lanzaboote/rust/lanzatool/src/signer.rs

use anyhow::Result;

use std::path::{Path, PathBuf};
use std::process::Command;

pub struct Signer {
    pub private_key: PathBuf,
    pub public_key: PathBuf,
}

impl Signer {
    pub fn new(public_key: &Path, private_key: &Path) -> Self {
        Self {
            public_key: public_key.into(),
            private_key: private_key.into(),
        }
    }

    pub fn sign_file(&self, filepath: &Path) -> Result<()> {
        let args = vec![
            String::from("--key"),
            String::from(self.private_key.to_str().unwrap()),
            String::from("--cert"),
            String::from(self.public_key.to_str().unwrap()),
            String::from(filepath.to_str().unwrap()),
            String::from("--output"),
            String::from(filepath.to_str().unwrap()),
        ];

        let status = Command::new("sbsign").args(&args).status()?;

        if !status.success() {
            return Err(
                anyhow::anyhow!("Failed to sign with  sbsign with args `{:?}`", &args).into(),
            );
        }

        Ok(())
    }
}
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00			`use anyhow::Result;`

			`use std::path::{Path, PathBuf};`
lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`use std::process::Command;`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00
lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`pub struct Signer {`
			`pub private_key: PathBuf,`
			`pub public_key: PathBuf,`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00			`}`

lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`impl Signer {`
			`pub fn new(public_key: &Path, private_key: &Path) -> Self {`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00			`Self {`
lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`public_key: public_key.into(),`
			`private_key: private_key.into(),`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00			`}`
			`}`

			`pub fn sign_file(&self, filepath: &Path) -> Result<()> {`
			`let args = vec![`
			`String::from("--key"),`
			`String::from(self.private_key.to_str().unwrap()),`
			`String::from("--cert"),`
			`String::from(self.public_key.to_str().unwrap()),`
nixos: secureboot reached 2022-11-24 21:04:44 -05:00			`String::from(filepath.to_str().unwrap()),`
			`String::from("--output"),`
lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`String::from(filepath.to_str().unwrap()),`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00			`];`

lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`let status = Command::new("sbsign").args(&args).status()?;`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00
			`if !status.success() {`
lanzatool: improve signer code 2022-11-25 07:07:04 -05:00			`return Err(`
			anyhow::anyhow!("Failed to sign with sbsign with args `{:?}`", &args).into(),
			`);`
nixos: add a lanzaboote module - Wire up things with Bootspec & External bootloaders - Introduce SecureBoot keys 2022-11-23 05:59:54 -05:00			`}`

			`Ok(())`
			`}`
			`}`