Re: [PATCH v7 2/8] sign-file: inntroduce few new flags to make argument processing easy.
From: Masahiro Yamada
Date: Sun Aug 06 2023 - 22:35:48 EST
On Fri, Jun 23, 2023 at 11:54 PM Shreenidhi Shedi <yesshedi@xxxxxxxxx> wrote:
>
> - Add some more options like help, x509, hashalgo to command line args
> - This makes it easy to handle and use command line args wherever needed
>
> Signed-off-by: Shreenidhi Shedi <yesshedi@xxxxxxxxx>
> ---
> scripts/sign-file.c | 63 ++++++++++++++++++++++++++++++++-------------
> 1 file changed, 45 insertions(+), 18 deletions(-)
>
> diff --git a/scripts/sign-file.c b/scripts/sign-file.c
> index 94228865b6cc..b0f340ea629b 100644
> --- a/scripts/sign-file.c
> +++ b/scripts/sign-file.c
> @@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name)
>
> struct cmd_opts {
> char *raw_sig_name;
> + char *hash_algo;
> + char *dest_name;
> + char *private_key_name;
> + char *x509_name;
> + char *module_name;
> bool save_sig;
> bool replace_orig;
> bool raw_sig;
> @@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> #ifndef USE_PKCS7
> {"usekeyid", no_argument, 0, 'k'},
> #endif
> + {"help", no_argument, 0, 'h'},
> + {"privkey", required_argument, 0, 'i'},
> + {"hashalgo", required_argument, 0, 'a'},
> + {"x509", required_argument, 0, 'x'},
> + {"dest", required_argument, 0, 'd'},
> + {"replaceorig", required_argument, 0, 'r'},
> {0, 0, 0, 0}
> };
>
> @@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
>
> do {
> #ifndef USE_PKCS7
> - opt = getopt_long_only(argc, argv, "pds:",
> + opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:",
> cmd_options, &opt_index);
> #else
> - opt = getopt_long_only(argc, argv, "pdks:",
> + opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:",
> cmd_options, &opt_index);
> #endif
> switch (opt) {
> @@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> break;
> #endif
>
> + case 'h':
> + format();
> + break;
> +
> + case 'i':
> + opts->private_key_name = optarg;
> + break;
> +
> + case 'a':
> + opts->hash_algo = optarg;
> + break;
> +
> + case 'x':
> + opts->x509_name = optarg;
> + break;
> +
> + case 't':
> + opts->dest_name = optarg;
> + break;
> +
> + case 'r':
> + opts->replace_orig = true;
> + break;
> +
> case -1:
> break;
>
> @@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> int main(int argc, char **argv)
> {
> struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
> - char *hash_algo = NULL;
> - char *private_key_name = NULL;
> - char *x509_name, *module_name, *dest_name;
> unsigned char buf[4096];
> unsigned long module_size, sig_size;
> unsigned int use_signed_attrs;
> @@ -315,32 +347,27 @@ int main(int argc, char **argv)
> argv += optind;
>
> const char *raw_sig_name = opts.raw_sig_name;
> + const char *hash_algo = opts.hash_algo;
> + const char *private_key_name = opts.private_key_name;
> + const char *x509_name = opts.x509_name;
> + const char *module_name = opts.module_name;
> const bool save_sig = opts.save_sig;
> const bool raw_sig = opts.raw_sig;
> const bool sign_only = opts.sign_only;
> bool replace_orig = opts.replace_orig;
> + char *dest_name = opts.dest_name;
> #ifndef USE_PKCS7
> const unsigned int use_keyid = opts.use_keyid;
> #endif
>
> - if (argc < 4 || argc > 5)
> + if (!argv[0] || argc != 1)
> format();
You are breaking the bisect'ability.
You are turning the positional parameters into options
but not adjusting scripts/Makefile.modinst in the same commit.
masahiro@oscar:~/ref/linux((HEAD detached at 41cb7c94595d))$ make
INSTALL_MOD_PATH=/tmp/modules modules_install
INSTALL /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko
SIGN /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko
Usage: scripts/sign-file [OPTIONS]... [MODULE]...
Available options:
-h, --help Print this help message and exit
Optional args:
-s, --rawsig <sig> Raw signature
-p, --savesig Save signature
-d, --signonly Sign only
-k, --usekeyid Use key ID
-b, --bulksign Sign modules in bulk
-r, --replaceorig Replace original
-t, --dest <dest> Destination path (Exclusive with bulk option)
Mandatory args:
-i, --privkey <key> Private key
-a, --hashalgo <alg> Hash algorithm
-x, --x509 <x509> X509
Examples:
Regular signing:
scripts/sign-file -a sha512 -i certs/signing_key.pem -x
certs/signing_key.x509 <module>
Signing with destination path:
scripts/sign-file -a sha512 -i certs/signing_key.pem -x
certs/signing_key.x509 <module> -t <path>
Signing modules in bulk:
scripts/sign-file -a sha512 -i certs/signing_key.pem -x
certs/signing_key.x509 -b <module1> <module2> ...
make[2]: *** [scripts/Makefile.modinst:87:
/tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko]
Error 2
make[2]: *** Deleting file
'/tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko'
make[1]: *** [/home/masahiro/ref/linux/Makefile:1964: modules_install] Error 2
make: *** [Makefile:234: __sub-make] Error 2
--
Best Regards
Masahiro Yamada