Allow to build and run sign/digest on Windows

Add some minimal compat type defs, and omit the enable/measure
sources. Also add a way to handle the fact that mingw adds a
.exe extension automatically in the Makefile install rules.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201222001033.302274-3-bluca@debian.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Luca Boccassi
2020-12-22 00:10:33 +00:00
committed by Eric Biggers
parent b4ece2a612
commit 160bff5fa2
8 changed files with 117 additions and 16 deletions
+33 -15
View File
@@ -35,6 +35,12 @@
cc-option = $(shell if $(CC) $(1) -c -x c /dev/null -o /dev/null > /dev/null 2>&1; \
then echo $(1); fi)
# Support building with MinGW for minimal Windows fsverity.exe, but not for
# libfsverity. fsverity.exe will be statically linked.
ifneq ($(findstring -mingw,$(shell $(CC) -dumpmachine 2>/dev/null)),)
MINGW = 1
endif
CFLAGS ?= -O2
override CFLAGS := -Wall -Wundef \
@@ -62,7 +68,13 @@ BINDIR ?= $(PREFIX)/bin
INCDIR ?= $(PREFIX)/include
LIBDIR ?= $(PREFIX)/lib
DESTDIR ?=
ifneq ($(MINGW),1)
PKGCONF ?= pkg-config
else
PKGCONF := false
EXEEXT := .exe
endif
FSVERITY := fsverity$(EXEEXT)
# Rebuild if a user-specified setting that affects the build changed.
.build-config: FORCE
@@ -87,9 +99,9 @@ CFLAGS += $(shell "$(PKGCONF)" libcrypto --cflags 2>/dev/null || echo)
# If we are dynamically linking, when running tests we need to override
# LD_LIBRARY_PATH as no RPATH is set
ifdef USE_SHARED_LIB
RUN_FSVERITY = LD_LIBRARY_PATH=./ $(TEST_WRAPPER_PROG) ./fsverity
RUN_FSVERITY = LD_LIBRARY_PATH=./ $(TEST_WRAPPER_PROG) ./$(FSVERITY)
else
RUN_FSVERITY = $(TEST_WRAPPER_PROG) ./fsverity
RUN_FSVERITY = $(TEST_WRAPPER_PROG) ./$(FSVERITY)
endif
##############################################################################
@@ -99,6 +111,9 @@ endif
SOVERSION := 0
LIB_CFLAGS := $(CFLAGS) -fvisibility=hidden
LIB_SRC := $(wildcard lib/*.c)
ifeq ($(MINGW),1)
LIB_SRC := $(filter-out lib/enable.c,${LIB_SRC})
endif
LIB_HEADERS := $(wildcard lib/*.h) $(COMMON_HEADERS)
STATIC_LIB_OBJ := $(LIB_SRC:.c=.o)
SHARED_LIB_OBJ := $(LIB_SRC:.c=.shlib.o)
@@ -141,12 +156,15 @@ PROG_COMMON_SRC := programs/utils.c
PROG_COMMON_OBJ := $(PROG_COMMON_SRC:.c=.o)
FSVERITY_PROG_OBJ := $(PROG_COMMON_OBJ) \
programs/cmd_digest.o \
programs/cmd_enable.o \
programs/cmd_measure.o \
programs/cmd_sign.o \
programs/fsverity.o
ifneq ($(MINGW),1)
FSVERITY_PROG_OBJ += \
programs/cmd_enable.o \
programs/cmd_measure.o
endif
TEST_PROG_SRC := $(wildcard programs/test_*.c)
TEST_PROGRAMS := $(TEST_PROG_SRC:programs/%.c=%)
TEST_PROGRAMS := $(TEST_PROG_SRC:programs/%.c=%$(EXEEXT))
# Compile program object files
$(ALL_PROG_OBJ): %.o: %.c $(ALL_PROG_HEADERS) .build-config
@@ -154,18 +172,18 @@ $(ALL_PROG_OBJ): %.o: %.c $(ALL_PROG_HEADERS) .build-config
# Link the fsverity program
ifdef USE_SHARED_LIB
fsverity: $(FSVERITY_PROG_OBJ) libfsverity.so
$(FSVERITY): $(FSVERITY_PROG_OBJ) libfsverity.so
$(QUIET_CCLD) $(CC) -o $@ $(FSVERITY_PROG_OBJ) \
$(CFLAGS) $(LDFLAGS) -L. -lfsverity
else
fsverity: $(FSVERITY_PROG_OBJ) libfsverity.a
$(FSVERITY): $(FSVERITY_PROG_OBJ) libfsverity.a
$(QUIET_CCLD) $(CC) -o $@ $+ $(CFLAGS) $(LDFLAGS) $(LDLIBS)
endif
DEFAULT_TARGETS += fsverity
DEFAULT_TARGETS += $(FSVERITY)
# Link the test programs
$(TEST_PROGRAMS): %: programs/%.o $(PROG_COMMON_OBJ) libfsverity.a
$(TEST_PROGRAMS): %$(EXEEXT): programs/%.o $(PROG_COMMON_OBJ) libfsverity.a
$(QUIET_CCLD) $(CC) -o $@ $+ $(CFLAGS) $(LDFLAGS) $(LDLIBS)
##############################################################################
@@ -184,25 +202,25 @@ test_programs:$(TEST_PROGRAMS)
# This just runs some quick, portable tests. Use scripts/run-tests.sh if you
# want to run the full tests.
check:fsverity test_programs
check:$(FSVERITY) test_programs
for prog in $(TEST_PROGRAMS); do \
$(TEST_WRAPPER_PROG) ./$$prog || exit 1; \
done
$(RUN_FSVERITY) --help > /dev/null
$(RUN_FSVERITY) --version > /dev/null
$(RUN_FSVERITY) sign fsverity fsverity.sig \
$(RUN_FSVERITY) sign $(FSVERITY) fsverity.sig \
--key=testdata/key.pem --cert=testdata/cert.pem > /dev/null
$(RUN_FSVERITY) sign fsverity fsverity.sig --hash=sha512 \
$(RUN_FSVERITY) sign $(FSVERITY) fsverity.sig --hash=sha512 \
--block-size=512 --salt=12345678 \
--key=testdata/key.pem --cert=testdata/cert.pem > /dev/null
$(RUN_FSVERITY) digest fsverity --hash=sha512 \
$(RUN_FSVERITY) digest $(FSVERITY) --hash=sha512 \
--block-size=512 --salt=12345678 > /dev/null
rm -f fsverity.sig
@echo "All tests passed!"
install:all
install -d $(DESTDIR)$(LIBDIR)/pkgconfig $(DESTDIR)$(INCDIR) $(DESTDIR)$(BINDIR)
install -m755 fsverity $(DESTDIR)$(BINDIR)
install -m755 $(FSVERITY) $(DESTDIR)$(BINDIR)
install -m644 libfsverity.a $(DESTDIR)$(LIBDIR)
install -m755 libfsverity.so.$(SOVERSION) $(DESTDIR)$(LIBDIR)
ln -sf libfsverity.so.$(SOVERSION) $(DESTDIR)$(LIBDIR)/libfsverity.so
@@ -215,7 +233,7 @@ install:all
chmod 644 $(DESTDIR)$(LIBDIR)/pkgconfig/libfsverity.pc
uninstall:
rm -f $(DESTDIR)$(BINDIR)/fsverity
rm -f $(DESTDIR)$(BINDIR)/$(FSVERITY)
rm -f $(DESTDIR)$(LIBDIR)/libfsverity.a
rm -f $(DESTDIR)$(LIBDIR)/libfsverity.so.$(SOVERSION)
rm -f $(DESTDIR)$(LIBDIR)/libfsverity.so
+11
View File
@@ -50,6 +50,17 @@ use `make USE_SHARED_LIB=1` to use dynamic linking instead.
See the `Makefile` for other supported build and installation options.
### Building on Windows
There is minimal support for building Windows executables using MinGW.
```bash
make CC=x86_64-w64-mingw32-gcc
```
`fsverity.exe` will be built, and it supports the `digest` and `sign` commands.
A Windows build of OpenSSL/libcrypto needs to be available.
## Examples
### Basic use
+2
View File
@@ -15,6 +15,8 @@
#include <stddef.h>
#include <stdint.h>
#include "win32_defs.h"
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
+2
View File
@@ -10,8 +10,10 @@
#ifndef _UAPI_LINUX_FSVERITY_H
#define _UAPI_LINUX_FSVERITY_H
#ifndef _WIN32
#include <linux/ioctl.h>
#include <linux/types.h>
#endif /* _WIN32 */
#define FS_VERITY_HASH_ALG_SHA256 1
#define FS_VERITY_HASH_ALG_SHA512 2
+57
View File
@@ -0,0 +1,57 @@
/* SPDX-License-Identifier: MIT */
/*
* WIN32 compat definitions for libfsverity and the 'fsverity' program
*
* Copyright 2020 Microsoft
*
* Use of this source code is governed by an MIT-style
* license that can be found in the LICENSE file or at
* https://opensource.org/licenses/MIT.
*/
#ifndef COMMON_WIN32_DEFS_H
#define COMMON_WIN32_DEFS_H
/* Some minimal definitions to allow the digest/sign commands to run under Windows */
/* All file reads we do need this flag on _WIN32 */
#ifndef O_BINARY
# define O_BINARY 0
#endif
#ifdef _WIN32
#include <stdint.h>
#include <inttypes.h>
#ifndef ENOPKG
# define ENOPKG 65
#endif
#ifndef __cold
# define __cold
#endif
/* For %zu in printf() */
#ifndef __printf
# define __printf(fmt_idx, vargs_idx) \
__attribute__((format(gnu_printf, fmt_idx, vargs_idx)))
#endif
typedef __signed__ char __s8;
typedef unsigned char __u8;
typedef __signed__ short __s16;
typedef unsigned short __u16;
typedef __signed__ int __s32;
typedef unsigned int __u32;
typedef __signed__ long long __s64;
typedef unsigned long long __u64;
typedef __u16 __le16;
typedef __u16 __be16;
typedef __u32 __le32;
typedef __u32 __be32;
typedef __u64 __le64;
typedef __u64 __be64;
#endif /* _WIN32 */
#endif /* COMMON_WIN32_DEFS_H */
+9
View File
@@ -51,6 +51,15 @@ libfsverity_set_error_callback(void (*cb)(const char *msg))
libfsverity_error_cb = cb;
}
#ifdef _WIN32
static char *strerror_r(int errnum, char *buf, size_t buflen)
{
strerror_s(buf, buflen, errnum);
return buf;
}
#endif
void libfsverity_do_error_msg(const char *format, va_list va, int err)
{
int saved_errno = errno;
+2
View File
@@ -28,6 +28,7 @@ static const struct fsverity_command {
" fsverity digest FILE...\n"
" [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
" [--compact] [--for-builtin-sig]\n"
#ifndef _WIN32
}, {
.name = "enable",
.func = fsverity_cmd_enable,
@@ -43,6 +44,7 @@ static const struct fsverity_command {
"Display the fs-verity digest of the given verity file(s)",
.usage_str =
" fsverity measure FILE...\n"
#endif /* _WIN32 */
}, {
.name = "sign",
.func = fsverity_cmd_sign,
+1 -1
View File
@@ -102,7 +102,7 @@ void install_libfsverity_error_handler(void)
bool open_file(struct filedes *file, const char *filename, int flags, int mode)
{
file->fd = open(filename, flags, mode);
file->fd = open(filename, flags | O_BINARY, mode);
if (file->fd < 0) {
error_msg_errno("can't open '%s' for %s", filename,
(flags & O_ACCMODE) == O_RDONLY ? "reading" :