[PATCH v2] installer: API to query device driver signing requirement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Zeeshan Ali (Khattak)" <zeeshanak@xxxxxxxxx>

Some OS vendors recommend or require device drivers to be signed by them
before these device drivers could be installed on their OS. This
recommendation/requirement then also applies to the installer scripts of
that particular OS.

This API enables apps to query such requirement/recommendation, if any.
---
 data/install-scripts/windows-cmd.xml |  1 +
 data/schemas/libosinfo.rng           | 15 +++++++++++++++
 osinfo/libosinfo.syms                |  5 +++++
 osinfo/osinfo_install_script.c       | 36 ++++++++++++++++++++++++++++++++++++
 osinfo/osinfo_install_script.h       | 30 ++++++++++++++++++++++++++++++
 osinfo/osinfo_loader.c               |  2 ++
 6 files changed, 89 insertions(+)

diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml
index c45c543..3c341fc 100644
--- a/data/install-scripts/windows-cmd.xml
+++ b/data/install-scripts/windows-cmd.xml
@@ -5,6 +5,7 @@
     <path-format>dos</path-format>
     <expected-filename>windows.cmd</expected-filename>
     <can-post-install-drivers>true</can-post-install-drivers>
+    <post-install-drivers-signing-req>strict</post-install-drivers-signing-req>
     <config>
       <param name="admin-password" policy="optional"/>
       <param name="user-realname" policy="required"/>
diff --git a/data/schemas/libosinfo.rng b/data/schemas/libosinfo.rng
index e01f140..902731e 100644
--- a/data/schemas/libosinfo.rng
+++ b/data/schemas/libosinfo.rng
@@ -580,10 +580,20 @@
           </element>
         </optional>
         <optional>
+          <element name='pre-install-drivers-signing-req'>
+            <ref name='driver-signing-reqs'/>
+          </element>
+        </optional>
+        <optional>
           <element name='can-post-install-drivers'>
             <ref name='bool'/>
           </element>
         </optional>
+        <optional>
+          <element name='post-install-drivers-signing-req'>
+            <ref name='driver-signing-reqs'/>
+          </element>
+        </optional>
         <element name='template'>
           <choice>
             <group>
@@ -722,4 +732,9 @@
       <param name="pattern">dos|unix</param>
     </data>
   </define>
+  <define name='driver-signing-reqs'>
+    <data type="string">
+      <param name="pattern">strict|warn|none</param>
+    </data>
+  </define>
 </grammar>
diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
index 0942290..45689a2 100644
--- a/osinfo/libosinfo.syms
+++ b/osinfo/libosinfo.syms
@@ -404,8 +404,13 @@ LIBOSINFO_0.2.6 {
 	osinfo_device_driver_get_signed;
 	osinfo_device_driver_set_signed;
 
+	osinfo_device_driver_signing_req_get_type;
+
 	osinfo_install_config_get_driver_signing;
 	osinfo_install_config_set_driver_signing;
+
+	osinfo_install_script_get_pre_install_drivers_signing_req;
+	osinfo_install_script_get_post_install_drivers_signing_req;
 } LIBOSINFO_0.2.3;
 
 /* Symbols in next release...
diff --git a/osinfo/osinfo_install_script.c b/osinfo/osinfo_install_script.c
index 276c756..3b67a34 100644
--- a/osinfo/osinfo_install_script.c
+++ b/osinfo/osinfo_install_script.c
@@ -1230,6 +1230,42 @@ gboolean osinfo_install_script_get_can_post_install_drivers(OsinfoInstallScript
          OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS);
 }
 
+/**
+ * osinfo_install_script_get_pre_install_drivers_signing_req:
+ * @script: the install script
+ *
+ * If install script can install drivers at the very beginning of installation,
+ * this function retrieves the requirement about signed status of drivers.
+ *
+ * Returns: (type OsinfoDeviceDriverSigningReq):
+ */
+int osinfo_install_script_get_pre_install_drivers_signing_req(OsinfoInstallScript *script)
+{
+    return osinfo_entity_get_param_value_enum
+        (OSINFO_ENTITY(script),
+         OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ,
+         OSINFO_TYPE_DEVICE_DRIVER_SIGNING_REQ,
+         OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE);
+}
+
+/**
+ * osinfo_install_script_get_post_install_drivers_signing_req:
+ * @script: the install script
+ *
+ * If install script can install drivers at the end of installation, this
+ * function retrieves the requirement about signed status of drivers.
+ *
+ * Returns: (type OsinfoDeviceDriverSigningReq):
+ */
+int osinfo_install_script_get_post_install_drivers_signing_req(OsinfoInstallScript *script)
+{
+    return osinfo_entity_get_param_value_enum
+        (OSINFO_ENTITY(script),
+         OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ,
+         OSINFO_TYPE_DEVICE_DRIVER_SIGNING_REQ,
+         OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE);
+}
+
 /*
  * Local variables:
  *  indent-tabs-mode: nil
diff --git a/osinfo/osinfo_install_script.h b/osinfo/osinfo_install_script.h
index d91751e..ffd3e47 100644
--- a/osinfo/osinfo_install_script.h
+++ b/osinfo/osinfo_install_script.h
@@ -55,6 +55,8 @@ typedef struct _OsinfoInstallScriptPrivate OsinfoInstallScriptPrivate;
 #define OSINFO_INSTALL_SCRIPT_PROP_PATH_FORMAT        "path-format"
 #define OSINFO_INSTALL_SCRIPT_PROP_CAN_PRE_INSTALL_DRIVERS "can-pre-install-drivers"
 #define OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS "can-post-install-drivers"
+#define OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ "pre-install-drivers-signing-req"
+#define OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ "post-install-drivers-signing-req"
 
 /* object */
 struct _OsinfoInstallScript
@@ -86,6 +88,31 @@ typedef enum {
     OSINFO_PATH_FORMAT_DOS
 } OsinfoPathFormat;
 
+/**
+ * OsinfoDeviceDriverSigningReq:
+ *
+ * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE: Script do not require device drivers
+ * to be signed.
+ *
+ * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT: Script must only be given signed
+ * device drivers. Some scripts will allow overriding this requirement through
+ * #osinfo_install_config_set_driver_signing function. You can query if a
+ * script supports this by checking if
+ * #OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING configuration parameter is used
+ * by the script in question (or other scripts in the same profile).
+ *
+ * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN: A warning will be issued by OS
+ * installer if device drivers are not signed and most probably require user
+ * input (and thus breaking unattended installation). See
+ * #OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT on how this warning can be disabled
+ * for some scripts.
+ */
+typedef enum {
+    OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE,
+    OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT,
+    OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN
+} OsinfoDeviceDriverSigningReq;
+
 GType osinfo_install_script_get_type(void);
 
 OsinfoInstallScript *osinfo_install_script_new(const gchar *id);
@@ -163,6 +190,9 @@ OsinfoPathFormat osinfo_install_script_get_path_format(OsinfoInstallScript *scri
 gboolean osinfo_install_script_get_can_pre_install_drivers(OsinfoInstallScript *script);
 gboolean osinfo_install_script_get_can_post_install_drivers(OsinfoInstallScript *script);
 
+int osinfo_install_script_get_pre_install_drivers_signing_req(OsinfoInstallScript *script);
+int osinfo_install_script_get_post_install_drivers_signing_req(OsinfoInstallScript *script);
+
 #endif /* __OSINFO_INSTALL_SCRIPT_H__ */
 /*
  * Local variables:
diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
index bd32314..1bba7a1 100644
--- a/osinfo/osinfo_loader.c
+++ b/osinfo/osinfo_loader.c
@@ -701,6 +701,8 @@ static void osinfo_loader_install_script(OsinfoLoader *loader,
         OSINFO_INSTALL_SCRIPT_PROP_EXPECTED_FILENAME,
         OSINFO_INSTALL_SCRIPT_PROP_CAN_PRE_INSTALL_DRIVERS,
         OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS,
+        OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ,
+        OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ,
         NULL
     };
     gchar *value = NULL;
-- 
1.8.1.4

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux