- Add some more options like help, x509, hashalgo to command line args - This makes it easy to handle and use command line args wherever needed Signed-off-by: Shreenidhi Shedi <yesshedi@xxxxxxxxx> --- scripts/Makefile.modinst | 4 ++- scripts/sign-file.c | 63 ++++++++++++++++++++++++++++------------ 2 files changed, 48 insertions(+), 19 deletions(-) diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index ab0c5bd1a60f..e94ac9afe17a 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -72,7 +72,9 @@ else sig-key := $(CONFIG_MODULE_SIG_KEY) endif quiet_cmd_sign = SIGN $@ - cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \ + cmd_sign = scripts/sign-file -a "$(CONFIG_MODULE_SIG_HASH)" \ + -i "$(sig-key)" \ + -x certs/signing_key.x509 $@ \ $(if $(KBUILD_EXTMOD),|| true) else quiet_cmd_sign := diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 94228865b6cc..b0f340ea629b 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name) struct cmd_opts { char *raw_sig_name; + char *hash_algo; + char *dest_name; + char *private_key_name; + char *x509_name; + char *module_name; bool save_sig; bool replace_orig; bool raw_sig; @@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) #ifndef USE_PKCS7 {"usekeyid", no_argument, 0, 'k'}, #endif + {"help", no_argument, 0, 'h'}, + {"privkey", required_argument, 0, 'i'}, + {"hashalgo", required_argument, 0, 'a'}, + {"x509", required_argument, 0, 'x'}, + {"dest", required_argument, 0, 'd'}, + {"replaceorig", required_argument, 0, 'r'}, {0, 0, 0, 0} }; @@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) do { #ifndef USE_PKCS7 - opt = getopt_long_only(argc, argv, "pds:", + opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:", cmd_options, &opt_index); #else - opt = getopt_long_only(argc, argv, "pdks:", + opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:", cmd_options, &opt_index); #endif switch (opt) { @@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) break; #endif + case 'h': + format(); + break; + + case 'i': + opts->private_key_name = optarg; + break; + + case 'a': + opts->hash_algo = optarg; + break; + + case 'x': + opts->x509_name = optarg; + break; + + case 't': + opts->dest_name = optarg; + break; + + case 'r': + opts->replace_orig = true; + break; + case -1: break; @@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts) int main(int argc, char **argv) { struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; - char *hash_algo = NULL; - char *private_key_name = NULL; - char *x509_name, *module_name, *dest_name; unsigned char buf[4096]; unsigned long module_size, sig_size; unsigned int use_signed_attrs; @@ -315,32 +347,27 @@ int main(int argc, char **argv) argv += optind; const char *raw_sig_name = opts.raw_sig_name; + const char *hash_algo = opts.hash_algo; + const char *private_key_name = opts.private_key_name; + const char *x509_name = opts.x509_name; + const char *module_name = opts.module_name; const bool save_sig = opts.save_sig; const bool raw_sig = opts.raw_sig; const bool sign_only = opts.sign_only; bool replace_orig = opts.replace_orig; + char *dest_name = opts.dest_name; #ifndef USE_PKCS7 const unsigned int use_keyid = opts.use_keyid; #endif - if (argc < 4 || argc > 5) + if (!argv[0] || argc != 1) format(); - if (raw_sig) { - raw_sig_name = argv[0]; - hash_algo = argv[1]; - } else { - hash_algo = argv[0]; - private_key_name = argv[1]; - } - x509_name = argv[2]; - module_name = argv[3]; - if (argc == 5 && strcmp(argv[3], argv[4]) != 0) { - dest_name = argv[4]; + if (dest_name && strcmp(argv[0], dest_name)) { replace_orig = false; } else { ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, - "asprintf"); + "asprintf"); replace_orig = true; } -- 2.41.0