A few options where mixes around during the refactor. We also need to
capture the off case of failing signature verification on the output
file when it doesn't exist.
Signed-off-by: Morten Linderud <morten@linderud.pw>
This enrolls the keys using go-uefi. Essentially it reworks the
sbkeysync into a set of enroll commands taken from the go-uefi test
suite.
Preferably this should be more flexible e.g for key rotation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
With go-uefi we don't need anything else then a certificate and a
keyfile. This simplifies the key creation to only care about these two
byte slices and saving them.
No signing is done here.
Signed-off-by: Morten Linderud <morten@linderud.pw>
- Introduces dependency on sys/unix for unix.Access. This is necessary
only in keys.go, since we run 'sbsign' as a command and can't check if
it failed due to permissions.
- Allows removing special casing in main.go for commands that don't
require root permissions.
- ReadFileDatabase() can now return errors due to the multiple ways in
which it can fail; it also warns the user about possibly requiring root.
- ReadFileDatabase() was using the global DBPath instead of its dbpath
parameter in multiple places. This has been fixed.
- VerifyESP() can now run without root.
- SignFile() checks if it can read the DB key before running sbsign.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
This allows the application to try and sign as many files as it can, as
well as generate as many bundles as possible, but still exit with an
exit code different from 0. SignFile would exit the application before
signing other files, while GenerateBundle would fail without reporting
it in the exit code.
To be able to skip signing a file, we need to:
- Verify that the output is signed; AND
- Verify that the original file hasn't changed (via cksum)
This fixes an error where if you deleted the signed file from the
system, `sbctl verify` could see that the file wasn't signed (even if
the correct error would be that it didn't exist), but `sbctl sign-all`
would claim that it was already signed.