From 57a1c93eb9ace664bab050e1389f1a87b4717c8a Mon Sep 17 00:00:00 2001 From: Morten Linderud Date: Thu, 20 May 2021 01:08:45 +0200 Subject: [PATCH] Remove last of the log.* stuff Signed-off-by: Morten Linderud --- bundles.go | 11 +++++---- cmd/sbctl/bundle.go | 5 ++++- cmd/sbctl/remove-bundle.go | 5 ++++- cmd/sbctl/sign-all.go | 5 ++++- guid.go | 6 +---- keys.go | 46 ++++++++++++++++++++------------------ sbctl.go | 14 ++++++++---- util.go | 7 +++--- 8 files changed, 57 insertions(+), 42 deletions(-) diff --git a/bundles.go b/bundles.go index 1cc0214..f7157c9 100644 --- a/bundles.go +++ b/bundles.go @@ -4,10 +4,11 @@ import ( "encoding/json" "errors" "fmt" - "log" "os" "os/exec" "path/filepath" + + "github.com/foxboron/sbctl/logging" ) type Bundle struct { @@ -37,15 +38,16 @@ func ReadBundleDatabase(dbpath string) (Bundles, error) { return bundles, nil } -func WriteBundleDatabase(dbpath string, bundles Bundles) { +func WriteBundleDatabase(dbpath string, bundles Bundles) error { data, err := json.MarshalIndent(bundles, "", " ") if err != nil { - log.Fatal(err) + return err } err = os.WriteFile(dbpath, data, 0644) if err != nil { - log.Fatal(err) + return err } + return nil } func BundleIter(fn func(s *Bundle) error) error { @@ -120,5 +122,6 @@ func GenerateBundle(bundle *Bundle) (bool, error) { return exitError.ExitCode() == 0, nil } } + logging.Print("Wrote EFI bundle %s\n", bundle.Output) return true, nil } diff --git a/cmd/sbctl/bundle.go b/cmd/sbctl/bundle.go index 5daa9da..b509fc8 100644 --- a/cmd/sbctl/bundle.go +++ b/cmd/sbctl/bundle.go @@ -71,7 +71,10 @@ var bundleCmd = &cobra.Command{ logging.Print("Wrote EFI bundle %s\n", bundle.Output) if saveBundle { bundles[bundle.Output] = bundle - sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles) + err := sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles) + if err != nil { + return err + } } return nil }, diff --git a/cmd/sbctl/remove-bundle.go b/cmd/sbctl/remove-bundle.go index 9358f92..1977f31 100644 --- a/cmd/sbctl/remove-bundle.go +++ b/cmd/sbctl/remove-bundle.go @@ -26,7 +26,10 @@ var removeBundleCmd = &cobra.Command{ os.Exit(1) } delete(bundles, args[0]) - sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles) + err = sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles) + if err != nil { + return err + } return nil }, } diff --git a/cmd/sbctl/sign-all.go b/cmd/sbctl/sign-all.go index 0af7ba2..18297c0 100644 --- a/cmd/sbctl/sign-all.go +++ b/cmd/sbctl/sign-all.go @@ -39,7 +39,10 @@ var signAllCmd = &cobra.Command{ } // Update checksum after we signed it - checksum := sbctl.ChecksumFile(entry.File) + checksum, err := sbctl.ChecksumFile(entry.File) + if err != nil { + return err + } entry.Checksum = checksum files[entry.File] = entry if err := sbctl.WriteFileDatabase(sbctl.DBPath, files); err != nil { diff --git a/guid.go b/guid.go index 0a25b1d..a8ab9c3 100644 --- a/guid.go +++ b/guid.go @@ -2,7 +2,6 @@ package sbctl import ( "io/ioutil" - "log" "os" "path/filepath" @@ -10,10 +9,7 @@ import ( ) func CreateUUID() []byte { - id, err := uuid.NewRandom() - if err != nil { - log.Fatal(err) - } + id, _ := uuid.NewRandom() return []byte(id.String()) } diff --git a/keys.go b/keys.go index b5e2bee..e6174b3 100644 --- a/keys.go +++ b/keys.go @@ -9,7 +9,6 @@ import ( "encoding/pem" "errors" "fmt" - "log" "math/big" "os" "os/exec" @@ -46,12 +45,9 @@ func CanVerifyFiles() error { return nil } -func CreateKey(path, name string) []byte { +func CreateKey(path, name string) ([]byte, error) { serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - log.Fatalf("Failed to generate serial number: %v", err) - } + serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit) c := x509.Certificate{ SerialNumber: serialNumber, PublicKeyAlgorithm: x509.RSA, @@ -66,45 +62,45 @@ func CreateKey(path, name string) []byte { } priv, err := rsa.GenerateKey(rand.Reader, RSAKeySize) if err != nil { - log.Fatal(err) + return nil, err } derBytes, err := x509.CreateCertificate(rand.Reader, &c, &c, &priv.PublicKey, priv) if err != nil { - log.Fatalf("Failed to create certificate: %v", err) + return nil, err } keyOut, err := os.OpenFile(fmt.Sprintf("%s.key", path), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { - log.Fatalf("Failed to open key.pem for writing: %v", err) + return nil, fmt.Errorf("Failed to open key.pem for writing: %v", err) } privBytes, err := x509.MarshalPKCS8PrivateKey(priv) if err != nil { - log.Fatalf("Unable to marshal private key: %v", err) + return nil, fmt.Errorf("Unable to marshal private key: %v", err) } if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { - log.Fatalf("Failed to write data to key.pem: %v", err) + return nil, fmt.Errorf("Failed to write data to key.pem: %v", err) } if err := keyOut.Close(); err != nil { - log.Fatalf("Error closing key.pem: %v", err) + return nil, fmt.Errorf("Error closing key.pem: %v", err) } - return derBytes + return derBytes, nil } -func SaveKey(k []byte, path string) { +func SaveKey(k []byte, path string) error { err := os.WriteFile(fmt.Sprintf("%s.der", path), k, 0644) if err != nil { - log.Fatal(err) + return err } certOut, err := os.Create(fmt.Sprintf("%s.pem", path)) if err != nil { - log.Fatalf("Failed to open cert.pem for writing: %v", err) + return err } if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: k}); err != nil { - log.Fatalf("Failed to write data to cert.pem: %v", err) + return err } if err := certOut.Close(); err != nil { - log.Fatalf("Error closing cert.pem: %v", err) + return err } - + return nil } func KeyToSiglist(UUID []byte, input string) error { @@ -180,8 +176,11 @@ func SignFile(key, cert, file, output, checksum string) error { if err != nil { return err } - - if ok && ChecksumFile(file) == checksum { + chk, err := ChecksumFile(file) + if err != nil { + return err + } + if ok && chk == checksum { return ErrAlreadySigned } @@ -248,7 +247,10 @@ func InitializeSecureBootKeys(output string) error { path := filepath.Join(output, "keys", key.Key) os.MkdirAll(path, os.ModePerm) keyPath := filepath.Join(path, key.Key) - pk := CreateKey(keyPath, key.Description) + pk, err := CreateKey(keyPath, key.Description) + if err != nil { + return err + } SaveKey(pk, keyPath) derSiglist := fmt.Sprintf("%s.der", keyPath) if err := KeyToSiglist(uuid, derSiglist); err != nil { diff --git a/sbctl.go b/sbctl.go index 69e98ed..070ca45 100644 --- a/sbctl.go +++ b/sbctl.go @@ -88,7 +88,7 @@ func GetESP() string { func Sign(file, output string, enroll bool) error { file, err := filepath.Abs(file) if err != nil { - log.Fatal(err) + return err } if output == "" { @@ -96,7 +96,7 @@ func Sign(file, output string, enroll bool) error { } else { output, err = filepath.Abs(output) if err != nil { - log.Fatal(err) + return err } } @@ -112,7 +112,10 @@ func Sign(file, output string, enroll bool) error { if err != nil { return err } - checksum := ChecksumFile(file) + checksum, err := ChecksumFile(file) + if err != nil { + return err + } entry.Checksum = checksum files[file] = entry if err := WriteFileDatabase(DBPath, files); err != nil { @@ -127,7 +130,10 @@ func Sign(file, output string, enroll bool) error { } if enroll { - checksum := ChecksumFile(file) + checksum, err := ChecksumFile(file) + if err != nil { + return err + } files[file] = &SigningEntry{File: file, OutputFile: output, Checksum: checksum} if err := WriteFileDatabase(DBPath, files); err != nil { return err diff --git a/util.go b/util.go index 03033d1..ebc77a0 100644 --- a/util.go +++ b/util.go @@ -6,21 +6,20 @@ import ( "encoding/hex" "errors" "io" - "log" "os" "path/filepath" "strings" ) -func ChecksumFile(file string) string { +func ChecksumFile(file string) (string, error) { hasher := sha256.New() s, err := os.ReadFile(file) if err != nil { - log.Fatal(err) + return "", err } hasher.Write(s) - return hex.EncodeToString(hasher.Sum(nil)) + return hex.EncodeToString(hasher.Sum(nil)), nil } func ReadOrCreateFile(filePath string) ([]byte, error) {