From 4c797c5eaeb10d8d22501c5ad82766b69d8cf988 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Thu, 30 Apr 2009 11:44:13 -0400 Subject: 2009-04-30 Dave Brolley * modsign.cxx (unistd.h,sts/stat.h,systypes.h,pwd.h): #include them. (check_cert_file_permissions, check_db_file_permissions) (check_cert_db_permissions): New functions. (check_cert_db_path): Don't check for keyFiles. * main.cxx (usage): Remove --signing-cert option. (main): Likewise. * cache.cxx (cassert): #include it. (add_to_cache): Assume the module is signed. * buildrun.cxx (compile_pass): Always sign the module. * stap-server.8.in: Update documentation. --- cache.cxx | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) (limited to 'cache.cxx') diff --git a/cache.cxx b/cache.cxx index 766600a8..bfe2b527 100644 --- a/cache.cxx +++ b/cache.cxx @@ -14,6 +14,7 @@ #include #include #include +#include extern "C" { #include @@ -73,33 +74,21 @@ add_to_cache(systemtap_session& s) string module_signature_dest_path = s.hash_path; module_signature_dest_path += ".sgn"; - if (!s.cert_db_path.empty()) - { - // Copy the module signature, if it was signed. - string module_signature_src_path = module_src_path; - module_signature_src_path += ".sgn"; + // Copy the module signature. + assert (! s.cert_db_path.empty()); + string module_signature_src_path = module_src_path; + module_signature_src_path += ".sgn"; - if (s.verbose > 1) - clog << "Copying " << module_signature_src_path << " to " << module_signature_dest_path << endl; - if (copy_file(module_signature_src_path.c_str(), module_signature_dest_path.c_str()) != 0) - { - cerr << "Copy failed (\"" << module_signature_src_path << "\" to \"" - << module_signature_dest_path << "\"): " << strerror(errno) << endl; - // NB: this is not so severe as to prevent reuse of the .ko - // already copied. - // - // s.use_cache = false; - } - } - else + if (s.verbose > 1) + clog << "Copying " << module_signature_src_path << " to " << module_signature_dest_path << endl; + if (copy_file(module_signature_src_path.c_str(), module_signature_dest_path.c_str()) != 0) { - // If this module was not signed, then delete any existing signature from the cache. - // This is not a fatal error. Even if the existing signature happens to match a - // new module later, it still means that the module is identical to one generated by a - // trusted server. - if (remove_file_or_dir (module_signature_dest_path.c_str()) != 0) - cerr << "Failed to remove \"" << module_signature_dest_path << "\" from the cache: " - << strerror(errno) << endl; + cerr << "Copy failed (\"" << module_signature_src_path << "\" to \"" + << module_signature_dest_path << "\"): " << strerror(errno) << endl; + // NB: this is not so severe as to prevent reuse of the .ko + // already copied. + // + // s.use_cache = false; } #endif /* HAVE_NSS */ -- cgit