Commit graph

13 commits

Author SHA1 Message Date
Jeremy Kerr
d19b993024 fileio: Unify key & cert loading
Rather than duplicating the key & certificate loading in each tool,
unify it in a fileio object.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-03 10:36:38 +08:00
Jeremy Kerr
d27647ba69 image: add functions to add and remove signatures
Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:

 image_add_signature(image, sig, sigsize);
 image_remove_signature(image);

And warn when a signature is to be overwritten.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-03 10:03:14 +08:00
Jeremy Kerr
5dc7b4c370 license: Add OpenSSL exception to GPLv3 terms
We're using OpenSSL, so need to grant binary distrbutors permission to
link with it.

Cleared with current contributors.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 15:06:31 +08:00
Jeremy Kerr
81d7825c98 sbsign: handle errors from PKCS7_sign_add_signer()
Rather than causing a segfault (si == NULL), report an error and exit.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 10:18:08 +08:00
James Bottomley
8f8939d9bb sbsign: fix failure to sign when key is password protected
The current incarnation of sbsign doesn't all all ciphers to OpenSSL
meaning that if the private key is encrypted, it can't decrypt it and
instead it returns the unhelpful error message

error reading private key ../certs/PK.key

Fix this by adding all ciphers before trying to read the private key.

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-27 12:23:54 +08:00
Jeremy Kerr
376974e386 image: Unconditionally parse PE/COFF data
Rather than requiring an explicit image_pecoff_parse, do it
unconditionally in image_load. We don't have any instances where we need
to do this separately.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:39:34 +08:00
Jeremy Kerr
be7559abfe image: Add facility to write unsigned images
Change image_write_signed to image_write, and conditionally write the
signature if one is present.

This will allow us to write unsigned images when detaching a sig from an
image.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-12 10:19:08 +08:00
Jeremy Kerr
a8f1453a53 sbsign,sbverify: Update getopt_long optstrings
The optstrings for sbsign and sbverify are out of sync with the long
options, this change brings them up to date.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 19:49:28 +08:00
Jeremy Kerr
3c9815acc6 sbsign: Add --detached option to create detached PKCS7 signatures
Add an option (--detached) to sbsign, which creates a detached
signature, rather than embedding it in the PE/COFF signature table.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 15:59:48 +08:00
Jeremy Kerr
f98a885cfa sbsign: fix flag for verbose operation
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 14:54:57 +08:00
Jeremy Kerr
fcf3cdf70a sbsign,sbverify: help2man-ize usage output
Update the usage output of sbsign and sbverify so that it can be better
parsed by help2man. Also, add --version and --help.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:25 +08:00
Jeremy Kerr
d5f1a61b99 sbsign: fix incorrect check for certificate load
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:35:09 -07:00
Jeremy Kerr
902cb928b6 sbsigntool -> sbsign
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:45:22 -07:00
Renamed from sbsigntool.c (Browse further)