summaryrefslogtreecommitdiffstats
path: root/wgtpkg-sign.c
diff options
context:
space:
mode:
Diffstat (limited to 'wgtpkg-sign.c')
-rw-r--r--wgtpkg-sign.c199
1 files changed, 0 insertions, 199 deletions
diff --git a/wgtpkg-sign.c b/wgtpkg-sign.c
deleted file mode 100644
index cd506fc..0000000
--- a/wgtpkg-sign.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- Copyright 2015 IoT.bzh
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-#define _GNU_SOURCE
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <limits.h>
-#include <errno.h>
-#include <syslog.h>
-#include <getopt.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#include "wgtpkg.h"
-
-#if !defined(MAXCERT)
-#define MAXCERT 20
-#endif
-#if !defined(DEFAULT_KEY_FILE)
-#define DEFAULT_KEY_FILE "key.pem"
-#endif
-#if !defined(DEFAULT_CERT_FILE)
-#define DEFAULT_CERT_FILE "cert.pem"
-#endif
-
-const char appname[] = "wgtpkg-sign";
-
-static unsigned int get_number(const char *value)
-{
- char *end;
- unsigned long int val;
-
- val = strtoul(value, &end, 10);
- if (*end || 0 == val || val >= UINT_MAX || *value == '-') {
- syslog(LOG_ERR, "bad number value %s", value);
- exit(1);
- }
- return (unsigned int)val;
-}
-
-static void usage()
-{
- printf(
- "usage: %s [-f] [-k keyfile] [-c certfile]... [-o wgtfile] [-d number | -a] directory\n"
- "\n"
- " -k keyfile the private key to use for author signing\n"
- " -c certfile the certificate(s) to use for author signing\n"
- " -d number the number of the distributor signature (zero for automatic)\n"
- " -a the author signature\n"
- " -f force overwriting\n"
- " -q quiet\n"
- " -v verbose\n"
- "\n",
- appname
- );
-}
-
-static struct option options[] = {
- { "key", required_argument, NULL, 'k' },
- { "certificate", required_argument, NULL, 'c' },
- { "distributor", required_argument, NULL, 'd' },
- { "author", no_argument, NULL, 'a' },
- { "force", no_argument, NULL, 'f' },
- { "help", no_argument, NULL, 'h' },
- { "quiet", no_argument, NULL, 'q' },
- { "verbose", no_argument, NULL, 'v' },
- { NULL, 0, NULL, 0 }
-};
-
-/* install the widgets of the list */
-int main(int ac, char **av)
-{
- int i, force, ncert, author;
- unsigned int number;
- char *keyfile, *certfiles[MAXCERT+1], *directory, **x;
- struct stat s;
-
- openlog(appname, LOG_PERROR, LOG_USER);
-
- force = ncert = author = 0;
- number = UINT_MAX;
- keyfile = directory = NULL;
- for (;;) {
- i = getopt_long(ac, av, "hfak:c:d:", options, NULL);
- if (i < 0)
- break;
- switch (i) {
- case 'c':
- if (ncert == MAXCERT) {
- syslog(LOG_ERR, "maximum count of certificates reached");
- return 1;
- }
- certfiles[ncert++] = optarg;
- continue;
- case 'k': x = &keyfile; break;
- case 'd': number = get_number(optarg); continue;
- case 'f': force = 1; continue;
- case 'a': author = 1; continue;
- case 'h': usage(); return 0;
- case ':':
- syslog(LOG_ERR, "missing argument");
- return 1;
- default:
- syslog(LOG_ERR, "unrecognized option");
- return 1;
- }
- if (*x != NULL) {
- syslog(LOG_ERR, "option set twice");
- return 1;
- }
- *x = optarg;
- }
-
- /* remaining arguments and final checks */
- if (optind >= ac) {
- syslog(LOG_ERR, "no directory set");
- return 1;
- }
- directory = av[optind++];
- if (optind < ac) {
- syslog(LOG_ERR, "extra parameters found");
- return 1;
- }
-
- /* set default values */
- if (keyfile == NULL)
- keyfile = DEFAULT_KEY_FILE;
- if (ncert == 0)
- certfiles[ncert++] = DEFAULT_CERT_FILE;
-
- /* check values */
- if (stat(directory, &s)) {
- syslog(LOG_ERR, "can't find directory %s", directory);
- return 1;
- }
- if (!S_ISDIR(s.st_mode)) {
- syslog(LOG_ERR, "%s isn't a directory", directory);
- return 1;
- }
- if (access(keyfile, R_OK) != 0) {
- syslog(LOG_ERR, "can't access private key %s", keyfile);
- return 1;
- }
- for(i = 0 ; i < ncert ; i++)
- if (access(certfiles[i], R_OK) != 0) {
- syslog(LOG_ERR, "can't access certificate %s", certfiles[i]);
- return 1;
- }
-
- /* init xmlsec module */
- if (xmlsec_init())
- return 1;
-
-
- /* compute absolutes paths */
-#define rp(x) do { char *p = realpath(x, NULL); if (p != NULL) x = p; else { syslog(LOG_ERR, "realpath failed for %s",x); return 1; } } while(0)
- rp(keyfile);
- for(i = 0 ; i < ncert ; i++)
- rp(certfiles[i]);
-#undef rp
-
- /* set and enter the workdir */
- if (set_workdir(directory, 0) || enter_workdir(0))
- return 1;
-
- if (fill_files())
- return 1;
-
- if (author)
- number = 0;
- else if (number == UINT_MAX)
- for (number = 1; get_signature(number) != NULL ; number++);
-
- if (!force && get_signature(number) != NULL) {
- syslog(LOG_ERR, "can't overwrite existing signature %s", get_signature(number)->name);
- return 1;
- }
-
- notice("-- SIGNING content of directory %s for number %u", directory, number);
-
- certfiles[ncert] = NULL;
- return !!create_digsig(number, keyfile, (const char**)certfiles);
-}
-