2009-04-30 Dave Brolley <brolley@redhat.com>

* modsign.cxx (unistd.h,sts/stat.h,systypes.h,pwd.h): #include them. (check_cert_file_permissions, check_db_file_permissions) (check_cert_db_permissions): New functions. (check_cert_db_path): Don't check for keyFiles. * main.cxx (usage): Remove --signing-cert option. (main): Likewise. * cache.cxx (cassert): #include it. (add_to_cache): Assume the module is signed. * buildrun.cxx (compile_pass): Always sign the module. * stap-server.8.in: Update documentation.
author: Dave Brolley <brolley@redhat.com> 2009-04-30 11:44:13 -0400
committer: Dave Brolley <brolley@redhat.com> 2009-04-30 11:44:13 -0400
commit: 4c797c5eaeb10d8d22501c5ad82766b69d8cf988 (patch)
tree: 8152bfe0a71ac45bc13f2049595aea97d5dbfcde /cache.cxx
parent: a5f9c5459d2750820d29b8ca7e28d979690cb74e (diff)
download: systemtap-steved-4c797c5eaeb10d8d22501c5ad82766b69d8cf988.tar.gz
systemtap-steved-4c797c5eaeb10d8d22501c5ad82766b69d8cf988.tar.xz
systemtap-steved-4c797c5eaeb10d8d22501c5ad82766b69d8cf988.zip
1 files changed, 14 insertions, 25 deletions
diff --git a/cache.cxx b/cache.cxx
index 766600a8..bfe2b527 100644
--- a/cache.cxx
+++ b/cache.cxx
@@ -14,6 +14,7 @@
 #include <string>
 #include <fstream>
 #include <cstring>
+#include <cassert>
 
 extern "C" {
 #include <sys/types.h>
@@ -73,33 +74,21 @@ add_to_cache(systemtap_session& s)
   string module_signature_dest_path = s.hash_path;
   module_signature_dest_path += ".sgn";
 
-  if (!s.cert_db_path.empty())
-    {
-      // Copy the module signature, if it was signed.
-      string module_signature_src_path = module_src_path;
-      module_signature_src_path += ".sgn";
+  // Copy the module signature.
+  assert (! s.cert_db_path.empty());
+  string module_signature_src_path = module_src_path;
+  module_signature_src_path += ".sgn";
 
-      if (s.verbose > 1)
-	clog << "Copying " << module_signature_src_path << " to " << module_signature_dest_path << endl;
-      if (copy_file(module_signature_src_path.c_str(), module_signature_dest_path.c_str()) != 0)
-	{
-	  cerr << "Copy failed (\"" << module_signature_src_path << "\" to \""
-	       << module_signature_dest_path << "\"): " << strerror(errno) << endl;
-	  // NB: this is not so severe as to prevent reuse of the .ko
-	  // already copied.
-	  //
-	  // s.use_cache = false;
-	}
-    }
-  else
+  if (s.verbose > 1)
+    clog << "Copying " << module_signature_src_path << " to " << module_signature_dest_path << endl;
+  if (copy_file(module_signature_src_path.c_str(), module_signature_dest_path.c_str()) != 0)
     {
-      // If this module was not signed, then delete any existing signature from the cache.
-      // This is not a fatal error. Even if the existing signature happens to match a
-      // new module later, it still means that the module is identical to one generated by a
-      // trusted server.
-      if (remove_file_or_dir (module_signature_dest_path.c_str()) != 0)
-	cerr << "Failed to remove \"" << module_signature_dest_path << "\" from the cache: "
-	     << strerror(errno) << endl;
+      cerr << "Copy failed (\"" << module_signature_src_path << "\" to \""
+	   << module_signature_dest_path << "\"): " << strerror(errno) << endl;
+      // NB: this is not so severe as to prevent reuse of the .ko
+      // already copied.
+      //
+      // s.use_cache = false;
     }
 #endif /* HAVE_NSS */
author	Dave Brolley <brolley@redhat.com>	2009-04-30 11:44:13 -0400
committer	Dave Brolley <brolley@redhat.com>	2009-04-30 11:44:13 -0400
commit	4c797c5eaeb10d8d22501c5ad82766b69d8cf988 (patch)
tree	8152bfe0a71ac45bc13f2049595aea97d5dbfcde /cache.cxx
parent	a5f9c5459d2750820d29b8ca7e28d979690cb74e (diff)
download	systemtap-steved-4c797c5eaeb10d8d22501c5ad82766b69d8cf988.tar.gz systemtap-steved-4c797c5eaeb10d8d22501c5ad82766b69d8cf988.tar.xz systemtap-steved-4c797c5eaeb10d8d22501c5ad82766b69d8cf988.zip