[PATCH 1/3] API to query signed status of device drivers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Zeeshan Ali (Khattak)" <zeeshanak@xxxxxxxxx>

Some OS vendors recommend or require device drivers to be signed by them
before these device drivers could be installed on their OS. An API to
query signed status of the device driver will be useful for apps to be
able to make a decision whether they want to use the driver or not.

Later patches add API for querying signature requirements from a script
and to possibly disable these checks.
---
 data/oses/windows.xml.in      | 17 ++++++++---------
 data/schemas/libosinfo.rng    |  5 +++++
 osinfo/libosinfo.syms         |  6 ++++++
 osinfo/osinfo_device_driver.c | 16 ++++++++++++++++
 osinfo/osinfo_device_driver.h |  2 ++
 osinfo/osinfo_loader.c        |  8 ++++++++
 6 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/data/oses/windows.xml.in b/data/oses/windows.xml.in
index 069459e..26d4410 100644
--- a/data/oses/windows.xml.in
+++ b/data/oses/windows.xml.in
@@ -383,7 +383,7 @@
     </installer>
 
     <!-- virtio block device driver -->
-    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/x86"; pre-installable="true">
+    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/x86"; pre-installable="true" signed="false">
       <file>viostor.cat</file>
       <file>viostor.inf</file>
       <file>viostor.sys</file>
@@ -392,7 +392,7 @@
       <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1af4/1001"/>
     </driver>
 
-    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/amd64"; pre-installable="true">
+    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/amd64"; pre-installable="true" signed="false">
       <file>viostor.cat</file>
       <file>viostor.inf</file>
       <file>viostor.sys</file>
@@ -402,7 +402,7 @@
     </driver>
 
     <!-- All virtio and QXL device drivers, and spice-vdagent -->
-    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
+    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
       <file>spice-guest-tools-0.52.exe</file>
       <file>spice-guest-tools-0.52.cmd</file>
       <file>redhat09.cer</file>
@@ -414,7 +414,7 @@
       <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1b36/0100"/>
     </driver>
 
-    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
+    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
       <file>spice-guest-tools-0.52.exe</file>
       <file>spice-guest-tools-0.52.cmd</file>
       <file>redhat09.cer</file>
@@ -780,23 +780,22 @@
     </installer>
 
     <!-- virtio block device driver -->
-    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/x86"; pre-installable="true">
+    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/x86"; pre-installable="true" signed="false">
       <file>viostor.cat</file>
       <file>viostor.inf</file>
       <file>viostor.sys</file>
       <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1af4/1001"/>
     </driver>
 
-    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/amd64"; pre-installable="true">
+    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/amd64"; pre-installable="true" signed="false">
       <file>viostor.cat</file>
       <file>viostor.inf</file>
       <file>viostor.sys</file>
-
       <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1af4/1001"/>
     </driver>
 
     <!-- All virtio and QXL device drivers, and spice-vdagent -->
-    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
+    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
       <file>spice-guest-tools-0.52.exe</file>
       <file>spice-guest-tools-0.52.cmd</file>
       <file>redhat09.cer</file>
@@ -808,7 +807,7 @@
       <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1b36/0100"/>
     </driver>
 
-    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
+    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
       <file>spice-guest-tools-0.52.exe</file>
       <file>spice-guest-tools-0.52.cmd</file>
       <file>redhat09.cer</file>
diff --git a/data/schemas/libosinfo.rng b/data/schemas/libosinfo.rng
index bfa0ddb..e01f140 100644
--- a/data/schemas/libosinfo.rng
+++ b/data/schemas/libosinfo.rng
@@ -451,6 +451,11 @@
           <ref name='bool'/>
         </attribute>
       </optional>
+      <optional>
+        <attribute name="signed">
+          <ref name='bool'/>
+        </attribute>
+      </optional>
       <zeroOrMore>
         <element name='file'>
           <text/>
diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
index 4615829..df2ba90 100644
--- a/osinfo/libosinfo.syms
+++ b/osinfo/libosinfo.syms
@@ -399,6 +399,12 @@ LIBOSINFO_0.2.3 {
 
 } LIBOSINFO_0.2.2;
 
+LIBOSINFO_0.2.6 {
+    global:
+	osinfo_device_driver_get_signed;
+	osinfo_device_driver_set_signed;
+} LIBOSINFO_0.2.3;
+
 /* Symbols in next release...
 
   LIBOSINFO_0.0.2 {
diff --git a/osinfo/osinfo_device_driver.c b/osinfo/osinfo_device_driver.c
index 23731bf..c5aaaec 100644
--- a/osinfo/osinfo_device_driver.c
+++ b/osinfo/osinfo_device_driver.c
@@ -170,6 +170,22 @@ void osinfo_device_driver_add_device(OsinfoDeviceDriver *driver,
                     OSINFO_ENTITY(device));
 }
 
+/**
+ * osinfo_device_driver_get_signed:
+ * @driver: an #OsinfoDeviceDriver instance
+ *
+ * Some OS vendors recommend or require device drivers to be signed by them
+ * before these device drivers could be installed on their OS.
+ *
+ * Returns: TRUE if @driver is signed, FALSE otherwise.
+ */
+gboolean osinfo_device_driver_get_signed(OsinfoDeviceDriver *driver)
+{
+    return osinfo_entity_get_param_value_boolean
+                (OSINFO_ENTITY(driver),
+                 OSINFO_DEVICE_DRIVER_PROP_SIGNED);
+}
+
 /*
  * Local variables:
  *  indent-tabs-mode: nil
diff --git a/osinfo/osinfo_device_driver.h b/osinfo/osinfo_device_driver.h
index c894fe8..7aa193e 100644
--- a/osinfo/osinfo_device_driver.h
+++ b/osinfo/osinfo_device_driver.h
@@ -55,6 +55,7 @@ typedef struct _OsinfoDeviceDriverPrivate OsinfoDeviceDriverPrivate;
 #define OSINFO_DEVICE_DRIVER_PROP_PRE_INSTALLABLE "pre-installable"
 #define OSINFO_DEVICE_DRIVER_PROP_FILE            "file"
 #define OSINFO_DEVICE_DRIVER_PROP_DEVICE          "device"
+#define OSINFO_DEVICE_DRIVER_PROP_SIGNED          "signed"
 
 /* object */
 struct _OsinfoDeviceDriver
@@ -83,6 +84,7 @@ const gchar *osinfo_device_driver_get_location(OsinfoDeviceDriver *driver);
 gboolean osinfo_device_driver_get_pre_installable(OsinfoDeviceDriver *driver);
 GList *osinfo_device_driver_get_files(OsinfoDeviceDriver *driver);
 OsinfoDeviceList *osinfo_device_driver_get_devices(OsinfoDeviceDriver *driver);
+gboolean osinfo_device_driver_get_signed(OsinfoDeviceDriver *driver);
 
 #endif /* __OSINFO_DEVICE_DRIVER_H__ */
 /*
diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
index 76e9bc2..bd32314 100644
--- a/osinfo/osinfo_loader.c
+++ b/osinfo/osinfo_loader.c
@@ -1017,6 +1017,7 @@ static OsinfoDeviceDriver *osinfo_loader_driver(OsinfoLoader *loader,
     xmlChar *arch = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_ARCHITECTURE);
     xmlChar *location = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_LOCATION);
     xmlChar *preinst = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_PRE_INSTALLABLE);
+    xmlChar *is_signed = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_SIGNED);
 
     OsinfoDeviceDriver *driver = osinfo_device_driver_new(id);
 
@@ -1041,6 +1042,13 @@ static OsinfoDeviceDriver *osinfo_loader_driver(OsinfoLoader *loader,
         xmlFree(preinst);
     }
 
+    if (is_signed) {
+        osinfo_entity_set_param(OSINFO_ENTITY(driver),
+                                OSINFO_DEVICE_DRIVER_PROP_SIGNED,
+                                (gchar *)is_signed);
+        xmlFree(is_signed);
+    }
+
     gint nnodes = osinfo_loader_nodeset("./*", ctxt, &nodes, err);
     if (error_is_set(err)) {
         g_object_unref(G_OBJECT(driver));
-- 
1.8.1.4

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux