Re: [ PATCH v4 3/6] sign-file: add support sign modules in bulk

From: David Howells
Date: Tue Mar 14 2023 - 12:14:39 EST


Shreenidhi Shedi <yesshedi@xxxxxxxxx> wrote:

> @@ -378,6 +385,16 @@ static int sign_file(int argc, char **argv, struct cmd_opts *opts)
> use_signed_attrs = PKCS7_NOATTR;
> #endif
>
> + for (i = 0; i < argc; i++) {
> + module_name = argv[i];
> +
> + if (bulk_sign) {
> + ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
> + "asprintf");
> + if (!replace_orig)
> + replace_orig = true;
> + }
> +
> /* Open the module file */
> bm = BIO_new_file(module_name, "rb");
> ERR(!bm, "%s", module_name);
> @@ -486,6 +503,7 @@ static int sign_file(int argc, char **argv, struct cmd_opts *opts)
> /* Finally, if we're signing in place, replace the original. */
> if (replace_orig)
> ERR(rename(dest_name, module_name) < 0, "%s", dest_name);
> + }
>
> return 0;
> }

This looks a bit weird (I know the next patch applies the indent). I would
recommend putting the existing part of the loop body into its own function -
say sign_one_file() - and then call that from the loop.

David