4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
8 http://www.apache.org/licenses/LICENSE-2.0
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
34 #if !defined(DEFAULT_KEY_FILE)
35 #define DEFAULT_KEY_FILE "key.pem"
37 #if !defined(DEFAULT_CERT_FILE)
38 #define DEFAULT_CERT_FILE "cert.pem"
41 const char appname[] = "wgtpkg-sign";
43 static unsigned int get_number(const char *value)
46 unsigned long int val;
48 val = strtoul(value, &end, 10);
49 if (*end || 0 == val || val >= UINT_MAX || *value == '-') {
50 syslog(LOG_ERR, "bad number value %s", value);
53 return (unsigned int)val;
59 "usage: %s [-f] [-k keyfile] [-c certfile]... [-o wgtfile] [-d number | -a] directory\n"
61 " -k keyfile the private key to use for author signing\n"
62 " -c certfile the certificate(s) to use for author signing\n"
63 " -d number the number of the distributor signature (zero for automatic)\n"
64 " -a the author signature\n"
65 " -f force overwriting\n"
71 static struct option options[] = {
72 { "key", required_argument, NULL, 'k' },
73 { "certificate", required_argument, NULL, 'c' },
74 { "distributor", required_argument, NULL, 'd' },
75 { "author", no_argument, NULL, 'a' },
76 { "force", no_argument, NULL, 'f' },
77 { "help", no_argument, NULL, 'h' },
81 /* install the widgets of the list */
82 int main(int ac, char **av)
84 int i, force, ncert, author;
86 char *keyfile, *certfiles[MAXCERT+1], *directory, **x;
89 openlog(appname, LOG_PERROR, LOG_USER);
91 force = ncert = author = 0;
93 keyfile = directory = NULL;
95 i = getopt_long(ac, av, "hfak:c:d:", options, NULL);
100 if (ncert == MAXCERT) {
101 syslog(LOG_ERR, "maximum count of certificates reached");
104 certfiles[ncert++] = optarg;
106 case 'k': x = &keyfile; break;
107 case 'd': number = get_number(optarg); continue;
108 case 'f': force = 1; continue;
109 case 'a': author = 1; continue;
110 case 'h': usage(); return 0;
112 syslog(LOG_ERR, "missing argument");
115 syslog(LOG_ERR, "unrecognized option");
119 syslog(LOG_ERR, "option set twice");
125 /* remaining arguments and final checks */
127 syslog(LOG_ERR, "no directory set");
130 directory = av[optind++];
132 syslog(LOG_ERR, "extra parameters found");
136 /* set default values */
138 keyfile = DEFAULT_KEY_FILE;
140 certfiles[ncert++] = DEFAULT_CERT_FILE;
143 if (stat(directory, &s)) {
144 syslog(LOG_ERR, "can't find directory %s", directory);
147 if (!S_ISDIR(s.st_mode)) {
148 syslog(LOG_ERR, "%s isn't a directory", directory);
151 if (access(keyfile, R_OK) != 0) {
152 syslog(LOG_ERR, "can't access private key %s", keyfile);
155 for(i = 0 ; i < ncert ; i++)
156 if (access(certfiles[i], R_OK) != 0) {
157 syslog(LOG_ERR, "can't access certificate %s", certfiles[i]);
161 /* init xmlsec module */
166 /* compute absolutes paths */
167 #define rp(x) do { char *p = realpath(x, NULL); if (p != NULL) x = p; else { syslog(LOG_ERR, "realpath failed for %s",x); return 1; } } while(0)
169 for(i = 0 ; i < ncert ; i++)
173 /* set and enter the workdir */
174 if (set_workdir(directory, 0) || enter_workdir(0))
182 else if (number == UINT_MAX)
183 for (number = 1; get_signature(number) != NULL ; number++);
185 if (!force && get_signature(number) != NULL) {
186 syslog(LOG_ERR, "can't overwrite existing signature %s", get_signature(number)->name);
190 printf("\n\nSIGNING content of directory %s for number %u\n", directory, number);
192 certfiles[ncert] = NULL;
193 return !!create_digsig(number, keyfile, (const char**)certfiles);