third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-06-08 22:42:05 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Import parse_uint() from voreutils. Summarise all .sos. Fix systemd integration in README to match. Flatten hV adding

Browse Source
This commit is contained in:
наб 2021-11-25 16:33:10 +01:00
parent 09748712fb
commit 303ea58c2f
No known key found for this signature in database
GPG Key ID: BCFD0B018D2658F1
8 changed files with 35 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.build.yml
View File

@ -21,12 +21,12 @@ tasks:
- build-gcc: | - build-gcc: |
cd tzpfms cd tzpfms
make make
find out/ -maxdepth 1 -type f -exec readelf -d {} + find out/ -maxdepth 1 -type f -exec readelf -d {} + | tee /dev/stderr | grep Shared | sort | uniq
make clean make clean
- build-clang: | - build-clang: |
cd tzpfms cd tzpfms
CC=clang CXX=clang++ make CC=clang CXX=clang++ make
find out/ -maxdepth 1 -type f -exec readelf -d {} + find out/ -maxdepth 1 -type f -exec readelf -d {} + | tee /dev/stderr | grep Shared | sort | uniq
- manpages: | - manpages: |
git -C tzpfms/ worktree add ../tzpfms-man man git -C tzpfms/ worktree add ../tzpfms-man man
cd tzpfms-man cd tzpfms-man

6
README.md
View File

@ -31,7 +31,7 @@ The output binaries are trimmed of extraneous dependencies, so they're all just
The default `$TZPFMS_PASSPHRASE_HELPER` is the null string. The default `$TZPFMS_PASSPHRASE_HELPER` is the null string.
To set a different default, set `TZPFMS_PASSPHRASE_HELPER` and `TZPFMS_PASSPHRASE_HELPER_MAN` for `make``$`s need to be double-escaped and `'`s need to be full-`'` escaped (i.e. `'\''`). To set a different default, set `TZPFMS_PASSPHRASE_HELPER` and `TZPFMS_PASSPHRASE_HELPER_MAN` for `make``$`s need to be double-escaped and `'`s need to be full-`'` escaped (i.e. `'\''`).
As an example, for a sensible default value of `exec systemd-ask-password --id="tzpfms:$2" "$1:"` for OOB systemd integration, pass `TZPFMS_PASSPHRASE_HELPER='exec systemd-ask-password --id="tzpfms:$$2" "$$1"'` and `TZPFMS_PASSPHRASE_HELPER_MAN='Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $$2 Qc Qo Ar $$1 Ns Li ":\&" Qc'`. As an example, for a sensible default value of `exec systemd-ask-password --id="tzpfms:$2" "$1:"` for OOB systemd integration, pass `TZPFMS_PASSPHRASE_HELPER='exec systemd-ask-password --id="tzpfms:$$2" "$$1:"'` and `TZPFMS_PASSPHRASE_HELPER_MAN='Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $$2 Qc Qo Ar $$1 Ns Li ":\&" Qc'`.
### Installation ### Installation
@ -80,7 +80,7 @@ ln -s /usr/lib/i386-linux-gnu/libtss2-tcti-{swtpm,default}.so
#### TPM1.x #### TPM1.x
Build [`swtpm`](//github.com/stefanberger/swtpm), then prepare and run it and Build [`swtpm`](//github.com/stefanberger/swtpm), then prepare and run it and
([hopefully](https://github.com/stefanberger/swtpm/issues/5#issuecomment-210607890)) [TrouSerS](//sourceforge.net/projects/trousers), as `root`/`tpm`: ([hopefully](//github.com/stefanberger/swtpm/issues/5#issuecomment-210607890)) [TrouSerS](//sourceforge.net/projects/trousers), as `root`/`tpm`:
```sh ```sh
swtpm_setup --tpmstate tpm1x-state --createek --display --logfile /dev/stdout --overwrite swtpm_setup --tpmstate tpm1x-state --createek --display --logfile /dev/stdout --overwrite
swtpm cuse -n tpm --tpmstate dir=tpm1x-state --seccomp action=none --log level=10,file=/dev/fd/4 4>&1 swtpm cuse -n tpm --tpmstate dir=tpm1x-state --seccomp action=none --log level=10,file=/dev/fd/4 4>&1
@ -114,7 +114,7 @@ There's [the tracker](//todo.sr.ht/~nabijaczleweli/tzpfms), but also see the lis
## Contributing ## Contributing
Send a patch inline, as an attachment, or a git link and a ref to pull from to Send a patch inline, as an attachment, or a git link and a ref to pull from to
[the list](//lists.sr.ht/~nabijaczleweli/tzpfms) ([~nabijaczleweli/tzpfms@lists.sr.ht](mailto:~nabijaczleweli/tzpfms)) or [me](mailto:nabijaczleweli@nabijaczleweli.xyz) [the list](//lists.sr.ht/~nabijaczleweli/tzpfms) ([~nabijaczleweli/tzpfms@lists.sr.ht](mailto:~nabijaczleweli/tzpfms@lists.sr.ht)) or [me](mailto:nabijaczleweli@nabijaczleweli.xyz)
directly. I'm not picky, just please include the repo name in the subject prefix. directly. I'm not picky, just please include the repo name in the subject prefix.
## Discussion ## Discussion

4
src/bin/zfs-tpm-list.cpp
View File

@ -57,8 +57,8 @@ int main(int argc, char ** argv) {
maxdepth = SIZE_MAX; maxdepth = SIZE_MAX;
break; break;
case 'd': case 'd':
if(parse_int(optarg, maxdepth)) if(!parse_uint(optarg, maxdepth))
return fprintf(stderr, "%s is not an integer\n", optarg), __LINE__; return fprintf(stderr, "-d %s: %s\n", optarg, strerror(errno)), __LINE__;
break; break;
case 'a': case 'a':
print_nontzpfms = true; print_nontzpfms = true;

7
src/bin/zfs-tpm2-change-key.cpp
View File

@ -40,9 +40,10 @@ int main(int argc, char ** argv) {
return with_tpm2_session([&](auto tpm2_ctx, auto tpm2_session) { return with_tpm2_session([&](auto tpm2_ctx, auto tpm2_session) {
TRY_MAIN(verify_backend(dataset, THIS_BACKEND, [&](auto previous_handle_s) { TRY_MAIN(verify_backend(dataset, THIS_BACKEND, [&](auto previous_handle_s) {
TPMI_DH_PERSISTENT previous_handle{}; TPMI_DH_PERSISTENT previous_handle{};
if(parse_int(previous_handle_s, previous_handle)) if(!parse_uint(previous_handle_s, previous_handle))
fprintf(stderr, "Couldn't parse previous persistent handle for dataset %s. You might need to run \"tpm2_evictcontrol -c %s\" or equivalent!\n", fprintf(stderr,
zfs_get_name(dataset), previous_handle_s); "Couldn't parse previous persistent handle for dataset %s: %s. You might need to run \"tpm2_evictcontrol -c %s\" or equivalent!\n",
zfs_get_name(dataset), strerror(errno), previous_handle_s);
else { else {
if(tpm2_free_persistent(tpm2_ctx, tpm2_session, previous_handle)) if(tpm2_free_persistent(tpm2_ctx, tpm2_session, previous_handle))
fprintf(stderr, fprintf(stderr,

1
src/fd.cpp
View File

@ -226,7 +226,6 @@ static int get_key_material_raw(const char * whom, bool again, bool newkey, uint
static int get_key_material_dispatch(const char * whom, bool again, bool newkey, uint8_t *& buf, size_t & len_out) { static int get_key_material_dispatch(const char * whom, bool again, bool newkey, uint8_t *& buf, size_t & len_out) {
static const char * helper{}; static const char * helper{};
printf("'%s'\n", STRINGIFY(TZPFMS_PASSPHRASE_HELPER));
if(!helper) if(!helper)
helper = getenv("TZPFMS_PASSPHRASE_HELPER") ?: STRINGIFY(TZPFMS_PASSPHRASE_HELPER); helper = getenv("TZPFMS_PASSPHRASE_HELPER") ?: STRINGIFY(TZPFMS_PASSPHRASE_HELPER);
if(*helper) { if(*helper) {

5
src/main.hpp
View File

@ -29,8 +29,9 @@ int do_bare_main(int argc, char ** argv, const char * getoptions, const char * u
#if __GLIBC__ #if __GLIBC__
setenv("POSIXLY_CORRECT", "1", true); setenv("POSIXLY_CORRECT", "1", true);
#endif #endif
auto gopts = reinterpret_cast<char *>(TRY_PTR("allocate options string", alloca(strlen(getoptions) + 2 + 1))); auto gopts = reinterpret_cast<char *>(alloca(strlen(getoptions) + 2 + 1));
snprintf(gopts, strlen(getoptions) + 2 + 1, "%shV", getoptions); gopts[0] = 'h', gopts[1] = 'V';
strcpy(gopts + 2, getoptions);
for(int opt; (opt = getopt(argc, argv, gopts)) != -1;) for(int opt; (opt = getopt(argc, argv, gopts)) != -1;)
switch(opt) { switch(opt) {
case '?': case '?':

29
src/parse.hpp
View File

@ -5,20 +5,29 @@
#include <charconv> #include <charconv>
#include <limits>
#include <stdio.h> #include <stdio.h>
#include <errno.h>
#include <string.h> #include <string.h>
template <class T> template <class T>
int parse_int(const char * what, T & out) { bool parse_uint(const char * val, T & out) {
int base = 10; if(val[0] == '\0')
if(!strncmp(what, "0x", 2) || !strncmp(what, "0X", 2)) { return errno = EINVAL, false;
base = 16; if(val[0] == '-')
what += 2; return errno = ERANGE, false;
}
if(std::from_chars(what, what + strlen(what), out, base).ptr == what) char * end{};
return __LINE__; errno = 0;
else auto res = strtoull(val, &end, 0);
return 0; out = res;
if(errno)
return false;
if(res > std::numeric_limits<T>::max())
return errno = ERANGE, false;
if(*end != '\0')
return errno = EINVAL, false;
return true;
} }

4
src/tpm2.cpp
View File

@ -52,8 +52,8 @@ TPM2B_DATA tpm2_creation_metadata(const char * dataset_name) {
int tpm2_parse_handle(const char * dataset_name, const char * handle_s, TPMI_DH_PERSISTENT & handle) { int tpm2_parse_handle(const char * dataset_name, const char * handle_s, TPMI_DH_PERSISTENT & handle) {
if(parse_int(handle_s, handle)) if(!parse_uint(handle_s, handle))
return fprintf(stderr, "Dataset %s's handle %s not valid.\n", dataset_name, handle_s), __LINE__; return fprintf(stderr, "Dataset %s's handle %s: %s.\n", dataset_name, handle_s, strerror(errno)), __LINE__;
return 0; return 0;
} }