Weird efivarfs quirk is that sometimes empty vars have no file. This
means they are not immutable and we can write to them.
Signed-off-by: Morten Linderud <morten@linderud.pw>
This allows us to give a sensible error for `enroll-keys` if the files
are set as immutable.
$ sbctl enroll-keys
==> ERROR: File is immutable: /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
==> ERROR: File is immutable: /sys/firmware/efi/efivars/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
==> ERROR: File is immutable: /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
==> ERROR: You need to chattr -i files in efivarfs
Signed-off-by: Morten Linderud <morten@linderud.pw>
This function will try to read a file into a byte buffer, and, if the
file doesn't exist, create its containing directory and the file itself.
If any of those actions fail due to permissions, the function will print
a warning about running the tool as root.
Reading from the file and bundle databases works like this, so the error
checking should be implemented in a single place.
Also, use the new function in ReadFileDatabase().
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
If ReadFile errors out, the error would only be checked after the
function attempts to read the buffer into the hasher. This commit fixes
that, checking the error as soon as possible.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
Morten Linderud
igo95862
Érico Rolim