From c98b16d890a1e4651b3683853acb69fedd5a10dd Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 6 Jul 2020 16:13:09 -0400 Subject: [PATCH 7/7] client: try /run and /var/run for the socket path. Signed-off-by: Peter Jones --- src/client.c | 40 ++++++++++++++++++++-------- src/pesign-rpmbuild-helper | 54 ++++++++++++++++++++++---------------- 2 files changed, 61 insertions(+), 33 deletions(-) diff --git a/src/client.c b/src/client.c index a4f1d1dbbe7..0082be1f597 100644 --- a/src/client.c +++ b/src/client.c @@ -61,24 +61,24 @@ print_flag_name(FILE *f, int flag) } static int -connect_to_server(void) +connect_to_server_helper(const char * const sockpath) { - int rc = access(SOCKPATH, R_OK); + int rc = access(sockpath, R_OK); if (rc != 0) { - fprintf(stderr, "pesign-client: could not connect to server: " - "%m\n"); - exit(1); + warn("could not access socket \"%s\"", sockpath); + return rc; } struct sockaddr_un addr_un = { .sun_family = AF_UNIX, - .sun_path = SOCKPATH, }; + strncpy(addr_un.sun_path, sockpath, sizeof(addr_un.sun_path)); + addr_un.sun_path[sizeof(addr_un.sun_path)-1] = '\0'; int sd = socket(AF_UNIX, SOCK_STREAM, 0); if (sd < 0) { - fprintf(stderr, "pesign-client: could not open socket: %m\n"); - exit(1); + warn("could not open socket \"%s\"", sockpath); + return sd; } socklen_t len = strlen(addr_un.sun_path) + @@ -86,14 +86,32 @@ connect_to_server(void) rc = connect(sd, (struct sockaddr *)&addr_un, len); if (rc < 0) { - fprintf(stderr, "pesign-client: could not connect to daemon: " - "%m\n"); - exit(1); + warn("could not connect to daemon"); + return sd; } return sd; } +static int +connect_to_server(void) +{ + int rc, i; + const char * const sockets[] = { + "/run/pesign/socket", + "/var/run/pesign/socket", + NULL + }; + + for (i = 0; sockets[i] != NULL; i++) { + rc = connect_to_server_helper(sockets[i]); + if (rc >= 0) + return rc; + } + + exit(1); +} + static int32_t check_response(int sd, char **srvmsg); diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper index fd385d1625d..68b53ddf022 100755 --- a/src/pesign-rpmbuild-helper +++ b/src/pesign-rpmbuild-helper @@ -1,6 +1,7 @@ #!/bin/sh set -eu +set -x main() { local target_cpu="${1}" && shift @@ -32,32 +33,41 @@ main() { " --certfile ") certfile="${2}" ;; - " --certname ") - certname="${2}" - ;; " --certout ") - certout=(-C "${2}") + certout[0]=-C + certout[1]="${2}" ;; " --sattrout ") - sattrout=(-e "${2}") + sattrout[0]=-e + sattrout[1]="${2}" ;; " --client-token ") - client_token=(-t "${2}") + client_token[0]=-t + client_token[1]="${2}" ;; " --client-cert ") - client_cert=(-c "${2}") + client_cert[0]=-c + client_cert[1]="${2}" ;; " --token ") - token=(-t "${2}") + token[0]=-t + token="${2}" ;; " --cert ") - cert=(-c "${2}") + cert[0]=-c + cert[1]="${2}" + ;; + " --certname ") + cert[0]=-c + cert[1]="${2}" ;; " --in ") - input=(-i "${2}") + input[0]=-i + input[1]="${2}" ;; " --out ") - output=(-o "${2}") + output[0]=-o + output[1]="${2}" ;; " --rhelver ") rhelver="${2}" @@ -75,8 +85,8 @@ main() { fi local nssdir=/etc/pki/pesign - if [ "${certname}" == "Red Hat Test Certificate" ] || - [ "${#cert[@]}" -eq 2 -a "${cert[1]}" == "Red Hat Test Certificate" ] ; then + if [ "${#cert[@]}" -eq 2 ] && + [ "${cert[1]}" == "Red Hat Test Certificate" ] ; then nssdir=/etc/pki/pesign-rh-test fi @@ -125,20 +135,20 @@ main() { certutil -A -n "signer" -t "CTu,CTu,CTu" -i "${certfile}" -d ${nssdir} sattrs="$(mktemp -p $PWD --suffix=.der)" "${bin}" -E "${sattrs}" --certdir "${nssdir}" \ - ${input[@]} --force - rpm-sign --key "${certname}" --rsadgstsign "${sattrs}" + "${input[@]}" --force + rpm-sign --key "${cert[1]}" --rsadgstsign "${sattrs}" "${bin}" -R "${sattrs}.sig" -I "${sattrs}" \ --certdir "${nssdir}" -c signer \ - ${input[@]} ${output[@]} + "${input[@]}" "${output[@]}" rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}" elif [ -n "${socket}" ] ; then - "${client}" ${client_token[@]} ${client_cert[@]} \ - ${sattrout[@]} ${certout[@]} \ - ${sign} ${input[@]} ${output[@]} + "${client}" "${client_token[@]}" "${client_cert[@]}" \ + "${sattrout[@]}" "${certout[@]}" \ + ${sign} "${input[@]}" "${output[@]}" else - "${bin}" --certdir "${nssdir}" ${token[@]} ${cert[@]} \ - ${sign} ${sattrout[@]} ${certout[@]} \ - ${input[@]} ${output[@]} + "${bin}" --certdir "${nssdir}" "${token[@]}" \ + "${cert[@]}" ${sign} "${sattrout[@]}" \ + "${certout[@]}" "${input[@]}" "${output[@]}" fi # if there's a 0-sized output file, delete it and error out -- 2.26.2