Re: [PATCH 1/3] API to query signed status of device drivers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

ACK

On Thu, Mar 14, 2013 at 04:16:57AM +0200, Zeeshan Ali (Khattak) wrote:
> From: "Zeeshan Ali (Khattak)" <zeeshanak@xxxxxxxxx>
> 
> Some OS vendors recommend or require device drivers to be signed by them
> before these device drivers could be installed on their OS. An API to
> query signed status of the device driver will be useful for apps to be
> able to make a decision whether they want to use the driver or not.
> 
> Later patches add API for querying signature requirements from a script
> and to possibly disable these checks.
> ---
>  data/oses/windows.xml.in      | 17 ++++++++---------
>  data/schemas/libosinfo.rng    |  5 +++++
>  osinfo/libosinfo.syms         |  6 ++++++
>  osinfo/osinfo_device_driver.c | 16 ++++++++++++++++
>  osinfo/osinfo_device_driver.h |  2 ++
>  osinfo/osinfo_loader.c        |  8 ++++++++
>  6 files changed, 45 insertions(+), 9 deletions(-)
> 
> diff --git a/data/oses/windows.xml.in b/data/oses/windows.xml.in
> index 069459e..26d4410 100644
> --- a/data/oses/windows.xml.in
> +++ b/data/oses/windows.xml.in
> @@ -383,7 +383,7 @@
>      </installer>
>  
>      <!-- virtio block device driver -->
> -    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/x86"; pre-installable="true">
> +    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/x86"; pre-installable="true" signed="false">
>        <file>viostor.cat</file>
>        <file>viostor.inf</file>
>        <file>viostor.sys</file>
> @@ -392,7 +392,7 @@
>        <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1af4/1001"/>
>      </driver>
>  
> -    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/amd64"; pre-installable="true">
> +    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/winxp/amd64"; pre-installable="true" signed="false">
>        <file>viostor.cat</file>
>        <file>viostor.inf</file>
>        <file>viostor.sys</file>
> @@ -402,7 +402,7 @@
>      </driver>
>  
>      <!-- All virtio and QXL device drivers, and spice-vdagent -->
> -    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
> +    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
>        <file>spice-guest-tools-0.52.exe</file>
>        <file>spice-guest-tools-0.52.cmd</file>
>        <file>redhat09.cer</file>
> @@ -414,7 +414,7 @@
>        <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1b36/0100"/>
>      </driver>
>  
> -    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
> +    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
>        <file>spice-guest-tools-0.52.exe</file>
>        <file>spice-guest-tools-0.52.cmd</file>
>        <file>redhat09.cer</file>
> @@ -780,23 +780,22 @@
>      </installer>
>  
>      <!-- virtio block device driver -->
> -    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/x86"; pre-installable="true">
> +    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/x86"; pre-installable="true" signed="false">
>        <file>viostor.cat</file>
>        <file>viostor.inf</file>
>        <file>viostor.sys</file>
>        <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1af4/1001"/>
>      </driver>
>  
> -    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/amd64"; pre-installable="true">
> +    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/preinst/win7/amd64"; pre-installable="true" signed="false">
>        <file>viostor.cat</file>
>        <file>viostor.inf</file>
>        <file>viostor.sys</file>
> -
>        <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1af4/1001"/>
>      </driver>
>  
>      <!-- All virtio and QXL device drivers, and spice-vdagent -->
> -    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
> +    <driver arch="i686" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
>        <file>spice-guest-tools-0.52.exe</file>
>        <file>spice-guest-tools-0.52.cmd</file>
>        <file>redhat09.cer</file>
> @@ -808,7 +807,7 @@
>        <device id="http://pciids.sourceforge.net/v2.2/pci.ids/1b36/0100"/>
>      </driver>
>  
> -    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst";>
> +    <driver arch="x86_64" location="http://zeenix.fedorapeople.org/drivers/win-tools/postinst"; signed="false">
>        <file>spice-guest-tools-0.52.exe</file>
>        <file>spice-guest-tools-0.52.cmd</file>
>        <file>redhat09.cer</file>
> diff --git a/data/schemas/libosinfo.rng b/data/schemas/libosinfo.rng
> index bfa0ddb..e01f140 100644
> --- a/data/schemas/libosinfo.rng
> +++ b/data/schemas/libosinfo.rng
> @@ -451,6 +451,11 @@
>            <ref name='bool'/>
>          </attribute>
>        </optional>
> +      <optional>
> +        <attribute name="signed">
> +          <ref name='bool'/>
> +        </attribute>
> +      </optional>
>        <zeroOrMore>
>          <element name='file'>
>            <text/>
> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
> index 4615829..df2ba90 100644
> --- a/osinfo/libosinfo.syms
> +++ b/osinfo/libosinfo.syms
> @@ -399,6 +399,12 @@ LIBOSINFO_0.2.3 {
>  
>  } LIBOSINFO_0.2.2;
>  
> +LIBOSINFO_0.2.6 {
> +    global:
> +	osinfo_device_driver_get_signed;
> +	osinfo_device_driver_set_signed;
> +} LIBOSINFO_0.2.3;
> +
>  /* Symbols in next release...
>  
>    LIBOSINFO_0.0.2 {
> diff --git a/osinfo/osinfo_device_driver.c b/osinfo/osinfo_device_driver.c
> index 23731bf..c5aaaec 100644
> --- a/osinfo/osinfo_device_driver.c
> +++ b/osinfo/osinfo_device_driver.c
> @@ -170,6 +170,22 @@ void osinfo_device_driver_add_device(OsinfoDeviceDriver *driver,
>                      OSINFO_ENTITY(device));
>  }
>  
> +/**
> + * osinfo_device_driver_get_signed:
> + * @driver: an #OsinfoDeviceDriver instance
> + *
> + * Some OS vendors recommend or require device drivers to be signed by them
> + * before these device drivers could be installed on their OS.
> + *
> + * Returns: TRUE if @driver is signed, FALSE otherwise.
> + */
> +gboolean osinfo_device_driver_get_signed(OsinfoDeviceDriver *driver)
> +{
> +    return osinfo_entity_get_param_value_boolean
> +                (OSINFO_ENTITY(driver),
> +                 OSINFO_DEVICE_DRIVER_PROP_SIGNED);
> +}
> +
>  /*
>   * Local variables:
>   *  indent-tabs-mode: nil
> diff --git a/osinfo/osinfo_device_driver.h b/osinfo/osinfo_device_driver.h
> index c894fe8..7aa193e 100644
> --- a/osinfo/osinfo_device_driver.h
> +++ b/osinfo/osinfo_device_driver.h
> @@ -55,6 +55,7 @@ typedef struct _OsinfoDeviceDriverPrivate OsinfoDeviceDriverPrivate;
>  #define OSINFO_DEVICE_DRIVER_PROP_PRE_INSTALLABLE "pre-installable"
>  #define OSINFO_DEVICE_DRIVER_PROP_FILE            "file"
>  #define OSINFO_DEVICE_DRIVER_PROP_DEVICE          "device"
> +#define OSINFO_DEVICE_DRIVER_PROP_SIGNED          "signed"
>  
>  /* object */
>  struct _OsinfoDeviceDriver
> @@ -83,6 +84,7 @@ const gchar *osinfo_device_driver_get_location(OsinfoDeviceDriver *driver);
>  gboolean osinfo_device_driver_get_pre_installable(OsinfoDeviceDriver *driver);
>  GList *osinfo_device_driver_get_files(OsinfoDeviceDriver *driver);
>  OsinfoDeviceList *osinfo_device_driver_get_devices(OsinfoDeviceDriver *driver);
> +gboolean osinfo_device_driver_get_signed(OsinfoDeviceDriver *driver);
>  
>  #endif /* __OSINFO_DEVICE_DRIVER_H__ */
>  /*
> diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
> index 76e9bc2..bd32314 100644
> --- a/osinfo/osinfo_loader.c
> +++ b/osinfo/osinfo_loader.c
> @@ -1017,6 +1017,7 @@ static OsinfoDeviceDriver *osinfo_loader_driver(OsinfoLoader *loader,
>      xmlChar *arch = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_ARCHITECTURE);
>      xmlChar *location = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_LOCATION);
>      xmlChar *preinst = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_PRE_INSTALLABLE);
> +    xmlChar *is_signed = xmlGetProp(root, BAD_CAST OSINFO_DEVICE_DRIVER_PROP_SIGNED);
>  
>      OsinfoDeviceDriver *driver = osinfo_device_driver_new(id);
>  
> @@ -1041,6 +1042,13 @@ static OsinfoDeviceDriver *osinfo_loader_driver(OsinfoLoader *loader,
>          xmlFree(preinst);
>      }
>  
> +    if (is_signed) {
> +        osinfo_entity_set_param(OSINFO_ENTITY(driver),
> +                                OSINFO_DEVICE_DRIVER_PROP_SIGNED,
> +                                (gchar *)is_signed);
> +        xmlFree(is_signed);
> +    }
> +
>      gint nnodes = osinfo_loader_nodeset("./*", ctxt, &nodes, err);
>      if (error_is_set(err)) {
>          g_object_unref(G_OBJECT(driver));
> -- 
> 1.8.1.4
> 
> _______________________________________________
> Libosinfo mailing list
> Libosinfo@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libosinfo

Attachment: pgpiVg11lkEuf.pgp
Description: PGP signature

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux