[v3 3/5] installer: API to query device driver signing requirement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Zeeshan Ali (Khattak)" <zeeshanak@xxxxxxxxx>

Some OS vendors recommend or require device drivers to be signed by them
before these device drivers could be installed on their OS. This
recommendation/requirement then also applies to the installer scripts of
that particular OS.

This API enables apps to query such requirement/recommendation, if any.
---
 data/install-scripts/windows-sif.xml      |  2 ++
 data/install-scripts/windows-unattend.xml |  2 ++
 data/schemas/libosinfo.rng                | 16 +++++++++++++
 osinfo/libosinfo.syms                     |  7 ++++++
 osinfo/osinfo_install_script.c            | 38 +++++++++++++++++++++++++++++++
 osinfo/osinfo_install_script.h            | 21 +++++++++++++++++
 osinfo/osinfo_loader.c                    |  2 ++
 7 files changed, 88 insertions(+)

diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
index 630df56..ead3c32 100644
--- a/data/install-scripts/windows-sif.xml
+++ b/data/install-scripts/windows-sif.xml
@@ -6,6 +6,7 @@
     <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
     <expected-filename>winnt.sif</expected-filename>
     <can-pre-install-drivers>true</can-pre-install-drivers>
+    <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
     <config>
       <param name="admin-password" policy="optional"/>
       <param name="reg-product-key" policy="required"/>
@@ -72,6 +73,7 @@
     <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
     <expected-filename>winnt.sif</expected-filename>
     <can-pre-install-drivers>true</can-pre-install-drivers>
+    <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
     <config>
       <param name="admin-password" policy="optional"/>
       <param name="reg-product-key" policy="required"/>
diff --git a/data/install-scripts/windows-unattend.xml b/data/install-scripts/windows-unattend.xml
index e140617..cd4ecb5 100644
--- a/data/install-scripts/windows-unattend.xml
+++ b/data/install-scripts/windows-unattend.xml
@@ -5,6 +5,7 @@
     <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
    <expected-filename>autounattend.xml</expected-filename>
    <can-pre-install-drivers>true</can-pre-install-drivers>
+   <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
     <config>
       <param name="admin-password" policy="optional"/>
       <param name="hardware-arch" policy="optional"/>
@@ -220,6 +221,7 @@
    <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
    <expected-filename>autounattend.xml</expected-filename>
    <can-pre-install-drivers>true</can-pre-install-drivers>
+   <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
    <config>
     <param name="admin-password" policy="optional"/>
     <param name="hardware-arch" policy="required"/>
diff --git a/data/schemas/libosinfo.rng b/data/schemas/libosinfo.rng
index fa25a91..8f4010d 100644
--- a/data/schemas/libosinfo.rng
+++ b/data/schemas/libosinfo.rng
@@ -580,10 +580,20 @@
           </element>
         </optional>
         <optional>
+          <element name='pre-install-drivers-signing-req'>
+            <ref name='driver-signing-reqs'/>
+          </element>
+        </optional>
+        <optional>
           <element name='can-post-install-drivers'>
             <ref name='bool'/>
           </element>
         </optional>
+        <optional>
+          <element name='post-install-drivers-signing-req'>
+            <ref name='driver-signing-reqs'/>
+          </element>
+        </optional>
         <element name='template'>
           <choice>
             <group>
@@ -682,4 +692,10 @@
       <param name="pattern">dos|unix</param>
     </data>
   </define>
+
+  <define name='driver-signing-reqs'>
+    <data type="string">
+      <param name="pattern">strict|warn|none</param>
+    </data>
+  </define>
 </grammar>
diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
index ec3d67f..250b1bf 100644
--- a/osinfo/libosinfo.syms
+++ b/osinfo/libosinfo.syms
@@ -402,6 +402,13 @@ LIBOSINFO_0.2.3 {
 LIBOSINFO_0.2.4 {
     global:
 	osinfo_device_driver_get_signed;
+	osinfo_device_driver_signing_req_get_type;
+
+	osinfo_install_config_get_driver_signing;
+	osinfo_install_config_set_driver_signing;
+
+	osinfo_install_script_get_pre_install_drivers_signing_req;
+	osinfo_install_script_get_post_install_drivers_signing_req;
 } LIBOSINFO_0.2.3;
 
 /* Symbols in next release...
diff --git a/osinfo/osinfo_install_script.c b/osinfo/osinfo_install_script.c
index 276c756..a784f52 100644
--- a/osinfo/osinfo_install_script.c
+++ b/osinfo/osinfo_install_script.c
@@ -1230,6 +1230,44 @@ gboolean osinfo_install_script_get_can_post_install_drivers(OsinfoInstallScript
          OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS);
 }
 
+/**
+ * osinfo_install_script_get_pre_install_drivers_signing_req:
+ * @script: the install script
+ *
+ * If install script can install drivers at the very beginning of installation,
+ * this function retrieves the requirement about signed status of drivers.
+ *
+ * Returns: (type OsinfoDeviceDriverSigningReq): The signing requirement for
+ * pre-installation drivers.
+ */
+int osinfo_install_script_get_pre_install_drivers_signing_req(OsinfoInstallScript *script)
+{
+    return osinfo_entity_get_param_value_enum
+        (OSINFO_ENTITY(script),
+         OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ,
+         OSINFO_TYPE_DEVICE_DRIVER_SIGNING_REQ,
+         OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE);
+}
+
+/**
+ * osinfo_install_script_get_post_install_drivers_signing_req:
+ * @script: the install script
+ *
+ * If install script can install drivers at the end of installation, this
+ * function retrieves the requirement about signed status of drivers.
+ *
+ * Returns: (type OsinfoDeviceDriverSigningReq): The signing requirement for
+ * post-installation drivers.
+ */
+int osinfo_install_script_get_post_install_drivers_signing_req(OsinfoInstallScript *script)
+{
+    return osinfo_entity_get_param_value_enum
+        (OSINFO_ENTITY(script),
+         OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ,
+         OSINFO_TYPE_DEVICE_DRIVER_SIGNING_REQ,
+         OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE);
+}
+
 /*
  * Local variables:
  *  indent-tabs-mode: nil
diff --git a/osinfo/osinfo_install_script.h b/osinfo/osinfo_install_script.h
index d91751e..c23331d 100644
--- a/osinfo/osinfo_install_script.h
+++ b/osinfo/osinfo_install_script.h
@@ -55,6 +55,8 @@ typedef struct _OsinfoInstallScriptPrivate OsinfoInstallScriptPrivate;
 #define OSINFO_INSTALL_SCRIPT_PROP_PATH_FORMAT        "path-format"
 #define OSINFO_INSTALL_SCRIPT_PROP_CAN_PRE_INSTALL_DRIVERS "can-pre-install-drivers"
 #define OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS "can-post-install-drivers"
+#define OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ "pre-install-drivers-signing-req"
+#define OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ "post-install-drivers-signing-req"
 
 /* object */
 struct _OsinfoInstallScript
@@ -86,6 +88,22 @@ typedef enum {
     OSINFO_PATH_FORMAT_DOS
 } OsinfoPathFormat;
 
+/**
+ * OsinfoDeviceDriverSigningReq;
+ * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE: Script do not require device drivers
+ * to be signed.
+ * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT: Script must only be given signed
+ * device drivers.
+ * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN: A warning will be issued by OS
+ * installer if device drivers are not signed and most probably require user
+ * input (and thus breaking unattended installation).
+ */
+typedef enum {
+    OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE,
+    OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT,
+    OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN,
+} OsinfoDeviceDriverSigningReq;
+
 GType osinfo_install_script_get_type(void);
 
 OsinfoInstallScript *osinfo_install_script_new(const gchar *id);
@@ -163,6 +181,9 @@ OsinfoPathFormat osinfo_install_script_get_path_format(OsinfoInstallScript *scri
 gboolean osinfo_install_script_get_can_pre_install_drivers(OsinfoInstallScript *script);
 gboolean osinfo_install_script_get_can_post_install_drivers(OsinfoInstallScript *script);
 
+int osinfo_install_script_get_pre_install_drivers_signing_req(OsinfoInstallScript *script);
+int osinfo_install_script_get_post_install_drivers_signing_req(OsinfoInstallScript *script);
+
 #endif /* __OSINFO_INSTALL_SCRIPT_H__ */
 /*
  * Local variables:
diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
index 4622877..8188170 100644
--- a/osinfo/osinfo_loader.c
+++ b/osinfo/osinfo_loader.c
@@ -700,6 +700,8 @@ static void osinfo_loader_install_script(OsinfoLoader *loader,
         OSINFO_INSTALL_SCRIPT_PROP_EXPECTED_FILENAME,
         OSINFO_INSTALL_SCRIPT_PROP_CAN_PRE_INSTALL_DRIVERS,
         OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS,
+        OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ,
+        OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ,
         NULL
     };
     gchar *value = NULL;
-- 
1.8.1.2

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux