image_trust_cmd.c File Reference

Image trust management commands. More...

#include <stdint.h>
#include <stdio.h>
#include <getopt.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/imgtrust.h>

Go to the source code of this file.

Data Structures
struct	imgtrust_options
	"imgtrust" options More...
struct	imgverify_options
	"imgverify" options More...

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
static int	imgtrust_exec (int argc, char **argv)
	The "imgtrust" command. More...
static int	imgverify_exec (int argc, char **argv)
	The "imgverify" command. More...

Variables
static struct option_descriptor	imgtrust_opts []
	"imgtrust" option list More...
static struct command_descriptor	imgtrust_cmd
	"imgtrust" command descriptor More...
static struct option_descriptor	imgverify_opts []
	"imgverify" option list More...
static struct command_descriptor	imgverify_cmd
	"imgverify" command descriptor More...
struct command image_trust_commands []	__command
	Image trust management commands. More...

Detailed Description

Image trust management commands.

Definition in file image_trust_cmd.c.

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER_OR_UBDL

)

imgtrust_exec()

static int imgtrust_exec ( int  argc, char **  argv  )

static

The "imgtrust" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 68 of file image_trust_cmd.c.

                                                   {
        struct imgtrust_options opts;
        int rc;

        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
                return rc;

        /* Set trust requirement */
        if ( ( rc = image_set_trust ( ( ! opts.allow ),
                                      opts.permanent ) ) != 0 ) {
                printf ( "Could not set image trust requirement: %s\n",
                         strerror ( rc ) );
                return rc;
        }

        return 0;
}

References image_set_trust(), imgtrust_cmd, opts, parse_options(), printf(), rc, and strerror().

imgverify_exec()

static int imgverify_exec ( int  argc, char **  argv  )

static

The "imgverify" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 119 of file image_trust_cmd.c.

                                                    {
        struct imgverify_options opts;
        const char *image_name_uri;
        const char *signature_name_uri;
        struct image *image;
        struct image *signature;
        int rc;

        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
                return rc;

        /* Parse image name/URI string */
        image_name_uri = argv[optind];

        /* Parse signature name/URI string */
        signature_name_uri = argv[ optind + 1 ];

        /* Acquire the image */
        if ( ( rc = imgacquire ( image_name_uri, opts.timeout, &image ) ) != 0 )
                goto err_acquire_image;

        /* Acquire the signature image */
        if ( ( rc = imgacquire ( signature_name_uri, opts.timeout,
                                 &signature ) ) != 0 )
                goto err_acquire_signature;

        /* Verify image */
        if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
                printf ( "Could not verify: %s\n", strerror ( rc ) );
                goto err_verify;
        }

        /* Success */
        rc = 0;

 err_verify:
        /* Discard signature unless --keep was specified */
        if ( ! opts.keep )
                unregister_image ( signature );
 err_acquire_signature:
 err_acquire_image:
        return rc;
}

References imgacquire(), imgverify(), imgverify_cmd, optind, opts, parse_options(), printf(), rc, signature, strerror(), and unregister_image().

Variable Documentation

imgtrust_opts

struct option_descriptor imgtrust_opts[]

static

Initial value:

= {
        OPTION_DESC ( "allow", 'a', no_argument,
                      struct imgtrust_options, allow, parse_flag ),
        OPTION_DESC ( "permanent", 'p', no_argument,
                      struct imgtrust_options, permanent, parse_flag ),
}

"imgtrust" option list

Definition at line 50 of file image_trust_cmd.c.

imgtrust_cmd

struct command_descriptor imgtrust_cmd

static

Initial value:

=
        COMMAND_DESC ( struct imgtrust_options, imgtrust_opts, 0, 0, NULL )

"imgtrust" command descriptor

Definition at line 58 of file image_trust_cmd.c.

Referenced by imgtrust_exec().

imgverify_opts

struct option_descriptor imgverify_opts[]

static

Initial value:

= {
        OPTION_DESC ( "signer", 's', required_argument,
                      struct imgverify_options, signer, parse_string ),
        OPTION_DESC ( "keep", 'k', no_argument,
                      struct imgverify_options, keep, parse_flag ),
        OPTION_DESC ( "timeout", 't', required_argument,
                      struct imgverify_options, timeout, parse_timeout),
}

"imgverify" option list

Definition at line 98 of file image_trust_cmd.c.

imgverify_cmd

struct command_descriptor imgverify_cmd

static

Initial value:

=
        COMMAND_DESC ( struct imgverify_options, imgverify_opts, 2, 2,
                       "<uri|image> <signature uri|image>" )

"imgverify" command descriptor

Definition at line 108 of file image_trust_cmd.c.

Referenced by imgverify_exec().

__command

struct command image_trust_commands [] __command

Initial value:

= {
        {
                .name = "imgtrust",
                .exec = imgtrust_exec,
        },
        {
                .name = "imgverify",
                .exec = imgverify_exec,
        },
}

Image trust management commands.

Definition at line 165 of file image_trust_cmd.c.