123259b79Srotondo#!/bin/ksh 223259b79Srotondo# 323259b79Srotondo# 423259b79Srotondo# CDDL HEADER START 523259b79Srotondo# 623259b79Srotondo# The contents of this file are subject to the terms of the 723259b79Srotondo# Common Development and Distribution License (the "License"). 823259b79Srotondo# You may not use this file except in compliance with the License. 923259b79Srotondo# 1023259b79Srotondo# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 1123259b79Srotondo# or http://www.opensolaris.org/os/licensing. 1223259b79Srotondo# See the License for the specific language governing permissions 1323259b79Srotondo# and limitations under the License. 1423259b79Srotondo# 1523259b79Srotondo# When distributing Covered Code, include this CDDL HEADER in each 1623259b79Srotondo# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1723259b79Srotondo# If applicable, add the following below this CDDL HEADER, with the 1823259b79Srotondo# fields enclosed by brackets "[]" replaced with your own identifying 1923259b79Srotondo# information: Portions Copyright [yyyy] [name of copyright owner] 2023259b79Srotondo# 2123259b79Srotondo# CDDL HEADER END 2223259b79Srotondo# 2323259b79Srotondo# 2423259b79Srotondo# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 2523259b79Srotondo# Use is subject to license terms. 2623259b79Srotondo# 2723259b79Srotondo# ident "%Z%%M% %I% %E% SMI" 2823259b79Srotondo 2923259b79Srotondo# signproto cred_file 3023259b79Srotondo# 3123259b79Srotondo# Utility to find cryptographic modules in the proto area and 3223259b79Srotondo# sign them using signit. Since the binaries have already been 3323259b79Srotondo# signed (using development keys) during the build process, 3423259b79Srotondo# we determine the correct signing credential to use based on 3523259b79Srotondo# the existing signature. The cred_file argument contains a 3623259b79Srotondo# list of signing server credentials and the corresponding 3723259b79Srotondo# regular expressions to match against the file signatures. 3823259b79Srotondo 3923259b79Srotondo# Directories in proto area that may contain crypto objects 4023259b79SrotondoDIRS="platform kernel usr/lib/security" 4123259b79Srotondo 4223259b79Srotondo# Get absolute path of current directory; used later to invoke signit 4323259b79Srotondocd . 4423259b79Srotondodir=`dirname $0` 4523259b79Srotondodir=`[[ $dir = /* ]] && print $dir || print $PWD/$dir` 4623259b79Srotondo 4723259b79Srotondo# Read list of credentials and regular expressions 4823259b79Srotondon=0 4923259b79Srotondogrep -v "^#" $1 | while read c r 5023259b79Srotondodo 5123259b79Srotondo cred[$n]=$c 5223259b79Srotondo regex[$n]=$r 5323259b79Srotondo (( n = n + 1 )) 5423259b79Srotondodone 5523259b79Srotondo 5623259b79Srotondo# Search proto area for crypto modules 5723259b79Srotondocd $ROOT 5823259b79Srotondofind $DIRS -type f -print | while read f; do 5923259b79Srotondo s=`elfsign list -f signer -e $f 2>/dev/null` 6023259b79Srotondo if [[ $? != 0 ]]; then 6123259b79Srotondo continue 6223259b79Srotondo fi 6323259b79Srotondo # Determine credential based on signature 6423259b79Srotondo i=0 6523259b79Srotondo while [[ i -lt n ]] 6623259b79Srotondo do 6723259b79Srotondo if expr "$s" : ".*${regex[i]}" >/dev/null; then 6823259b79Srotondo echo "${cred[i]} $f" 6923259b79Srotondo break 7023259b79Srotondo fi 7123259b79Srotondo (( i = i + 1 )) 7223259b79Srotondo done 7323259b79Srotondodone | $dir/signit -i $ROOT -l ${CODESIGN_USER:-${LOGNAME}} 74*2210853dSjohnz 75*2210853dSjohnzif [ $? != 0 ]; then 76*2210853dSjohnz echo "ERROR failure in signing operation" 77*2210853dSjohnzfi 78