Return some formatted string and return nil instead of aborting the
entire listing when we encounter an error.
Fixes: https://github.com/Foxboron/sbctl/issues/88
Signed-off-by: Morten Linderud <morten@linderud.pw>
The ESP may be an automount partition, so try touching a file in each
candidate location so as to trigger an automounts.
This is the same way systemd attempts to find it:
https://github.com/systemd/systemd/blob/f565b86/src/shared/bootspec.c#L1014-L1018
I've also changed the function to return an error if no ESP is found.
The previous behaviour (an empty string) just results in a crash later
on.
When no ESP is found, the `bundle` command will have no default for the
`esp` flag. Passing an empty string to it as a default results in no
value being show in the output of `--help`.
This seemed like the most reasonable compromise instead of panicking.
Fixes#78
Current errors doesn't really give you any details what is failing if
there is a failure. This rearranges it a little bit
Signed-off-by: Morten Linderud <morten@linderud.pw>
This enrolls the keys using go-uefi. Essentially it reworks the
sbkeysync into a set of enroll commands taken from the go-uefi test
suite.
Preferably this should be more flexible e.g for key rotation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
In the future we might want to initialize a new set of keys. It makes
sense to pass the output directory so we can create new keys directly in
an alternative path and overwrite, e.g for key rotation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Most distros (I think) default to stuffing this into `/boot` so our ESP
selection is going to mess this up more often then not.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Should probably try include some documentation to this, but this changes
the default from /proc/cmdline to /etc/kernel/cmdline.
This is partially a standard and a bit more flexible for everyday use
for most people.
https://www.freedesktop.org/software/systemd/man/kernel-install.htmlFixes#39
Signed-off-by: Morten Linderud <morten@linderud.pw>
Using the function also removed code that had hardcoded globals for the
location of some files instead of using the dbpath parameter.
Add error checking around the function where appropriate.
Also fail early when creating a new bundle if it isn't possible to
access the bundle database.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
- Introduces dependency on sys/unix for unix.Access. This is necessary
only in keys.go, since we run 'sbsign' as a command and can't check if
it failed due to permissions.
- Allows removing special casing in main.go for commands that don't
require root permissions.
- ReadFileDatabase() can now return errors due to the multiple ways in
which it can fail; it also warns the user about possibly requiring root.
- ReadFileDatabase() was using the global DBPath instead of its dbpath
parameter in multiple places. This has been fixed.
- VerifyESP() can now run without root.
- SignFile() checks if it can read the DB key before running sbsign.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
Morten Linderud
Hugo Osvaldo Barrera
Érico Nogueira
Dan Bond