.kernel.org/all/20230221170804.3267242-1-yesshedi@gmail.com/
>
> Version 1 - Version 4 changes:
> Did some back and forth changes. Getting familiar with patch submission
> process, nothing significant happened.
>
> Links:
> v1: https://lore.kernel.org/all/dc852d8e-816a-0fb2-f50e-ff6c2aa11dd8@gmail.com/
> v2: https://lore.kernel.org/all/20230213185019.56902-1-yesshedi@gmail.com/
> v3: https://lore.kernel.org/all/20230213190034.57097-1-yesshedi@gmail.com/
>
> Shreenidhi Shedi (7):
> sign-file: refactor argument parsing logic - 1
> sign-file: refactor argument parsing logic - 2
> sign-file: refactor argument parsing logic - 3
"1 2 3" are not good ways to write changelog summaries, sorry. Please
explain things better, or split them up into more logical and smaller
pieces.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
` (8 preceding siblings ...)
2023-03-21 7:00 ` Greg KH
@ 2023-03-21 7:04 ` David Howells
2023-03-21 19:50 ` Shreenidhi Shedi
9 siblings, 1 reply; 13+ messages in thread
From: David Howells @ 2023-03-21 7:04 UTC (permalink / raw)
To: Shreenidhi Shedi; +Cc: dhowells, gregkh, dwmw2, linux-kernel, sshedi
Shreenidhi Shedi <yesshedi@gmail.com> wrote:
> - Use getopt_long_only for parsing input args
To Greg's point, this should probably be the subject line of this patch. In
the body you need to explain why/what the point is, which:
> - Use more easy to remember command line argument names
might be part of.
David
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1
2023-03-21 7:04 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 David Howells
@ 2023-03-21 19:50 ` Shreenidhi Shedi
0 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-21 19:50 UTC (permalink / raw)
To: David Howells; +Cc: gregkh, dwmw2, linux-kernel, sshedi
On Tue, 21-Mar-2023 12:34, David Howells wrote:
> Shreenidhi Shedi <yesshedi@gmail.com> wrote:
>
>> - Use getopt_long_only for parsing input args
>
> To Greg's point, this should probably be the subject line of this patch. In
> the body you need to explain why/what the point is, which:
>
>> - Use more easy to remember command line argument names
>
> might be part of.
>
> David
>
Hi Greg & David,
Thanks for your time and patience. I have tried addressing your concerns
in v6, hoping that I have got it right this time :)
--
Shedi
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 6/7] sign-file: use const with a global string constant
2023-03-20 17:57 Shreenidhi Shedi
@ 2023-03-20 17:57 ` Shreenidhi Shedi
0 siblings, 0 replies; 13+ messages in thread
From: Shreenidhi Shedi @ 2023-03-20 17:57 UTC (permalink / raw)
To: gregkh, dhowells, dwmw2; +Cc: yesshedi, linux-kernel, sshedi
From: Shreenidhi Shedi <yesshedi@gmail.com>
Reported by checkpatch.
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index d3abc5721a7e..e8dfbdd3eea3 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -71,7 +71,7 @@ struct module_signature {
#define PKEY_ID_PKCS7 2
-static char magic_number[] = "~Module signature appended~\n";
+static const char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
void print_usage(void)
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2023-03-21 19:51 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-20 18:43 [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 2/7] sign-file: refactor argument parsing logic - 2 Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 3/7] sign-file: refactor argument parsing logic - 3 Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 4/7] sign-file: add support to sign modules in bulk Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 5/7] sign-file: improve help message Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 6/7] sign-file: use const with a global string constant Shreenidhi Shedi
2023-03-20 18:43 ` [PATCH v5 7/7] sign-file: fix do while styling issue Shreenidhi Shedi
2023-03-20 18:49 ` [PATCH v5 0/7] refactor file signing program Shreenidhi Shedi
2023-03-21 7:00 ` Greg KH
2023-03-21 7:04 ` [PATCH v5 1/7] sign-file: refactor argument parsing logic - 1 David Howells
2023-03-21 19:50 ` Shreenidhi Shedi
-- strict thread matches above, loose matches on Subject: below --
2023-03-20 17:57 Shreenidhi Shedi
2023-03-20 17:57 ` [PATCH v5 6/7] sign-file: use const with a global string constant Shreenidhi Shedi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).