4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
8 http://www.apache.org/licenses/LICENSE-2.0
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
35 #if !defined(DEFAULT_KEY_FILE)
36 #define DEFAULT_KEY_FILE "key.pem"
38 #if !defined(DEFAULT_CERT_FILE)
39 #define DEFAULT_CERT_FILE "cert.pem"
42 const char appname[] = "wgtpkg-sign";
44 static unsigned int get_number(const char *value)
47 unsigned long int val;
49 val = strtoul(value, &end, 10);
50 if (*end || 0 == val || val >= UINT_MAX || *value == '-') {
51 syslog(LOG_ERR, "bad number value %s", value);
54 return (unsigned int)val;
60 "usage: %s [-f] [-k keyfile] [-c certfile]... [-o wgtfile] [-d number | -a] directory\n"
62 " -k keyfile the private key to use for author signing\n"
63 " -c certfile the certificate(s) to use for author signing\n"
64 " -d number the number of the distributor signature (zero for automatic)\n"
65 " -a the author signature\n"
66 " -f force overwriting\n"
74 static struct option options[] = {
75 { "key", required_argument, NULL, 'k' },
76 { "certificate", required_argument, NULL, 'c' },
77 { "distributor", required_argument, NULL, 'd' },
78 { "author", no_argument, NULL, 'a' },
79 { "force", no_argument, NULL, 'f' },
80 { "help", no_argument, NULL, 'h' },
81 { "quiet", no_argument, NULL, 'q' },
82 { "verbose", no_argument, NULL, 'v' },
86 /* install the widgets of the list */
87 int main(int ac, char **av)
89 int i, force, ncert, author;
91 char *keyfile, *certfiles[MAXCERT+1], *directory, **x;
94 openlog(appname, LOG_PERROR, LOG_USER);
96 force = ncert = author = 0;
98 keyfile = directory = NULL;
100 i = getopt_long(ac, av, "hfqvak:c:d:", options, NULL);
105 if (ncert == MAXCERT) {
106 syslog(LOG_ERR, "maximum count of certificates reached");
109 certfiles[ncert++] = optarg;
111 case 'k': x = &keyfile; break;
112 case 'd': number = get_number(optarg); continue;
113 case 'f': force = 1; continue;
114 case 'a': author = 1; continue;
115 case 'h': usage(); return 0;
124 syslog(LOG_ERR, "missing argument");
127 syslog(LOG_ERR, "unrecognized option");
131 syslog(LOG_ERR, "option set twice");
137 /* remaining arguments and final checks */
139 syslog(LOG_ERR, "no directory set");
142 directory = av[optind++];
144 syslog(LOG_ERR, "extra parameters found");
148 /* set default values */
150 keyfile = DEFAULT_KEY_FILE;
152 certfiles[ncert++] = DEFAULT_CERT_FILE;
155 if (stat(directory, &s)) {
156 syslog(LOG_ERR, "can't find directory %s", directory);
159 if (!S_ISDIR(s.st_mode)) {
160 syslog(LOG_ERR, "%s isn't a directory", directory);
163 if (access(keyfile, R_OK) != 0) {
164 syslog(LOG_ERR, "can't access private key %s", keyfile);
167 for(i = 0 ; i < ncert ; i++)
168 if (access(certfiles[i], R_OK) != 0) {
169 syslog(LOG_ERR, "can't access certificate %s", certfiles[i]);
173 /* init xmlsec module */
178 /* compute absolutes paths */
179 #define rp(x) do { char *p = realpath(x, NULL); if (p != NULL) x = p; else { syslog(LOG_ERR, "realpath failed for %s",x); return 1; } } while(0)
181 for(i = 0 ; i < ncert ; i++)
185 /* set and enter the workdir */
186 if (set_workdir(directory, 0))
194 else if (number == UINT_MAX)
195 for (number = 1; get_signature(number) != NULL ; number++);
197 if (!force && get_signature(number) != NULL) {
198 syslog(LOG_ERR, "can't overwrite existing signature %s", get_signature(number)->name);
202 notice("-- SIGNING content of directory %s for number %u", directory, number);
204 certfiles[ncert] = NULL;
205 return !!create_digsig(number, keyfile, (const char**)certfiles);