diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-05-04 16:05:22 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-05-04 16:05:22 -0400 |
| commit | 2035bcd40b17832439df0a1eb28403b99a71b74f (patch) | |
| tree | 0fb027ba40f34513279f2e39e1110b50a415d2c1 /main.cxx | |
| parent | 3ba2eb82cafa938c1c3f7ef9d2da06912a49d8e0 (diff) | |
| download | systemtap-steved-2035bcd40b17832439df0a1eb28403b99a71b74f.tar.gz systemtap-steved-2035bcd40b17832439df0a1eb28403b99a71b74f.tar.xz systemtap-steved-2035bcd40b17832439df0a1eb28403b99a71b74f.zip | |
Module signing and verification using a separate file for the module signature.
Diffstat (limited to 'main.cxx')
| -rw-r--r-- | main.cxx | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -403,6 +403,14 @@ main (int argc, char * const argv []) s.load_only = false; s.skip_badvars = false; + // Location of our signing certificate. + // If we're root, use the database in SYSCONFDIR, otherwise + // use the one in our $HOME directory. */ + if (geteuid() == 0) + s.cert_db_path = SYSCONFDIR "/systemtap/ssl/server"; + else + s.cert_db_path = getenv("HOME") + string ("/.systemtap/ssl/server"); + const char* s_p = getenv ("SYSTEMTAP_TAPSET"); if (s_p != NULL) { @@ -1134,6 +1142,20 @@ main (int argc, char * const argv []) if (copy_file(module_src_path.c_str(), module_dest_path.c_str()) != 0) cerr << "Copy failed (\"" << module_src_path << "\" to \"" << module_dest_path << "\"): " << strerror(errno) << endl; + +#if HAVE_NSS + // Save the signature as well. + assert (! s.cert_db_path.empty()); + module_src_path += ".sgn"; + module_dest_path += ".sgn"; + + if (s.verbose > 1) + clog << "Copying " << module_src_path << " to " + << module_dest_path << endl; + if (copy_file(module_src_path.c_str(), module_dest_path.c_str()) != 0) + cerr << "Copy failed (\"" << module_src_path << "\" to \"" + << module_dest_path << "\"): " << strerror(errno) << endl; +#endif } } |