mirror of https://github.com/ericonr/sbctl.git
Remove last of the log.* stuff
Signed-off-by: Morten Linderud <morten@linderud.pw>
This commit is contained in:
parent
6b0242c953
commit
57a1c93eb9
11
bundles.go
11
bundles.go
|
@ -4,10 +4,11 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
|
"github.com/foxboron/sbctl/logging"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Bundle struct {
|
type Bundle struct {
|
||||||
|
@ -37,15 +38,16 @@ func ReadBundleDatabase(dbpath string) (Bundles, error) {
|
||||||
return bundles, nil
|
return bundles, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func WriteBundleDatabase(dbpath string, bundles Bundles) {
|
func WriteBundleDatabase(dbpath string, bundles Bundles) error {
|
||||||
data, err := json.MarshalIndent(bundles, "", " ")
|
data, err := json.MarshalIndent(bundles, "", " ")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
}
|
||||||
err = os.WriteFile(dbpath, data, 0644)
|
err = os.WriteFile(dbpath, data, 0644)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func BundleIter(fn func(s *Bundle) error) error {
|
func BundleIter(fn func(s *Bundle) error) error {
|
||||||
|
@ -120,5 +122,6 @@ func GenerateBundle(bundle *Bundle) (bool, error) {
|
||||||
return exitError.ExitCode() == 0, nil
|
return exitError.ExitCode() == 0, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
logging.Print("Wrote EFI bundle %s\n", bundle.Output)
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,7 +71,10 @@ var bundleCmd = &cobra.Command{
|
||||||
logging.Print("Wrote EFI bundle %s\n", bundle.Output)
|
logging.Print("Wrote EFI bundle %s\n", bundle.Output)
|
||||||
if saveBundle {
|
if saveBundle {
|
||||||
bundles[bundle.Output] = bundle
|
bundles[bundle.Output] = bundle
|
||||||
sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
|
err := sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
|
|
|
@ -26,7 +26,10 @@ var removeBundleCmd = &cobra.Command{
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
delete(bundles, args[0])
|
delete(bundles, args[0])
|
||||||
sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
|
err = sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,10 @@ var signAllCmd = &cobra.Command{
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update checksum after we signed it
|
// Update checksum after we signed it
|
||||||
checksum := sbctl.ChecksumFile(entry.File)
|
checksum, err := sbctl.ChecksumFile(entry.File)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
entry.Checksum = checksum
|
entry.Checksum = checksum
|
||||||
files[entry.File] = entry
|
files[entry.File] = entry
|
||||||
if err := sbctl.WriteFileDatabase(sbctl.DBPath, files); err != nil {
|
if err := sbctl.WriteFileDatabase(sbctl.DBPath, files); err != nil {
|
||||||
|
|
6
guid.go
6
guid.go
|
@ -2,7 +2,6 @@ package sbctl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
|
@ -10,10 +9,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func CreateUUID() []byte {
|
func CreateUUID() []byte {
|
||||||
id, err := uuid.NewRandom()
|
id, _ := uuid.NewRandom()
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
return []byte(id.String())
|
return []byte(id.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
46
keys.go
46
keys.go
|
@ -9,7 +9,6 @@ import (
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
@ -46,12 +45,9 @@ func CanVerifyFiles() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func CreateKey(path, name string) []byte {
|
func CreateKey(path, name string) ([]byte, error) {
|
||||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
||||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to generate serial number: %v", err)
|
|
||||||
}
|
|
||||||
c := x509.Certificate{
|
c := x509.Certificate{
|
||||||
SerialNumber: serialNumber,
|
SerialNumber: serialNumber,
|
||||||
PublicKeyAlgorithm: x509.RSA,
|
PublicKeyAlgorithm: x509.RSA,
|
||||||
|
@ -66,45 +62,45 @@ func CreateKey(path, name string) []byte {
|
||||||
}
|
}
|
||||||
priv, err := rsa.GenerateKey(rand.Reader, RSAKeySize)
|
priv, err := rsa.GenerateKey(rand.Reader, RSAKeySize)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return nil, err
|
||||||
}
|
}
|
||||||
derBytes, err := x509.CreateCertificate(rand.Reader, &c, &c, &priv.PublicKey, priv)
|
derBytes, err := x509.CreateCertificate(rand.Reader, &c, &c, &priv.PublicKey, priv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Failed to create certificate: %v", err)
|
return nil, err
|
||||||
}
|
}
|
||||||
keyOut, err := os.OpenFile(fmt.Sprintf("%s.key", path), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
keyOut, err := os.OpenFile(fmt.Sprintf("%s.key", path), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Failed to open key.pem for writing: %v", err)
|
return nil, fmt.Errorf("Failed to open key.pem for writing: %v", err)
|
||||||
}
|
}
|
||||||
privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
|
privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Unable to marshal private key: %v", err)
|
return nil, fmt.Errorf("Unable to marshal private key: %v", err)
|
||||||
}
|
}
|
||||||
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
|
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
|
||||||
log.Fatalf("Failed to write data to key.pem: %v", err)
|
return nil, fmt.Errorf("Failed to write data to key.pem: %v", err)
|
||||||
}
|
}
|
||||||
if err := keyOut.Close(); err != nil {
|
if err := keyOut.Close(); err != nil {
|
||||||
log.Fatalf("Error closing key.pem: %v", err)
|
return nil, fmt.Errorf("Error closing key.pem: %v", err)
|
||||||
}
|
}
|
||||||
return derBytes
|
return derBytes, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func SaveKey(k []byte, path string) {
|
func SaveKey(k []byte, path string) error {
|
||||||
err := os.WriteFile(fmt.Sprintf("%s.der", path), k, 0644)
|
err := os.WriteFile(fmt.Sprintf("%s.der", path), k, 0644)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
}
|
||||||
certOut, err := os.Create(fmt.Sprintf("%s.pem", path))
|
certOut, err := os.Create(fmt.Sprintf("%s.pem", path))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Failed to open cert.pem for writing: %v", err)
|
return err
|
||||||
}
|
}
|
||||||
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: k}); err != nil {
|
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: k}); err != nil {
|
||||||
log.Fatalf("Failed to write data to cert.pem: %v", err)
|
return err
|
||||||
}
|
}
|
||||||
if err := certOut.Close(); err != nil {
|
if err := certOut.Close(); err != nil {
|
||||||
log.Fatalf("Error closing cert.pem: %v", err)
|
return err
|
||||||
}
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func KeyToSiglist(UUID []byte, input string) error {
|
func KeyToSiglist(UUID []byte, input string) error {
|
||||||
|
@ -180,8 +176,11 @@ func SignFile(key, cert, file, output, checksum string) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
chk, err := ChecksumFile(file)
|
||||||
if ok && ChecksumFile(file) == checksum {
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if ok && chk == checksum {
|
||||||
return ErrAlreadySigned
|
return ErrAlreadySigned
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -248,7 +247,10 @@ func InitializeSecureBootKeys(output string) error {
|
||||||
path := filepath.Join(output, "keys", key.Key)
|
path := filepath.Join(output, "keys", key.Key)
|
||||||
os.MkdirAll(path, os.ModePerm)
|
os.MkdirAll(path, os.ModePerm)
|
||||||
keyPath := filepath.Join(path, key.Key)
|
keyPath := filepath.Join(path, key.Key)
|
||||||
pk := CreateKey(keyPath, key.Description)
|
pk, err := CreateKey(keyPath, key.Description)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
SaveKey(pk, keyPath)
|
SaveKey(pk, keyPath)
|
||||||
derSiglist := fmt.Sprintf("%s.der", keyPath)
|
derSiglist := fmt.Sprintf("%s.der", keyPath)
|
||||||
if err := KeyToSiglist(uuid, derSiglist); err != nil {
|
if err := KeyToSiglist(uuid, derSiglist); err != nil {
|
||||||
|
|
14
sbctl.go
14
sbctl.go
|
@ -88,7 +88,7 @@ func GetESP() string {
|
||||||
func Sign(file, output string, enroll bool) error {
|
func Sign(file, output string, enroll bool) error {
|
||||||
file, err := filepath.Abs(file)
|
file, err := filepath.Abs(file)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if output == "" {
|
if output == "" {
|
||||||
|
@ -96,7 +96,7 @@ func Sign(file, output string, enroll bool) error {
|
||||||
} else {
|
} else {
|
||||||
output, err = filepath.Abs(output)
|
output, err = filepath.Abs(output)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -112,7 +112,10 @@ func Sign(file, output string, enroll bool) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
checksum := ChecksumFile(file)
|
checksum, err := ChecksumFile(file)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
entry.Checksum = checksum
|
entry.Checksum = checksum
|
||||||
files[file] = entry
|
files[file] = entry
|
||||||
if err := WriteFileDatabase(DBPath, files); err != nil {
|
if err := WriteFileDatabase(DBPath, files); err != nil {
|
||||||
|
@ -127,7 +130,10 @@ func Sign(file, output string, enroll bool) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if enroll {
|
if enroll {
|
||||||
checksum := ChecksumFile(file)
|
checksum, err := ChecksumFile(file)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
files[file] = &SigningEntry{File: file, OutputFile: output, Checksum: checksum}
|
files[file] = &SigningEntry{File: file, OutputFile: output, Checksum: checksum}
|
||||||
if err := WriteFileDatabase(DBPath, files); err != nil {
|
if err := WriteFileDatabase(DBPath, files); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
7
util.go
7
util.go
|
@ -6,21 +6,20 @@ import (
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
func ChecksumFile(file string) string {
|
func ChecksumFile(file string) (string, error) {
|
||||||
hasher := sha256.New()
|
hasher := sha256.New()
|
||||||
s, err := os.ReadFile(file)
|
s, err := os.ReadFile(file)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return "", err
|
||||||
}
|
}
|
||||||
hasher.Write(s)
|
hasher.Write(s)
|
||||||
|
|
||||||
return hex.EncodeToString(hasher.Sum(nil))
|
return hex.EncodeToString(hasher.Sum(nil)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func ReadOrCreateFile(filePath string) ([]byte, error) {
|
func ReadOrCreateFile(filePath string) ([]byte, error) {
|
||||||
|
|
Loading…
Reference in New Issue