ericonr
/
sbctl
mirror of https://github.com/ericonr/sbctl.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove last of the log.* stuff 

Signed-off-by: Morten Linderud <morten@linderud.pw>
This commit is contained in:
Morten Linderud 2021-05-20 01:08:45 +02:00
parent 6b0242c953
commit 57a1c93eb9
No known key found for this signature in database
GPG Key ID: E742683BA08CB2FF
8 changed files with 57 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bundles.go
View File

@ -4,10 +4,11 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"log"
"os" "os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"github.com/foxboron/sbctl/logging"
) )
type Bundle struct { type Bundle struct {
@ -37,15 +38,16 @@ func ReadBundleDatabase(dbpath string) (Bundles, error) {
return bundles, nil return bundles, nil
} }
func WriteBundleDatabase(dbpath string, bundles Bundles) { func WriteBundleDatabase(dbpath string, bundles Bundles) error {
data, err := json.MarshalIndent(bundles, "", " ") data, err := json.MarshalIndent(bundles, "", " ")
if err != nil { if err != nil {
log.Fatal(err) return err
} }
err = os.WriteFile(dbpath, data, 0644) err = os.WriteFile(dbpath, data, 0644)
if err != nil { if err != nil {
log.Fatal(err) return err
} }
return nil
} }
func BundleIter(fn func(s *Bundle) error) error { func BundleIter(fn func(s *Bundle) error) error {
@ -120,5 +122,6 @@ func GenerateBundle(bundle *Bundle) (bool, error) {
return exitError.ExitCode() == 0, nil return exitError.ExitCode() == 0, nil
} }
} }
logging.Print("Wrote EFI bundle %s\n", bundle.Output)
return true, nil return true, nil
} }

5
cmd/sbctl/bundle.go
View File

@ -71,7 +71,10 @@ var bundleCmd = &cobra.Command{
logging.Print("Wrote EFI bundle %s\n", bundle.Output) logging.Print("Wrote EFI bundle %s\n", bundle.Output)
if saveBundle { if saveBundle {
bundles[bundle.Output] = bundle bundles[bundle.Output] = bundle
sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles) err := sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
if err != nil {
return err
}
} }
return nil return nil
}, },

5
cmd/sbctl/remove-bundle.go
View File

@ -26,7 +26,10 @@ var removeBundleCmd = &cobra.Command{
os.Exit(1) os.Exit(1)
} }
delete(bundles, args[0]) delete(bundles, args[0])
sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles) err = sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
if err != nil {
return err
}
return nil return nil
}, },
} }

5
cmd/sbctl/sign-all.go
View File

@ -39,7 +39,10 @@ var signAllCmd = &cobra.Command{
} }
// Update checksum after we signed it // Update checksum after we signed it
checksum := sbctl.ChecksumFile(entry.File) checksum, err := sbctl.ChecksumFile(entry.File)
if err != nil {
return err
}
entry.Checksum = checksum entry.Checksum = checksum
files[entry.File] = entry files[entry.File] = entry
if err := sbctl.WriteFileDatabase(sbctl.DBPath, files); err != nil { if err := sbctl.WriteFileDatabase(sbctl.DBPath, files); err != nil {

6
guid.go
View File

@ -2,7 +2,6 @@ package sbctl
import ( import (
"io/ioutil" "io/ioutil"
"log"
"os" "os"
"path/filepath" "path/filepath"
@ -10,10 +9,7 @@ import (
) )
func CreateUUID() []byte { func CreateUUID() []byte {
id, err := uuid.NewRandom() id, _ := uuid.NewRandom()
if err != nil {
log.Fatal(err)
}
return []byte(id.String()) return []byte(id.String())
} }

46
keys.go
View File

@ -9,7 +9,6 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"log"
"math/big" "math/big"
"os" "os"
"os/exec" "os/exec"
@ -46,12 +45,9 @@ func CanVerifyFiles() error {
return nil return nil
} }
func CreateKey(path, name string) []byte { func CreateKey(path, name string) ([]byte, error) {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("Failed to generate serial number: %v", err)
}
c := x509.Certificate{ c := x509.Certificate{
SerialNumber: serialNumber, SerialNumber: serialNumber,
PublicKeyAlgorithm: x509.RSA, PublicKeyAlgorithm: x509.RSA,
@ -66,45 +62,45 @@ func CreateKey(path, name string) []byte {
} }
priv, err := rsa.GenerateKey(rand.Reader, RSAKeySize) priv, err := rsa.GenerateKey(rand.Reader, RSAKeySize)
if err != nil { if err != nil {
log.Fatal(err) return nil, err
} }
derBytes, err := x509.CreateCertificate(rand.Reader, &c, &c, &priv.PublicKey, priv) derBytes, err := x509.CreateCertificate(rand.Reader, &c, &c, &priv.PublicKey, priv)
if err != nil { if err != nil {
log.Fatalf("Failed to create certificate: %v", err) return nil, err
} }
keyOut, err := os.OpenFile(fmt.Sprintf("%s.key", path), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) keyOut, err := os.OpenFile(fmt.Sprintf("%s.key", path), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil { if err != nil {
log.Fatalf("Failed to open key.pem for writing: %v", err) return nil, fmt.Errorf("Failed to open key.pem for writing: %v", err)
} }
privBytes, err := x509.MarshalPKCS8PrivateKey(priv) privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
if err != nil { if err != nil {
log.Fatalf("Unable to marshal private key: %v", err) return nil, fmt.Errorf("Unable to marshal private key: %v", err)
} }
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
log.Fatalf("Failed to write data to key.pem: %v", err) return nil, fmt.Errorf("Failed to write data to key.pem: %v", err)
} }
if err := keyOut.Close(); err != nil { if err := keyOut.Close(); err != nil {
log.Fatalf("Error closing key.pem: %v", err) return nil, fmt.Errorf("Error closing key.pem: %v", err)
} }
return derBytes return derBytes, nil
} }
func SaveKey(k []byte, path string) { func SaveKey(k []byte, path string) error {
err := os.WriteFile(fmt.Sprintf("%s.der", path), k, 0644) err := os.WriteFile(fmt.Sprintf("%s.der", path), k, 0644)
if err != nil { if err != nil {
log.Fatal(err) return err
} }
certOut, err := os.Create(fmt.Sprintf("%s.pem", path)) certOut, err := os.Create(fmt.Sprintf("%s.pem", path))
if err != nil { if err != nil {
log.Fatalf("Failed to open cert.pem for writing: %v", err) return err
} }
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: k}); err != nil { if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: k}); err != nil {
log.Fatalf("Failed to write data to cert.pem: %v", err) return err
} }
if err := certOut.Close(); err != nil { if err := certOut.Close(); err != nil {
log.Fatalf("Error closing cert.pem: %v", err) return err
} }
return nil
} }
func KeyToSiglist(UUID []byte, input string) error { func KeyToSiglist(UUID []byte, input string) error {
@ -180,8 +176,11 @@ func SignFile(key, cert, file, output, checksum string) error {
if err != nil { if err != nil {
return err return err
} }
chk, err := ChecksumFile(file)
if ok && ChecksumFile(file) == checksum { if err != nil {
return err
}
if ok && chk == checksum {
return ErrAlreadySigned return ErrAlreadySigned
} }
@ -248,7 +247,10 @@ func InitializeSecureBootKeys(output string) error {
path := filepath.Join(output, "keys", key.Key) path := filepath.Join(output, "keys", key.Key)
os.MkdirAll(path, os.ModePerm) os.MkdirAll(path, os.ModePerm)
keyPath := filepath.Join(path, key.Key) keyPath := filepath.Join(path, key.Key)
pk := CreateKey(keyPath, key.Description) pk, err := CreateKey(keyPath, key.Description)
if err != nil {
return err
}
SaveKey(pk, keyPath) SaveKey(pk, keyPath)
derSiglist := fmt.Sprintf("%s.der", keyPath) derSiglist := fmt.Sprintf("%s.der", keyPath)
if err := KeyToSiglist(uuid, derSiglist); err != nil { if err := KeyToSiglist(uuid, derSiglist); err != nil {

14
sbctl.go
View File

@ -88,7 +88,7 @@ func GetESP() string {
func Sign(file, output string, enroll bool) error { func Sign(file, output string, enroll bool) error {
file, err := filepath.Abs(file) file, err := filepath.Abs(file)
if err != nil { if err != nil {
log.Fatal(err) return err
} }
if output == "" { if output == "" {
@ -96,7 +96,7 @@ func Sign(file, output string, enroll bool) error {
} else { } else {
output, err = filepath.Abs(output) output, err = filepath.Abs(output)
if err != nil { if err != nil {
log.Fatal(err) return err
} }
} }
@ -112,7 +112,10 @@ func Sign(file, output string, enroll bool) error {
if err != nil { if err != nil {
return err return err
} }
checksum := ChecksumFile(file) checksum, err := ChecksumFile(file)
if err != nil {
return err
}
entry.Checksum = checksum entry.Checksum = checksum
files[file] = entry files[file] = entry
if err := WriteFileDatabase(DBPath, files); err != nil { if err := WriteFileDatabase(DBPath, files); err != nil {
@ -127,7 +130,10 @@ func Sign(file, output string, enroll bool) error {
} }
if enroll { if enroll {
checksum := ChecksumFile(file) checksum, err := ChecksumFile(file)
if err != nil {
return err
}
files[file] = &SigningEntry{File: file, OutputFile: output, Checksum: checksum} files[file] = &SigningEntry{File: file, OutputFile: output, Checksum: checksum}
if err := WriteFileDatabase(DBPath, files); err != nil { if err := WriteFileDatabase(DBPath, files); err != nil {
return err return err

7
util.go
View File

@ -6,21 +6,20 @@ import (
"encoding/hex" "encoding/hex"
"errors" "errors"
"io" "io"
"log"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
) )
func ChecksumFile(file string) string { func ChecksumFile(file string) (string, error) {
hasher := sha256.New() hasher := sha256.New()
s, err := os.ReadFile(file) s, err := os.ReadFile(file)
if err != nil { if err != nil {
log.Fatal(err) return "", err
} }
hasher.Write(s) hasher.Write(s)
return hex.EncodeToString(hasher.Sum(nil)) return hex.EncodeToString(hasher.Sum(nil)), nil
} }
func ReadOrCreateFile(filePath string) ([]byte, error) { func ReadOrCreateFile(filePath string) ([]byte, error) {