sbsigntools

Author	SHA1	Message	Date
Jeremy Kerr	8a55df5e96	image: always parse image regions Rather than only calling image_find_regions when we want to sign or verify image, call it when the image is loaded. We'll want to use the parse data later, which will require it to be present on all instances of an image. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-13 15:05:12 +08:00
Jeremy Kerr	d19b993024	fileio: Unify key & cert loading Rather than duplicating the key & certificate loading in each tool, unify it in a fileio object. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-03 10:36:38 +08:00
Jeremy Kerr	d27647ba69	image: add functions to add and remove signatures Rather than setting ->sigbuf directly, add two functions to handle image signature addition and removal: image_add_signature(image, sig, sigsize); image_remove_signature(image); And warn when a signature is to be overwritten. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-03 10:03:14 +08:00
Jeremy Kerr	5dc7b4c370	license: Add OpenSSL exception to GPLv3 terms We're using OpenSSL, so need to grant binary distrbutors permission to link with it. Cleared with current contributors. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-28 15:06:31 +08:00
Jeremy Kerr	81d7825c98	sbsign: handle errors from PKCS7_sign_add_signer() Rather than causing a segfault (si == NULL), report an error and exit. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-28 10:18:08 +08:00
James Bottomley	8f8939d9bb	sbsign: fix failure to sign when key is password protected The current incarnation of sbsign doesn't all all ciphers to OpenSSL meaning that if the private key is encrypted, it can't decrypt it and instead it returns the unhelpful error message error reading private key ../certs/PK.key Fix this by adding all ciphers before trying to read the private key. Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-27 12:23:54 +08:00
Jeremy Kerr	376974e386	image: Unconditionally parse PE/COFF data Rather than requiring an explicit image_pecoff_parse, do it unconditionally in image_load. We don't have any instances where we need to do this separately. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 17:39:34 +08:00
Jeremy Kerr	be7559abfe	image: Add facility to write unsigned images Change image_write_signed to image_write, and conditionally write the signature if one is present. This will allow us to write unsigned images when detaching a sig from an image. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-12 10:19:08 +08:00
Jeremy Kerr	a8f1453a53	sbsign,sbverify: Update getopt_long optstrings The optstrings for sbsign and sbverify are out of sync with the long options, this change brings them up to date. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 19:49:28 +08:00
Jeremy Kerr	3c9815acc6	sbsign: Add --detached option to create detached PKCS7 signatures Add an option (--detached) to sbsign, which creates a detached signature, rather than embedding it in the PE/COFF signature table. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 15:59:48 +08:00
Jeremy Kerr	f98a885cfa	sbsign: fix flag for verbose operation Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 14:54:57 +08:00
Jeremy Kerr	fcf3cdf70a	sbsign,sbverify: help2man-ize usage output Update the usage output of sbsign and sbverify so that it can be better parsed by help2man. Also, add --version and --help. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-24 15:17:25 +08:00
Jeremy Kerr	d5f1a61b99	sbsign: fix incorrect check for certificate load Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 21:35:09 -07:00
Jeremy Kerr	902cb928b6	sbsigntool -> sbsign Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 09:45:22 -07:00

14 commits