- Add some more options like help, x509, hashalgo to command line args
- This makes it easy to handle and use command line args wherever needed
Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
---
scripts/sign-file.c | 63 ++++++++++++++++++++++++++++++++-------------
1 file changed, 45 insertions(+), 18 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 94228865b6cc..b0f340ea629b 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name)
struct cmd_opts {
char *raw_sig_name;
+ char *hash_algo;
+ char *dest_name;
+ char *private_key_name;
+ char *x509_name;
+ char *module_name;
bool save_sig;
bool replace_orig;
bool raw_sig;
@@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
#ifndef USE_PKCS7
{"usekeyid", no_argument, 0, 'k'},
#endif
+ {"help", no_argument, 0, 'h'},
+ {"privkey", required_argument, 0, 'i'},
+ {"hashalgo", required_argument, 0, 'a'},
+ {"x509", required_argument, 0, 'x'},
+ {"dest", required_argument, 0, 'd'},
+ {"replaceorig", required_argument, 0, 'r'},
{0, 0, 0, 0}
};
@@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
do {
#ifndef USE_PKCS7
- opt = getopt_long_only(argc, argv, "pds:",
+ opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:",
cmd_options, &opt_index);
#else
- opt = getopt_long_only(argc, argv, "pdks:",
+ opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:",
cmd_options, &opt_index);
#endif
switch (opt) {
@@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
break;
#endif
+ case 'h':
+ format();
+ break;
+
+ case 'i':
+ opts->private_key_name = optarg;
+ break;
+
+ case 'a':
+ opts->hash_algo = optarg;
+ break;
+
+ case 'x':
+ opts->x509_name = optarg;
+ break;
+
+ case 't':
+ opts->dest_name = optarg;
+ break;
+
+ case 'r':
+ opts->replace_orig = true;
+ break;
+
case -1:
break;
@@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
int main(int argc, char **argv)
{
struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
- char *hash_algo = NULL;
- char *private_key_name = NULL;
- char *x509_name, *module_name, *dest_name;
unsigned char buf[4096];
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
@@ -315,32 +347,27 @@ int main(int argc, char **argv)
argv += optind;
const char *raw_sig_name = opts.raw_sig_name;
+ const char *hash_algo = opts.hash_algo;
+ const char *private_key_name = opts.private_key_name;
+ const char *x509_name = opts.x509_name;
+ const char *module_name = opts.module_name;
const bool save_sig = opts.save_sig;
const bool raw_sig = opts.raw_sig;
const bool sign_only = opts.sign_only;
bool replace_orig = opts.replace_orig;
+ char *dest_name = opts.dest_name;
#ifndef USE_PKCS7
const unsigned int use_keyid = opts.use_keyid;
#endif
- if (argc < 4 || argc > 5)
+ if (!argv[0] || argc != 1)
format();
- if (raw_sig) {
- raw_sig_name = argv[0];
- hash_algo = argv[1];
- } else {
- hash_algo = argv[0];
- private_key_name = argv[1];
- }
- x509_name = argv[2];
- module_name = argv[3];
- if (argc == 5 && strcmp(argv[3], argv[4]) != 0) {
- dest_name = argv[4];
+ if (dest_name && strcmp(argv[0], dest_name)) {
replace_orig = false;
} else {
ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0,
- "asprintf");
+ "asprintf");
replace_orig = true;
}
--
2.41.0On Fri, Jun 23, 2023 at 11:54 PM Shreenidhi Shedi <yesshedi@gmail.com> wrote:
>
> - Add some more options like help, x509, hashalgo to command line args
> - This makes it easy to handle and use command line args wherever needed
>
> Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
> ---
> scripts/sign-file.c | 63 ++++++++++++++++++++++++++++++++-------------
> 1 file changed, 45 insertions(+), 18 deletions(-)
>
> diff --git a/scripts/sign-file.c b/scripts/sign-file.c
> index 94228865b6cc..b0f340ea629b 100644
> --- a/scripts/sign-file.c
> +++ b/scripts/sign-file.c
> @@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name)
>
> struct cmd_opts {
> char *raw_sig_name;
> + char *hash_algo;
> + char *dest_name;
> + char *private_key_name;
> + char *x509_name;
> + char *module_name;
> bool save_sig;
> bool replace_orig;
> bool raw_sig;
> @@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> #ifndef USE_PKCS7
> {"usekeyid", no_argument, 0, 'k'},
> #endif
> + {"help", no_argument, 0, 'h'},
> + {"privkey", required_argument, 0, 'i'},
> + {"hashalgo", required_argument, 0, 'a'},
> + {"x509", required_argument, 0, 'x'},
> + {"dest", required_argument, 0, 'd'},
> + {"replaceorig", required_argument, 0, 'r'},
> {0, 0, 0, 0}
> };
>
> @@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
>
> do {
> #ifndef USE_PKCS7
> - opt = getopt_long_only(argc, argv, "pds:",
> + opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:",
> cmd_options, &opt_index);
> #else
> - opt = getopt_long_only(argc, argv, "pdks:",
> + opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:",
> cmd_options, &opt_index);
> #endif
> switch (opt) {
> @@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> break;
> #endif
>
> + case 'h':
> + format();
> + break;
> +
> + case 'i':
> + opts->private_key_name = optarg;
> + break;
> +
> + case 'a':
> + opts->hash_algo = optarg;
> + break;
> +
> + case 'x':
> + opts->x509_name = optarg;
> + break;
> +
> + case 't':
> + opts->dest_name = optarg;
> + break;
> +
> + case 'r':
> + opts->replace_orig = true;
> + break;
> +
> case -1:
> break;
>
> @@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
> int main(int argc, char **argv)
> {
> struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
> - char *hash_algo = NULL;
> - char *private_key_name = NULL;
> - char *x509_name, *module_name, *dest_name;
> unsigned char buf[4096];
> unsigned long module_size, sig_size;
> unsigned int use_signed_attrs;
> @@ -315,32 +347,27 @@ int main(int argc, char **argv)
> argv += optind;
>
> const char *raw_sig_name = opts.raw_sig_name;
> + const char *hash_algo = opts.hash_algo;
> + const char *private_key_name = opts.private_key_name;
> + const char *x509_name = opts.x509_name;
> + const char *module_name = opts.module_name;
> const bool save_sig = opts.save_sig;
> const bool raw_sig = opts.raw_sig;
> const bool sign_only = opts.sign_only;
> bool replace_orig = opts.replace_orig;
> + char *dest_name = opts.dest_name;
> #ifndef USE_PKCS7
> const unsigned int use_keyid = opts.use_keyid;
> #endif
>
> - if (argc < 4 || argc > 5)
> + if (!argv[0] || argc != 1)
> format();
You are breaking the bisect'ability.
You are turning the positional parameters into options
but not adjusting scripts/Makefile.modinst in the same commit.
masahiro@oscar:~/ref/linux((HEAD detached at 41cb7c94595d))$ make
INSTALL_MOD_PATH=/tmp/modules modules_install
INSTALL /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko
SIGN /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko
Usage: scripts/sign-file [OPTIONS]... [MODULE]...
Available options:
-h, --help Print this help message and exit
Optional args:
-s, --rawsig <sig> Raw signature
-p, --savesig Save signature
-d, --signonly Sign only
-k, --usekeyid Use key ID
-b, --bulksign Sign modules in bulk
-r, --replaceorig Replace original
-t, --dest <dest> Destination path (Exclusive with bulk option)
Mandatory args:
-i, --privkey <key> Private key
-a, --hashalgo <alg> Hash algorithm
-x, --x509 <x509> X509
Examples:
Regular signing:
scripts/sign-file -a sha512 -i certs/signing_key.pem -x
certs/signing_key.x509 <module>
Signing with destination path:
scripts/sign-file -a sha512 -i certs/signing_key.pem -x
certs/signing_key.x509 <module> -t <path>
Signing modules in bulk:
scripts/sign-file -a sha512 -i certs/signing_key.pem -x
certs/signing_key.x509 -b <module1> <module2> ...
make[2]: *** [scripts/Makefile.modinst:87:
/tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko]
Error 2
make[2]: *** Deleting file
'/tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko'
make[1]: *** [/home/masahiro/ref/linux/Makefile:1964: modules_install] Error 2
make: *** [Makefile:234: __sub-make] Error 2
--
Best Regards
Masahiro Yamada
On 07/08/23 08:05, Masahiro Yamada wrote:
> On Fri, Jun 23, 2023 at 11:54 PM Shreenidhi Shedi <yesshedi@gmail.com> wrote:
>>
>> - Add some more options like help, x509, hashalgo to command line args
>> - This makes it easy to handle and use command line args wherever needed
>>
>> Signed-off-by: Shreenidhi Shedi <yesshedi@gmail.com>
>> ---
>> scripts/sign-file.c | 63 ++++++++++++++++++++++++++++++++-------------
>> 1 file changed, 45 insertions(+), 18 deletions(-)
>>
>> diff --git a/scripts/sign-file.c b/scripts/sign-file.c
>> index 94228865b6cc..b0f340ea629b 100644
>> --- a/scripts/sign-file.c
>> +++ b/scripts/sign-file.c
>> @@ -215,6 +215,11 @@ static X509 *read_x509(const char *x509_name)
>>
>> struct cmd_opts {
>> char *raw_sig_name;
>> + char *hash_algo;
>> + char *dest_name;
>> + char *private_key_name;
>> + char *x509_name;
>> + char *module_name;
>> bool save_sig;
>> bool replace_orig;
>> bool raw_sig;
>> @@ -233,6 +238,12 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
>> #ifndef USE_PKCS7
>> {"usekeyid", no_argument, 0, 'k'},
>> #endif
>> + {"help", no_argument, 0, 'h'},
>> + {"privkey", required_argument, 0, 'i'},
>> + {"hashalgo", required_argument, 0, 'a'},
>> + {"x509", required_argument, 0, 'x'},
>> + {"dest", required_argument, 0, 'd'},
>> + {"replaceorig", required_argument, 0, 'r'},
>> {0, 0, 0, 0}
>> };
>>
>> @@ -241,10 +252,10 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
>>
>> do {
>> #ifndef USE_PKCS7
>> - opt = getopt_long_only(argc, argv, "pds:",
>> + opt = getopt_long_only(argc, argv, "hpds:i:a:x:t:r:",
>> cmd_options, &opt_index);
>> #else
>> - opt = getopt_long_only(argc, argv, "pdks:",
>> + opt = getopt_long_only(argc, argv, "hpdks:i:a:x:t:r:",
>> cmd_options, &opt_index);
>> #endif
>> switch (opt) {
>> @@ -268,6 +279,30 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
>> break;
>> #endif
>>
>> + case 'h':
>> + format();
>> + break;
>> +
>> + case 'i':
>> + opts->private_key_name = optarg;
>> + break;
>> +
>> + case 'a':
>> + opts->hash_algo = optarg;
>> + break;
>> +
>> + case 'x':
>> + opts->x509_name = optarg;
>> + break;
>> +
>> + case 't':
>> + opts->dest_name = optarg;
>> + break;
>> +
>> + case 'r':
>> + opts->replace_orig = true;
>> + break;
>> +
>> case -1:
>> break;
>>
>> @@ -281,9 +316,6 @@ static void parse_args(int argc, char **argv, struct cmd_opts *opts)
>> int main(int argc, char **argv)
>> {
>> struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
>> - char *hash_algo = NULL;
>> - char *private_key_name = NULL;
>> - char *x509_name, *module_name, *dest_name;
>> unsigned char buf[4096];
>> unsigned long module_size, sig_size;
>> unsigned int use_signed_attrs;
>> @@ -315,32 +347,27 @@ int main(int argc, char **argv)
>> argv += optind;
>>
>> const char *raw_sig_name = opts.raw_sig_name;
>> + const char *hash_algo = opts.hash_algo;
>> + const char *private_key_name = opts.private_key_name;
>> + const char *x509_name = opts.x509_name;
>> + const char *module_name = opts.module_name;
>> const bool save_sig = opts.save_sig;
>> const bool raw_sig = opts.raw_sig;
>> const bool sign_only = opts.sign_only;
>> bool replace_orig = opts.replace_orig;
>> + char *dest_name = opts.dest_name;
>> #ifndef USE_PKCS7
>> const unsigned int use_keyid = opts.use_keyid;
>> #endif
>>
>> - if (argc < 4 || argc > 5)
>> + if (!argv[0] || argc != 1)
>> format();
>
>
>
> You are breaking the bisect'ability.
>
> You are turning the positional parameters into options
> but not adjusting scripts/Makefile.modinst in the same commit.
>
>
>
>
>
> masahiro@oscar:~/ref/linux((HEAD detached at 41cb7c94595d))$ make
> INSTALL_MOD_PATH=/tmp/modules modules_install
> INSTALL /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko
> SIGN /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko
> Usage: scripts/sign-file [OPTIONS]... [MODULE]...
> Available options:
> -h, --help Print this help message and exit
>
> Optional args:
> -s, --rawsig <sig> Raw signature
> -p, --savesig Save signature
> -d, --signonly Sign only
> -k, --usekeyid Use key ID
> -b, --bulksign Sign modules in bulk
> -r, --replaceorig Replace original
> -t, --dest <dest> Destination path (Exclusive with bulk option)
>
> Mandatory args:
> -i, --privkey <key> Private key
> -a, --hashalgo <alg> Hash algorithm
> -x, --x509 <x509> X509
>
> Examples:
>
> Regular signing:
> scripts/sign-file -a sha512 -i certs/signing_key.pem -x
> certs/signing_key.x509 <module>
>
> Signing with destination path:
> scripts/sign-file -a sha512 -i certs/signing_key.pem -x
> certs/signing_key.x509 <module> -t <path>
>
> Signing modules in bulk:
> scripts/sign-file -a sha512 -i certs/signing_key.pem -x
> certs/signing_key.x509 -b <module1> <module2> ...
> make[2]: *** [scripts/Makefile.modinst:87:
> /tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko]
> Error 2
> make[2]: *** Deleting file
> '/tmp/modules/lib/modules/6.5.0-rc4+/kernel/arch/x86/events/amd/power.ko'
> make[1]: *** [/home/masahiro/ref/linux/Makefile:1964: modules_install] Error 2
> make: *** [Makefile:234: __sub-make] Error 2
>
>
>
>
>
>
>
>
>
>
> --
> Best Regards
> Masahiro Yamada
Hi Masahiro Yamada,
Thanks for the review. I will fix this. It's hard to keep the commits
small and not breaking the bisect during code refactoring. In this case
it's not a problem. Thanks for this input.
--
Shedi
© 2016 - 2026 Red Hat, Inc.