1*23259b79Srotondo#!/bin/ksh 2*23259b79Srotondo# 3*23259b79Srotondo# 4*23259b79Srotondo# CDDL HEADER START 5*23259b79Srotondo# 6*23259b79Srotondo# The contents of this file are subject to the terms of the 7*23259b79Srotondo# Common Development and Distribution License (the "License"). 8*23259b79Srotondo# You may not use this file except in compliance with the License. 9*23259b79Srotondo# 10*23259b79Srotondo# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11*23259b79Srotondo# or http://www.opensolaris.org/os/licensing. 12*23259b79Srotondo# See the License for the specific language governing permissions 13*23259b79Srotondo# and limitations under the License. 14*23259b79Srotondo# 15*23259b79Srotondo# When distributing Covered Code, include this CDDL HEADER in each 16*23259b79Srotondo# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17*23259b79Srotondo# If applicable, add the following below this CDDL HEADER, with the 18*23259b79Srotondo# fields enclosed by brackets "[]" replaced with your own identifying 19*23259b79Srotondo# information: Portions Copyright [yyyy] [name of copyright owner] 20*23259b79Srotondo# 21*23259b79Srotondo# CDDL HEADER END 22*23259b79Srotondo# 23*23259b79Srotondo# 24*23259b79Srotondo# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25*23259b79Srotondo# Use is subject to license terms. 26*23259b79Srotondo# 27*23259b79Srotondo# ident "%Z%%M% %I% %E% SMI" 28*23259b79Srotondo 29*23259b79Srotondo# signproto cred_file 30*23259b79Srotondo# 31*23259b79Srotondo# Utility to find cryptographic modules in the proto area and 32*23259b79Srotondo# sign them using signit. Since the binaries have already been 33*23259b79Srotondo# signed (using development keys) during the build process, 34*23259b79Srotondo# we determine the correct signing credential to use based on 35*23259b79Srotondo# the existing signature. The cred_file argument contains a 36*23259b79Srotondo# list of signing server credentials and the corresponding 37*23259b79Srotondo# regular expressions to match against the file signatures. 38*23259b79Srotondo 39*23259b79Srotondo# Directories in proto area that may contain crypto objects 40*23259b79SrotondoDIRS="platform kernel usr/lib/security" 41*23259b79Srotondo 42*23259b79Srotondo# Get absolute path of current directory; used later to invoke signit 43*23259b79Srotondocd . 44*23259b79Srotondodir=`dirname $0` 45*23259b79Srotondodir=`[[ $dir = /* ]] && print $dir || print $PWD/$dir` 46*23259b79Srotondo 47*23259b79Srotondo# Read list of credentials and regular expressions 48*23259b79Srotondon=0 49*23259b79Srotondogrep -v "^#" $1 | while read c r 50*23259b79Srotondodo 51*23259b79Srotondo cred[$n]=$c 52*23259b79Srotondo regex[$n]=$r 53*23259b79Srotondo (( n = n + 1 )) 54*23259b79Srotondodone 55*23259b79Srotondo 56*23259b79Srotondo# Search proto area for crypto modules 57*23259b79Srotondocd $ROOT 58*23259b79Srotondofind $DIRS -type f -print | while read f; do 59*23259b79Srotondo s=`elfsign list -f signer -e $f 2>/dev/null` 60*23259b79Srotondo if [[ $? != 0 ]]; then 61*23259b79Srotondo continue 62*23259b79Srotondo fi 63*23259b79Srotondo # Determine credential based on signature 64*23259b79Srotondo i=0 65*23259b79Srotondo while [[ i -lt n ]] 66*23259b79Srotondo do 67*23259b79Srotondo if expr "$s" : ".*${regex[i]}" >/dev/null; then 68*23259b79Srotondo echo "${cred[i]} $f" 69*23259b79Srotondo break 70*23259b79Srotondo fi 71*23259b79Srotondo (( i = i + 1 )) 72*23259b79Srotondo done 73*23259b79Srotondodone | $dir/signit -i $ROOT -l ${CODESIGN_USER:-${LOGNAME}} 74