diff -Nru sbsigntool-0.3/aclocal.m4 sbsigntool-0.4/aclocal.m4 --- sbsigntool-0.3/aclocal.m4 2012-06-30 01:06:06.000000000 +0100 +++ sbsigntool-0.4/aclocal.m4 2012-10-02 10:13:37.000000000 +0100 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.11.5 -*- Autoconf -*- +# generated automatically by aclocal 1.11.3 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, @@ -14,8 +14,8 @@ m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, -[m4_warning([this file was generated for autoconf 2.69. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],, +[m4_warning([this file was generated for autoconf 2.68. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) @@ -198,7 +198,7 @@ [am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.11.5], [], +m4_if([$1], [1.11.3], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -214,7 +214,7 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.11.5])dnl +[AM_AUTOMAKE_VERSION([1.11.3])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) diff -Nru sbsigntool-0.3/AUTHORS sbsigntool-0.4/AUTHORS --- sbsigntool-0.3/AUTHORS 2012-06-30 01:06:04.000000000 +0100 +++ sbsigntool-0.4/AUTHORS 2012-10-02 10:13:35.000000000 +0100 @@ -4,3 +4,4 @@ Ivan Hu James Bottomley Jeremy Kerr + Maxim Kammerer diff -Nru sbsigntool-0.3/ChangeLog sbsigntool-0.4/ChangeLog --- sbsigntool-0.3/ChangeLog 2012-06-30 01:06:04.000000000 +0100 +++ sbsigntool-0.4/ChangeLog 2012-10-02 10:13:35.000000000 +0100 @@ -1,3 +1,255 @@ +2012-10-02 53d38e7 Jeremy Kerr + + * Version 0.4 + +2012-10-02 e8a2989 Jeremy Kerr + + * image: improve handling of unaligned section tables + +2012-10-02 c6996fc Jeremy Kerr + + * image: use data_size in cert table header + +2012-09-28 01d2aa4 Jeremy Kerr + + * image: improve section table parsing + +2012-09-28 22fa5ba Jeremy Kerr + + * image: Allow variable sized data directories + +2012-09-05 027bde0 Jeremy Kerr + + * sbvarsign: fix incorrect pointer in add_auth_descriptor + +2012-09-05 8a9366d Jeremy Kerr + + * sbvarsign: auth descriptor hash does not cover the \0 in the varname + +2012-08-24 6a56400 Jeremy Kerr + + * sbkeysync: fix siglist iteration + +2012-08-24 6e4e566 Jeremy Kerr + + * sbvarsign: Improve default GUID choice + +2012-08-24 1b6eaee Jeremy Kerr + + * skkeysync: Add PK-handing code + +2012-08-24 c80b5a2 Jeremy Kerr + + * sbkeysync: Refactor signature database data structures + +2012-08-23 81bb4e3 Jeremy Kerr + + * sbkeysync: fix invalid free in keystore_read_entry + +2012-08-23 a870a28 Jeremy Kerr + + * sbkeysync: Improve error handling in read_firmware_key_database + +2012-08-23 b53ad57 Jeremy Kerr + + * sbkeysync: insert new keys + +2012-08-23 fbedc4b Jeremy Kerr + + * sbkeysync: print keystore before key databases + +2012-08-23 603e4f9 Jeremy Kerr + + * sbkeysync: Find keys missing from firmware key databases + +2012-08-23 7e7fae0 Jeremy Kerr + + * sbkeysync: Rename struct keystore_entry->list to keystore_list + +2012-08-22 2a87e12 Jeremy Kerr + + * sbkeysync: Generate and print key descriptions + +2012-08-22 a5f7a63 Jeremy Kerr + + * sbkeysync: add comment to sigdb_iterate + +2012-08-22 8c3bd4f Jeremy Kerr + + * sbkeysync: Change key_id to key_parse + +2012-08-22 ac5d82d Jeremy Kerr + + * sbkeysync: Print filesystem key databases + +2012-08-21 0c6ca3f Jeremy Kerr + + * sbkeysync: read keystore into kdb->filesystem_keys + +2012-08-21 6576207 Jeremy Kerr + + * sbkeysync: Unify key_database + +2012-08-21 d48d2a5 Jeremy Kerr + + * sbkeysync: Add key_database->filesystem_keys + +2012-08-21 4c7eff0 Jeremy Kerr + + * sbkeysync: keystore -> fs_keystore + +2012-08-21 ed3059d Jeremy Kerr + + * sbkeysync: pass data buffer (instead of EFI_SIGNATURE_DATA) to key_id + +2012-08-21 3f10faa Jeremy Kerr + + * sbkeysync: add keystore_entry->root + +2012-08-21 2d58004 Jeremy Kerr + + * sbkeysync: Add --keystore and --no-default-keystores options + +2012-08-21 3729176 Jeremy Kerr + + * sbkeysync: Add --verbose option and conditionally print debug output + +2012-08-20 651d158 Jeremy Kerr + + * sbkeysync: Add keystore parsing functions + +2012-08-20 c0f22ed Jeremy Kerr + + * sbkeysync: Add --efivars-dir option to specific different locations for var files + +2012-08-20 2625af1 Jeremy Kerr + + * sbkeysync: Add X509 key parsing + +2012-08-20 7c4b36d Jeremy Kerr + + * sbkeysync: Add key ID data to print_key_database() + +2012-08-20 d45de48 Jeremy Kerr + + * sbkeysync: read & print signature databases + +2012-08-20 63b21b9 Jeremy Kerr + + * Move EFI_CERT types to efivars.h + +2012-08-24 7fca8bd Jeremy Kerr + + * fileio: Add fileio_read_file_noerror() + +2012-08-23 0ba703a Jeremy Kerr + + * sbvarsign: Start with a default set of variable attributes + +2012-08-23 922bcc9 Jeremy Kerr + + * efivars: Move EFI_VARIABLE_* attributes to efivars.h + +2012-08-22 fa42e39 Jeremy Kerr + + * sbsiglist: fix signature size check + +2012-08-22 ef7f262 Jeremy Kerr + + * sbvarsign: WIN_CERTIFICATE.dwLength should include the header size + +2012-08-22 887f5a1 Jeremy Kerr + + * sbvarsign: Fix invalid sizeof() for zeroing timestamp data + +2012-08-21 378ecab Jeremy Kerr + + * sbsiglist: check for owner and type arguments + +2012-08-14 2e7d96b Jeremy Kerr + + * sbsiglist: Fix SignatureSize + +2012-08-13 98dc757 Jeremy Kerr + + * image: use fileio_write_file + +2012-08-13 3e2bd9b Jeremy Kerr + + * Remove unused gen-keyfiles source + +2012-08-13 ac3f03f Jeremy Kerr + + * docs: Create man pages for sbvarsign & sbsiglist + +2012-08-13 101b703 Jeremy Kerr + + * Move sources to src/ subdirectory + +2012-08-13 9464dcf Jeremy Kerr + + * image: Use size of image data when writing images + +2012-08-13 b164b13 Jeremy Kerr + + * image: always parse image regions + +2012-08-13 c9481ba Jeremy Kerr + + * Include efivars.h in automake infrastructure + +2012-08-13 2a38dec Jeremy Kerr + + * tests: run tests for each arch + +2012-08-10 dfc59be Jeremy Kerr + + * image: Allow manipulation of i386 PE/COFF files + +2012-08-10 96d5769 Jeremy Kerr + + * Remove arch-specific coff headers + +2012-08-04 58d2ad4 Maxim Kammerer + + * image: Prevent an uninitialized variable warning + +2012-08-10 1a6fe60 Jeremy Kerr + + * sbsiglist: Add utility for creating EFI_SIGNATURE_LISTs + +2012-08-10 7b95aee Jeremy Kerr + + * fileio: Add fileio_write_file + +2012-08-10 5b15c0a Jeremy Kerr + + * efivars: rename efi variable header + +2012-08-03 f574194 Jeremy Kerr + + * fileio: Unify whole-file reads + +2012-08-03 d05cd38 Jeremy Kerr + + * fileio: Unify key & cert loading + +2012-08-03 ab77d55 Jeremy Kerr + + * image: add functions to add and remove signatures + +2012-08-02 d73dd55 Jeremy Kerr + + * sbattach: fix --detach + +2012-08-02 7aad206 Jeremy Kerr + + * sbattach: fix missing openssl/evp.h header + +2012-07-31 bc755fa Jeremy Kerr + + * sbvarsign: First cut of a variable-signing tool + 2012-06-28 b537e74 Jeremy Kerr * Version 0.3 diff -Nru sbsigntool-0.3/coff/external.h sbsigntool-0.4/coff/external.h --- sbsigntool-0.3/coff/external.h 2012-05-25 20:53:40.000000000 +0100 +++ sbsigntool-0.4/coff/external.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,269 +0,0 @@ -/* external.h -- External COFF structures - - Copyright 2001, 2006, 2010 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, - MA 02110-1301, USA. */ - -#ifndef COFF_EXTERNAL_H -#define COFF_EXTERNAL_H - -#ifndef DO_NOT_DEFINE_FILHDR -/********************** FILE HEADER **********************/ - -struct external_filehdr - { - char f_magic[2]; /* magic number */ - char f_nscns[2]; /* number of sections */ - char f_timdat[4]; /* time & date stamp */ - char f_symptr[4]; /* file pointer to symtab */ - char f_nsyms[4]; /* number of symtab entries */ - char f_opthdr[2]; /* sizeof(optional hdr) */ - char f_flags[2]; /* flags */ - }; - -#define FILHDR struct external_filehdr -#define FILHSZ 20 -#endif - -#ifndef DO_NOT_DEFINE_AOUTHDR -/********************** AOUT "OPTIONAL HEADER" **********************/ - -typedef struct external_aouthdr - { - char magic[2]; /* type of file */ - char vstamp[2]; /* version stamp */ - char tsize[4]; /* text size in bytes, padded to FW bdry*/ - char dsize[4]; /* initialized data " " */ - char bsize[4]; /* uninitialized data " " */ - char entry[4]; /* entry pt. */ - char text_start[4]; /* base of text used for this file */ - char data_start[4]; /* base of data used for this file */ - } ATTRIBUTE_PACKED -AOUTHDR; - -#define AOUTHDRSZ 28 -#define AOUTSZ 28 - -typedef struct external_aouthdr64 -{ - char magic[2]; /* Type of file. */ - char vstamp[2]; /* Version stamp. */ - char tsize[4]; /* Text size in bytes, padded to FW bdry*/ - char dsize[4]; /* Initialized data " ". */ - char bsize[4]; /* Uninitialized data " ". */ - char entry[4]; /* Entry pt. */ - char text_start[4]; /* Base of text used for this file. */ -} -AOUTHDR64; -#define AOUTHDRSZ64 24 - -#endif /* not DO_NOT_DEFINE_AOUTHDR */ - -#ifndef DO_NOT_DEFINE_SCNHDR -/********************** SECTION HEADER **********************/ - -struct external_scnhdr - { - char s_name[8]; /* section name */ - char s_paddr[4]; /* physical address, aliased s_nlib */ - char s_vaddr[4]; /* virtual address */ - char s_size[4]; /* section size */ - char s_scnptr[4]; /* file ptr to raw data for section */ - char s_relptr[4]; /* file ptr to relocation */ - char s_lnnoptr[4]; /* file ptr to line numbers */ - char s_nreloc[2]; /* number of relocation entries */ - char s_nlnno[2]; /* number of line number entries */ - char s_flags[4]; /* flags */ - }; - -#define SCNHDR struct external_scnhdr -#define SCNHSZ 40 - -/* Names of "special" sections. */ - -#define _TEXT ".text" -#define _DATA ".data" -#define _BSS ".bss" -#define _COMMENT ".comment" -#define _LIB ".lib" -#endif /* not DO_NOT_DEFINE_SCNHDR */ - -#ifndef DO_NOT_DEFINE_LINENO - -/********************** LINE NUMBERS **********************/ - -#ifndef L_LNNO_SIZE -#error L_LNNO_SIZE needs to be defined -#endif - -/* 1 line number entry for every "breakpointable" source line in a section. - Line numbers are grouped on a per function basis; first entry in a function - grouping will have l_lnno = 0 and in place of physical address will be the - symbol table index of the function name. */ -struct external_lineno -{ - union - { - char l_symndx[4]; /* function name symbol index, iff l_lnno == 0*/ - char l_paddr[4]; /* (physical) address of line number */ - } l_addr; - - char l_lnno[L_LNNO_SIZE]; /* line number */ -}; - -#define LINENO struct external_lineno -#define LINESZ (4 + L_LNNO_SIZE) - -#if L_LNNO_SIZE == 4 -#define GET_LINENO_LNNO(abfd, ext) H_GET_32 (abfd, (ext->l_lnno)) -#define PUT_LINENO_LNNO(abfd, val, ext) H_PUT_32 (abfd, val, (ext->l_lnno)) -#endif -#if L_LNNO_SIZE == 2 -#define GET_LINENO_LNNO(abfd, ext) H_GET_16 (abfd, (ext->l_lnno)) -#define PUT_LINENO_LNNO(abfd, val, ext) H_PUT_16 (abfd, val, (ext->l_lnno)) -#endif - -#endif /* not DO_NOT_DEFINE_LINENO */ - -#ifndef DO_NOT_DEFINE_SYMENT -/********************** SYMBOLS **********************/ - -#define E_SYMNMLEN 8 /* # characters in a symbol name */ -#ifndef E_FILNMLEN -#define E_FILNMLEN 14 -#endif -#define E_DIMNUM 4 /* # array dimensions in auxiliary entry */ - -struct external_syment -{ - union - { - char e_name[E_SYMNMLEN]; - - struct - { - char e_zeroes[4]; - char e_offset[4]; - } e; - } e; - - char e_value[4]; - char e_scnum[2]; - char e_type[2]; - char e_sclass[1]; - char e_numaux[1]; -} ATTRIBUTE_PACKED ; - -#define SYMENT struct external_syment -#define SYMESZ 18 - -#ifndef N_BTMASK -#define N_BTMASK 0xf -#endif - -#ifndef N_TMASK -#define N_TMASK 0x30 -#endif - -#ifndef N_BTSHFT -#define N_BTSHFT 4 -#endif - -#ifndef N_TSHIFT -#define N_TSHIFT 2 -#endif - -#endif /* not DO_NOT_DEFINE_SYMENT */ - -#ifndef DO_NOT_DEFINE_AUXENT - -union external_auxent -{ - struct - { - char x_tagndx[4]; /* str, un, or enum tag indx */ - - union - { - struct - { - char x_lnno[2]; /* declaration line number */ - char x_size[2]; /* str/union/array size */ - } x_lnsz; - - char x_fsize[4]; /* size of function */ - - } x_misc; - - union - { - struct /* if ISFCN, tag, or .bb */ - { - char x_lnnoptr[4]; /* ptr to fcn line # */ - char x_endndx[4]; /* entry ndx past block end */ - } x_fcn; - - struct /* if ISARY, up to 4 dimen. */ - { - char x_dimen[E_DIMNUM][2]; - } x_ary; - - } x_fcnary; - - char x_tvndx[2]; /* tv index */ - - } x_sym; - - union - { - char x_fname[E_FILNMLEN]; - - struct - { - char x_zeroes[4]; - char x_offset[4]; - } x_n; - - } x_file; - - struct - { - char x_scnlen[4]; /* section length */ - char x_nreloc[2]; /* # relocation entries */ - char x_nlinno[2]; /* # line numbers */ -#ifdef INCLUDE_COMDAT_FIELDS_IN_AUXENT - char x_checksum[4]; /* section COMDAT checksum */ - char x_associated[2]; /* COMDAT associated section index */ - char x_comdat[1]; /* COMDAT selection number */ -#endif - } x_scn; - - struct - { - char x_tvfill[4]; /* tv fill value */ - char x_tvlen[2]; /* length of .tv */ - char x_tvran[2][2]; /* tv range */ - } x_tv; /* info about .tv section (in auxent of symbol .tv)) */ -} ATTRIBUTE_PACKED ; - -#define AUXENT union external_auxent -#define AUXESZ 18 - -#define _ETEXT "etext" - -#endif /* not DO_NOT_DEFINE_AUXENT */ - -#endif /* COFF_EXTERNAL_H */ diff -Nru sbsigntool-0.3/coff/i386.h sbsigntool-0.4/coff/i386.h --- sbsigntool-0.3/coff/i386.h 2012-05-07 06:38:42.000000000 +0100 +++ sbsigntool-0.4/coff/i386.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,74 +0,0 @@ -/* coff information for Intel 386/486. - - Copyright 2001, 2009, 2010 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, - MA 02110-1301, USA. */ - -#define L_LNNO_SIZE 2 -#define INCLUDE_COMDAT_FIELDS_IN_AUXENT -#include "coff/external.h" - -#define COFF_PAGE_SIZE 0x1000 - -/* Bits for f_flags: - F_RELFLG Relocation info stripped from file - F_EXEC File is executable (no unresolved external references) - F_LNNO Line numbers stripped from file - F_LSYMS Local symbols stripped from file - F_AR32WR File has byte ordering of an AR32WR machine (e.g. vax). */ - -#define F_RELFLG (0x0001) -#define F_EXEC (0x0002) -#define F_LNNO (0x0004) -#define F_LSYMS (0x0008) - -#define I386MAGIC 0x14c -#define I386PTXMAGIC 0x154 -#define I386AIXMAGIC 0x175 - -/* This is Lynx's all-platform magic number for executables. */ - -#define LYNXCOFFMAGIC 0415 - -#define I386BADMAG(x) ( ((x).f_magic != I386MAGIC) \ - && (x).f_magic != I386AIXMAGIC \ - && (x).f_magic != I386PTXMAGIC \ - && (x).f_magic != LYNXCOFFMAGIC) - -#define OMAGIC 0404 /* Object files, eg as output. */ -#define ZMAGIC 0413 /* Demand load format, eg normal ld output. */ -#define STMAGIC 0401 /* Target shlib. */ -#define SHMAGIC 0443 /* Host shlib. */ - -/* Define some NT default values. */ -/* #define NT_IMAGE_BASE 0x400000 moved to internal.h */ -#define NT_SECTION_ALIGNMENT 0x1000 -#define NT_FILE_ALIGNMENT 0x200 -#define NT_DEF_RESERVE 0x100000 -#define NT_DEF_COMMIT 0x1000 - -/* Relocation directives. */ - -struct external_reloc -{ - char r_vaddr[4]; - char r_symndx[4]; - char r_type[2]; -}; - -#define RELOC struct external_reloc -#define RELSZ 10 - diff -Nru sbsigntool-0.3/coff/pe.h sbsigntool-0.4/coff/pe.h --- sbsigntool-0.3/coff/pe.h 2012-05-07 06:38:42.000000000 +0100 +++ sbsigntool-0.4/coff/pe.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,512 +0,0 @@ -/* pe.h - PE COFF header information - - Copyright 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007, 2009, 2010 - Free Software Foundation, Inc. - - This file is part of BFD, the Binary File Descriptor library. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -#ifndef _PE_H -#define _PE_H - -/* NT specific file attributes. */ -#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 -#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 -#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 -#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 -#define IMAGE_FILE_AGGRESSIVE_WS_TRIM 0x0010 -#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 -#define IMAGE_FILE_16BIT_MACHINE 0x0040 -#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 -#define IMAGE_FILE_32BIT_MACHINE 0x0100 -#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 -#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 -#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 -#define IMAGE_FILE_SYSTEM 0x1000 -#define IMAGE_FILE_DLL 0x2000 -#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 -#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 - -/* DllCharacteristics flag bits. The inconsistent naming may seem - odd, but that is how they are defined in the PE specification. */ -#define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE 0x0040 -#define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY 0x0080 -#define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT 0x0100 -#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 -#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 -#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 -#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 -#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 - -/* Additional flags to be set for section headers to allow the NT loader to - read and write to the section data (to replace the addresses of data in - dlls for one thing); also to execute the section in .text's case. */ -#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 -#define IMAGE_SCN_MEM_EXECUTE 0x20000000 -#define IMAGE_SCN_MEM_READ 0x40000000 -#define IMAGE_SCN_MEM_WRITE 0x80000000 - -/* Section characteristics added for ppc-nt. */ - -#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* Reserved. */ - -#define IMAGE_SCN_CNT_CODE 0x00000020 /* Section contains code. */ -#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* Section contains initialized data. */ -#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* Section contains uninitialized data. */ - -#define IMAGE_SCN_LNK_OTHER 0x00000100 /* Reserved. */ -#define IMAGE_SCN_LNK_INFO 0x00000200 /* Section contains comments or some other type of information. */ -#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* Section contents will not become part of image. */ -#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* Section contents comdat. */ - -#define IMAGE_SCN_MEM_FARDATA 0x00008000 - -#define IMAGE_SCN_MEM_PURGEABLE 0x00020000 -#define IMAGE_SCN_MEM_16BIT 0x00020000 -#define IMAGE_SCN_MEM_LOCKED 0x00040000 -#define IMAGE_SCN_MEM_PRELOAD 0x00080000 - -/* Bit position in the s_flags field where the alignment values start. */ -#define IMAGE_SCN_ALIGN_POWER_BIT_POS 20 -#define IMAGE_SCN_ALIGN_POWER_BIT_MASK 0x00f00000 -#define IMAGE_SCN_ALIGN_POWER_NUM(val) \ - (((val) >> IMAGE_SCN_ALIGN_POWER_BIT_POS) - 1) -#define IMAGE_SCN_ALIGN_POWER_CONST(val) \ - (((val) + 1) << IMAGE_SCN_ALIGN_POWER_BIT_POS) - -#define IMAGE_SCN_ALIGN_1BYTES IMAGE_SCN_ALIGN_POWER_CONST (0) -#define IMAGE_SCN_ALIGN_2BYTES IMAGE_SCN_ALIGN_POWER_CONST (1) -#define IMAGE_SCN_ALIGN_4BYTES IMAGE_SCN_ALIGN_POWER_CONST (2) -#define IMAGE_SCN_ALIGN_8BYTES IMAGE_SCN_ALIGN_POWER_CONST (3) -/* Default alignment if no others are specified. */ -#define IMAGE_SCN_ALIGN_16BYTES IMAGE_SCN_ALIGN_POWER_CONST (4) -#define IMAGE_SCN_ALIGN_32BYTES IMAGE_SCN_ALIGN_POWER_CONST (5) -#define IMAGE_SCN_ALIGN_64BYTES IMAGE_SCN_ALIGN_POWER_CONST (6) -#define IMAGE_SCN_ALIGN_128BYTES IMAGE_SCN_ALIGN_POWER_CONST (7) -#define IMAGE_SCN_ALIGN_256BYTES IMAGE_SCN_ALIGN_POWER_CONST (8) -#define IMAGE_SCN_ALIGN_512BYTES IMAGE_SCN_ALIGN_POWER_CONST (9) -#define IMAGE_SCN_ALIGN_1024BYTES IMAGE_SCN_ALIGN_POWER_CONST (10) -#define IMAGE_SCN_ALIGN_2048BYTES IMAGE_SCN_ALIGN_POWER_CONST (11) -#define IMAGE_SCN_ALIGN_4096BYTES IMAGE_SCN_ALIGN_POWER_CONST (12) -#define IMAGE_SCN_ALIGN_8192BYTES IMAGE_SCN_ALIGN_POWER_CONST (13) - -/* Encode alignment power into IMAGE_SCN_ALIGN bits of s_flags */ -#define COFF_ENCODE_ALIGNMENT(SECTION, ALIGNMENT_POWER) \ - ((SECTION).s_flags |= IMAGE_SCN_ALIGN_POWER_CONST ((ALIGNMENT_POWER))) - -#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* Section contains extended relocations. */ -#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* Section is not cachable. */ -#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* Section is not pageable. */ -#define IMAGE_SCN_MEM_SHARED 0x10000000 /* Section is shareable. */ - -/* COMDAT selection codes. */ - -#define IMAGE_COMDAT_SELECT_NODUPLICATES (1) /* Warn if duplicates. */ -#define IMAGE_COMDAT_SELECT_ANY (2) /* No warning. */ -#define IMAGE_COMDAT_SELECT_SAME_SIZE (3) /* Warn if different size. */ -#define IMAGE_COMDAT_SELECT_EXACT_MATCH (4) /* Warn if different. */ -#define IMAGE_COMDAT_SELECT_ASSOCIATIVE (5) /* Base on other section. */ - -/* Machine numbers. */ - -#define IMAGE_FILE_MACHINE_UNKNOWN 0x0000 -#define IMAGE_FILE_MACHINE_ALPHA 0x0184 -#define IMAGE_FILE_MACHINE_ALPHA64 0x0284 -#define IMAGE_FILE_MACHINE_AM33 0x01d3 -#define IMAGE_FILE_MACHINE_AMD64 0x8664 -#define IMAGE_FILE_MACHINE_ARM 0x01c0 -#define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64 -#define IMAGE_FILE_MACHINE_CEE 0xc0ee -#define IMAGE_FILE_MACHINE_CEF 0x0cef -#define IMAGE_FILE_MACHINE_EBC 0x0ebc -#define IMAGE_FILE_MACHINE_I386 0x014c -#define IMAGE_FILE_MACHINE_IA64 0x0200 -#define IMAGE_FILE_MACHINE_M32R 0x9041 -#define IMAGE_FILE_MACHINE_M68K 0x0268 -#define IMAGE_FILE_MACHINE_MIPS16 0x0266 -#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 -#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 -#define IMAGE_FILE_MACHINE_POWERPC 0x01f0 -#define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1 -#define IMAGE_FILE_MACHINE_R10000 0x0168 -#define IMAGE_FILE_MACHINE_R3000 0x0162 -#define IMAGE_FILE_MACHINE_R4000 0x0166 -#define IMAGE_FILE_MACHINE_SH3 0x01a2 -#define IMAGE_FILE_MACHINE_SH3DSP 0x01a3 -#define IMAGE_FILE_MACHINE_SH3E 0x01a4 -#define IMAGE_FILE_MACHINE_SH4 0x01a6 -#define IMAGE_FILE_MACHINE_SH5 0x01a8 -#define IMAGE_FILE_MACHINE_THUMB 0x01c2 -#define IMAGE_FILE_MACHINE_TRICORE 0x0520 -#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 -#define IMAGE_FILE_MACHINE_AMD64 0x8664 - -#define IMAGE_SUBSYSTEM_UNKNOWN 0 -#define IMAGE_SUBSYSTEM_NATIVE 1 -#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 -#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 -#define IMAGE_SUBSYSTEM_POSIX_CUI 7 -#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 -#define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 -#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 -#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 -#define IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER 13 -#define IMAGE_SUBSYSTEM_XBOX 14 - -/* Magic values that are true for all dos/nt implementations. */ -#define DOSMAGIC 0x5a4d -#define NT_SIGNATURE 0x00004550 - -/* NT allows long filenames, we want to accommodate this. - This may break some of the bfd functions. */ -#undef FILNMLEN -#define FILNMLEN 18 /* # characters in a file name. */ - -struct external_PEI_DOS_hdr -{ - /* DOS header fields - always at offset zero in the EXE file. */ - char e_magic[2]; /* Magic number, 0x5a4d. */ - char e_cblp[2]; /* Bytes on last page of file, 0x90. */ - char e_cp[2]; /* Pages in file, 0x3. */ - char e_crlc[2]; /* Relocations, 0x0. */ - char e_cparhdr[2]; /* Size of header in paragraphs, 0x4. */ - char e_minalloc[2]; /* Minimum extra paragraphs needed, 0x0. */ - char e_maxalloc[2]; /* Maximum extra paragraphs needed, 0xFFFF. */ - char e_ss[2]; /* Initial (relative) SS value, 0x0. */ - char e_sp[2]; /* Initial SP value, 0xb8. */ - char e_csum[2]; /* Checksum, 0x0. */ - char e_ip[2]; /* Initial IP value, 0x0. */ - char e_cs[2]; /* Initial (relative) CS value, 0x0. */ - char e_lfarlc[2]; /* File address of relocation table, 0x40. */ - char e_ovno[2]; /* Overlay number, 0x0. */ - char e_res[4][2]; /* Reserved words, all 0x0. */ - char e_oemid[2]; /* OEM identifier (for e_oeminfo), 0x0. */ - char e_oeminfo[2]; /* OEM information; e_oemid specific, 0x0. */ - char e_res2[10][2]; /* Reserved words, all 0x0. */ - char e_lfanew[4]; /* File address of new exe header, usually 0x80. */ - char dos_message[16][4]; /* Other stuff, always follow DOS header. */ -}; - -struct external_PEI_IMAGE_hdr -{ - char nt_signature[4]; /* required NT signature, 0x4550. */ - - /* From standard header. */ - char f_magic[2]; /* Magic number. */ - char f_nscns[2]; /* Number of sections. */ - char f_timdat[4]; /* Time & date stamp. */ - char f_symptr[4]; /* File pointer to symtab. */ - char f_nsyms[4]; /* Number of symtab entries. */ - char f_opthdr[2]; /* Sizeof(optional hdr). */ - char f_flags[2]; /* Flags. */ -}; - -struct external_PEI_filehdr -{ - /* DOS header fields - always at offset zero in the EXE file. */ - char e_magic[2]; /* Magic number, 0x5a4d. */ - char e_cblp[2]; /* Bytes on last page of file, 0x90. */ - char e_cp[2]; /* Pages in file, 0x3. */ - char e_crlc[2]; /* Relocations, 0x0. */ - char e_cparhdr[2]; /* Size of header in paragraphs, 0x4. */ - char e_minalloc[2]; /* Minimum extra paragraphs needed, 0x0. */ - char e_maxalloc[2]; /* Maximum extra paragraphs needed, 0xFFFF. */ - char e_ss[2]; /* Initial (relative) SS value, 0x0. */ - char e_sp[2]; /* Initial SP value, 0xb8. */ - char e_csum[2]; /* Checksum, 0x0. */ - char e_ip[2]; /* Initial IP value, 0x0. */ - char e_cs[2]; /* Initial (relative) CS value, 0x0. */ - char e_lfarlc[2]; /* File address of relocation table, 0x40. */ - char e_ovno[2]; /* Overlay number, 0x0. */ - char e_res[4][2]; /* Reserved words, all 0x0. */ - char e_oemid[2]; /* OEM identifier (for e_oeminfo), 0x0. */ - char e_oeminfo[2]; /* OEM information; e_oemid specific, 0x0. */ - char e_res2[10][2]; /* Reserved words, all 0x0. */ - char e_lfanew[4]; /* File address of new exe header, usually 0x80. */ - char dos_message[16][4]; /* Other stuff, always follow DOS header. */ - - /* Note: additional bytes may be inserted before the signature. Use - the e_lfanew field to find the actual location of the NT signature. */ - - char nt_signature[4]; /* required NT signature, 0x4550. */ - - /* From standard header. */ - char f_magic[2]; /* Magic number. */ - char f_nscns[2]; /* Number of sections. */ - char f_timdat[4]; /* Time & date stamp. */ - char f_symptr[4]; /* File pointer to symtab. */ - char f_nsyms[4]; /* Number of symtab entries. */ - char f_opthdr[2]; /* Sizeof(optional hdr). */ - char f_flags[2]; /* Flags. */ -}; - -#ifdef COFF_IMAGE_WITH_PE - -/* The filehdr is only weird in images. */ - -#undef FILHDR -#define FILHDR struct external_PEI_filehdr -#undef FILHSZ -#define FILHSZ 152 - -#endif /* COFF_IMAGE_WITH_PE */ - -/* 32-bit PE a.out header: */ - -typedef struct -{ - AOUTHDR standard; - - /* NT extra fields; see internal.h for descriptions. */ - char ImageBase[4]; - char SectionAlignment[4]; - char FileAlignment[4]; - char MajorOperatingSystemVersion[2]; - char MinorOperatingSystemVersion[2]; - char MajorImageVersion[2]; - char MinorImageVersion[2]; - char MajorSubsystemVersion[2]; - char MinorSubsystemVersion[2]; - char Reserved1[4]; - char SizeOfImage[4]; - char SizeOfHeaders[4]; - char CheckSum[4]; - char Subsystem[2]; - char DllCharacteristics[2]; - char SizeOfStackReserve[4]; - char SizeOfStackCommit[4]; - char SizeOfHeapReserve[4]; - char SizeOfHeapCommit[4]; - char LoaderFlags[4]; - char NumberOfRvaAndSizes[4]; - /* IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; */ - char DataDirectory[16][2][4]; /* 16 entries, 2 elements/entry, 4 chars. */ -} PEAOUTHDR; - -#undef AOUTSZ -#define AOUTSZ (AOUTHDRSZ + 196) - -/* Like PEAOUTHDR, except that the "standard" member has no BaseOfData - (aka data_start) member and that some of the members are 8 instead - of just 4 bytes long. */ -typedef struct -{ -#ifdef AOUTHDRSZ64 - AOUTHDR64 standard; -#else - AOUTHDR standard; -#endif - /* NT extra fields; see internal.h for descriptions. */ - char ImageBase[8]; - char SectionAlignment[4]; - char FileAlignment[4]; - char MajorOperatingSystemVersion[2]; - char MinorOperatingSystemVersion[2]; - char MajorImageVersion[2]; - char MinorImageVersion[2]; - char MajorSubsystemVersion[2]; - char MinorSubsystemVersion[2]; - char Reserved1[4]; - char SizeOfImage[4]; - char SizeOfHeaders[4]; - char CheckSum[4]; - char Subsystem[2]; - char DllCharacteristics[2]; - char SizeOfStackReserve[8]; - char SizeOfStackCommit[8]; - char SizeOfHeapReserve[8]; - char SizeOfHeapCommit[8]; - char LoaderFlags[4]; - char NumberOfRvaAndSizes[4]; - /* IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; */ - char DataDirectory[16][2][4]; /* 16 entries, 2 elements/entry, 4 chars. */ -} PEPAOUTHDR; - -#ifdef AOUTHDRSZ64 -#define PEPAOUTSZ (AOUTHDRSZ64 + 196 + 5 * 4) /* = 240 */ -#else -#define PEPAOUTSZ 240 -#endif - -#undef E_FILNMLEN -#define E_FILNMLEN 18 /* # characters in a file name. */ - -/* Import Tyoes fot ILF format object files.. */ -#define IMPORT_CODE 0 -#define IMPORT_DATA 1 -#define IMPORT_CONST 2 - -/* Import Name Tyoes for ILF format object files. */ -#define IMPORT_ORDINAL 0 -#define IMPORT_NAME 1 -#define IMPORT_NAME_NOPREFIX 2 -#define IMPORT_NAME_UNDECORATE 3 - -/* Weak external characteristics. */ -#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 -#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 -#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 - -/* .pdata/.xdata defines and structures for x64 PE+ for exception handling. */ - -/* .pdata in exception directory. */ - -struct pex64_runtime_function -{ - bfd_vma rva_BeginAddress; - bfd_vma rva_EndAddress; - bfd_vma rva_UnwindData; - unsigned int isChained : 1; -}; - -struct external_pex64_runtime_function -{ - bfd_byte rva_BeginAddress[4]; - bfd_byte rva_EndAddress[4]; - bfd_byte rva_UnwindData[4]; -}; - -/* If the lowest significant bit is set for rva_UnwindData RVA, it - means that the unified RVA points to another pex64_runtime_function - that this entry shares the unwind_info block with. */ -#define PEX64_IS_RUNTIME_FUNCTION_CHAINED(PTR_RTF) \ - (((PTR_RTF)->rva_UnwindData & 1) != 0) -#define PEX64_GET_UNWINDDATA_UNIFIED_RVA(PTR_RTF) \ - ((PTR_RTF)->rva_UnwindData & ~1) - -/* The unwind codes. */ -#define UWOP_PUSH_NONVOL 0 -#define UWOP_ALLOC_LARGE 1 -#define UWOP_ALLOC_SMALL 2 -#define UWOP_SET_FPREG 3 -#define UWOP_SAVE_NONVOL 4 -#define UWOP_SAVE_NONVOL_FAR 5 -#define UWOP_SAVE_XMM 6 -#define UWOP_SAVE_XMM_FAR 7 -#define UWOP_SAVE_XMM128 8 -#define UWOP_SAVE_XMM128_FAR 9 -#define UWOP_PUSH_MACHFRAME 10 - -struct pex64_unwind_code -{ - bfd_vma prologue_offset; - /* Contains Frame offset, or frame allocation size. */ - bfd_vma frame_addr; - unsigned int uwop_code : 4; - /* xmm, mm, or standard register from 0 - 15. */ - unsigned int reg : 4; - /* Used for UWOP_PUSH_MACHFRAME to indicate optional errorcode stack - argument. */ - unsigned int has_errorcode : 1; -}; - -struct external_pex64_unwind_code -{ - bfd_byte dta[2]; -}; - -#define PEX64_UNWCODE_CODE(VAL) ((VAL) & 0xf) -#define PEX64_UNWCODE_INFO(VAL) (((VAL) >> 4) & 0xf) - -/* The unwind info. */ -#define UNW_FLAG_NHANDLER 0 -#define UNW_FLAG_EHANDLER 1 -#define UNW_FLAG_UHANDLER 2 -#define UNW_FLAG_FHANDLER 3 -#define UNW_FLAG_CHAININFO 4 - -#define UNW_FLAG_MASK 0x1f - -struct pex64_unwind_info -{ - bfd_vma SizeOfBlock; - bfd_byte Version; /* Values from 0 up to 7 are possible. */ - bfd_byte Flags; /* Values from 0 up to 31 are possible. */ - bfd_vma SizeOfPrologue; - bfd_vma CountOfCodes; /* Amount of pex64_unwind_code elements. */ - /* 0 = CFA, 1..15 are index of integer registers. */ - unsigned int FrameRegister : 4; - bfd_vma FrameOffset; - bfd_vma sizeofUnwindCodes; - bfd_byte *rawUnwindCodes; - /* Valid for UNW_FLAG_EHANDLER and UNW_FLAG_UHANDLER. */ - bfd_vma CountOfScopes; - bfd_byte *rawScopeEntries; - bfd_vma rva_ExceptionHandler; /* UNW_EHANDLER. */ - bfd_vma rva_TerminationHandler; /* UNW_FLAG_UHANDLER. */ - bfd_vma rva_FrameHandler; /* UNW_FLAG_FHANDLER. */ - bfd_vma FrameHandlerArgument; /* UNW_FLAG_FHANDLER. */ - bfd_vma rva_FunctionEntry; /* UNW_FLAG_CHAININFO. */ -}; - -struct external_pex64_unwind_info -{ - bfd_byte Version_Flags; - bfd_byte SizeOfPrologue; - bfd_byte CountOfCodes; - bfd_byte FrameRegisterOffset; - /* external_pex64_unwind_code array. */ - /* bfd_byte handler[4]; */ - /* Optional language specific data. */ -}; - -struct external_pex64_scope -{ - bfd_vma Count; -}; - -struct pex64_scope -{ - bfd_byte Count[4]; -}; - -struct pex64_scope_entry -{ - bfd_vma rva_BeginAddress; - bfd_vma rva_EndAddress; - bfd_vma rva_HandlerAddress; - bfd_vma rva_JumpAddress; -}; -#define PEX64_SCOPE_ENTRY_SIZE 16 - -struct external_pex64_scope_entry -{ - bfd_byte rva_BeginAddress[4]; - bfd_byte rva_EndAddress[4]; - bfd_byte rva_HandlerAddress[4]; - bfd_byte rva_JumpAddress[4]; -}; - -#define PEX64_UWI_VERSION(VAL) ((VAL) & 7) -#define PEX64_UWI_FLAGS(VAL) (((VAL) >> 3) & 0x1f) -#define PEX64_UWI_FRAMEREG(VAL) ((VAL) & 0xf) -#define PEX64_UWI_FRAMEOFF(VAL) (((VAL) >> 4) & 0xf) -#define PEX64_UWI_SIZEOF_UWCODE_ARRAY(VAL) \ - ((((VAL) + 1) & ~1) * 2) - -#define PEX64_OFFSET_TO_UNWIND_CODE 0x4 - -#define PEX64_OFFSET_TO_HANDLER_RVA (COUNTOFUNWINDCODES) \ - (PEX64_OFFSET_TO_UNWIND_CODE + \ - PEX64_UWI_SIZEOF_UWCODE_ARRAY(COUNTOFUNWINDCODES)) - -#define PEX64_OFFSET_TO_SCOPE_COUNT(COUNTOFUNWINDCODES) \ - (PEX64_OFFSET_TO_HANDLER_RVA(COUNTOFUNWINDCODES) + 4) - -#define PEX64_SCOPE_ENTRY(COUNTOFUNWINDCODES, IDX) \ - (PEX64_OFFSET_TO_SCOPE_COUNT(COUNTOFUNWINDCODES) + \ - PEX64_SCOPE_ENTRY_SIZE * (IDX)) - -#endif /* _PE_H */ diff -Nru sbsigntool-0.3/coff/x86_64.h sbsigntool-0.4/coff/x86_64.h --- sbsigntool-0.3/coff/x86_64.h 2012-05-07 06:38:42.000000000 +0100 +++ sbsigntool-0.4/coff/x86_64.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,57 +0,0 @@ -/* COFF information for AMD 64. - Copyright 2006, 2009, 2010 Free Software Foundation, Inc. - - This file is part of BFD, the Binary File Descriptor library. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, - MA 02110-1301, USA. - - Written by Kai Tietz, OneVision Software GmbH&CoKg. */ - -#define L_LNNO_SIZE 2 -#define INCLUDE_COMDAT_FIELDS_IN_AUXENT - -#include "coff/external.h" - -#define COFF_PAGE_SIZE 0x1000 - -#define AMD64MAGIC 0x8664 - -#define AMD64BADMAG(x) ((x).f_magic != AMD64MAGIC) -#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b - -#define OMAGIC 0404 /* Object files, eg as output. */ -#define ZMAGIC IMAGE_NT_OPTIONAL_HDR64_MAGIC /* Demand load format, eg normal ld output 0x10b. */ -#define STMAGIC 0401 /* Target shlib. */ -#define SHMAGIC 0443 /* Host shlib. */ - -/* Define some NT default values. */ -/* #define NT_IMAGE_BASE 0x400000 moved to internal.h. */ -#define NT_SECTION_ALIGNMENT 0x1000 -#define NT_FILE_ALIGNMENT 0x200 -#define NT_DEF_RESERVE 0x100000 -#define NT_DEF_COMMIT 0x1000 - -/* Relocation directives. */ - -struct external_reloc -{ - char r_vaddr[4]; - char r_symndx[4]; - char r_type[2]; -}; - -#define RELOC struct external_reloc -#define RELSZ 10 diff -Nru sbsigntool-0.3/compile sbsigntool-0.4/compile --- sbsigntool-0.3/compile 2012-06-30 01:09:02.000000000 +0100 +++ sbsigntool-0.4/compile 2012-06-28 19:04:43.000000000 +0100 @@ -1,7 +1,7 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-03-05.13; # UTC +scriptversion=2012-01-04.17; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free # Software Foundation, Inc. @@ -79,48 +79,6 @@ esac } -# func_cl_dashL linkdir -# Make cl look for libraries in LINKDIR -func_cl_dashL () -{ - func_file_conv "$1" - if test -z "$lib_path"; then - lib_path=$file - else - lib_path="$lib_path;$file" - fi - linker_opts="$linker_opts -LIBPATH:$file" -} - -# func_cl_dashl library -# Do a library search-path lookup for cl -func_cl_dashl () -{ - lib=$1 - found=no - save_IFS=$IFS - IFS=';' - for dir in $lib_path $LIB - do - IFS=$save_IFS - if $shared && test -f "$dir/$lib.dll.lib"; then - found=yes - lib=$dir/$lib.dll.lib - break - fi - if test -f "$dir/$lib.lib"; then - found=yes - lib=$dir/$lib.lib - break - fi - done - IFS=$save_IFS - - if test "$found" != yes; then - lib=$lib.lib - fi -} - # func_cl_wrapper cl arg... # Adjust compile command to suit cl func_cl_wrapper () @@ -151,34 +109,43 @@ ;; esac ;; - -I) - eat=1 - func_file_conv "$2" mingw - set x "$@" -I"$file" - shift - ;; -I*) func_file_conv "${1#-I}" mingw set x "$@" -I"$file" shift ;; - -l) - eat=1 - func_cl_dashl "$2" - set x "$@" "$lib" - shift - ;; -l*) - func_cl_dashl "${1#-l}" - set x "$@" "$lib" + lib=${1#-l} + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + set x "$@" "$dir/$lib.dll.lib" + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + set x "$@" "$dir/$lib.lib" + break + fi + done + IFS=$save_IFS + + test "$found" != yes && set x "$@" "$lib.lib" shift ;; - -L) - eat=1 - func_cl_dashL "$2" - ;; -L*) - func_cl_dashL "${1#-L}" + func_file_conv "${1#-L}" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" ;; -static) shared=false diff -Nru sbsigntool-0.3/config.h.in sbsigntool-0.4/config.h.in --- sbsigntool-0.3/config.h.in 2012-06-30 01:06:07.000000000 +0100 +++ sbsigntool-0.4/config.h.in 2012-10-02 10:13:38.000000000 +0100 @@ -3,6 +3,9 @@ /* Big-endian system */ #undef HAVE_BIG_ENDIAN +/* Define to 1 if you have the header file. */ +#undef HAVE_EFI_H + /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H diff -Nru sbsigntool-0.3/configure sbsigntool-0.4/configure --- sbsigntool-0.3/configure 2012-06-30 01:06:07.000000000 +0100 +++ sbsigntool-0.4/configure 2012-10-02 10:13:39.000000000 +0100 @@ -1,11 +1,13 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sbsigntool 0.3. +# Generated by GNU Autoconf 2.68 for sbsigntool 0.4. # # Report bugs to . # # -# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software +# Foundation, Inc. # # # This configure script is free software; the Free Software Foundation @@ -134,31 +136,6 @@ # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# Use a proper internal environment variable to ensure we don't fall - # into an infinite loop, continuously re-executing ourselves. - if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then - _as_can_reexec=no; export _as_can_reexec; - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 - fi - # We don't want this to propagate to other subprocesses. - { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh @@ -192,8 +169,7 @@ else exitcode=1; echo positional parameters were not saved. fi -test x\$exitcode = x0 || exit 1 -test -x / || exit 1" +test x\$exitcode = x0 || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && @@ -238,25 +214,21 @@ if test "x$CONFIG_SHELL" != x; then : - export CONFIG_SHELL - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -exit 255 + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also + # works around shells that cannot unset nonexistent variables. + # Preserve -v and -x to the replacement shell. + BASH_ENV=/dev/null + ENV=/dev/null + (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV + export CONFIG_SHELL + case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; + esac + exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} fi if test x$as_have_required = xno; then : @@ -359,14 +331,6 @@ } # as_fn_mkdir_p - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take @@ -488,10 +452,6 @@ chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } - # If we had to re-execute with $CONFIG_SHELL, we're ensured to have - # already done that, so ensure we don't try to do so again and fall - # in an infinite loop. This has already happened in practice. - _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). @@ -526,16 +486,16 @@ # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' + as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else - as_ln_s='cp -pR' + as_ln_s='cp -p' fi else - as_ln_s='cp -pR' + as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null @@ -547,8 +507,28 @@ as_mkdir_p=false fi -as_test_x='test -x' -as_executable_p=as_fn_executable_p +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" @@ -580,12 +560,12 @@ # Identity of this package. PACKAGE_NAME='sbsigntool' PACKAGE_TARNAME='sbsigntool' -PACKAGE_VERSION='0.3' -PACKAGE_STRING='sbsigntool 0.3' +PACKAGE_VERSION='0.4' +PACKAGE_STRING='sbsigntool 0.4' PACKAGE_BUGREPORT='jeremy.kerr@canonical.com' PACKAGE_URL='' -ac_unique_file="sbsign.c" +ac_unique_file="src/sbsign.c" # Factoring default headers for most tests. ac_includes_default="\ #include @@ -626,6 +606,9 @@ am__EXEEXT_TRUE LTLIBOBJS LIBOBJS +EFI_CPPFLAGS +uuid_LIBS +uuid_CFLAGS libcrypto_LIBS libcrypto_CFLAGS PKG_CONFIG_LIBDIR @@ -740,7 +723,9 @@ PKG_CONFIG_PATH PKG_CONFIG_LIBDIR libcrypto_CFLAGS -libcrypto_LIBS' +libcrypto_LIBS +uuid_CFLAGS +uuid_LIBS' # Initialize some variables set by options. @@ -1196,6 +1181,8 @@ if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -1281,7 +1268,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sbsigntool 0.3 to adapt to many kinds of systems. +\`configure' configures sbsigntool 0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1347,7 +1334,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sbsigntool 0.3:";; + short | recursive ) echo "Configuration of sbsigntool 0.4:";; esac cat <<\_ACEOF @@ -1378,6 +1365,8 @@ C compiler flags for libcrypto, overriding pkg-config libcrypto_LIBS linker flags for libcrypto, overriding pkg-config + uuid_CFLAGS C compiler flags for uuid, overriding pkg-config + uuid_LIBS linker flags for uuid, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1445,10 +1434,10 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sbsigntool configure 0.3 -generated by GNU Autoconf 2.69 +sbsigntool configure 0.4 +generated by GNU Autoconf 2.68 -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1701,8 +1690,8 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sbsigntool $as_me 0.3, which was -generated by GNU Autoconf 2.69. Invocation command line was +It was created by sbsigntool $as_me 0.4, which was +generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2118,7 +2107,7 @@ # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. @@ -2287,7 +2276,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2327,7 +2316,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2378,7 +2367,7 @@ test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do - as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ @@ -2431,7 +2420,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2517,7 +2506,7 @@ # Define the identity of the package. PACKAGE='sbsigntool' - VERSION='0.3' + VERSION='0.4' cat >>confdefs.h <<_ACEOF @@ -2649,7 +2638,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2689,7 +2678,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2742,7 +2731,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2783,7 +2772,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue @@ -2841,7 +2830,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -2885,7 +2874,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -3331,7 +3320,8 @@ /* end confdefs.h. */ #include #include -struct stat; +#include +#include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); @@ -3699,7 +3689,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -3739,7 +3729,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -3792,7 +3782,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -3833,7 +3823,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue @@ -3891,7 +3881,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -3935,7 +3925,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4131,7 +4121,8 @@ /* end confdefs.h. */ #include #include -struct stat; +#include +#include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); @@ -4624,7 +4615,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4664,7 +4655,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4718,7 +4709,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OBJCOPY="${ac_tool_prefix}objcopy" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4758,7 +4749,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OBJCOPY="objcopy" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4810,7 +4801,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4850,7 +4841,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4904,7 +4895,7 @@ for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in @@ -4970,7 +4961,7 @@ for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in @@ -5251,7 +5242,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5294,7 +5285,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5416,7 +5407,101 @@ fi -ac_config_files="$ac_config_files Makefile lib/ccan/Makefile tests/Makefile" + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uuid" >&5 +$as_echo_n "checking for uuid... " >&6; } + +if test -n "$uuid_CFLAGS"; then + pkg_cv_uuid_CFLAGS="$uuid_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"uuid\""; } >&5 + ($PKG_CONFIG --exists --print-errors "uuid") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_uuid_CFLAGS=`$PKG_CONFIG --cflags "uuid" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$uuid_LIBS"; then + pkg_cv_uuid_LIBS="$uuid_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"uuid\""; } >&5 + ($PKG_CONFIG --exists --print-errors "uuid") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_uuid_LIBS=`$PKG_CONFIG --libs "uuid" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + uuid_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "uuid" 2>&1` + else + uuid_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "uuid" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$uuid_PKG_ERRORS" >&5 + + as_fn_error $? "libuuid (from the uuid package) is required" "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "libuuid (from the uuid package) is required" "$LINENO" 5 +else + uuid_CFLAGS=$pkg_cv_uuid_CFLAGS + uuid_LIBS=$pkg_cv_uuid_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +EFI_ARCH=$(uname -m) +EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ + -DEFI_FUNCTION_WRAPPER" +CPPFLAGS_save="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS" +for ac_header in efi.h +do : + ac_fn_c_check_header_compile "$LINENO" "efi.h" "ac_cv_header_efi_h" "$EFI_INCLUDES +" +if test "x$ac_cv_header_efi_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EFI_H 1 +_ACEOF + +fi + +done + +CPPFLAGS="$CPPFLAGS_save" +EFI_CPPFLAGS=$EFI_CPPFLAGS + + +ac_config_files="$ac_config_files Makefile src/Makefile lib/ccan/Makefile docs/Makefile tests/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -5849,16 +5934,16 @@ # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' + as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else - as_ln_s='cp -pR' + as_ln_s='cp -p' fi else - as_ln_s='cp -pR' + as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null @@ -5918,16 +6003,28 @@ as_mkdir_p=false fi - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p -as_test_x='test -x' -as_executable_p=as_fn_executable_p +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" @@ -5948,8 +6045,8 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sbsigntool $as_me 0.3, which was -generated by GNU Autoconf 2.69. Invocation command line was +This file was extended by sbsigntool $as_me 0.4, which was +generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -6014,11 +6111,11 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sbsigntool config.status 0.3 -configured by $0, generated by GNU Autoconf 2.69, +sbsigntool config.status 0.4 +configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -6109,7 +6206,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then - set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' @@ -6146,7 +6243,9 @@ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "lib/ccan/Makefile") CONFIG_FILES="$CONFIG_FILES lib/ccan/Makefile" ;; + "docs/Makefile") CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; diff -Nru sbsigntool-0.3/configure.ac sbsigntool-0.4/configure.ac --- sbsigntool-0.3/configure.ac 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/configure.ac 2012-10-02 10:12:40.000000000 +0100 @@ -1,11 +1,11 @@ -AC_INIT([sbsigntool], [0.3], [jeremy.kerr@canonical.com]) +AC_INIT([sbsigntool], [0.4], [jeremy.kerr@canonical.com]) AM_INIT_AUTOMAKE() AC_PREREQ(2.60) AC_CONFIG_HEADERS(config.h) -AC_CONFIG_SRCDIR(sbsign.c) +AC_CONFIG_SRCDIR(src/sbsign.c) AM_PROG_AS AC_PROG_CC @@ -59,5 +59,20 @@ [], AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required])) -AC_CONFIG_FILES([Makefile lib/ccan/Makefile tests/Makefile]) +PKG_CHECK_MODULES(uuid, uuid, + [], + AC_MSG_ERROR([libuuid (from the uuid package) is required])) + +dnl gnu-efi headers require extra include dirs +EFI_ARCH=$(uname -m) +EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ + -DEFI_FUNCTION_WRAPPER" +CPPFLAGS_save="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS" +AC_CHECK_HEADERS([efi.h], [], [], $EFI_INCLUDES) +CPPFLAGS="$CPPFLAGS_save" +AC_SUBST(EFI_CPPFLAGS, $EFI_CPPFLAGS) + +AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] + [docs/Makefile tests/Makefile]) AC_OUTPUT diff -Nru sbsigntool-0.3/debian/changelog sbsigntool-0.4/debian/changelog --- sbsigntool-0.3/debian/changelog 2012-10-01 10:53:57.000000000 +0100 +++ sbsigntool-0.4/debian/changelog 2012-10-02 10:26:00.000000000 +0100 @@ -1,3 +1,10 @@ +sbsigntool (0.4-0ubuntu1) quantal; urgency=low + + * New upstream release. + * Add new uuid-dev and gnu-efi build dependancies. + + -- Andy Whitcroft Tue, 02 Oct 2012 10:15:17 +0100 + sbsigntool (0.3-0ubuntu2) quantal; urgency=low * Only build on amd64 and i386 (LP: #1020771). diff -Nru sbsigntool-0.3/debian/control sbsigntool-0.4/debian/control --- sbsigntool-0.3/debian/control 2012-10-01 10:53:35.000000000 +0100 +++ sbsigntool-0.4/debian/control 2012-10-02 09:34:11.000000000 +0100 @@ -4,7 +4,7 @@ Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Steve Langasek Standards-Version: 3.9.3 -Build-Depends: binutils-dev, debhelper (>= 9), libssl-dev, help2man, openssl, pkg-config +Build-Depends: binutils-dev, debhelper (>= 9), libssl-dev, help2man, openssl, pkg-config, uuid-dev, gnu-efi Vcs-Bzr: lp:ubuntu/sbsigntool Package: sbsigntool diff -Nru sbsigntool-0.3/depcomp sbsigntool-0.4/depcomp --- sbsigntool-0.3/depcomp 2012-06-30 01:09:02.000000000 +0100 +++ sbsigntool-0.4/depcomp 2012-06-28 19:04:43.000000000 +0100 @@ -1,10 +1,10 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2012-03-27.16; # UTC +scriptversion=2011-12-04.11; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# 2011 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,7 +28,7 @@ case $1 in '') - echo "$0: No command. Try '$0 --help' for more information." 1>&2 + echo "$0: No command. Try \`$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) @@ -40,8 +40,8 @@ Environment variables: depmode Dependency tracking mode. - source Source file read by 'PROGRAMS ARGS'. - object Object file output by 'PROGRAMS ARGS'. + source Source file read by `PROGRAMS ARGS'. + object Object file output by `PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputting dependencies. @@ -57,12 +57,6 @@ ;; esac -# A tabulation character. -tab=' ' -# A newline character. -nl=' -' - if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 @@ -108,12 +102,6 @@ depmode=msvc7 fi -if test "$depmode" = xlc; then - # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations. - gccflag=-qmakedep=gcc,-MF - depmode=gcc -fi - case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what @@ -168,14 +156,15 @@ ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" -## This next piece of magic avoids the "deleted header file" problem. +## This next piece of magic avoids the `deleted header file' problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. - tr ' ' "$nl" < "$tmpdepfile" | -## Some versions of gcc put a space before the ':'. On the theory + tr ' ' ' +' < "$tmpdepfile" | +## Some versions of gcc put a space before the `:'. On the theory ## that the space means something, we add a space to the output as ## well. hp depmode also adds that space, but also prefixes the VPATH ## to the object. Take care to not repeat it in the output. @@ -214,15 +203,18 @@ # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; - # the IRIX cc adds comments like '#:fec' to the end of the + # the IRIX cc adds comments like `#:fec' to the end of the # dependency line. - tr ' ' "$nl" < "$tmpdepfile" \ + tr ' ' ' +' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ - tr "$nl" ' ' >> "$depfile" + tr ' +' ' ' >> "$depfile" echo >> "$depfile" # The second pass generates a dummy entry for each header file. - tr ' ' "$nl" < "$tmpdepfile" \ + tr ' ' ' +' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> "$depfile" else @@ -234,17 +226,10 @@ rm -f "$tmpdepfile" ;; -xlc) - # This case exists only to let depend.m4 do its work. It works by - # looking at the text of this script. This case will never be run, - # since it is checked for above. - exit 1 - ;; - aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the - # current directory. Also, the AIX compiler puts '$object:' at the + # current directory. Also, the AIX compiler puts `$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` @@ -274,11 +259,12 @@ test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then - # Each line is of the form 'foo.o: dependent.h'. + # Each line is of the form `foo.o: dependent.h'. # Do two passes, one to just change these to - # '$object: dependent.h' and one to simply 'dependent.h:'. + # `$object: dependent.h' and one to simply `dependent.h:'. sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile @@ -289,26 +275,23 @@ ;; icc) - # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'. - # However on - # $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c + # Intel's C compiler understands `-MD -MF file'. However on + # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c # ICC 7.0 will fill foo.d with something like # foo.o: sub/foo.c # foo.o: sub/foo.h - # which is wrong. We want + # which is wrong. We want: # sub/foo.o: sub/foo.c # sub/foo.o: sub/foo.h # sub/foo.c: # sub/foo.h: # ICC 7.1 will output # foo.o: sub/foo.c sub/foo.h - # and will wrap long lines using '\': + # and will wrap long lines using \ : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... - # tcc 0.9.26 (FIXME still under development at the moment of writing) - # will emit a similar output, but also prepend the continuation lines - # with horizontal tabulation characters. + "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : @@ -317,21 +300,15 @@ exit $stat fi rm -f "$depfile" - # Each line is of the form 'foo.o: dependent.h', - # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'. + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to - # '$object: dependent.h' and one to simply 'dependent.h:'. - sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \ - < "$tmpdepfile" > "$depfile" - sed ' - s/[ '"$tab"'][ '"$tab"']*/ /g - s/^ *// - s/ *\\*$// - s/^[^:]*: *// - /^$/d - /:$/d - s/$/ :/ - ' < "$tmpdepfile" >> "$depfile" + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | + sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -367,7 +344,7 @@ done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" - # Add 'dependent.h:' lines. + # Add `dependent.h:' lines. sed -ne '2,${ s/^ *// s/ \\*$// @@ -382,9 +359,9 @@ tru64) # The Tru64 compiler uses -MD to generate dependencies as a side - # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put - # dependencies in 'foo.d' instead, so we check for that too. + # dependencies in `foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= @@ -430,7 +407,8 @@ done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi @@ -465,11 +443,11 @@ p }' | $cygpath_u | sort -u | sed -n ' s/ /\\ /g -s/\(.*\)/'"$tab"'\1 \\/p +s/\(.*\)/ \1 \\/p s/.\(.*\) \\/\1:/ H $ { - s/.*/'"$tab"'/ + s/.*/ / G p }' >> "$depfile" @@ -500,7 +478,7 @@ shift fi - # Remove '-o $object'. + # Remove `-o $object'. IFS=" " for arg do @@ -520,14 +498,15 @@ done test -z "$dashmflag" && dashmflag=-M - # Require at least two characters before searching for ':' + # Require at least two characters before searching for `:' # in the target name. This is to cope with DOS-style filenames: - # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. "$@" $dashmflag | - sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile" + sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" - tr ' ' "$nl" < "$tmpdepfile" | \ + tr ' ' ' +' < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" @@ -583,7 +562,8 @@ # makedepend may prepend the VPATH from the source file name to the object. # No need to regex-escape $object, excess matching of '.' is harmless. sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" - sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \ + sed '1,2d' "$tmpdepfile" | tr ' ' ' +' | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" @@ -603,7 +583,7 @@ shift fi - # Remove '-o $object'. + # Remove `-o $object'. IFS=" " for arg do @@ -672,8 +652,8 @@ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" - sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" - echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + echo " " >> "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; diff -Nru sbsigntool-0.3/docs/Makefile.am sbsigntool-0.4/docs/Makefile.am --- sbsigntool-0.3/docs/Makefile.am 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/docs/Makefile.am 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,11 @@ + +man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 + +EXTRA_DIST = sbsign.1.in sbverify.1.in sbattach.1.in \ + sbvarsign.1.in sbsiglist.1.in +CLEANFILES = $(man1_MANS) + +$(builddir)/%.1: $(srcdir)/%.1.in $(top_builddir)/src/% + $(MKDIR_P) $(@D) + $(HELP2MAN) --no-info -i $< -o $@ $(top_builddir)/src/$* + diff -Nru sbsigntool-0.3/docs/Makefile.in sbsigntool-0.4/docs/Makefile.in --- sbsigntool-0.3/docs/Makefile.in 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/docs/Makefile.in 2012-10-02 10:13:40.000000000 +0100 @@ -0,0 +1,424 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +subdir = docs +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" +NROFF = nroff +MANS = $(man1_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EFI_CPPFLAGS = @EFI_CPPFLAGS@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HELP2MAN = @HELP2MAN@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJCOPY = @OBJCOPY@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libcrypto_CFLAGS = @libcrypto_CFLAGS@ +libcrypto_LIBS = @libcrypto_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +uuid_CFLAGS = @uuid_CFLAGS@ +uuid_LIBS = @uuid_LIBS@ +man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 +EXTRA_DIST = sbsign.1.in sbverify.1.in sbattach.1.in \ + sbvarsign.1.in sbsiglist.1.in + +CLEANFILES = $(man1_MANS) +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu docs/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu docs/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-man1: $(man1_MANS) + @$(NORMAL_INSTALL) + test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man1dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man1 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic distclean \ + distclean-generic distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic pdf pdf-am ps ps-am uninstall \ + uninstall-am uninstall-man uninstall-man1 + + +$(builddir)/%.1: $(srcdir)/%.1.in $(top_builddir)/src/% + $(MKDIR_P) $(@D) + $(HELP2MAN) --no-info -i $< -o $@ $(top_builddir)/src/$* + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru sbsigntool-0.3/docs/sbsiglist.1.in sbsigntool-0.4/docs/sbsiglist.1.in --- sbsigntool-0.3/docs/sbsiglist.1.in 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/docs/sbsiglist.1.in 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,2 @@ +[name] +sbsiglist - Create EFI_SIGNATURE_LIST signature databases diff -Nru sbsigntool-0.3/docs/sbvarsign.1.in sbsigntool-0.4/docs/sbvarsign.1.in --- sbsigntool-0.3/docs/sbvarsign.1.in 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/docs/sbvarsign.1.in 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,2 @@ +[name] +sbvarsign - UEFI authenticated variable signing tool diff -Nru sbsigntool-0.3/idc.c sbsigntool-0.4/idc.c --- sbsigntool-0.3/idc.c 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/idc.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,301 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "idc.h" - -typedef struct idc_type_value { - ASN1_OBJECT *type; - ASN1_TYPE *value; -} IDC_TYPE_VALUE; - -ASN1_SEQUENCE(IDC_TYPE_VALUE) = { - ASN1_SIMPLE(IDC_TYPE_VALUE, type, ASN1_OBJECT), - ASN1_OPT(IDC_TYPE_VALUE, value, ASN1_ANY), -} ASN1_SEQUENCE_END(IDC_TYPE_VALUE); - -IMPLEMENT_ASN1_FUNCTIONS(IDC_TYPE_VALUE); - -typedef struct idc_string { - int type; - union { - ASN1_BMPSTRING *unicode; - ASN1_IA5STRING *ascii; - } value; -} IDC_STRING; - -ASN1_CHOICE(IDC_STRING) = { - ASN1_IMP(IDC_STRING, value.unicode, ASN1_BMPSTRING, 0), - ASN1_IMP(IDC_STRING, value.ascii, ASN1_IA5STRING, 1), -} ASN1_CHOICE_END(IDC_STRING); - -IMPLEMENT_ASN1_FUNCTIONS(IDC_STRING); - -typedef struct idc_link { - int type; - union { - ASN1_NULL *url; - ASN1_NULL *moniker; - IDC_STRING *file; - } value; -} IDC_LINK; - -ASN1_CHOICE(IDC_LINK) = { - ASN1_IMP(IDC_LINK, value.url, ASN1_NULL, 0), - ASN1_IMP(IDC_LINK, value.moniker, ASN1_NULL, 1), - ASN1_EXP(IDC_LINK, value.file, IDC_STRING, 2), -} ASN1_CHOICE_END(IDC_LINK); - -IMPLEMENT_ASN1_FUNCTIONS(IDC_LINK); - -typedef struct idc_pe_image_data { - ASN1_BIT_STRING *flags; - IDC_LINK *file; -} IDC_PEID; - -ASN1_SEQUENCE(IDC_PEID) = { - ASN1_SIMPLE(IDC_PEID, flags, ASN1_BIT_STRING), - ASN1_EXP(IDC_PEID, file, IDC_LINK, 0), -} ASN1_SEQUENCE_END(IDC_PEID); - -IMPLEMENT_ASN1_FUNCTIONS(IDC_PEID); - -typedef struct idc_digest { - X509_ALGOR *alg; - ASN1_OCTET_STRING *digest; -} IDC_DIGEST; - -ASN1_SEQUENCE(IDC_DIGEST) = { - ASN1_SIMPLE(IDC_DIGEST, alg, X509_ALGOR), - ASN1_SIMPLE(IDC_DIGEST, digest, ASN1_OCTET_STRING), -} ASN1_SEQUENCE_END(IDC_DIGEST) - -IMPLEMENT_ASN1_FUNCTIONS(IDC_DIGEST) - -typedef struct idc { - IDC_TYPE_VALUE *data; - IDC_DIGEST *digest; -} IDC; - -ASN1_SEQUENCE(IDC) = { - ASN1_SIMPLE(IDC, data, IDC_TYPE_VALUE), - ASN1_SIMPLE(IDC, digest, IDC_DIGEST), -} ASN1_SEQUENCE_END(IDC) - -IMPLEMENT_ASN1_FUNCTIONS(IDC) - -static int type_set_sequence(void *ctx, ASN1_TYPE *type, - void *s, const ASN1_ITEM *it) -{ - uint8_t *seq_data, *tmp; - ASN1_OCTET_STRING *os; - ASN1_STRING *seq = s; - int len; - - os = ASN1_STRING_new(); - - len = ASN1_item_i2d((ASN1_VALUE *)seq, NULL, it); - tmp = seq_data = talloc_array(ctx, uint8_t, len); - ASN1_item_i2d((ASN1_VALUE *)seq, &tmp, it); - - ASN1_STRING_set(os, seq_data, len); - ASN1_TYPE_set(type, V_ASN1_SEQUENCE, os); - return 0; -} - -const char obsolete[] = { - 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, - 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, - 0x00, 0x65, 0x00, 0x3e, 0x00, 0x3e, 0x00, 0x3e -}; - -const char *sha256_str(const uint8_t *hash) -{ - static char s[SHA256_DIGEST_LENGTH * 2 + 1]; - int i; - - for (i = 0; i < SHA256_DIGEST_LENGTH; i++) - snprintf(s + i * 2, 3, "%02x", hash[i]); - - return s; -} - -int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) -{ - uint8_t *buf, *tmp, sha[SHA256_DIGEST_LENGTH]; - int idc_nid, peid_nid, len, rc; - IDC_PEID *peid; - ASN1_STRING *s; - ASN1_TYPE *t; - BIO *sigbio; - IDC *idc; - - idc_nid = OBJ_create("1.3.6.1.4.1.311.2.1.4", - "spcIndirectDataContext", - "Indirect Data Context"); - peid_nid = OBJ_create("1.3.6.1.4.1.311.2.1.15", - "spcPEImageData", - "PE Image Data"); - - image_hash_sha256(image, sha); - - idc = IDC_new(); - peid = IDC_PEID_new(); - - peid->file = IDC_LINK_new(); - peid->file->type = 2; - peid->file->value.file = IDC_STRING_new(); - peid->file->value.file->type = 0; - peid->file->value.file->value.unicode = ASN1_STRING_new(); - ASN1_STRING_set(peid->file->value.file->value.unicode, - obsolete, sizeof(obsolete)); - - idc->data->type = OBJ_nid2obj(peid_nid); - idc->data->value = ASN1_TYPE_new(); - type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); - - idc->digest->alg->parameter = ASN1_TYPE_new(); - idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); - idc->digest->alg->parameter->type = V_ASN1_NULL; - ASN1_OCTET_STRING_set(idc->digest->digest, sha, sizeof(sha)); - - len = i2d_IDC(idc, NULL); - tmp = buf = talloc_array(image, uint8_t, len); - i2d_IDC(idc, &tmp); - - /* Add the contentType authenticated attribute */ - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, - OBJ_nid2obj(idc_nid)); - - /* Because the PKCS7 lib has a hard time dealing with non-standard - * data types, we create a temporary BIO to hold the signed data, so - * that the top-level PKCS7 object calculates the correct hash... - */ - sigbio = PKCS7_dataInit(p7, NULL); - BIO_write(sigbio, buf+2, len-2); - - /* ... then we finalise the p7 content, which does the actual - * signing ... */ - rc = PKCS7_dataFinal(p7, sigbio); - if (!rc) { - fprintf(stderr, "dataFinal failed\n"); - ERR_print_errors_fp(stderr); - return -1; - } - - /* ... and we replace the content with the actual IDC ASN type. */ - t = ASN1_TYPE_new(); - s = ASN1_STRING_new(); - ASN1_STRING_set(s, buf, len); - ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s); - PKCS7_set0_type_other(p7->d.sign->contents, idc_nid, t); - - return 0; -} - -struct idc *IDC_get(PKCS7 *p7, BIO *bio) -{ - const unsigned char *buf, *idcbuf; - ASN1_STRING *str; - IDC *idc; - - /* extract the idc from the signed PKCS7 'other' data */ - str = p7->d.sign->contents->d.other->value.asn1_string; - idcbuf = buf = ASN1_STRING_data(str); - idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); - - /* If we were passed a BIO, write the idc data, minus type and length, - * to the BIO. This can be used to PKCS7_verify the idc */ - if (bio) { - uint32_t idclen; - uint8_t tmp; - - tmp = idcbuf[1]; - - if (!(tmp & 0x80)) { - idclen = tmp & 0x7f; - idcbuf += 2; - } else if ((tmp & 0x82) == 0x82) { - idclen = (idcbuf[2] << 8) + - idcbuf[3]; - idcbuf += 4; - } else { - fprintf(stderr, "Invalid ASN.1 data in " - "IndirectDataContext?\n"); - return NULL; - } - - BIO_write(bio, idcbuf, idclen); - } - - return idc; -} - -int IDC_check_hash(struct idc *idc, struct image *image) -{ - unsigned char sha[SHA256_DIGEST_LENGTH]; - const unsigned char *buf; - ASN1_STRING *str; - - image_hash_sha256(image, sha); - - /* check hash algorithm sanity */ - if (OBJ_cmp(idc->digest->alg->algorithm, OBJ_nid2obj(NID_sha256))) { - fprintf(stderr, "Invalid algorithm type\n"); - return -1; - } - - str = idc->digest->digest; - if (ASN1_STRING_length(str) != sizeof(sha)) { - fprintf(stderr, "Invalid algorithm length\n"); - return -1; - } - - /* check hash against the one we calculated from the image */ - buf = ASN1_STRING_data(str); - if (memcmp(buf, sha, sizeof(sha))) { - fprintf(stderr, "Hash doesn't match image\n"); - fprintf(stderr, " got: %s\n", sha256_str(buf)); - fprintf(stderr, " expecting: %s\n", sha256_str(sha)); - return -1; - } - - return 0; -} diff -Nru sbsigntool-0.3/idc.h sbsigntool-0.4/idc.h --- sbsigntool-0.3/idc.h 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/idc.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,46 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ -#ifndef IDC_H -#define IDC_H - -#include "image.h" - -#include - -struct idc; - -int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image); -struct idc *IDC_get(PKCS7 *p7, BIO *bio); -int IDC_check_hash(struct idc *idc, struct image *image); - -#endif /* IDC_H */ - diff -Nru sbsigntool-0.3/image.c sbsigntool-0.4/image.c --- sbsigntool-0.3/image.c 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/image.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,449 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include "image.h" - -#define DATA_DIR_CERT_TABLE 4 - -/** - * The PE/COFF headers export struct fields as arrays of chars. So, define - * a couple of accessor functions that allow fields to be deferenced as their - * native types, to allow strict aliasing. This also allows for endian- - * neutral behaviour. - */ -static uint32_t __pehdr_u32(char field[]) -{ - uint8_t *ufield = (uint8_t *)field; - return (ufield[3] << 24) + - (ufield[2] << 16) + - (ufield[1] << 8) + - ufield[0]; -} - -static uint16_t __pehdr_u16(char field[]) -{ - uint8_t *ufield = (uint8_t *)field; - return (ufield[1] << 8) + - ufield[0]; -} - -/* wrappers to ensure type correctness */ -#define pehdr_u32(f) __pehdr_u32(f + BUILD_ASSERT_OR_ZERO(sizeof(f) == 4)) -#define pehdr_u16(f) __pehdr_u16(f + BUILD_ASSERT_OR_ZERO(sizeof(f) == 2)) - -static int image_pecoff_parse(struct image *image) -{ - char nt_sig[] = {'P', 'E', 0, 0}; - size_t size = image->size; - uint32_t addr; - - /* sanity checks */ - if (size < sizeof(*image->doshdr)) { - fprintf(stderr, "file is too small for DOS header\n"); - return -1; - } - - image->doshdr = image->buf; - - if (image->doshdr->e_magic[0] != 0x4d - || image->doshdr->e_magic[1] != 0x5a) { - fprintf(stderr, "Invalid DOS header magic\n"); - return -1; - } - - addr = pehdr_u32(image->doshdr->e_lfanew); - if (addr >= image->size) { - fprintf(stderr, "pehdr is beyond end of file [0x%08x]\n", - addr); - return -1; - } - - if (addr + sizeof(*image->pehdr) > image->size) { - fprintf(stderr, "File not large enough to contain pehdr\n"); - return -1; - } - - image->pehdr = image->buf + addr; - if (memcmp(image->pehdr->nt_signature, nt_sig, sizeof(nt_sig))) { - fprintf(stderr, "Invalid PE header signature\n"); - return -1; - } - - if (pehdr_u16(image->pehdr->f_magic) != AMD64MAGIC) { - fprintf(stderr, "Invalid PE header magic for x86_64\n"); - return -1; - } - - if (pehdr_u16(image->pehdr->f_opthdr) != sizeof(*image->aouthdr)) { - fprintf(stderr, "Invalid a.out header size\n"); - return -1; - } - - if (image->size < sizeof(*image->doshdr) + sizeof(*image->pehdr) - + sizeof(*image->aouthdr)) { - fprintf(stderr, "file is too small for a.out header\n"); - return -1; - } - - /* a.out header directly follows PE header */ - image->aouthdr = (void *)(image->pehdr+1); - - if (image->aouthdr->standard.magic[0] != 0x0b || - image->aouthdr->standard.magic[1] != 0x02) { - fprintf(stderr, "Invalid a.out machine type\n"); - return -1; - } - - image->data_dir = (void *)image->aouthdr->DataDirectory; - image->data_dir_sigtable = &image->data_dir[DATA_DIR_CERT_TABLE]; - image->checksum = (uint32_t *)image->aouthdr->CheckSum; - - image->cert_table_size = image->data_dir_sigtable->size; - if (image->cert_table_size) - image->cert_table = image->buf + image->data_dir_sigtable->addr; - else - image->cert_table = NULL; - - image->sections = pehdr_u16(image->pehdr->f_nscns); - image->scnhdr = (void *)(image->aouthdr+1); - - return 0; -} - -struct image *image_load(const char *filename) -{ - struct stat statbuf; - struct image *image; - int rc; - - image = talloc(NULL, struct image); - if (!image) { - perror("talloc(image)"); - return NULL; - } - - image->fd = open(filename, O_RDONLY); - if (image->fd < 0) { - perror("open"); - goto err; - } - - rc = fstat(image->fd, &statbuf); - if (rc) { - perror("fstat"); - goto err; - } - - image->size = statbuf.st_size; - - image->buf = talloc_size(image, image->size); - if (!image->buf) { - perror("talloc(buf)"); - goto err; - } - - if (!read_all(image->fd, image->buf, image->size)) { - perror("read_all"); - fprintf(stderr, "error reading input file\n"); - goto err; - } - - lseek(image->fd, 0, SEEK_SET); - - rc = image_pecoff_parse(image); - if (rc) - goto err; - - return image; -err: - talloc_free(image); - return NULL; -} - -static int align_up(int size, int align) -{ - return (size + align - 1) & ~(align - 1); -} - -static int cmp_regions(const void *p1, const void *p2) -{ - const struct region *r1 = p1, *r2 = p2; - - if (r1->data < r2->data) - return -1; - if (r1->data > r2->data) - return 1; - return 0; -} - -static void set_region_from_range(struct region *region, void *start, void *end) -{ - region->data = start; - region->size = end - start; -} - -int image_find_regions(struct image *image) -{ - struct region *regions; - int i, gap_warn; - uint32_t align; - size_t bytes; - - gap_warn = 0; - align = pehdr_u32(image->aouthdr->FileAlignment); - - /* now we know where the checksum and cert table data is, we can - * construct regions that need to be signed */ - bytes = 0; - image->n_checksum_regions = 0; - image->checksum_regions = NULL; - - image->n_checksum_regions = 3; - image->checksum_regions = talloc_zero_array(image, - struct region, - image->n_checksum_regions); - - /* first region: beginning to checksum field */ - regions = image->checksum_regions; - set_region_from_range(®ions[0], image->buf, image->checksum); - regions[0].name = "begin->cksum"; - bytes += regions[0].size; - - bytes += sizeof(*image->checksum); - - /* second region: end of checksum to certificate table entry */ - set_region_from_range(®ions[1], - image->checksum + 1, - image->data_dir_sigtable - ); - regions[1].name = "cksum->datadir[CERT]"; - bytes += regions[1].size; - - bytes += sizeof(struct data_dir_entry); - /* third region: end of checksum to end of headers */ - set_region_from_range(®ions[2], - (void *)image->data_dir_sigtable - + sizeof(struct data_dir_entry), - image->buf + - pehdr_u32(image->aouthdr->SizeOfHeaders)); - regions[2].name = "datadir[CERT]->headers"; - bytes += regions[2].size; - - /* add COFF sections */ - for (i = 0; i < image->sections; i++) { - uint32_t file_offset, file_size; - - file_offset = pehdr_u32(image->scnhdr[i].s_scnptr); - file_size = pehdr_u32(image->scnhdr[i].s_size); - - if (!file_size) - continue; - - image->n_checksum_regions++; - image->checksum_regions = talloc_realloc(image, - image->checksum_regions, - struct region, - image->n_checksum_regions); - regions = image->checksum_regions; - - regions[i + 3].data = image->buf + file_offset; - regions[i + 3].size = align_up(file_size, align); - regions[i + 3].name = talloc_strndup(image->checksum_regions, - image->scnhdr[i].s_name, 8); - bytes += regions[i + 3].size; - - if (regions[i+2].data + regions[i+2].size - != regions[i+3].data) { - fprintf(stderr, "warning: gap in section table:\n"); - fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", - regions[i+2].name, - regions[i+2].data - image->buf, - regions[i+2].data + - regions[i+2].size - image->buf); - fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", - regions[i+3].name, - regions[i+3].data - image->buf, - regions[i+3].data + - regions[i+3].size - image->buf); - - - gap_warn = 1; - } - } - - if (gap_warn) - fprintf(stderr, "gaps in the section table may result in " - "different checksums\n"); - - qsort(image->checksum_regions, image->n_checksum_regions, - sizeof(struct region), cmp_regions); - - if (bytes + image->cert_table_size != image->size) { - int n = image->n_checksum_regions++; - struct region *r; - - image->checksum_regions = talloc_realloc(image, - image->checksum_regions, - struct region, - image->n_checksum_regions); - r = &image->checksum_regions[n]; - r->name = "endjunk"; - r->data = image->buf + bytes; - r->size = image->size - bytes - image->cert_table_size; - - fprintf(stderr, "warning: data remaining[%zd vs %zd]: gaps " - "between PE/COFF sections?\n", - bytes + image->cert_table_size, image->size); - - } - - return 0; -} - -int image_hash_sha256(struct image *image, uint8_t digest[]) -{ - struct region *region; - SHA256_CTX ctx; - int rc, i, n; - - rc = SHA256_Init(&ctx); - if (!rc) - return -1; - - n = 0; - - for (i = 0; i < image->n_checksum_regions; i++) { - region = &image->checksum_regions[i]; - n += region->size; -#if 0 - printf("sum region: 0x%04lx -> 0x%04lx [0x%04x bytes]\n", - region->data - image->buf, - region->data - image->buf - 1 + region->size, - region->size); - -#endif - rc = SHA256_Update(&ctx, region->data, region->size); - if (!rc) - return -1; - } - - rc = SHA256_Final(digest, &ctx); - - return !rc; -} - -int image_write(struct image *image, const char *filename) -{ - struct cert_table_header cert_table_header; - int fd, rc, len, padlen; - bool is_signed; - uint8_t pad[8]; - - is_signed = image->sigbuf && image->sigsize; - - /* optionally update the image to contain signature data */ - if (is_signed) { - cert_table_header.size = image->sigsize + - sizeof(cert_table_header); - cert_table_header.revision = 0x0200; /* = revision 2 */ - cert_table_header.type = 0x0002; /* PKCS signedData */ - - len = sizeof(cert_table_header) + image->sigsize; - - /* pad to sizeof(pad)-byte boundary */ - padlen = align_up(len, sizeof(pad)) - len; - - image->data_dir_sigtable->addr = image->size; - image->data_dir_sigtable->size = len + padlen; - } else { - image->data_dir_sigtable->addr = 0; - image->data_dir_sigtable->size = 0; - } - - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd < 0) { - perror("open"); - return -1; - } - - rc = write_all(fd, image->buf, image->size); - if (!rc) - goto out; - if (!is_signed) - goto out; - - rc = write_all(fd, &cert_table_header, sizeof(cert_table_header)); - if (!rc) - goto out; - - rc = write_all(fd, image->sigbuf, image->sigsize); - if (!rc) - goto out; - - if (padlen) { - memset(pad, 0, sizeof(pad)); - rc = write_all(fd, pad, padlen); - } - -out: - close(fd); - return !rc; -} - -int image_write_detached(struct image *image, const char *filename) -{ - int fd, rc; - - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd < 0) { - perror("open"); - return -1; - } - - rc = write_all(fd, image->sigbuf, image->sigsize); - - close(fd); - return !rc; -} diff -Nru sbsigntool-0.3/image.h sbsigntool-0.4/image.h --- sbsigntool-0.3/image.h 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/image.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,99 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ -#ifndef IMAGE_H -#define IMAGE_H - -#include - -#include -#define DO_NOT_DEFINE_LINENO - -#include "coff/x86_64.h" -#include "coff/external.h" -#include "coff/pe.h" - -struct region { - void *data; - int size; - char *name; -}; - -struct image { - int fd; - void *buf; - size_t size; - - /* Pointers to interesting parts of the image */ - uint32_t *checksum; - struct external_PEI_DOS_hdr *doshdr; - struct external_PEI_IMAGE_hdr *pehdr; - PEPAOUTHDR *aouthdr; - struct data_dir_entry *data_dir; - struct data_dir_entry *data_dir_sigtable; - struct external_scnhdr *scnhdr; - int sections; - - void *cert_table; - int cert_table_size; - - /* Regions that are included in the image hash: populated - * during image parsing, then used during the hash process. - */ - struct region *checksum_regions; - int n_checksum_regions; - - /* Generated signature */ - void *sigbuf; - size_t sigsize; - -}; - -struct data_dir_entry { - uint32_t addr; - uint32_t size; -} __attribute__((packed)); - -struct cert_table_header { - uint32_t size; - uint16_t revision; - uint16_t type; -} __attribute__((packed)); - -struct image *image_load(const char *filename); - -int image_find_regions(struct image *image); -int image_hash_sha256(struct image *image, uint8_t digest[]); -int image_write(struct image *image, const char *filename); -int image_write_detached(struct image *image, const char *filename); - -#endif /* IMAGE_H */ - diff -Nru sbsigntool-0.3/lib/ccan/ccan/array_size/array_size.h sbsigntool-0.4/lib/ccan/ccan/array_size/array_size.h --- sbsigntool-0.3/lib/ccan/ccan/array_size/array_size.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/lib/ccan/ccan/array_size/array_size.h 2012-10-01 16:17:14.000000000 +0100 @@ -0,0 +1,25 @@ +#ifndef CCAN_ARRAY_SIZE_H +#define CCAN_ARRAY_SIZE_H +#include "config.h" +#include + +/** + * ARRAY_SIZE - get the number of elements in a visible array + * @arr: the array whose size you want. + * + * This does not work on pointers, or arrays declared as [], or + * function parameters. With correct compiler support, such usage + * will cause a build error (see build_assert). + */ +#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + _array_size_chk(arr)) + +#if HAVE_BUILTIN_TYPES_COMPATIBLE_P && HAVE_TYPEOF +/* Two gcc extensions. + * &a[0] degrades to a pointer: a different type from an array */ +#define _array_size_chk(arr) \ + BUILD_ASSERT_OR_ZERO(!__builtin_types_compatible_p(typeof(arr), \ + typeof(&(arr)[0]))) +#else +#define _array_size_chk(arr) 0 +#endif +#endif /* CCAN_ALIGNOF_H */ diff -Nru sbsigntool-0.3/lib/ccan/Makefile.am sbsigntool-0.4/lib/ccan/Makefile.am --- sbsigntool-0.3/lib/ccan/Makefile.am 2012-06-27 15:54:11.000000000 +0100 +++ sbsigntool-0.4/lib/ccan/Makefile.am 2012-10-02 10:13:35.000000000 +0100 @@ -1,31 +1,32 @@ noinst_LIBRARIES = libccan.a libccan_a_SOURCES = \ - ccan/typesafe_cb/typesafe_cb.h \ - ccan/tlist/tlist.h \ - ccan/time/time.h \ - ccan/time/time.c \ - ccan/tcon/tcon.h \ - ccan/talloc/talloc.h \ - ccan/talloc/talloc.c \ ccan/str/str.h \ - ccan/str/str_debug.h \ ccan/str/str.c \ ccan/str/debug.c \ - ccan/read_write_all/read_write_all.h \ - ccan/read_write_all/read_write_all.c \ + ccan/str/str_debug.h \ + ccan/tlist/tlist.h \ + ccan/tcon/tcon.h \ + ccan/container_of/container_of.h \ + ccan/build_assert/build_assert.h \ ccan/list/list.h \ ccan/list/list.c \ + ccan/read_write_all/read_write_all.c \ + ccan/read_write_all/read_write_all.h \ + ccan/time/time.h \ + ccan/time/time.c \ + ccan/check_type/check_type.h \ + ccan/compiler/compiler.h \ + ccan/array_size/array_size.h \ + ccan/talloc/talloc.c \ + ccan/talloc/talloc.h \ + ccan/typesafe_cb/typesafe_cb.h \ ccan/htable/htable_type.h \ ccan/htable/htable.h \ ccan/htable/htable.c \ ccan/hash/hash.h \ ccan/hash/hash.c \ - ccan/failtest/failtest_undo.h \ - ccan/failtest/failtest_proto.h \ - ccan/failtest/failtest_override.h \ ccan/failtest/failtest.h \ + ccan/failtest/failtest_undo.h \ ccan/failtest/failtest.c \ - ccan/container_of/container_of.h \ - ccan/compiler/compiler.h \ - ccan/check_type/check_type.h \ - ccan/build_assert/build_assert.h + ccan/failtest/failtest_proto.h \ + ccan/failtest/failtest_override.h diff -Nru sbsigntool-0.3/lib/ccan/Makefile.in sbsigntool-0.4/lib/ccan/Makefile.in --- sbsigntool-0.3/lib/ccan/Makefile.in 2012-06-30 01:09:02.000000000 +0100 +++ sbsigntool-0.4/lib/ccan/Makefile.in 2012-10-02 10:13:40.000000000 +0100 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.5 from Makefile.am. +# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,23 +16,6 @@ @SET_MAKE@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -64,8 +47,8 @@ ARFLAGS = cru libccan_a_AR = $(AR) $(ARFLAGS) libccan_a_LIBADD = -am_libccan_a_OBJECTS = time.$(OBJEXT) talloc.$(OBJEXT) str.$(OBJEXT) \ - debug.$(OBJEXT) read_write_all.$(OBJEXT) list.$(OBJEXT) \ +am_libccan_a_OBJECTS = str.$(OBJEXT) debug.$(OBJEXT) list.$(OBJEXT) \ + read_write_all.$(OBJEXT) time.$(OBJEXT) talloc.$(OBJEXT) \ htable.$(OBJEXT) hash.$(OBJEXT) failtest.$(OBJEXT) libccan_a_OBJECTS = $(am_libccan_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) @@ -78,11 +61,6 @@ LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libccan_a_SOURCES) DIST_SOURCES = $(libccan_a_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -106,6 +84,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EFI_CPPFLAGS = @EFI_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ @@ -183,37 +162,40 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +uuid_CFLAGS = @uuid_CFLAGS@ +uuid_LIBS = @uuid_LIBS@ noinst_LIBRARIES = libccan.a libccan_a_SOURCES = \ - ccan/typesafe_cb/typesafe_cb.h \ - ccan/tlist/tlist.h \ - ccan/time/time.h \ - ccan/time/time.c \ - ccan/tcon/tcon.h \ - ccan/talloc/talloc.h \ - ccan/talloc/talloc.c \ ccan/str/str.h \ - ccan/str/str_debug.h \ ccan/str/str.c \ ccan/str/debug.c \ - ccan/read_write_all/read_write_all.h \ - ccan/read_write_all/read_write_all.c \ + ccan/str/str_debug.h \ + ccan/tlist/tlist.h \ + ccan/tcon/tcon.h \ + ccan/container_of/container_of.h \ + ccan/build_assert/build_assert.h \ ccan/list/list.h \ ccan/list/list.c \ + ccan/read_write_all/read_write_all.c \ + ccan/read_write_all/read_write_all.h \ + ccan/time/time.h \ + ccan/time/time.c \ + ccan/check_type/check_type.h \ + ccan/compiler/compiler.h \ + ccan/array_size/array_size.h \ + ccan/talloc/talloc.c \ + ccan/talloc/talloc.h \ + ccan/typesafe_cb/typesafe_cb.h \ ccan/htable/htable_type.h \ ccan/htable/htable.h \ ccan/htable/htable.c \ ccan/hash/hash.h \ ccan/hash/hash.c \ - ccan/failtest/failtest_undo.h \ - ccan/failtest/failtest_proto.h \ - ccan/failtest/failtest_override.h \ ccan/failtest/failtest.h \ + ccan/failtest/failtest_undo.h \ ccan/failtest/failtest.c \ - ccan/container_of/container_of.h \ - ccan/compiler/compiler.h \ - ccan/check_type/check_type.h \ - ccan/build_assert/build_assert.h + ccan/failtest/failtest_proto.h \ + ccan/failtest/failtest_override.h all: all-am @@ -287,34 +269,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -time.o: ccan/time/time.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT time.o -MD -MP -MF $(DEPDIR)/time.Tpo -c -o time.o `test -f 'ccan/time/time.c' || echo '$(srcdir)/'`ccan/time/time.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/time.Tpo $(DEPDIR)/time.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/time/time.c' object='time.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o time.o `test -f 'ccan/time/time.c' || echo '$(srcdir)/'`ccan/time/time.c - -time.obj: ccan/time/time.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT time.obj -MD -MP -MF $(DEPDIR)/time.Tpo -c -o time.obj `if test -f 'ccan/time/time.c'; then $(CYGPATH_W) 'ccan/time/time.c'; else $(CYGPATH_W) '$(srcdir)/ccan/time/time.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/time.Tpo $(DEPDIR)/time.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/time/time.c' object='time.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o time.obj `if test -f 'ccan/time/time.c'; then $(CYGPATH_W) 'ccan/time/time.c'; else $(CYGPATH_W) '$(srcdir)/ccan/time/time.c'; fi` - -talloc.o: ccan/talloc/talloc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT talloc.o -MD -MP -MF $(DEPDIR)/talloc.Tpo -c -o talloc.o `test -f 'ccan/talloc/talloc.c' || echo '$(srcdir)/'`ccan/talloc/talloc.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/talloc.Tpo $(DEPDIR)/talloc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/talloc/talloc.c' object='talloc.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o talloc.o `test -f 'ccan/talloc/talloc.c' || echo '$(srcdir)/'`ccan/talloc/talloc.c - -talloc.obj: ccan/talloc/talloc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT talloc.obj -MD -MP -MF $(DEPDIR)/talloc.Tpo -c -o talloc.obj `if test -f 'ccan/talloc/talloc.c'; then $(CYGPATH_W) 'ccan/talloc/talloc.c'; else $(CYGPATH_W) '$(srcdir)/ccan/talloc/talloc.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/talloc.Tpo $(DEPDIR)/talloc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/talloc/talloc.c' object='talloc.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o talloc.obj `if test -f 'ccan/talloc/talloc.c'; then $(CYGPATH_W) 'ccan/talloc/talloc.c'; else $(CYGPATH_W) '$(srcdir)/ccan/talloc/talloc.c'; fi` - str.o: ccan/str/str.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT str.o -MD -MP -MF $(DEPDIR)/str.Tpo -c -o str.o `test -f 'ccan/str/str.c' || echo '$(srcdir)/'`ccan/str/str.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/str.Tpo $(DEPDIR)/str.Po @@ -343,6 +297,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o debug.obj `if test -f 'ccan/str/debug.c'; then $(CYGPATH_W) 'ccan/str/debug.c'; else $(CYGPATH_W) '$(srcdir)/ccan/str/debug.c'; fi` +list.o: ccan/list/list.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT list.o -MD -MP -MF $(DEPDIR)/list.Tpo -c -o list.o `test -f 'ccan/list/list.c' || echo '$(srcdir)/'`ccan/list/list.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/list.Tpo $(DEPDIR)/list.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/list/list.c' object='list.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o list.o `test -f 'ccan/list/list.c' || echo '$(srcdir)/'`ccan/list/list.c + +list.obj: ccan/list/list.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT list.obj -MD -MP -MF $(DEPDIR)/list.Tpo -c -o list.obj `if test -f 'ccan/list/list.c'; then $(CYGPATH_W) 'ccan/list/list.c'; else $(CYGPATH_W) '$(srcdir)/ccan/list/list.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/list.Tpo $(DEPDIR)/list.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/list/list.c' object='list.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o list.obj `if test -f 'ccan/list/list.c'; then $(CYGPATH_W) 'ccan/list/list.c'; else $(CYGPATH_W) '$(srcdir)/ccan/list/list.c'; fi` + read_write_all.o: ccan/read_write_all/read_write_all.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT read_write_all.o -MD -MP -MF $(DEPDIR)/read_write_all.Tpo -c -o read_write_all.o `test -f 'ccan/read_write_all/read_write_all.c' || echo '$(srcdir)/'`ccan/read_write_all/read_write_all.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/read_write_all.Tpo $(DEPDIR)/read_write_all.Po @@ -357,19 +325,33 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o read_write_all.obj `if test -f 'ccan/read_write_all/read_write_all.c'; then $(CYGPATH_W) 'ccan/read_write_all/read_write_all.c'; else $(CYGPATH_W) '$(srcdir)/ccan/read_write_all/read_write_all.c'; fi` -list.o: ccan/list/list.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT list.o -MD -MP -MF $(DEPDIR)/list.Tpo -c -o list.o `test -f 'ccan/list/list.c' || echo '$(srcdir)/'`ccan/list/list.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/list.Tpo $(DEPDIR)/list.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/list/list.c' object='list.o' libtool=no @AMDEPBACKSLASH@ +time.o: ccan/time/time.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT time.o -MD -MP -MF $(DEPDIR)/time.Tpo -c -o time.o `test -f 'ccan/time/time.c' || echo '$(srcdir)/'`ccan/time/time.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/time.Tpo $(DEPDIR)/time.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/time/time.c' object='time.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o list.o `test -f 'ccan/list/list.c' || echo '$(srcdir)/'`ccan/list/list.c +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o time.o `test -f 'ccan/time/time.c' || echo '$(srcdir)/'`ccan/time/time.c -list.obj: ccan/list/list.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT list.obj -MD -MP -MF $(DEPDIR)/list.Tpo -c -o list.obj `if test -f 'ccan/list/list.c'; then $(CYGPATH_W) 'ccan/list/list.c'; else $(CYGPATH_W) '$(srcdir)/ccan/list/list.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/list.Tpo $(DEPDIR)/list.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/list/list.c' object='list.obj' libtool=no @AMDEPBACKSLASH@ +time.obj: ccan/time/time.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT time.obj -MD -MP -MF $(DEPDIR)/time.Tpo -c -o time.obj `if test -f 'ccan/time/time.c'; then $(CYGPATH_W) 'ccan/time/time.c'; else $(CYGPATH_W) '$(srcdir)/ccan/time/time.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/time.Tpo $(DEPDIR)/time.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/time/time.c' object='time.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o list.obj `if test -f 'ccan/list/list.c'; then $(CYGPATH_W) 'ccan/list/list.c'; else $(CYGPATH_W) '$(srcdir)/ccan/list/list.c'; fi` +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o time.obj `if test -f 'ccan/time/time.c'; then $(CYGPATH_W) 'ccan/time/time.c'; else $(CYGPATH_W) '$(srcdir)/ccan/time/time.c'; fi` + +talloc.o: ccan/talloc/talloc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT talloc.o -MD -MP -MF $(DEPDIR)/talloc.Tpo -c -o talloc.o `test -f 'ccan/talloc/talloc.c' || echo '$(srcdir)/'`ccan/talloc/talloc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/talloc.Tpo $(DEPDIR)/talloc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/talloc/talloc.c' object='talloc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o talloc.o `test -f 'ccan/talloc/talloc.c' || echo '$(srcdir)/'`ccan/talloc/talloc.c + +talloc.obj: ccan/talloc/talloc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT talloc.obj -MD -MP -MF $(DEPDIR)/talloc.Tpo -c -o talloc.obj `if test -f 'ccan/talloc/talloc.c'; then $(CYGPATH_W) 'ccan/talloc/talloc.c'; else $(CYGPATH_W) '$(srcdir)/ccan/talloc/talloc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/talloc.Tpo $(DEPDIR)/talloc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ccan/talloc/talloc.c' object='talloc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o talloc.obj `if test -f 'ccan/talloc/talloc.c'; then $(CYGPATH_W) 'ccan/talloc/talloc.c'; else $(CYGPATH_W) '$(srcdir)/ccan/talloc/talloc.c'; fi` htable.o: ccan/htable/htable.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT htable.o -MD -MP -MF $(DEPDIR)/htable.Tpo -c -o htable.o `test -f 'ccan/htable/htable.c' || echo '$(srcdir)/'`ccan/htable/htable.c diff -Nru sbsigntool-0.3/Makefile.am sbsigntool-0.4/Makefile.am --- sbsigntool-0.3/Makefile.am 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/Makefile.am 2012-10-01 14:33:31.000000000 +0100 @@ -1,33 +1,2 @@ -AM_CFLAGS = -Wall -Wextra - -bin_PROGRAMS = sbsign sbverify sbattach - -coff_headers = coff/external.h coff/pe.h coff/i386.h coff/x86_64.h - -common_SOURCES = idc.c idc.h image.c image.h $(coff_headers) -common_LDADD = lib/ccan/libccan.a $(libcrypto_LIBS) -common_CFLAGS = -I$(srcdir)/lib/ccan/ - -sbsign_SOURCES = sbsign.c $(common_SOURCES) -sbsign_LDADD = $(common_LDADD) -sbsign_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) - -sbverify_SOURCES = sbverify.c $(common_SOURCES) -sbverify_LDADD = $(common_LDADD) -sbverify_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) - -sbattach_SOURCES = sbattach.c $(common_SOURCES) -sbattach_LDADD = $(common_LDADD) -sbattach_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) - -man1_MANS = docs/sbsign.1 docs/sbverify.1 docs/sbattach.1 - -EXTRA_DIST = docs/sbsign.1.in docs/sbverify.1.in docs/sbattach.1.in -CLEANFILES = $(man1_MANS) - -$(top_builddir)/docs/%.1: $(srcdir)/docs/%.1.in $(top_builddir)/% - $(MKDIR_P) $(@D) - $(HELP2MAN) --no-info -i $< -o $@ $(top_builddir)/$* - -SUBDIRS = lib/ccan . tests +SUBDIRS = lib/ccan src docs tests diff -Nru sbsigntool-0.3/Makefile.in sbsigntool-0.4/Makefile.in --- sbsigntool-0.3/Makefile.in 2012-06-30 01:09:02.000000000 +0100 +++ sbsigntool-0.4/Makefile.in 2012-10-02 10:13:41.000000000 +0100 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.5 from Makefile.am. +# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -14,25 +14,7 @@ # PARTICULAR PURPOSE. @SET_MAKE@ - VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -49,7 +31,6 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -bin_PROGRAMS = sbsign$(EXEEXT) sbverify$(EXEEXT) sbattach$(EXEEXT) subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ @@ -65,43 +46,8 @@ CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -PROGRAMS = $(bin_PROGRAMS) -am__objects_1 = -am__objects_2 = sbattach-idc.$(OBJEXT) sbattach-image.$(OBJEXT) \ - $(am__objects_1) -am_sbattach_OBJECTS = sbattach-sbattach.$(OBJEXT) $(am__objects_2) -sbattach_OBJECTS = $(am_sbattach_OBJECTS) -am__DEPENDENCIES_1 = -am__DEPENDENCIES_2 = lib/ccan/libccan.a $(am__DEPENDENCIES_1) -sbattach_DEPENDENCIES = $(am__DEPENDENCIES_2) -sbattach_LINK = $(CCLD) $(sbattach_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -am__objects_3 = sbsign-idc.$(OBJEXT) sbsign-image.$(OBJEXT) \ - $(am__objects_1) -am_sbsign_OBJECTS = sbsign-sbsign.$(OBJEXT) $(am__objects_3) -sbsign_OBJECTS = $(am_sbsign_OBJECTS) -sbsign_DEPENDENCIES = $(am__DEPENDENCIES_2) -sbsign_LINK = $(CCLD) $(sbsign_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -am__objects_4 = sbverify-idc.$(OBJEXT) sbverify-image.$(OBJEXT) \ - $(am__objects_1) -am_sbverify_OBJECTS = sbverify-sbverify.$(OBJEXT) $(am__objects_4) -sbverify_OBJECTS = $(am_sbverify_OBJECTS) -sbverify_DEPENDENCIES = $(am__DEPENDENCIES_2) -sbverify_LINK = $(CCLD) $(sbverify_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I.@am__isrc@ -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = $(sbattach_SOURCES) $(sbsign_SOURCES) $(sbverify_SOURCES) -DIST_SOURCES = $(sbattach_SOURCES) $(sbsign_SOURCES) \ - $(sbverify_SOURCES) +SOURCES = +DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ @@ -109,41 +55,6 @@ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -man1dir = $(mandir)/man1 -NROFF = nroff -MANS = $(man1_MANS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ @@ -212,6 +123,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EFI_CPPFLAGS = @EFI_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ @@ -289,29 +201,13 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -AM_CFLAGS = -Wall -Wextra -coff_headers = coff/external.h coff/pe.h coff/i386.h coff/x86_64.h -common_SOURCES = idc.c idc.h image.c image.h $(coff_headers) -common_LDADD = lib/ccan/libccan.a $(libcrypto_LIBS) -common_CFLAGS = -I$(srcdir)/lib/ccan/ -sbsign_SOURCES = sbsign.c $(common_SOURCES) -sbsign_LDADD = $(common_LDADD) -sbsign_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) -sbverify_SOURCES = sbverify.c $(common_SOURCES) -sbverify_LDADD = $(common_LDADD) -sbverify_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) -sbattach_SOURCES = sbattach.c $(common_SOURCES) -sbattach_LDADD = $(common_LDADD) -sbattach_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) -man1_MANS = docs/sbsign.1 docs/sbverify.1 docs/sbattach.1 -EXTRA_DIST = docs/sbsign.1.in docs/sbverify.1.in docs/sbattach.1.in -CLEANFILES = $(man1_MANS) -SUBDIRS = lib/ccan . tests +uuid_CFLAGS = @uuid_CFLAGS@ +uuid_LIBS = @uuid_LIBS@ +SUBDIRS = lib/ccan src docs tests all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: -.SUFFIXES: .c .o .obj am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @@ -361,252 +257,6 @@ distclean-hdr: -rm -f config.h stamp-h1 -install-binPROGRAMS: $(bin_PROGRAMS) - @$(NORMAL_INSTALL) - @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p; \ - then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-binPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files - -clean-binPROGRAMS: - -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) -sbattach$(EXEEXT): $(sbattach_OBJECTS) $(sbattach_DEPENDENCIES) $(EXTRA_sbattach_DEPENDENCIES) - @rm -f sbattach$(EXEEXT) - $(sbattach_LINK) $(sbattach_OBJECTS) $(sbattach_LDADD) $(LIBS) -sbsign$(EXEEXT): $(sbsign_OBJECTS) $(sbsign_DEPENDENCIES) $(EXTRA_sbsign_DEPENDENCIES) - @rm -f sbsign$(EXEEXT) - $(sbsign_LINK) $(sbsign_OBJECTS) $(sbsign_LDADD) $(LIBS) -sbverify$(EXEEXT): $(sbverify_OBJECTS) $(sbverify_DEPENDENCIES) $(EXTRA_sbverify_DEPENDENCIES) - @rm -f sbverify$(EXEEXT) - $(sbverify_LINK) $(sbverify_OBJECTS) $(sbverify_LDADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-idc.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-image.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-sbattach.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-idc.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-image.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-sbsign.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-idc.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-image.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-sbverify.Po@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -sbattach-sbattach.o: sbattach.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-sbattach.o -MD -MP -MF $(DEPDIR)/sbattach-sbattach.Tpo -c -o sbattach-sbattach.o `test -f 'sbattach.c' || echo '$(srcdir)/'`sbattach.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-sbattach.Tpo $(DEPDIR)/sbattach-sbattach.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbattach.c' object='sbattach-sbattach.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-sbattach.o `test -f 'sbattach.c' || echo '$(srcdir)/'`sbattach.c - -sbattach-sbattach.obj: sbattach.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-sbattach.obj -MD -MP -MF $(DEPDIR)/sbattach-sbattach.Tpo -c -o sbattach-sbattach.obj `if test -f 'sbattach.c'; then $(CYGPATH_W) 'sbattach.c'; else $(CYGPATH_W) '$(srcdir)/sbattach.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-sbattach.Tpo $(DEPDIR)/sbattach-sbattach.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbattach.c' object='sbattach-sbattach.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-sbattach.obj `if test -f 'sbattach.c'; then $(CYGPATH_W) 'sbattach.c'; else $(CYGPATH_W) '$(srcdir)/sbattach.c'; fi` - -sbattach-idc.o: idc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-idc.o -MD -MP -MF $(DEPDIR)/sbattach-idc.Tpo -c -o sbattach-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-idc.Tpo $(DEPDIR)/sbattach-idc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbattach-idc.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c - -sbattach-idc.obj: idc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-idc.obj -MD -MP -MF $(DEPDIR)/sbattach-idc.Tpo -c -o sbattach-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-idc.Tpo $(DEPDIR)/sbattach-idc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbattach-idc.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` - -sbattach-image.o: image.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-image.o -MD -MP -MF $(DEPDIR)/sbattach-image.Tpo -c -o sbattach-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-image.Tpo $(DEPDIR)/sbattach-image.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbattach-image.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c - -sbattach-image.obj: image.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-image.obj -MD -MP -MF $(DEPDIR)/sbattach-image.Tpo -c -o sbattach-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-image.Tpo $(DEPDIR)/sbattach-image.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbattach-image.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` - -sbsign-sbsign.o: sbsign.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-sbsign.o -MD -MP -MF $(DEPDIR)/sbsign-sbsign.Tpo -c -o sbsign-sbsign.o `test -f 'sbsign.c' || echo '$(srcdir)/'`sbsign.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-sbsign.Tpo $(DEPDIR)/sbsign-sbsign.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbsign.c' object='sbsign-sbsign.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-sbsign.o `test -f 'sbsign.c' || echo '$(srcdir)/'`sbsign.c - -sbsign-sbsign.obj: sbsign.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-sbsign.obj -MD -MP -MF $(DEPDIR)/sbsign-sbsign.Tpo -c -o sbsign-sbsign.obj `if test -f 'sbsign.c'; then $(CYGPATH_W) 'sbsign.c'; else $(CYGPATH_W) '$(srcdir)/sbsign.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-sbsign.Tpo $(DEPDIR)/sbsign-sbsign.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbsign.c' object='sbsign-sbsign.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-sbsign.obj `if test -f 'sbsign.c'; then $(CYGPATH_W) 'sbsign.c'; else $(CYGPATH_W) '$(srcdir)/sbsign.c'; fi` - -sbsign-idc.o: idc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-idc.o -MD -MP -MF $(DEPDIR)/sbsign-idc.Tpo -c -o sbsign-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-idc.Tpo $(DEPDIR)/sbsign-idc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbsign-idc.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c - -sbsign-idc.obj: idc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-idc.obj -MD -MP -MF $(DEPDIR)/sbsign-idc.Tpo -c -o sbsign-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-idc.Tpo $(DEPDIR)/sbsign-idc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbsign-idc.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` - -sbsign-image.o: image.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-image.o -MD -MP -MF $(DEPDIR)/sbsign-image.Tpo -c -o sbsign-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-image.Tpo $(DEPDIR)/sbsign-image.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbsign-image.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c - -sbsign-image.obj: image.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-image.obj -MD -MP -MF $(DEPDIR)/sbsign-image.Tpo -c -o sbsign-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-image.Tpo $(DEPDIR)/sbsign-image.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbsign-image.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` - -sbverify-sbverify.o: sbverify.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-sbverify.o -MD -MP -MF $(DEPDIR)/sbverify-sbverify.Tpo -c -o sbverify-sbverify.o `test -f 'sbverify.c' || echo '$(srcdir)/'`sbverify.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-sbverify.Tpo $(DEPDIR)/sbverify-sbverify.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbverify.c' object='sbverify-sbverify.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-sbverify.o `test -f 'sbverify.c' || echo '$(srcdir)/'`sbverify.c - -sbverify-sbverify.obj: sbverify.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-sbverify.obj -MD -MP -MF $(DEPDIR)/sbverify-sbverify.Tpo -c -o sbverify-sbverify.obj `if test -f 'sbverify.c'; then $(CYGPATH_W) 'sbverify.c'; else $(CYGPATH_W) '$(srcdir)/sbverify.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-sbverify.Tpo $(DEPDIR)/sbverify-sbverify.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbverify.c' object='sbverify-sbverify.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-sbverify.obj `if test -f 'sbverify.c'; then $(CYGPATH_W) 'sbverify.c'; else $(CYGPATH_W) '$(srcdir)/sbverify.c'; fi` - -sbverify-idc.o: idc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-idc.o -MD -MP -MF $(DEPDIR)/sbverify-idc.Tpo -c -o sbverify-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-idc.Tpo $(DEPDIR)/sbverify-idc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbverify-idc.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c - -sbverify-idc.obj: idc.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-idc.obj -MD -MP -MF $(DEPDIR)/sbverify-idc.Tpo -c -o sbverify-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-idc.Tpo $(DEPDIR)/sbverify-idc.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbverify-idc.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` - -sbverify-image.o: image.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-image.o -MD -MP -MF $(DEPDIR)/sbverify-image.Tpo -c -o sbverify-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-image.Tpo $(DEPDIR)/sbverify-image.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbverify-image.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c - -sbverify-image.obj: image.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-image.obj -MD -MP -MF $(DEPDIR)/sbverify-image.Tpo -c -o sbverify-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-image.Tpo $(DEPDIR)/sbverify-image.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbverify-image.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` -install-man1: $(man1_MANS) - @$(NORMAL_INSTALL) - @list1='$(man1_MANS)'; \ - list2=''; \ - test -n "$(man1dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ - echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ - | sed -n '/\.1[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ - done; } - -uninstall-man1: - @$(NORMAL_UNINSTALL) - @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. @@ -744,19 +394,6 @@ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) - @list='$(MANS)'; if test -n "$$list"; then \ - list=`for p in $$list; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ - if test -n "$$list" && \ - grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ - grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ - echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ - exit 1; \ - else :; fi; \ - else :; fi $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -790,10 +427,13 @@ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ @@ -945,12 +585,9 @@ exit 1; } >&2 check-am: all-am check: check-recursive -all-am: Makefile $(PROGRAMS) $(MANS) config.h +all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: - for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive @@ -973,7 +610,6 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -984,14 +620,12 @@ @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive -clean-am: clean-binPROGRAMS clean-generic mostlyclean-am +clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) - -rm -rf ./$(DEPDIR) -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-hdr distclean-tags +distclean-am: clean-am distclean-generic distclean-hdr distclean-tags dvi: dvi-recursive @@ -1005,13 +639,13 @@ info-am: -install-data-am: install-man +install-data-am: install-dvi: install-dvi-recursive install-dvi-am: -install-exec-am: install-binPROGRAMS +install-exec-am: install-html: install-html-recursive @@ -1021,7 +655,7 @@ install-info-am: -install-man: install-man1 +install-man: install-pdf: install-pdf-recursive @@ -1036,13 +670,12 @@ maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache - -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive -mostlyclean-am: mostlyclean-compile mostlyclean-generic +mostlyclean-am: mostlyclean-generic pdf: pdf-recursive @@ -1052,35 +685,27 @@ ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-man - -uninstall-man: uninstall-man1 +uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ ctags-recursive install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am am--refresh check check-am clean clean-binPROGRAMS \ - clean-generic ctags ctags-recursive dist dist-all dist-bzip2 \ - dist-gzip dist-lzip dist-lzma dist-shar dist-tarZ dist-xz \ - dist-zip distcheck distclean distclean-compile \ - distclean-generic distclean-hdr distclean-tags distcleancheck \ - distdir distuninstallcheck dvi dvi-am html html-am info \ - info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-man1 install-pdf \ + all all-am am--refresh check check-am clean clean-generic \ + ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \ + dist-lzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \ + distcheck distclean distclean-generic distclean-hdr \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-man uninstall-man1 - + mostlyclean-generic pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am -$(top_builddir)/docs/%.1: $(srcdir)/docs/%.1.in $(top_builddir)/% - $(MKDIR_P) $(@D) - $(HELP2MAN) --no-info -i $< -o $@ $(top_builddir)/$* # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru sbsigntool-0.3/sbattach.c sbsigntool-0.4/sbattach.c --- sbsigntool-0.3/sbattach.c 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/sbattach.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,272 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include - -#include "config.h" - -#include "image.h" - -static const char *toolname = "sbattach"; - -static struct option options[] = { - { "attach", required_argument, NULL, 'a' }, - { "detach", required_argument, NULL, 'd' }, - { "remove", no_argument, NULL, 'r' }, - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, 'V' }, - { NULL, 0, NULL, 0 }, -}; - -static void usage(void) -{ - printf("Usage: %s --attach \n" - " or: %s --detach [--remove] \n" - " or: %s --remove \n" - "Attach or detach a signature file to/from a boot image\n" - "\n" - "Options:\n" - "\t--attach set as the boot image's\n" - "\t signature table\n" - "\t--detach copy the boot image's signature table\n" - "\t to \n" - "\t--remove remove the boot image's signature\n" - "\t table from the original file\n", - toolname, toolname, toolname); -} - -static void version(void) -{ - printf("%s %s\n", toolname, VERSION); -} - -static int detach_sig(struct image *image, const char *sig_filename) -{ - return image_write_detached(image, sig_filename); -} - -static int attach_sig(struct image *image, const char *image_filename, - const char *sig_filename) -{ - struct stat statbuf; - uint8_t *sigbuf; - size_t size; - int fd, rc; - PKCS7 *p7; - const uint8_t *tmp_buf; - - sigbuf = NULL; - - fd = open(sig_filename, O_RDONLY); - if (fd < 0) { - fprintf(stderr, "Can't open file %s: %s\n", sig_filename, - strerror(errno)); - return -1; - } - - rc = fstat(fd, &statbuf); - if (rc) { - perror("fstat"); - goto out; - } - - size = statbuf.st_size; - - sigbuf = talloc_array(image, uint8_t, size); - if (!sigbuf) { - perror("talloc"); - goto out; - } - - rc = read_all(fd, sigbuf, size); - if (!rc) { - fprintf(stderr, "Error reading %s: %s\n", sig_filename, - strerror(errno)); - goto out; - } - - image->sigbuf = sigbuf; - image->sigsize = size; - - tmp_buf = sigbuf; - p7 = d2i_PKCS7(NULL, &tmp_buf, image->sigsize); - if (!p7) { - fprintf(stderr, "Unable to parse signature data in file: %s\n", - sig_filename); - ERR_print_errors_fp(stderr); - goto out; - } - rc = PKCS7_verify(p7, NULL, NULL, NULL, NULL, - PKCS7_BINARY | PKCS7_NOVERIFY | PKCS7_NOSIGS); - if (!rc) { - fprintf(stderr, "PKCS7 verification failed for file %s\n", - sig_filename); - ERR_print_errors_fp(stderr); - goto out; - } - - rc = image_write(image, image_filename); - if (rc) - fprintf(stderr, "Error writing %s: %s\n", image_filename, - strerror(errno)); - -out: - close(fd); - talloc_free(sigbuf); - return rc; -} - -static int remove_sig(struct image *image, const char *image_filename) -{ - int rc; - - image->sigbuf = NULL; - image->sigsize = 0; - - rc = image_write(image, image_filename); - if (rc) - fprintf(stderr, "Error writing %s: %s\n", image_filename, - strerror(errno)); - - return rc; -} - -enum action { - ACTION_NONE, - ACTION_ATTACH, - ACTION_DETACH, -}; - -int main(int argc, char **argv) -{ - const char *image_filename, *sig_filename; - struct image *image; - enum action action; - bool remove; - int c, rc; - - action = ACTION_NONE; - sig_filename = NULL; - remove = false; - - for (;;) { - int idx; - c = getopt_long(argc, argv, "a:d:rhV", options, &idx); - if (c == -1) - break; - - switch (c) { - case 'a': - case 'd': - if (action != ACTION_NONE) { - fprintf(stderr, "Multiple actions specified\n"); - usage(); - return EXIT_FAILURE; - } - action = (c == 'a') ? ACTION_ATTACH : ACTION_DETACH; - sig_filename = optarg; - break; - case 'r': - remove = true; - break; - case 'V': - version(); - return EXIT_SUCCESS; - case 'h': - usage(); - return EXIT_SUCCESS; - } - } - - if (argc != optind + 1) { - usage(); - return EXIT_FAILURE; - } - image_filename = argv[optind]; - - /* sanity check action combinations */ - if (action == ACTION_ATTACH && remove) { - fprintf(stderr, "Can't use --remove with --attach\n"); - return EXIT_FAILURE; - } - - if (action == ACTION_NONE && !remove) { - fprintf(stderr, "No action (attach/detach/remove) specified\n"); - usage(); - return EXIT_FAILURE; - } - - ERR_load_crypto_strings(); - OpenSSL_add_all_digests(); - - image = image_load(image_filename); - if (!image) { - fprintf(stderr, "Can't load image file %s\n", image_filename); - return EXIT_FAILURE; - } - - rc = 0; - - if (action == ACTION_ATTACH) - rc = attach_sig(image, image_filename, sig_filename); - - else if (action == ACTION_DETACH) - rc = detach_sig(image, sig_filename); - - if (rc) - goto out; - - if (remove) - rc = remove_sig(image, image_filename); - -out: - talloc_free(image); - return (rc == 0) ? EXIT_SUCCESS : EXIT_FAILURE; -} diff -Nru sbsigntool-0.3/sbsign.c sbsigntool-0.4/sbsign.c --- sbsigntool-0.3/sbsign.c 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/sbsign.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,238 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include "idc.h" -#include "image.h" - -static const char *toolname = "sbsign"; - -struct sign_context { - struct image *image; - const char *infilename; - const char *outfilename; - int verbose; - int detached; -}; - -static struct option options[] = { - { "output", required_argument, NULL, 'o' }, - { "cert", required_argument, NULL, 'c' }, - { "key", required_argument, NULL, 'k' }, - { "detached", no_argument, NULL, 'd' }, - { "verbose", no_argument, NULL, 'v' }, - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, 'V' }, - { NULL, 0, NULL, 0 }, -}; - -static void usage(void) -{ - printf("Usage: %s [options] --key --cert " - "\n" - "Sign an EFI boot image for use with secure boot.\n\n" - "Options:\n" - "\t--key signing key (PEM-encoded RSA " - "private key)\n" - "\t--cert certificate (x509 certificate)\n" - "\t--detached write a detached signature, instead of\n" - "\t a signed binary\n" - "\t--output write signed data to \n" - "\t (default .signed,\n" - "\t or .pk7 for detached\n" - "\t signatures)\n", - toolname); -} - -static void version(void) -{ - printf("%s %s\n", toolname, VERSION); -} - -static void set_default_outfilename(struct sign_context *ctx) -{ - const char *extension; - - extension = ctx->detached ? "pk7" : "signed"; - - ctx->outfilename = talloc_asprintf(ctx, "%s.%s", - ctx->infilename, extension); -} - -int main(int argc, char **argv) -{ - const char *keyfilename, *certfilename; - struct sign_context *ctx; - uint8_t *buf; - int rc, c; - - ctx = talloc_zero(NULL, struct sign_context); - - keyfilename = NULL; - certfilename = NULL; - - for (;;) { - int idx; - c = getopt_long(argc, argv, "o:c:k:dvVh", options, &idx); - if (c == -1) - break; - - switch (c) { - case 'o': - ctx->outfilename = talloc_strdup(ctx, optarg); - break; - case 'c': - certfilename = optarg; - break; - case 'k': - keyfilename = optarg; - break; - case 'd': - ctx->detached = 1; - break; - case 'v': - ctx->verbose = 1; - break; - case 'V': - version(); - return EXIT_SUCCESS; - case 'h': - usage(); - return EXIT_SUCCESS; - } - } - - if (argc != optind + 1) { - usage(); - return EXIT_FAILURE; - } - - ctx->infilename = argv[optind]; - if (!ctx->outfilename) - set_default_outfilename(ctx); - - if (!certfilename) { - fprintf(stderr, - "error: No certificate specified (with --cert)\n"); - usage(); - return EXIT_FAILURE; - } - if (!keyfilename) { - fprintf(stderr, - "error: No key specified (with --key)\n"); - usage(); - return EXIT_FAILURE; - } - - ctx->image = image_load(ctx->infilename); - if (!ctx->image) - return EXIT_FAILURE; - - talloc_steal(ctx, ctx->image); - - image_find_regions(ctx->image); - - ERR_load_crypto_strings(); - OpenSSL_add_all_digests(); - OpenSSL_add_all_ciphers(); - - BIO *privkey_bio = BIO_new_file(keyfilename, "r"); - EVP_PKEY *pkey = PEM_read_bio_PrivateKey(privkey_bio, NULL, NULL, NULL); - if (!pkey) { - fprintf(stderr, "error reading private key %s\n", keyfilename); - return EXIT_FAILURE; - } - - BIO *cert_bio = BIO_new_file(certfilename, "r"); - X509 *cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL); - - if (!cert) { - fprintf(stderr, "error reading certificate %s\n", certfilename); - return EXIT_FAILURE; - } - - const EVP_MD *md = EVP_get_digestbyname("SHA256"); - - /* set up the PKCS7 object */ - PKCS7 *p7 = PKCS7_new(); - PKCS7_set_type(p7, NID_pkcs7_signed); - - PKCS7_SIGNER_INFO *si = PKCS7_sign_add_signer(p7, cert, - pkey, md, PKCS7_BINARY); - if (!si) { - fprintf(stderr, "error in key/certificate chain\n"); - ERR_print_errors_fp(stderr); - return EXIT_FAILURE; - } - - PKCS7_content_new(p7, NID_pkcs7_data); - - rc = IDC_set(p7, si, ctx->image); - if (rc) - return EXIT_FAILURE; - - ctx->image->sigsize = i2d_PKCS7(p7, NULL); - ctx->image->sigbuf = buf = talloc_array(ctx->image, - uint8_t, ctx->image->sigsize); - i2d_PKCS7(p7, &buf); - ERR_print_errors_fp(stdout); - - if (ctx->detached) - image_write_detached(ctx->image, ctx->outfilename); - else - image_write(ctx->image, ctx->outfilename); - - talloc_free(ctx); - - return EXIT_SUCCESS; -} - diff -Nru sbsigntool-0.3/sbverify.c sbsigntool-0.4/sbverify.c --- sbsigntool-0.3/sbverify.c 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/sbverify.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,310 +0,0 @@ -/* - * Copyright (C) 2012 Jeremy Kerr - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 3 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA. - * - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the OpenSSL - * library under certain conditions as described in each individual source file, - * and distribute linked combinations including the two. - * - * You must obey the GNU General Public License in all respects for all - * of the code used other than OpenSSL. If you modify file(s) with this - * exception, you may extend this exception to your version of the - * file(s), but you are not obligated to do so. If you do not wish to do - * so, delete this exception statement from your version. If you delete - * this exception statement from all source files in the program, then - * also delete it here. - */ -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include "image.h" -#include "idc.h" - -#include -#include -#include -#include -#include -#include - -static const char *toolname = "sbverify"; - -enum verify_status { - VERIFY_FAIL = 0, - VERIFY_OK = 1, -}; - -static struct option options[] = { - { "cert", required_argument, NULL, 'c' }, - { "no-verify", no_argument, NULL, 'n' }, - { "detached", required_argument, NULL, 'd' }, - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, 'V' }, - { NULL, 0, NULL, 0 }, -}; - -static void usage(void) -{ - printf("Usage: %s [options] --cert \n" - "Verify a UEFI secure boot image.\n\n" - "Options:\n" - "\t--cert certificate (x509 certificate)\n" - "\t--no-verify don't perform certificate verification\n" - "\t--detached read signature from , instead of\n" - "\t looking for an embedded signature\n", - toolname); -} - -static void version(void) -{ - printf("%s %s\n", toolname, VERSION); -} - -int load_cert(X509_STORE *certs, const char *filename) -{ - X509 *cert; - BIO *bio; - - bio = NULL; - cert = NULL; - - bio = BIO_new_file(filename, "r"); - if (!bio) { - fprintf(stderr, "Couldn't open file %s\n", filename); - goto err; - } - - cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); - if (!cert) { - fprintf(stderr, "Couldn't read certificate file %s\n", - filename); - goto err; - } - - X509_STORE_add_cert(certs, cert); - return 0; - -err: - ERR_print_errors_fp(stderr); - if (cert) - X509_free(cert); - if (bio) - BIO_free(bio); - return -1; -} - -static int load_image_signature_data(struct image *image, - uint8_t **buf, size_t *len) -{ - struct cert_table_header *header; - - if (!image->data_dir_sigtable->addr - || !image->data_dir_sigtable->size) { - fprintf(stderr, "No signature table present\n"); - return -1; - } - - header = image->buf + image->data_dir_sigtable->addr; - *buf = (void *)(header + 1); - *len = header->size - sizeof(*header); - return 0; -} - -static int load_detached_signature_data(struct image *image, - const char *filename, uint8_t **buf, size_t *len) -{ - struct stat statbuf; - uint8_t *tmpbuf = NULL; - int fd, rc; - - fd = open(filename, O_RDONLY); - if (fd < 0) { - fprintf(stderr, "Couldn't open %s: %s\n", filename, - strerror(errno)); - return -1; - } - - rc = fstat(fd, &statbuf); - if (rc) { - perror("stat"); - goto err; - } - - tmpbuf = talloc_array(image, uint8_t, statbuf.st_size); - if (!tmpbuf) { - perror("talloc_array"); - goto err; - } - - rc = read_all(fd, tmpbuf, statbuf.st_size); - if (!rc) { - perror("read_all"); - goto err; - } - - *buf = tmpbuf; - *len = statbuf.st_size; - return 0; - -err: - close(fd); - talloc_free(tmpbuf); - return -1; -} - -static int x509_verify_cb(int status, X509_STORE_CTX *ctx) -{ - int err = X509_STORE_CTX_get_error(ctx); - - /* also accept code-signing keys */ - if (err == X509_V_ERR_INVALID_PURPOSE - && ctx->cert->ex_xkusage == XKU_CODE_SIGN) - status = 1; - - return status; -} - -int main(int argc, char **argv) -{ - const char *detached_sig_filename, *image_filename; - enum verify_status status; - int rc, c, flags, verify; - const uint8_t *tmp_buf; - struct image *image; - X509_STORE *certs; - uint8_t *sig_buf; - size_t sig_size; - struct idc *idc; - BIO *idcbio; - PKCS7 *p7; - - status = VERIFY_FAIL; - certs = X509_STORE_new(); - verify = 1; - detached_sig_filename = NULL; - - OpenSSL_add_all_digests(); - ERR_load_crypto_strings(); - - for (;;) { - int idx; - c = getopt_long(argc, argv, "c:d:nVh", options, &idx); - if (c == -1) - break; - - switch (c) { - case 'c': - rc = load_cert(certs, optarg); - if (rc) - return EXIT_FAILURE; - break; - case 'd': - detached_sig_filename = optarg; - break; - case 'n': - verify = 0; - break; - case 'V': - version(); - return EXIT_SUCCESS; - case 'h': - usage(); - return EXIT_SUCCESS; - } - - } - - if (argc != optind + 1) { - usage(); - return EXIT_FAILURE; - } - - image_filename = argv[optind]; - - image = image_load(image_filename); - if (!image) { - fprintf(stderr, "Can't open image %s\n", image_filename); - return EXIT_FAILURE; - } - - image_find_regions(image); - - if (detached_sig_filename) - rc = load_detached_signature_data(image, detached_sig_filename, - &sig_buf, &sig_size); - else - rc = load_image_signature_data(image, &sig_buf, &sig_size); - - if (rc) { - fprintf(stderr, "Unable to read signature data from %s\n", - detached_sig_filename ? : image_filename); - goto out; - } - - tmp_buf = sig_buf; - p7 = d2i_PKCS7(NULL, &tmp_buf, sig_size); - if (!p7) { - fprintf(stderr, "Unable to parse signature data\n"); - ERR_print_errors_fp(stderr); - goto out; - } - - idcbio = BIO_new(BIO_s_mem()); - idc = IDC_get(p7, idcbio); - if (!idc) - goto out; - - rc = IDC_check_hash(idc, image); - if (rc) - goto out; - - flags = PKCS7_BINARY; - if (!verify) - flags |= PKCS7_NOVERIFY; - - X509_STORE_set_verify_cb_func(certs, x509_verify_cb); - rc = PKCS7_verify(p7, NULL, certs, idcbio, NULL, flags); - if (!rc) { - printf("PKCS7 verification failed\n"); - ERR_print_errors_fp(stderr); - goto out; - } - - status = VERIFY_OK; - -out: - talloc_free(image); - if (status == VERIFY_OK) - printf("Signature verification OK\n"); - else - printf("Signature verification failed\n"); - - return status == VERIFY_OK ? EXIT_SUCCESS : EXIT_FAILURE; -} diff -Nru sbsigntool-0.3/src/coff/external.h sbsigntool-0.4/src/coff/external.h --- sbsigntool-0.3/src/coff/external.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/coff/external.h 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,269 @@ +/* external.h -- External COFF structures + + Copyright 2001, 2006, 2010 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, + MA 02110-1301, USA. */ + +#ifndef COFF_EXTERNAL_H +#define COFF_EXTERNAL_H + +#ifndef DO_NOT_DEFINE_FILHDR +/********************** FILE HEADER **********************/ + +struct external_filehdr + { + char f_magic[2]; /* magic number */ + char f_nscns[2]; /* number of sections */ + char f_timdat[4]; /* time & date stamp */ + char f_symptr[4]; /* file pointer to symtab */ + char f_nsyms[4]; /* number of symtab entries */ + char f_opthdr[2]; /* sizeof(optional hdr) */ + char f_flags[2]; /* flags */ + }; + +#define FILHDR struct external_filehdr +#define FILHSZ 20 +#endif + +#ifndef DO_NOT_DEFINE_AOUTHDR +/********************** AOUT "OPTIONAL HEADER" **********************/ + +typedef struct external_aouthdr + { + char magic[2]; /* type of file */ + char vstamp[2]; /* version stamp */ + char tsize[4]; /* text size in bytes, padded to FW bdry*/ + char dsize[4]; /* initialized data " " */ + char bsize[4]; /* uninitialized data " " */ + char entry[4]; /* entry pt. */ + char text_start[4]; /* base of text used for this file */ + char data_start[4]; /* base of data used for this file */ + } ATTRIBUTE_PACKED +AOUTHDR; + +#define AOUTHDRSZ 28 +#define AOUTSZ 28 + +typedef struct external_aouthdr64 +{ + char magic[2]; /* Type of file. */ + char vstamp[2]; /* Version stamp. */ + char tsize[4]; /* Text size in bytes, padded to FW bdry*/ + char dsize[4]; /* Initialized data " ". */ + char bsize[4]; /* Uninitialized data " ". */ + char entry[4]; /* Entry pt. */ + char text_start[4]; /* Base of text used for this file. */ +} +AOUTHDR64; +#define AOUTHDRSZ64 24 + +#endif /* not DO_NOT_DEFINE_AOUTHDR */ + +#ifndef DO_NOT_DEFINE_SCNHDR +/********************** SECTION HEADER **********************/ + +struct external_scnhdr + { + char s_name[8]; /* section name */ + char s_paddr[4]; /* physical address, aliased s_nlib */ + char s_vaddr[4]; /* virtual address */ + char s_size[4]; /* section size */ + char s_scnptr[4]; /* file ptr to raw data for section */ + char s_relptr[4]; /* file ptr to relocation */ + char s_lnnoptr[4]; /* file ptr to line numbers */ + char s_nreloc[2]; /* number of relocation entries */ + char s_nlnno[2]; /* number of line number entries */ + char s_flags[4]; /* flags */ + }; + +#define SCNHDR struct external_scnhdr +#define SCNHSZ 40 + +/* Names of "special" sections. */ + +#define _TEXT ".text" +#define _DATA ".data" +#define _BSS ".bss" +#define _COMMENT ".comment" +#define _LIB ".lib" +#endif /* not DO_NOT_DEFINE_SCNHDR */ + +#ifndef DO_NOT_DEFINE_LINENO + +/********************** LINE NUMBERS **********************/ + +#ifndef L_LNNO_SIZE +#error L_LNNO_SIZE needs to be defined +#endif + +/* 1 line number entry for every "breakpointable" source line in a section. + Line numbers are grouped on a per function basis; first entry in a function + grouping will have l_lnno = 0 and in place of physical address will be the + symbol table index of the function name. */ +struct external_lineno +{ + union + { + char l_symndx[4]; /* function name symbol index, iff l_lnno == 0*/ + char l_paddr[4]; /* (physical) address of line number */ + } l_addr; + + char l_lnno[L_LNNO_SIZE]; /* line number */ +}; + +#define LINENO struct external_lineno +#define LINESZ (4 + L_LNNO_SIZE) + +#if L_LNNO_SIZE == 4 +#define GET_LINENO_LNNO(abfd, ext) H_GET_32 (abfd, (ext->l_lnno)) +#define PUT_LINENO_LNNO(abfd, val, ext) H_PUT_32 (abfd, val, (ext->l_lnno)) +#endif +#if L_LNNO_SIZE == 2 +#define GET_LINENO_LNNO(abfd, ext) H_GET_16 (abfd, (ext->l_lnno)) +#define PUT_LINENO_LNNO(abfd, val, ext) H_PUT_16 (abfd, val, (ext->l_lnno)) +#endif + +#endif /* not DO_NOT_DEFINE_LINENO */ + +#ifndef DO_NOT_DEFINE_SYMENT +/********************** SYMBOLS **********************/ + +#define E_SYMNMLEN 8 /* # characters in a symbol name */ +#ifndef E_FILNMLEN +#define E_FILNMLEN 14 +#endif +#define E_DIMNUM 4 /* # array dimensions in auxiliary entry */ + +struct external_syment +{ + union + { + char e_name[E_SYMNMLEN]; + + struct + { + char e_zeroes[4]; + char e_offset[4]; + } e; + } e; + + char e_value[4]; + char e_scnum[2]; + char e_type[2]; + char e_sclass[1]; + char e_numaux[1]; +} ATTRIBUTE_PACKED ; + +#define SYMENT struct external_syment +#define SYMESZ 18 + +#ifndef N_BTMASK +#define N_BTMASK 0xf +#endif + +#ifndef N_TMASK +#define N_TMASK 0x30 +#endif + +#ifndef N_BTSHFT +#define N_BTSHFT 4 +#endif + +#ifndef N_TSHIFT +#define N_TSHIFT 2 +#endif + +#endif /* not DO_NOT_DEFINE_SYMENT */ + +#ifndef DO_NOT_DEFINE_AUXENT + +union external_auxent +{ + struct + { + char x_tagndx[4]; /* str, un, or enum tag indx */ + + union + { + struct + { + char x_lnno[2]; /* declaration line number */ + char x_size[2]; /* str/union/array size */ + } x_lnsz; + + char x_fsize[4]; /* size of function */ + + } x_misc; + + union + { + struct /* if ISFCN, tag, or .bb */ + { + char x_lnnoptr[4]; /* ptr to fcn line # */ + char x_endndx[4]; /* entry ndx past block end */ + } x_fcn; + + struct /* if ISARY, up to 4 dimen. */ + { + char x_dimen[E_DIMNUM][2]; + } x_ary; + + } x_fcnary; + + char x_tvndx[2]; /* tv index */ + + } x_sym; + + union + { + char x_fname[E_FILNMLEN]; + + struct + { + char x_zeroes[4]; + char x_offset[4]; + } x_n; + + } x_file; + + struct + { + char x_scnlen[4]; /* section length */ + char x_nreloc[2]; /* # relocation entries */ + char x_nlinno[2]; /* # line numbers */ +#ifdef INCLUDE_COMDAT_FIELDS_IN_AUXENT + char x_checksum[4]; /* section COMDAT checksum */ + char x_associated[2]; /* COMDAT associated section index */ + char x_comdat[1]; /* COMDAT selection number */ +#endif + } x_scn; + + struct + { + char x_tvfill[4]; /* tv fill value */ + char x_tvlen[2]; /* length of .tv */ + char x_tvran[2][2]; /* tv range */ + } x_tv; /* info about .tv section (in auxent of symbol .tv)) */ +} ATTRIBUTE_PACKED ; + +#define AUXENT union external_auxent +#define AUXESZ 18 + +#define _ETEXT "etext" + +#endif /* not DO_NOT_DEFINE_AUXENT */ + +#endif /* COFF_EXTERNAL_H */ diff -Nru sbsigntool-0.3/src/coff/pe.h sbsigntool-0.4/src/coff/pe.h --- sbsigntool-0.3/src/coff/pe.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/coff/pe.h 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,512 @@ +/* pe.h - PE COFF header information + + Copyright 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007, 2009, 2010 + Free Software Foundation, Inc. + + This file is part of BFD, the Binary File Descriptor library. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ +#ifndef _PE_H +#define _PE_H + +/* NT specific file attributes. */ +#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 +#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 +#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 +#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 +#define IMAGE_FILE_AGGRESSIVE_WS_TRIM 0x0010 +#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 +#define IMAGE_FILE_16BIT_MACHINE 0x0040 +#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 +#define IMAGE_FILE_32BIT_MACHINE 0x0100 +#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 +#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 +#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 +#define IMAGE_FILE_SYSTEM 0x1000 +#define IMAGE_FILE_DLL 0x2000 +#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 +#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 + +/* DllCharacteristics flag bits. The inconsistent naming may seem + odd, but that is how they are defined in the PE specification. */ +#define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE 0x0040 +#define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY 0x0080 +#define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT 0x0100 +#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 +#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 +#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 +#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 +#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 + +/* Additional flags to be set for section headers to allow the NT loader to + read and write to the section data (to replace the addresses of data in + dlls for one thing); also to execute the section in .text's case. */ +#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 +#define IMAGE_SCN_MEM_EXECUTE 0x20000000 +#define IMAGE_SCN_MEM_READ 0x40000000 +#define IMAGE_SCN_MEM_WRITE 0x80000000 + +/* Section characteristics added for ppc-nt. */ + +#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 /* Reserved. */ + +#define IMAGE_SCN_CNT_CODE 0x00000020 /* Section contains code. */ +#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 /* Section contains initialized data. */ +#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 /* Section contains uninitialized data. */ + +#define IMAGE_SCN_LNK_OTHER 0x00000100 /* Reserved. */ +#define IMAGE_SCN_LNK_INFO 0x00000200 /* Section contains comments or some other type of information. */ +#define IMAGE_SCN_LNK_REMOVE 0x00000800 /* Section contents will not become part of image. */ +#define IMAGE_SCN_LNK_COMDAT 0x00001000 /* Section contents comdat. */ + +#define IMAGE_SCN_MEM_FARDATA 0x00008000 + +#define IMAGE_SCN_MEM_PURGEABLE 0x00020000 +#define IMAGE_SCN_MEM_16BIT 0x00020000 +#define IMAGE_SCN_MEM_LOCKED 0x00040000 +#define IMAGE_SCN_MEM_PRELOAD 0x00080000 + +/* Bit position in the s_flags field where the alignment values start. */ +#define IMAGE_SCN_ALIGN_POWER_BIT_POS 20 +#define IMAGE_SCN_ALIGN_POWER_BIT_MASK 0x00f00000 +#define IMAGE_SCN_ALIGN_POWER_NUM(val) \ + (((val) >> IMAGE_SCN_ALIGN_POWER_BIT_POS) - 1) +#define IMAGE_SCN_ALIGN_POWER_CONST(val) \ + (((val) + 1) << IMAGE_SCN_ALIGN_POWER_BIT_POS) + +#define IMAGE_SCN_ALIGN_1BYTES IMAGE_SCN_ALIGN_POWER_CONST (0) +#define IMAGE_SCN_ALIGN_2BYTES IMAGE_SCN_ALIGN_POWER_CONST (1) +#define IMAGE_SCN_ALIGN_4BYTES IMAGE_SCN_ALIGN_POWER_CONST (2) +#define IMAGE_SCN_ALIGN_8BYTES IMAGE_SCN_ALIGN_POWER_CONST (3) +/* Default alignment if no others are specified. */ +#define IMAGE_SCN_ALIGN_16BYTES IMAGE_SCN_ALIGN_POWER_CONST (4) +#define IMAGE_SCN_ALIGN_32BYTES IMAGE_SCN_ALIGN_POWER_CONST (5) +#define IMAGE_SCN_ALIGN_64BYTES IMAGE_SCN_ALIGN_POWER_CONST (6) +#define IMAGE_SCN_ALIGN_128BYTES IMAGE_SCN_ALIGN_POWER_CONST (7) +#define IMAGE_SCN_ALIGN_256BYTES IMAGE_SCN_ALIGN_POWER_CONST (8) +#define IMAGE_SCN_ALIGN_512BYTES IMAGE_SCN_ALIGN_POWER_CONST (9) +#define IMAGE_SCN_ALIGN_1024BYTES IMAGE_SCN_ALIGN_POWER_CONST (10) +#define IMAGE_SCN_ALIGN_2048BYTES IMAGE_SCN_ALIGN_POWER_CONST (11) +#define IMAGE_SCN_ALIGN_4096BYTES IMAGE_SCN_ALIGN_POWER_CONST (12) +#define IMAGE_SCN_ALIGN_8192BYTES IMAGE_SCN_ALIGN_POWER_CONST (13) + +/* Encode alignment power into IMAGE_SCN_ALIGN bits of s_flags */ +#define COFF_ENCODE_ALIGNMENT(SECTION, ALIGNMENT_POWER) \ + ((SECTION).s_flags |= IMAGE_SCN_ALIGN_POWER_CONST ((ALIGNMENT_POWER))) + +#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 /* Section contains extended relocations. */ +#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 /* Section is not cachable. */ +#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 /* Section is not pageable. */ +#define IMAGE_SCN_MEM_SHARED 0x10000000 /* Section is shareable. */ + +/* COMDAT selection codes. */ + +#define IMAGE_COMDAT_SELECT_NODUPLICATES (1) /* Warn if duplicates. */ +#define IMAGE_COMDAT_SELECT_ANY (2) /* No warning. */ +#define IMAGE_COMDAT_SELECT_SAME_SIZE (3) /* Warn if different size. */ +#define IMAGE_COMDAT_SELECT_EXACT_MATCH (4) /* Warn if different. */ +#define IMAGE_COMDAT_SELECT_ASSOCIATIVE (5) /* Base on other section. */ + +/* Machine numbers. */ + +#define IMAGE_FILE_MACHINE_UNKNOWN 0x0000 +#define IMAGE_FILE_MACHINE_ALPHA 0x0184 +#define IMAGE_FILE_MACHINE_ALPHA64 0x0284 +#define IMAGE_FILE_MACHINE_AM33 0x01d3 +#define IMAGE_FILE_MACHINE_AMD64 0x8664 +#define IMAGE_FILE_MACHINE_ARM 0x01c0 +#define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64 +#define IMAGE_FILE_MACHINE_CEE 0xc0ee +#define IMAGE_FILE_MACHINE_CEF 0x0cef +#define IMAGE_FILE_MACHINE_EBC 0x0ebc +#define IMAGE_FILE_MACHINE_I386 0x014c +#define IMAGE_FILE_MACHINE_IA64 0x0200 +#define IMAGE_FILE_MACHINE_M32R 0x9041 +#define IMAGE_FILE_MACHINE_M68K 0x0268 +#define IMAGE_FILE_MACHINE_MIPS16 0x0266 +#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 +#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 +#define IMAGE_FILE_MACHINE_POWERPC 0x01f0 +#define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1 +#define IMAGE_FILE_MACHINE_R10000 0x0168 +#define IMAGE_FILE_MACHINE_R3000 0x0162 +#define IMAGE_FILE_MACHINE_R4000 0x0166 +#define IMAGE_FILE_MACHINE_SH3 0x01a2 +#define IMAGE_FILE_MACHINE_SH3DSP 0x01a3 +#define IMAGE_FILE_MACHINE_SH3E 0x01a4 +#define IMAGE_FILE_MACHINE_SH4 0x01a6 +#define IMAGE_FILE_MACHINE_SH5 0x01a8 +#define IMAGE_FILE_MACHINE_THUMB 0x01c2 +#define IMAGE_FILE_MACHINE_TRICORE 0x0520 +#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 +#define IMAGE_FILE_MACHINE_AMD64 0x8664 + +#define IMAGE_SUBSYSTEM_UNKNOWN 0 +#define IMAGE_SUBSYSTEM_NATIVE 1 +#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 +#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 +#define IMAGE_SUBSYSTEM_POSIX_CUI 7 +#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 +#define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 +#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 +#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 +#define IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER 13 +#define IMAGE_SUBSYSTEM_XBOX 14 + +/* Magic values that are true for all dos/nt implementations. */ +#define DOSMAGIC 0x5a4d +#define NT_SIGNATURE 0x00004550 + +/* NT allows long filenames, we want to accommodate this. + This may break some of the bfd functions. */ +#undef FILNMLEN +#define FILNMLEN 18 /* # characters in a file name. */ + +struct external_PEI_DOS_hdr +{ + /* DOS header fields - always at offset zero in the EXE file. */ + char e_magic[2]; /* Magic number, 0x5a4d. */ + char e_cblp[2]; /* Bytes on last page of file, 0x90. */ + char e_cp[2]; /* Pages in file, 0x3. */ + char e_crlc[2]; /* Relocations, 0x0. */ + char e_cparhdr[2]; /* Size of header in paragraphs, 0x4. */ + char e_minalloc[2]; /* Minimum extra paragraphs needed, 0x0. */ + char e_maxalloc[2]; /* Maximum extra paragraphs needed, 0xFFFF. */ + char e_ss[2]; /* Initial (relative) SS value, 0x0. */ + char e_sp[2]; /* Initial SP value, 0xb8. */ + char e_csum[2]; /* Checksum, 0x0. */ + char e_ip[2]; /* Initial IP value, 0x0. */ + char e_cs[2]; /* Initial (relative) CS value, 0x0. */ + char e_lfarlc[2]; /* File address of relocation table, 0x40. */ + char e_ovno[2]; /* Overlay number, 0x0. */ + char e_res[4][2]; /* Reserved words, all 0x0. */ + char e_oemid[2]; /* OEM identifier (for e_oeminfo), 0x0. */ + char e_oeminfo[2]; /* OEM information; e_oemid specific, 0x0. */ + char e_res2[10][2]; /* Reserved words, all 0x0. */ + char e_lfanew[4]; /* File address of new exe header, usually 0x80. */ + char dos_message[16][4]; /* Other stuff, always follow DOS header. */ +}; + +struct external_PEI_IMAGE_hdr +{ + char nt_signature[4]; /* required NT signature, 0x4550. */ + + /* From standard header. */ + char f_magic[2]; /* Magic number. */ + char f_nscns[2]; /* Number of sections. */ + char f_timdat[4]; /* Time & date stamp. */ + char f_symptr[4]; /* File pointer to symtab. */ + char f_nsyms[4]; /* Number of symtab entries. */ + char f_opthdr[2]; /* Sizeof(optional hdr). */ + char f_flags[2]; /* Flags. */ +}; + +struct external_PEI_filehdr +{ + /* DOS header fields - always at offset zero in the EXE file. */ + char e_magic[2]; /* Magic number, 0x5a4d. */ + char e_cblp[2]; /* Bytes on last page of file, 0x90. */ + char e_cp[2]; /* Pages in file, 0x3. */ + char e_crlc[2]; /* Relocations, 0x0. */ + char e_cparhdr[2]; /* Size of header in paragraphs, 0x4. */ + char e_minalloc[2]; /* Minimum extra paragraphs needed, 0x0. */ + char e_maxalloc[2]; /* Maximum extra paragraphs needed, 0xFFFF. */ + char e_ss[2]; /* Initial (relative) SS value, 0x0. */ + char e_sp[2]; /* Initial SP value, 0xb8. */ + char e_csum[2]; /* Checksum, 0x0. */ + char e_ip[2]; /* Initial IP value, 0x0. */ + char e_cs[2]; /* Initial (relative) CS value, 0x0. */ + char e_lfarlc[2]; /* File address of relocation table, 0x40. */ + char e_ovno[2]; /* Overlay number, 0x0. */ + char e_res[4][2]; /* Reserved words, all 0x0. */ + char e_oemid[2]; /* OEM identifier (for e_oeminfo), 0x0. */ + char e_oeminfo[2]; /* OEM information; e_oemid specific, 0x0. */ + char e_res2[10][2]; /* Reserved words, all 0x0. */ + char e_lfanew[4]; /* File address of new exe header, usually 0x80. */ + char dos_message[16][4]; /* Other stuff, always follow DOS header. */ + + /* Note: additional bytes may be inserted before the signature. Use + the e_lfanew field to find the actual location of the NT signature. */ + + char nt_signature[4]; /* required NT signature, 0x4550. */ + + /* From standard header. */ + char f_magic[2]; /* Magic number. */ + char f_nscns[2]; /* Number of sections. */ + char f_timdat[4]; /* Time & date stamp. */ + char f_symptr[4]; /* File pointer to symtab. */ + char f_nsyms[4]; /* Number of symtab entries. */ + char f_opthdr[2]; /* Sizeof(optional hdr). */ + char f_flags[2]; /* Flags. */ +}; + +#ifdef COFF_IMAGE_WITH_PE + +/* The filehdr is only weird in images. */ + +#undef FILHDR +#define FILHDR struct external_PEI_filehdr +#undef FILHSZ +#define FILHSZ 152 + +#endif /* COFF_IMAGE_WITH_PE */ + +/* 32-bit PE a.out header: */ + +typedef struct +{ + AOUTHDR standard; + + /* NT extra fields; see internal.h for descriptions. */ + char ImageBase[4]; + char SectionAlignment[4]; + char FileAlignment[4]; + char MajorOperatingSystemVersion[2]; + char MinorOperatingSystemVersion[2]; + char MajorImageVersion[2]; + char MinorImageVersion[2]; + char MajorSubsystemVersion[2]; + char MinorSubsystemVersion[2]; + char Reserved1[4]; + char SizeOfImage[4]; + char SizeOfHeaders[4]; + char CheckSum[4]; + char Subsystem[2]; + char DllCharacteristics[2]; + char SizeOfStackReserve[4]; + char SizeOfStackCommit[4]; + char SizeOfHeapReserve[4]; + char SizeOfHeapCommit[4]; + char LoaderFlags[4]; + char NumberOfRvaAndSizes[4]; + /* IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; */ + char DataDirectory[16][2][4]; /* 16 entries, 2 elements/entry, 4 chars. */ +} PEAOUTHDR; + +#undef AOUTSZ +#define AOUTSZ (AOUTHDRSZ + 196) + +/* Like PEAOUTHDR, except that the "standard" member has no BaseOfData + (aka data_start) member and that some of the members are 8 instead + of just 4 bytes long. */ +typedef struct +{ +#ifdef AOUTHDRSZ64 + AOUTHDR64 standard; +#else + AOUTHDR standard; +#endif + /* NT extra fields; see internal.h for descriptions. */ + char ImageBase[8]; + char SectionAlignment[4]; + char FileAlignment[4]; + char MajorOperatingSystemVersion[2]; + char MinorOperatingSystemVersion[2]; + char MajorImageVersion[2]; + char MinorImageVersion[2]; + char MajorSubsystemVersion[2]; + char MinorSubsystemVersion[2]; + char Reserved1[4]; + char SizeOfImage[4]; + char SizeOfHeaders[4]; + char CheckSum[4]; + char Subsystem[2]; + char DllCharacteristics[2]; + char SizeOfStackReserve[8]; + char SizeOfStackCommit[8]; + char SizeOfHeapReserve[8]; + char SizeOfHeapCommit[8]; + char LoaderFlags[4]; + char NumberOfRvaAndSizes[4]; + /* IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; */ + char DataDirectory[16][2][4]; /* 16 entries, 2 elements/entry, 4 chars. */ +} PEPAOUTHDR; + +#ifdef AOUTHDRSZ64 +#define PEPAOUTSZ (AOUTHDRSZ64 + 196 + 5 * 4) /* = 240 */ +#else +#define PEPAOUTSZ 240 +#endif + +#undef E_FILNMLEN +#define E_FILNMLEN 18 /* # characters in a file name. */ + +/* Import Tyoes fot ILF format object files.. */ +#define IMPORT_CODE 0 +#define IMPORT_DATA 1 +#define IMPORT_CONST 2 + +/* Import Name Tyoes for ILF format object files. */ +#define IMPORT_ORDINAL 0 +#define IMPORT_NAME 1 +#define IMPORT_NAME_NOPREFIX 2 +#define IMPORT_NAME_UNDECORATE 3 + +/* Weak external characteristics. */ +#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 +#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 +#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 + +/* .pdata/.xdata defines and structures for x64 PE+ for exception handling. */ + +/* .pdata in exception directory. */ + +struct pex64_runtime_function +{ + bfd_vma rva_BeginAddress; + bfd_vma rva_EndAddress; + bfd_vma rva_UnwindData; + unsigned int isChained : 1; +}; + +struct external_pex64_runtime_function +{ + bfd_byte rva_BeginAddress[4]; + bfd_byte rva_EndAddress[4]; + bfd_byte rva_UnwindData[4]; +}; + +/* If the lowest significant bit is set for rva_UnwindData RVA, it + means that the unified RVA points to another pex64_runtime_function + that this entry shares the unwind_info block with. */ +#define PEX64_IS_RUNTIME_FUNCTION_CHAINED(PTR_RTF) \ + (((PTR_RTF)->rva_UnwindData & 1) != 0) +#define PEX64_GET_UNWINDDATA_UNIFIED_RVA(PTR_RTF) \ + ((PTR_RTF)->rva_UnwindData & ~1) + +/* The unwind codes. */ +#define UWOP_PUSH_NONVOL 0 +#define UWOP_ALLOC_LARGE 1 +#define UWOP_ALLOC_SMALL 2 +#define UWOP_SET_FPREG 3 +#define UWOP_SAVE_NONVOL 4 +#define UWOP_SAVE_NONVOL_FAR 5 +#define UWOP_SAVE_XMM 6 +#define UWOP_SAVE_XMM_FAR 7 +#define UWOP_SAVE_XMM128 8 +#define UWOP_SAVE_XMM128_FAR 9 +#define UWOP_PUSH_MACHFRAME 10 + +struct pex64_unwind_code +{ + bfd_vma prologue_offset; + /* Contains Frame offset, or frame allocation size. */ + bfd_vma frame_addr; + unsigned int uwop_code : 4; + /* xmm, mm, or standard register from 0 - 15. */ + unsigned int reg : 4; + /* Used for UWOP_PUSH_MACHFRAME to indicate optional errorcode stack + argument. */ + unsigned int has_errorcode : 1; +}; + +struct external_pex64_unwind_code +{ + bfd_byte dta[2]; +}; + +#define PEX64_UNWCODE_CODE(VAL) ((VAL) & 0xf) +#define PEX64_UNWCODE_INFO(VAL) (((VAL) >> 4) & 0xf) + +/* The unwind info. */ +#define UNW_FLAG_NHANDLER 0 +#define UNW_FLAG_EHANDLER 1 +#define UNW_FLAG_UHANDLER 2 +#define UNW_FLAG_FHANDLER 3 +#define UNW_FLAG_CHAININFO 4 + +#define UNW_FLAG_MASK 0x1f + +struct pex64_unwind_info +{ + bfd_vma SizeOfBlock; + bfd_byte Version; /* Values from 0 up to 7 are possible. */ + bfd_byte Flags; /* Values from 0 up to 31 are possible. */ + bfd_vma SizeOfPrologue; + bfd_vma CountOfCodes; /* Amount of pex64_unwind_code elements. */ + /* 0 = CFA, 1..15 are index of integer registers. */ + unsigned int FrameRegister : 4; + bfd_vma FrameOffset; + bfd_vma sizeofUnwindCodes; + bfd_byte *rawUnwindCodes; + /* Valid for UNW_FLAG_EHANDLER and UNW_FLAG_UHANDLER. */ + bfd_vma CountOfScopes; + bfd_byte *rawScopeEntries; + bfd_vma rva_ExceptionHandler; /* UNW_EHANDLER. */ + bfd_vma rva_TerminationHandler; /* UNW_FLAG_UHANDLER. */ + bfd_vma rva_FrameHandler; /* UNW_FLAG_FHANDLER. */ + bfd_vma FrameHandlerArgument; /* UNW_FLAG_FHANDLER. */ + bfd_vma rva_FunctionEntry; /* UNW_FLAG_CHAININFO. */ +}; + +struct external_pex64_unwind_info +{ + bfd_byte Version_Flags; + bfd_byte SizeOfPrologue; + bfd_byte CountOfCodes; + bfd_byte FrameRegisterOffset; + /* external_pex64_unwind_code array. */ + /* bfd_byte handler[4]; */ + /* Optional language specific data. */ +}; + +struct external_pex64_scope +{ + bfd_vma Count; +}; + +struct pex64_scope +{ + bfd_byte Count[4]; +}; + +struct pex64_scope_entry +{ + bfd_vma rva_BeginAddress; + bfd_vma rva_EndAddress; + bfd_vma rva_HandlerAddress; + bfd_vma rva_JumpAddress; +}; +#define PEX64_SCOPE_ENTRY_SIZE 16 + +struct external_pex64_scope_entry +{ + bfd_byte rva_BeginAddress[4]; + bfd_byte rva_EndAddress[4]; + bfd_byte rva_HandlerAddress[4]; + bfd_byte rva_JumpAddress[4]; +}; + +#define PEX64_UWI_VERSION(VAL) ((VAL) & 7) +#define PEX64_UWI_FLAGS(VAL) (((VAL) >> 3) & 0x1f) +#define PEX64_UWI_FRAMEREG(VAL) ((VAL) & 0xf) +#define PEX64_UWI_FRAMEOFF(VAL) (((VAL) >> 4) & 0xf) +#define PEX64_UWI_SIZEOF_UWCODE_ARRAY(VAL) \ + ((((VAL) + 1) & ~1) * 2) + +#define PEX64_OFFSET_TO_UNWIND_CODE 0x4 + +#define PEX64_OFFSET_TO_HANDLER_RVA (COUNTOFUNWINDCODES) \ + (PEX64_OFFSET_TO_UNWIND_CODE + \ + PEX64_UWI_SIZEOF_UWCODE_ARRAY(COUNTOFUNWINDCODES)) + +#define PEX64_OFFSET_TO_SCOPE_COUNT(COUNTOFUNWINDCODES) \ + (PEX64_OFFSET_TO_HANDLER_RVA(COUNTOFUNWINDCODES) + 4) + +#define PEX64_SCOPE_ENTRY(COUNTOFUNWINDCODES, IDX) \ + (PEX64_OFFSET_TO_SCOPE_COUNT(COUNTOFUNWINDCODES) + \ + PEX64_SCOPE_ENTRY_SIZE * (IDX)) + +#endif /* _PE_H */ diff -Nru sbsigntool-0.3/src/efivars.h sbsigntool-0.4/src/efivars.h --- sbsigntool-0.3/src/efivars.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/efivars.h 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#ifndef EFI_VARAUTH_H +#define EFI_VARAUTH_H + +#include + +#define EFI_CERT_TYPE_PKCS7_GUID \ + { 0x4aafd29d, 0x68df, 0x49ee, \ + { 0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7 } } + +#define EFI_CERT_X509_GUID \ + { 0xa5c059a1, 0x94e4, 0x4aa7, \ + { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 } } + +#define EFI_CERT_SHA256_GUID \ + { 0xc1c41626, 0x504c, 0x4092, \ + { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 } } + +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { 0xd719b2cb, 0x3d3a, 0x4596, \ + { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } } + + +#ifndef EFI_VARIABLE_NON_VOLATILE +#define EFI_VARIABLE_NON_VOLATILE 0x00000001 +#endif + +#ifndef EFI_VARIABLE_BOOTSERVICE_ACCESS +#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +#endif + +#ifndef EFI_VARIABLE_RUNTIME_ACCESS +#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 +#endif + +#ifndef EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS +#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +#endif + +#ifndef EFI_VARIABLE_APPEND_WRITE +#define EFI_VARIABLE_APPEND_WRITE 0x00000040 +#endif + +typedef struct { + UINT32 dwLength; + UINT16 wRevision; + UINT16 wCertificateType; + UINT8 bCertificate[]; +} WIN_CERTIFICATE; + +typedef struct { + WIN_CERTIFICATE Hdr; + EFI_GUID CertType; + UINT8 CertData[]; +} WIN_CERTIFICATE_UEFI_GUID; + +typedef struct { + EFI_TIME TimeStamp; + WIN_CERTIFICATE_UEFI_GUID AuthInfo; +} EFI_VARIABLE_AUTHENTICATION_2; + + +typedef struct { + EFI_GUID SignatureOwner; + UINT8 SignatureData[]; +} EFI_SIGNATURE_DATA; + +typedef struct { + EFI_GUID SignatureType; + UINT32 SignatureListSize; + UINT32 SignatureHeaderSize; + UINT32 SignatureSize; +} EFI_SIGNATURE_LIST; + +#endif /* EFI_VARAUTH_H */ + diff -Nru sbsigntool-0.3/src/fileio.c sbsigntool-0.4/src/fileio.c --- sbsigntool-0.3/src/fileio.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/fileio.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,166 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include + +#include "fileio.h" + +#define FLAG_NOERROR (1<<0) + +EVP_PKEY *fileio_read_pkey(const char *filename) +{ + EVP_PKEY *key = NULL; + BIO *bio; + + bio = BIO_new_file(filename, "r"); + if (!bio) + goto out; + + key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + +out: + BIO_free_all(bio); + if (!key) { + fprintf(stderr, "Can't load key from file '%s'\n", filename); + ERR_print_errors_fp(stderr); + } + return key; +} + +X509 *fileio_read_cert(const char *filename) +{ + X509 *cert = NULL; + BIO *bio; + + bio = BIO_new_file(filename, "r"); + if (!bio) + goto out; + + cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + +out: + BIO_free_all(bio); + if (!cert) { + fprintf(stderr, "Can't load certificate from file '%s'\n", + filename); + ERR_print_errors_fp(stderr); + } + return cert; +} + +static int __fileio_read_file(void *ctx, const char *filename, + uint8_t **out_buf, size_t *out_len, int flags) +{ + struct stat statbuf; + uint8_t *buf; + size_t len; + int fd, rc; + + rc = -1; + + fd = open(filename, O_RDONLY); + if (fd < 0) + goto out; + + rc = fstat(fd, &statbuf); + if (rc) + goto out; + + len = statbuf.st_size; + + buf = talloc_array(ctx, uint8_t, len); + if (!buf) + goto out; + + if (!read_all(fd, buf, len)) + goto out; + + rc = 0; + +out: + if (fd >= 0) + close(fd); + if (rc) { + if (!(flags & FLAG_NOERROR)) + fprintf(stderr, "Error reading file %s: %s\n", + filename, strerror(errno)); + } else { + *out_buf = buf; + *out_len = len; + } + return rc; + +} + +int fileio_read_file(void *ctx, const char *filename, + uint8_t **out_buf, size_t *out_len) +{ + return __fileio_read_file(ctx, filename, out_buf, out_len, 0); +} + +int fileio_read_file_noerror(void *ctx, const char *filename, + uint8_t **out_buf, size_t *out_len) +{ + return __fileio_read_file(ctx, filename, out_buf, out_len, + FLAG_NOERROR); +} + +int fileio_write_file(const char *filename, uint8_t *buf, size_t len) +{ + int fd; + + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd < 0) { + perror("open"); + return -1; + } + + if (!write_all(fd, buf, len)) { + perror("write_all"); + close(fd); + return -1; + } + + close(fd); + return 0; +} diff -Nru sbsigntool-0.3/src/fileio.h sbsigntool-0.4/src/fileio.h --- sbsigntool-0.3/src/fileio.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/fileio.h 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#ifndef FILEIO_H +#define FILEIO_H + +#include + +#include +#include + +EVP_PKEY *fileio_read_pkey(const char *filename); +X509 *fileio_read_cert(const char *filename); + +int fileio_read_file(void *ctx, const char *filename, + uint8_t **out_buf, size_t *out_len); +int fileio_read_file_noerror(void *ctx, const char *filename, + uint8_t **out_buf, size_t *out_len); +int fileio_write_file(const char *filename, uint8_t *buf, size_t len); + +#endif /* FILEIO_H */ + diff -Nru sbsigntool-0.3/src/idc.c sbsigntool-0.4/src/idc.c --- sbsigntool-0.3/src/idc.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/idc.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,301 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "idc.h" + +typedef struct idc_type_value { + ASN1_OBJECT *type; + ASN1_TYPE *value; +} IDC_TYPE_VALUE; + +ASN1_SEQUENCE(IDC_TYPE_VALUE) = { + ASN1_SIMPLE(IDC_TYPE_VALUE, type, ASN1_OBJECT), + ASN1_OPT(IDC_TYPE_VALUE, value, ASN1_ANY), +} ASN1_SEQUENCE_END(IDC_TYPE_VALUE); + +IMPLEMENT_ASN1_FUNCTIONS(IDC_TYPE_VALUE); + +typedef struct idc_string { + int type; + union { + ASN1_BMPSTRING *unicode; + ASN1_IA5STRING *ascii; + } value; +} IDC_STRING; + +ASN1_CHOICE(IDC_STRING) = { + ASN1_IMP(IDC_STRING, value.unicode, ASN1_BMPSTRING, 0), + ASN1_IMP(IDC_STRING, value.ascii, ASN1_IA5STRING, 1), +} ASN1_CHOICE_END(IDC_STRING); + +IMPLEMENT_ASN1_FUNCTIONS(IDC_STRING); + +typedef struct idc_link { + int type; + union { + ASN1_NULL *url; + ASN1_NULL *moniker; + IDC_STRING *file; + } value; +} IDC_LINK; + +ASN1_CHOICE(IDC_LINK) = { + ASN1_IMP(IDC_LINK, value.url, ASN1_NULL, 0), + ASN1_IMP(IDC_LINK, value.moniker, ASN1_NULL, 1), + ASN1_EXP(IDC_LINK, value.file, IDC_STRING, 2), +} ASN1_CHOICE_END(IDC_LINK); + +IMPLEMENT_ASN1_FUNCTIONS(IDC_LINK); + +typedef struct idc_pe_image_data { + ASN1_BIT_STRING *flags; + IDC_LINK *file; +} IDC_PEID; + +ASN1_SEQUENCE(IDC_PEID) = { + ASN1_SIMPLE(IDC_PEID, flags, ASN1_BIT_STRING), + ASN1_EXP(IDC_PEID, file, IDC_LINK, 0), +} ASN1_SEQUENCE_END(IDC_PEID); + +IMPLEMENT_ASN1_FUNCTIONS(IDC_PEID); + +typedef struct idc_digest { + X509_ALGOR *alg; + ASN1_OCTET_STRING *digest; +} IDC_DIGEST; + +ASN1_SEQUENCE(IDC_DIGEST) = { + ASN1_SIMPLE(IDC_DIGEST, alg, X509_ALGOR), + ASN1_SIMPLE(IDC_DIGEST, digest, ASN1_OCTET_STRING), +} ASN1_SEQUENCE_END(IDC_DIGEST) + +IMPLEMENT_ASN1_FUNCTIONS(IDC_DIGEST) + +typedef struct idc { + IDC_TYPE_VALUE *data; + IDC_DIGEST *digest; +} IDC; + +ASN1_SEQUENCE(IDC) = { + ASN1_SIMPLE(IDC, data, IDC_TYPE_VALUE), + ASN1_SIMPLE(IDC, digest, IDC_DIGEST), +} ASN1_SEQUENCE_END(IDC) + +IMPLEMENT_ASN1_FUNCTIONS(IDC) + +static int type_set_sequence(void *ctx, ASN1_TYPE *type, + void *s, const ASN1_ITEM *it) +{ + uint8_t *seq_data, *tmp; + ASN1_OCTET_STRING *os; + ASN1_STRING *seq = s; + int len; + + os = ASN1_STRING_new(); + + len = ASN1_item_i2d((ASN1_VALUE *)seq, NULL, it); + tmp = seq_data = talloc_array(ctx, uint8_t, len); + ASN1_item_i2d((ASN1_VALUE *)seq, &tmp, it); + + ASN1_STRING_set(os, seq_data, len); + ASN1_TYPE_set(type, V_ASN1_SEQUENCE, os); + return 0; +} + +const char obsolete[] = { + 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, + 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, + 0x00, 0x65, 0x00, 0x3e, 0x00, 0x3e, 0x00, 0x3e +}; + +const char *sha256_str(const uint8_t *hash) +{ + static char s[SHA256_DIGEST_LENGTH * 2 + 1]; + int i; + + for (i = 0; i < SHA256_DIGEST_LENGTH; i++) + snprintf(s + i * 2, 3, "%02x", hash[i]); + + return s; +} + +int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) +{ + uint8_t *buf, *tmp, sha[SHA256_DIGEST_LENGTH]; + int idc_nid, peid_nid, len, rc; + IDC_PEID *peid; + ASN1_STRING *s; + ASN1_TYPE *t; + BIO *sigbio; + IDC *idc; + + idc_nid = OBJ_create("1.3.6.1.4.1.311.2.1.4", + "spcIndirectDataContext", + "Indirect Data Context"); + peid_nid = OBJ_create("1.3.6.1.4.1.311.2.1.15", + "spcPEImageData", + "PE Image Data"); + + image_hash_sha256(image, sha); + + idc = IDC_new(); + peid = IDC_PEID_new(); + + peid->file = IDC_LINK_new(); + peid->file->type = 2; + peid->file->value.file = IDC_STRING_new(); + peid->file->value.file->type = 0; + peid->file->value.file->value.unicode = ASN1_STRING_new(); + ASN1_STRING_set(peid->file->value.file->value.unicode, + obsolete, sizeof(obsolete)); + + idc->data->type = OBJ_nid2obj(peid_nid); + idc->data->value = ASN1_TYPE_new(); + type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); + + idc->digest->alg->parameter = ASN1_TYPE_new(); + idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); + idc->digest->alg->parameter->type = V_ASN1_NULL; + ASN1_OCTET_STRING_set(idc->digest->digest, sha, sizeof(sha)); + + len = i2d_IDC(idc, NULL); + tmp = buf = talloc_array(image, uint8_t, len); + i2d_IDC(idc, &tmp); + + /* Add the contentType authenticated attribute */ + PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, + OBJ_nid2obj(idc_nid)); + + /* Because the PKCS7 lib has a hard time dealing with non-standard + * data types, we create a temporary BIO to hold the signed data, so + * that the top-level PKCS7 object calculates the correct hash... + */ + sigbio = PKCS7_dataInit(p7, NULL); + BIO_write(sigbio, buf+2, len-2); + + /* ... then we finalise the p7 content, which does the actual + * signing ... */ + rc = PKCS7_dataFinal(p7, sigbio); + if (!rc) { + fprintf(stderr, "dataFinal failed\n"); + ERR_print_errors_fp(stderr); + return -1; + } + + /* ... and we replace the content with the actual IDC ASN type. */ + t = ASN1_TYPE_new(); + s = ASN1_STRING_new(); + ASN1_STRING_set(s, buf, len); + ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s); + PKCS7_set0_type_other(p7->d.sign->contents, idc_nid, t); + + return 0; +} + +struct idc *IDC_get(PKCS7 *p7, BIO *bio) +{ + const unsigned char *buf, *idcbuf; + ASN1_STRING *str; + IDC *idc; + + /* extract the idc from the signed PKCS7 'other' data */ + str = p7->d.sign->contents->d.other->value.asn1_string; + idcbuf = buf = ASN1_STRING_data(str); + idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); + + /* If we were passed a BIO, write the idc data, minus type and length, + * to the BIO. This can be used to PKCS7_verify the idc */ + if (bio) { + uint32_t idclen; + uint8_t tmp; + + tmp = idcbuf[1]; + + if (!(tmp & 0x80)) { + idclen = tmp & 0x7f; + idcbuf += 2; + } else if ((tmp & 0x82) == 0x82) { + idclen = (idcbuf[2] << 8) + + idcbuf[3]; + idcbuf += 4; + } else { + fprintf(stderr, "Invalid ASN.1 data in " + "IndirectDataContext?\n"); + return NULL; + } + + BIO_write(bio, idcbuf, idclen); + } + + return idc; +} + +int IDC_check_hash(struct idc *idc, struct image *image) +{ + unsigned char sha[SHA256_DIGEST_LENGTH]; + const unsigned char *buf; + ASN1_STRING *str; + + image_hash_sha256(image, sha); + + /* check hash algorithm sanity */ + if (OBJ_cmp(idc->digest->alg->algorithm, OBJ_nid2obj(NID_sha256))) { + fprintf(stderr, "Invalid algorithm type\n"); + return -1; + } + + str = idc->digest->digest; + if (ASN1_STRING_length(str) != sizeof(sha)) { + fprintf(stderr, "Invalid algorithm length\n"); + return -1; + } + + /* check hash against the one we calculated from the image */ + buf = ASN1_STRING_data(str); + if (memcmp(buf, sha, sizeof(sha))) { + fprintf(stderr, "Hash doesn't match image\n"); + fprintf(stderr, " got: %s\n", sha256_str(buf)); + fprintf(stderr, " expecting: %s\n", sha256_str(sha)); + return -1; + } + + return 0; +} diff -Nru sbsigntool-0.3/src/idc.h sbsigntool-0.4/src/idc.h --- sbsigntool-0.3/src/idc.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/idc.h 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#ifndef IDC_H +#define IDC_H + +#include "image.h" + +#include + +struct idc; + +int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image); +struct idc *IDC_get(PKCS7 *p7, BIO *bio); +int IDC_check_hash(struct idc *idc, struct image *image); + +#endif /* IDC_H */ + diff -Nru sbsigntool-0.3/src/image.c sbsigntool-0.4/src/image.c --- sbsigntool-0.3/src/image.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/image.c 2012-10-02 08:55:23.000000000 +0100 @@ -0,0 +1,558 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "fileio.h" +#include "image.h" + +#define DATA_DIR_CERT_TABLE 4 + +#define CERT_TABLE_TYPE_PKCS 0x0002 /* PKCS signedData */ +#define CERT_TABLE_REVISION 0x0200 /* revision 2 */ + +/** + * The PE/COFF headers export struct fields as arrays of chars. So, define + * a couple of accessor functions that allow fields to be deferenced as their + * native types, to allow strict aliasing. This also allows for endian- + * neutral behaviour. + */ +static uint32_t __pehdr_u32(char field[]) +{ + uint8_t *ufield = (uint8_t *)field; + return (ufield[3] << 24) + + (ufield[2] << 16) + + (ufield[1] << 8) + + ufield[0]; +} + +static uint16_t __pehdr_u16(char field[]) +{ + uint8_t *ufield = (uint8_t *)field; + return (ufield[1] << 8) + + ufield[0]; +} + +/* wrappers to ensure type correctness */ +#define pehdr_u32(f) __pehdr_u32(f + BUILD_ASSERT_OR_ZERO(sizeof(f) == 4)) +#define pehdr_u16(f) __pehdr_u16(f + BUILD_ASSERT_OR_ZERO(sizeof(f) == 2)) + +/* Machine-specific PE/COFF parse functions. These parse the relevant a.out + * header for the machine type, and set the following members of struct image: + * - aouthdr_size + * - file_alignment + * - header_size + * - data_dir + * - checksum + * + * These functions require image->opthdr to be set by the caller. + */ +static int image_pecoff_parse_32(struct image *image) +{ + if (image->opthdr.opt_32->standard.magic[0] != 0x0b || + image->opthdr.opt_32->standard.magic[1] != 0x01) { + fprintf(stderr, "Invalid a.out machine type\n"); + return -1; + } + + image->opthdr_min_size = sizeof(*image->opthdr.opt_32) - + sizeof(image->opthdr.opt_32->DataDirectory); + + image->file_alignment = + pehdr_u32(image->opthdr.opt_32->FileAlignment); + image->header_size = + pehdr_u32(image->opthdr.opt_32->SizeOfHeaders); + + image->data_dir = (void *)image->opthdr.opt_32->DataDirectory; + image->checksum = (uint32_t *)image->opthdr.opt_32->CheckSum; + return 0; +} + +static int image_pecoff_parse_64(struct image *image) +{ + if (image->opthdr.opt_64->standard.magic[0] != 0x0b || + image->opthdr.opt_64->standard.magic[1] != 0x02) { + fprintf(stderr, "Invalid a.out machine type\n"); + return -1; + } + + image->opthdr_min_size = sizeof(*image->opthdr.opt_64) - + sizeof(image->opthdr.opt_64->DataDirectory); + + image->file_alignment = + pehdr_u32(image->opthdr.opt_64->FileAlignment); + image->header_size = + pehdr_u32(image->opthdr.opt_64->SizeOfHeaders); + + image->data_dir = (void *)image->opthdr.opt_64->DataDirectory; + image->checksum = (uint32_t *)image->opthdr.opt_64->CheckSum; + return 0; +} + +static int image_pecoff_parse(struct image *image) +{ + struct cert_table_header *cert_table; + char nt_sig[] = {'P', 'E', 0, 0}; + size_t size = image->size; + int rc, cert_table_offset; + void *buf = image->buf; + uint16_t magic; + uint32_t addr; + + /* sanity checks */ + if (size < sizeof(*image->doshdr)) { + fprintf(stderr, "file is too small for DOS header\n"); + return -1; + } + + image->doshdr = buf; + + if (image->doshdr->e_magic[0] != 0x4d + || image->doshdr->e_magic[1] != 0x5a) { + fprintf(stderr, "Invalid DOS header magic\n"); + return -1; + } + + addr = pehdr_u32(image->doshdr->e_lfanew); + if (addr >= image->size) { + fprintf(stderr, "pehdr is beyond end of file [0x%08x]\n", + addr); + return -1; + } + + if (addr + sizeof(*image->pehdr) > image->size) { + fprintf(stderr, "File not large enough to contain pehdr\n"); + return -1; + } + + image->pehdr = buf + addr; + if (memcmp(image->pehdr->nt_signature, nt_sig, sizeof(nt_sig))) { + fprintf(stderr, "Invalid PE header signature\n"); + return -1; + } + + /* a.out header directly follows PE header */ + image->opthdr.addr = image->pehdr + 1; + magic = pehdr_u16(image->pehdr->f_magic); + + if (magic == IMAGE_FILE_MACHINE_AMD64) { + rc = image_pecoff_parse_64(image); + + } else if (magic == IMAGE_FILE_MACHINE_I386) { + rc = image_pecoff_parse_32(image); + + } else { + fprintf(stderr, "Invalid PE header magic\n"); + return -1; + } + + if (rc) { + fprintf(stderr, "Error parsing a.out header\n"); + return -1; + } + + /* the optional header has a variable size, as the data directory + * has a variable number of entries. Ensure that the we have enough + * space to include the security directory entry */ + image->opthdr_size = pehdr_u16(image->pehdr->f_opthdr); + cert_table_offset = sizeof(*image->data_dir) * + (DATA_DIR_CERT_TABLE + 1); + + if (image->opthdr_size < image->opthdr_min_size + cert_table_offset) { + fprintf(stderr, "PE opt header too small (%d bytes) to contain " + "a suitable data directory (need %d bytes)\n", + image->opthdr_size, + image->opthdr_min_size + cert_table_offset); + return -1; + } + + + image->data_dir_sigtable = &image->data_dir[DATA_DIR_CERT_TABLE]; + + if (image->size < sizeof(*image->doshdr) + sizeof(*image->pehdr) + + image->opthdr_size) { + fprintf(stderr, "file is too small for a.out header\n"); + return -1; + } + + image->cert_table_size = image->data_dir_sigtable->size; + if (image->cert_table_size) + cert_table = buf + image->data_dir_sigtable->addr; + else + cert_table = NULL; + + image->cert_table = cert_table; + + /* if we have a valid cert table header, populate sigbuf as a shadow + * copy of the cert table */ + if (cert_table && cert_table->revision == CERT_TABLE_REVISION && + cert_table->type == CERT_TABLE_TYPE_PKCS && + cert_table->size < size) { + image->sigsize = cert_table->size; + image->sigbuf = talloc_memdup(image, cert_table + 1, + image->sigsize); + } + + image->sections = pehdr_u16(image->pehdr->f_nscns); + image->scnhdr = image->opthdr.addr + image->opthdr_size; + + return 0; +} + +static int align_up(int size, int align) +{ + return (size + align - 1) & ~(align - 1); +} + +static int cmp_regions(const void *p1, const void *p2) +{ + const struct region *r1 = p1, *r2 = p2; + + if (r1->data < r2->data) + return -1; + if (r1->data > r2->data) + return 1; + return 0; +} + +static void set_region_from_range(struct region *region, void *start, void *end) +{ + region->data = start; + region->size = end - start; +} + +static int image_find_regions(struct image *image) +{ + struct region *regions, *r; + void *buf = image->buf; + int i, gap_warn; + size_t bytes; + + gap_warn = 0; + + /* now we know where the checksum and cert table data is, we can + * construct regions that need to be signed */ + bytes = 0; + image->n_checksum_regions = 0; + image->checksum_regions = NULL; + + image->n_checksum_regions = 3; + image->checksum_regions = talloc_zero_array(image, + struct region, + image->n_checksum_regions); + + /* first region: beginning to checksum field */ + regions = image->checksum_regions; + set_region_from_range(®ions[0], buf, image->checksum); + regions[0].name = "begin->cksum"; + bytes += regions[0].size; + + bytes += sizeof(*image->checksum); + + /* second region: end of checksum to certificate table entry */ + set_region_from_range(®ions[1], + image->checksum + 1, + image->data_dir_sigtable + ); + regions[1].name = "cksum->datadir[CERT]"; + bytes += regions[1].size; + + bytes += sizeof(struct data_dir_entry); + /* third region: end of checksum to end of headers */ + set_region_from_range(®ions[2], + (void *)image->data_dir_sigtable + + sizeof(struct data_dir_entry), + buf + image->header_size); + regions[2].name = "datadir[CERT]->headers"; + bytes += regions[2].size; + + /* add COFF sections */ + for (i = 0; i < image->sections; i++) { + uint32_t file_offset, file_size; + + file_offset = pehdr_u32(image->scnhdr[i].s_scnptr); + file_size = pehdr_u32(image->scnhdr[i].s_size); + + if (!file_size) + continue; + + image->n_checksum_regions++; + image->checksum_regions = talloc_realloc(image, + image->checksum_regions, + struct region, + image->n_checksum_regions); + regions = image->checksum_regions; + + regions[i + 3].data = buf + file_offset; + regions[i + 3].size = align_up(file_size, + image->file_alignment); + regions[i + 3].name = talloc_strndup(image->checksum_regions, + image->scnhdr[i].s_name, 8); + bytes += regions[i + 3].size; + + if (file_offset + regions[i+3].size > image->size) { + fprintf(stderr, "warning: file-aligned section %s " + "extends beyond end of file\n", + regions[i+3].name); + } + + if (regions[i+2].data + regions[i+2].size + != regions[i+3].data) { + fprintf(stderr, "warning: gap in section table:\n"); + fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", + regions[i+2].name, + regions[i+2].data - buf, + regions[i+2].data + + regions[i+2].size - buf); + fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", + regions[i+3].name, + regions[i+3].data - buf, + regions[i+3].data + + regions[i+3].size - buf); + + + gap_warn = 1; + } + } + + if (gap_warn) + fprintf(stderr, "gaps in the section table may result in " + "different checksums\n"); + + qsort(image->checksum_regions, image->n_checksum_regions, + sizeof(struct region), cmp_regions); + + if (bytes + image->cert_table_size < image->size) { + int n = image->n_checksum_regions++; + struct region *r; + + image->checksum_regions = talloc_realloc(image, + image->checksum_regions, + struct region, + image->n_checksum_regions); + r = &image->checksum_regions[n]; + r->name = "endjunk"; + r->data = image->buf + bytes; + r->size = image->size - bytes - image->cert_table_size; + + fprintf(stderr, "warning: data remaining[%zd vs %zd]: gaps " + "between PE/COFF sections?\n", + bytes + image->cert_table_size, image->size); + } else if (bytes + image->cert_table_size > image->size) { + fprintf(stderr, "warning: checksum areas are greater than " + "image size. Invalid section table?\n"); + } + + /* record the size of non-signature data */ + r = &image->checksum_regions[image->n_checksum_regions - 1]; + image->data_size = (r->data - (void *)image->buf) + r->size; + + return 0; +} + +struct image *image_load(const char *filename) +{ + struct image *image; + int rc; + + image = talloc(NULL, struct image); + if (!image) { + perror("talloc(image)"); + return NULL; + } + + rc = fileio_read_file(image, filename, &image->buf, &image->size); + if (rc) + goto err; + +reparse: + rc = image_pecoff_parse(image); + if (rc) + goto err; + + rc = image_find_regions(image); + if (rc) + goto err; + + /* Some images may have incorrectly aligned sections, which get rounded + * up to a size that is larger that the image itself (and the buffer + * that we've allocated). We would have generated a warning about this, + * but we can improve our chances that the verification hash will + * succeed by padding the image out to the aligned size, and including + * the pad in the signed data. + * + * In this case, do a realloc, but that may peturb the addresses that + * we've calculated during the pecoff parsing, so we need to redo that + * too. + */ + if (image->data_size > image->size) { + image->buf = talloc_realloc(image, image->buf, uint8_t, + image->data_size); + memset(image->buf + image->size, 0, + image->data_size - image->size); + image->size = image->data_size; + + goto reparse; + } + + return image; +err: + talloc_free(image); + return NULL; +} + +int image_hash_sha256(struct image *image, uint8_t digest[]) +{ + struct region *region; + SHA256_CTX ctx; + int rc, i, n; + + rc = SHA256_Init(&ctx); + if (!rc) + return -1; + + n = 0; + + for (i = 0; i < image->n_checksum_regions; i++) { + region = &image->checksum_regions[i]; + n += region->size; +#if 0 + printf("sum region: 0x%04lx -> 0x%04lx [0x%04x bytes]\n", + region->data - image->buf, + region->data - image->buf - 1 + region->size, + region->size); + +#endif + rc = SHA256_Update(&ctx, region->data, region->size); + if (!rc) + return -1; + } + + rc = SHA256_Final(digest, &ctx); + + return !rc; +} + +int image_add_signature(struct image *image, void *sig, int size) +{ + /* we only support one signature at present */ + if (image->sigbuf) { + fprintf(stderr, "warning: overwriting existing signature\n"); + talloc_free(image->sigbuf); + } + image->sigbuf = sig; + image->sigsize = size; + return 0; +} + +void image_remove_signature(struct image *image) +{ + if (image->sigbuf) + talloc_free(image->sigbuf); + image->sigbuf = NULL; + image->sigsize = 0; +} + +int image_write(struct image *image, const char *filename) +{ + struct cert_table_header cert_table_header; + int fd, rc, len, padlen; + bool is_signed; + uint8_t pad[8]; + + is_signed = image->sigbuf && image->sigsize; + padlen = 0; + + /* optionally update the image to contain signature data */ + if (is_signed) { + cert_table_header.size = image->sigsize + + sizeof(cert_table_header); + cert_table_header.revision = CERT_TABLE_REVISION; + cert_table_header.type = CERT_TABLE_TYPE_PKCS; + + len = sizeof(cert_table_header) + image->sigsize; + + /* pad to sizeof(pad)-byte boundary */ + padlen = align_up(len, sizeof(pad)) - len; + + image->data_dir_sigtable->addr = image->data_size; + image->data_dir_sigtable->size = len + padlen; + } else { + image->data_dir_sigtable->addr = 0; + image->data_dir_sigtable->size = 0; + } + + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd < 0) { + perror("open"); + return -1; + } + + rc = write_all(fd, image->buf, image->data_size); + if (!rc) + goto out; + if (!is_signed) + goto out; + + rc = write_all(fd, &cert_table_header, sizeof(cert_table_header)); + if (!rc) + goto out; + + rc = write_all(fd, image->sigbuf, image->sigsize); + if (!rc) + goto out; + + if (padlen) { + memset(pad, 0, sizeof(pad)); + rc = write_all(fd, pad, padlen); + } + +out: + close(fd); + return !rc; +} + +int image_write_detached(struct image *image, const char *filename) +{ + return fileio_write_file(filename, image->sigbuf, image->sigsize); +} diff -Nru sbsigntool-0.3/src/image.h sbsigntool-0.4/src/image.h --- sbsigntool-0.3/src/image.h 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/image.h 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#ifndef IMAGE_H +#define IMAGE_H + +#include + +#include +#define DO_NOT_DEFINE_LINENO + +#include "coff/external.h" +#include "coff/pe.h" + +struct region { + void *data; + int size; + char *name; +}; + +struct image { + uint8_t *buf; + size_t size; + + /* size of the image, without signature */ + size_t data_size; + + /* Pointers to interesting parts of the image */ + uint32_t *checksum; + struct external_PEI_DOS_hdr *doshdr; + struct external_PEI_IMAGE_hdr *pehdr; + union { + PEPAOUTHDR *opt_64; + PEAOUTHDR *opt_32; + void *addr; + } opthdr; + /* size of a minimal opthdr for this machine, without data + * directories */ + unsigned int opthdr_min_size; + /* size of the opthdr as specified by the image */ + unsigned int opthdr_size; + struct data_dir_entry *data_dir; + struct data_dir_entry *data_dir_sigtable; + struct external_scnhdr *scnhdr; + int sections; + + void *cert_table; + int cert_table_size; + + /* We cache a few values from the aout header, so we don't have to + * keep checking whether to use the 32- or 64-bit version */ + uint32_t file_alignment; + uint32_t header_size; + + /* Regions that are included in the image hash: populated + * during image parsing, then used during the hash process. + */ + struct region *checksum_regions; + int n_checksum_regions; + + /* Generated signature */ + void *sigbuf; + size_t sigsize; + +}; + +struct data_dir_entry { + uint32_t addr; + uint32_t size; +} __attribute__((packed)); + +struct cert_table_header { + uint32_t size; + uint16_t revision; + uint16_t type; +} __attribute__((packed)); + +struct image *image_load(const char *filename); + +int image_hash_sha256(struct image *image, uint8_t digest[]); +int image_add_signature(struct image *, void *sig, int size); +void image_remove_signature(struct image *image); +int image_write(struct image *image, const char *filename); +int image_write_detached(struct image *image, const char *filename); + +#endif /* IMAGE_H */ + diff -Nru sbsigntool-0.3/src/Makefile.am sbsigntool-0.4/src/Makefile.am --- sbsigntool-0.3/src/Makefile.am 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/Makefile.am 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,37 @@ + +bin_PROGRAMS = sbsign sbverify sbattach sbvarsign sbsiglist sbkeysync + +coff_headers = coff/external.h coff/pe.h +AM_CFLAGS = -Wall -Wextra --std=gnu99 + +common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \ + efivars.h $(coff_headers) +common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS) +common_CFLAGS = -I$(top_srcdir)/lib/ccan/ + +sbsign_SOURCES = sbsign.c $(common_SOURCES) +sbsign_LDADD = $(common_LDADD) +sbsign_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) + +sbverify_SOURCES = sbverify.c $(common_SOURCES) +sbverify_LDADD = $(common_LDADD) +sbverify_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) + +sbattach_SOURCES = sbattach.c $(common_SOURCES) +sbattach_LDADD = $(common_LDADD) +sbattach_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) + +sbvarsign_SOURCES = sbvarsign.c $(common_SOURCES) +sbvarsign_LDADD = $(common_LDADD) $(uuid_LIBS) +sbvarsign_CPPFLAGS = $(EFI_CPPFLAGS) +sbvarsign_CFLAGS = $(AM_CFLAGS) $(uuid_CFLAGS) $(common_CFLAGS) + +sbsiglist_SOURCES = sbsiglist.c $(common_SOURCES) +sbsiglist_LDADD = $(common_LDADD) $(uuid_LIBS) +sbsiglist_CPPFLAGS = $(EFI_CPPFLAGS) +sbsiglist_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) + +sbkeysync_SOURCES = sbkeysync.c $(common_SOURCES) +sbkeysync_LDADD = $(common_LDADD) $(uuid_LIBS) +sbkeysync_CPPFLAGS = $(EFI_CPPFLAGS) +sbkeysync_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) diff -Nru sbsigntool-0.3/src/Makefile.in sbsigntool-0.4/src/Makefile.in --- sbsigntool-0.3/src/Makefile.in 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/Makefile.in 2012-10-02 10:13:41.000000000 +0100 @@ -0,0 +1,916 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +bin_PROGRAMS = sbsign$(EXEEXT) sbverify$(EXEEXT) sbattach$(EXEEXT) \ + sbvarsign$(EXEEXT) sbsiglist$(EXEEXT) sbkeysync$(EXEEXT) +subdir = src +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am__objects_1 = +am__objects_2 = sbattach-idc.$(OBJEXT) sbattach-image.$(OBJEXT) \ + sbattach-fileio.$(OBJEXT) $(am__objects_1) +am_sbattach_OBJECTS = sbattach-sbattach.$(OBJEXT) $(am__objects_2) +sbattach_OBJECTS = $(am_sbattach_OBJECTS) +am__DEPENDENCIES_1 = +am__DEPENDENCIES_2 = ../lib/ccan/libccan.a $(am__DEPENDENCIES_1) +sbattach_DEPENDENCIES = $(am__DEPENDENCIES_2) +sbattach_LINK = $(CCLD) $(sbattach_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__objects_3 = sbkeysync-idc.$(OBJEXT) sbkeysync-image.$(OBJEXT) \ + sbkeysync-fileio.$(OBJEXT) $(am__objects_1) +am_sbkeysync_OBJECTS = sbkeysync-sbkeysync.$(OBJEXT) $(am__objects_3) +sbkeysync_OBJECTS = $(am_sbkeysync_OBJECTS) +sbkeysync_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +sbkeysync_LINK = $(CCLD) $(sbkeysync_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__objects_4 = sbsiglist-idc.$(OBJEXT) sbsiglist-image.$(OBJEXT) \ + sbsiglist-fileio.$(OBJEXT) $(am__objects_1) +am_sbsiglist_OBJECTS = sbsiglist-sbsiglist.$(OBJEXT) $(am__objects_4) +sbsiglist_OBJECTS = $(am_sbsiglist_OBJECTS) +sbsiglist_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +sbsiglist_LINK = $(CCLD) $(sbsiglist_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__objects_5 = sbsign-idc.$(OBJEXT) sbsign-image.$(OBJEXT) \ + sbsign-fileio.$(OBJEXT) $(am__objects_1) +am_sbsign_OBJECTS = sbsign-sbsign.$(OBJEXT) $(am__objects_5) +sbsign_OBJECTS = $(am_sbsign_OBJECTS) +sbsign_DEPENDENCIES = $(am__DEPENDENCIES_2) +sbsign_LINK = $(CCLD) $(sbsign_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__objects_6 = sbvarsign-idc.$(OBJEXT) sbvarsign-image.$(OBJEXT) \ + sbvarsign-fileio.$(OBJEXT) $(am__objects_1) +am_sbvarsign_OBJECTS = sbvarsign-sbvarsign.$(OBJEXT) $(am__objects_6) +sbvarsign_OBJECTS = $(am_sbvarsign_OBJECTS) +sbvarsign_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +sbvarsign_LINK = $(CCLD) $(sbvarsign_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__objects_7 = sbverify-idc.$(OBJEXT) sbverify-image.$(OBJEXT) \ + sbverify-fileio.$(OBJEXT) $(am__objects_1) +am_sbverify_OBJECTS = sbverify-sbverify.$(OBJEXT) $(am__objects_7) +sbverify_OBJECTS = $(am_sbverify_OBJECTS) +sbverify_DEPENDENCIES = $(am__DEPENDENCIES_2) +sbverify_LINK = $(CCLD) $(sbverify_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +SOURCES = $(sbattach_SOURCES) $(sbkeysync_SOURCES) \ + $(sbsiglist_SOURCES) $(sbsign_SOURCES) $(sbvarsign_SOURCES) \ + $(sbverify_SOURCES) +DIST_SOURCES = $(sbattach_SOURCES) $(sbkeysync_SOURCES) \ + $(sbsiglist_SOURCES) $(sbsign_SOURCES) $(sbvarsign_SOURCES) \ + $(sbverify_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EFI_CPPFLAGS = @EFI_CPPFLAGS@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HELP2MAN = @HELP2MAN@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJCOPY = @OBJCOPY@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libcrypto_CFLAGS = @libcrypto_CFLAGS@ +libcrypto_LIBS = @libcrypto_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +uuid_CFLAGS = @uuid_CFLAGS@ +uuid_LIBS = @uuid_LIBS@ +coff_headers = coff/external.h coff/pe.h +AM_CFLAGS = -Wall -Wextra --std=gnu99 +common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \ + efivars.h $(coff_headers) + +common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS) +common_CFLAGS = -I$(top_srcdir)/lib/ccan/ +sbsign_SOURCES = sbsign.c $(common_SOURCES) +sbsign_LDADD = $(common_LDADD) +sbsign_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) +sbverify_SOURCES = sbverify.c $(common_SOURCES) +sbverify_LDADD = $(common_LDADD) +sbverify_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) +sbattach_SOURCES = sbattach.c $(common_SOURCES) +sbattach_LDADD = $(common_LDADD) +sbattach_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) +sbvarsign_SOURCES = sbvarsign.c $(common_SOURCES) +sbvarsign_LDADD = $(common_LDADD) $(uuid_LIBS) +sbvarsign_CPPFLAGS = $(EFI_CPPFLAGS) +sbvarsign_CFLAGS = $(AM_CFLAGS) $(uuid_CFLAGS) $(common_CFLAGS) +sbsiglist_SOURCES = sbsiglist.c $(common_SOURCES) +sbsiglist_LDADD = $(common_LDADD) $(uuid_LIBS) +sbsiglist_CPPFLAGS = $(EFI_CPPFLAGS) +sbsiglist_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) +sbkeysync_SOURCES = sbkeysync.c $(common_SOURCES) +sbkeysync_LDADD = $(common_LDADD) $(uuid_LIBS) +sbkeysync_CPPFLAGS = $(EFI_CPPFLAGS) +sbkeysync_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) +sbattach$(EXEEXT): $(sbattach_OBJECTS) $(sbattach_DEPENDENCIES) $(EXTRA_sbattach_DEPENDENCIES) + @rm -f sbattach$(EXEEXT) + $(sbattach_LINK) $(sbattach_OBJECTS) $(sbattach_LDADD) $(LIBS) +sbkeysync$(EXEEXT): $(sbkeysync_OBJECTS) $(sbkeysync_DEPENDENCIES) $(EXTRA_sbkeysync_DEPENDENCIES) + @rm -f sbkeysync$(EXEEXT) + $(sbkeysync_LINK) $(sbkeysync_OBJECTS) $(sbkeysync_LDADD) $(LIBS) +sbsiglist$(EXEEXT): $(sbsiglist_OBJECTS) $(sbsiglist_DEPENDENCIES) $(EXTRA_sbsiglist_DEPENDENCIES) + @rm -f sbsiglist$(EXEEXT) + $(sbsiglist_LINK) $(sbsiglist_OBJECTS) $(sbsiglist_LDADD) $(LIBS) +sbsign$(EXEEXT): $(sbsign_OBJECTS) $(sbsign_DEPENDENCIES) $(EXTRA_sbsign_DEPENDENCIES) + @rm -f sbsign$(EXEEXT) + $(sbsign_LINK) $(sbsign_OBJECTS) $(sbsign_LDADD) $(LIBS) +sbvarsign$(EXEEXT): $(sbvarsign_OBJECTS) $(sbvarsign_DEPENDENCIES) $(EXTRA_sbvarsign_DEPENDENCIES) + @rm -f sbvarsign$(EXEEXT) + $(sbvarsign_LINK) $(sbvarsign_OBJECTS) $(sbvarsign_LDADD) $(LIBS) +sbverify$(EXEEXT): $(sbverify_OBJECTS) $(sbverify_DEPENDENCIES) $(EXTRA_sbverify_DEPENDENCIES) + @rm -f sbverify$(EXEEXT) + $(sbverify_LINK) $(sbverify_OBJECTS) $(sbverify_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-fileio.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-idc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-image.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbattach-sbattach.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbkeysync-fileio.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbkeysync-idc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbkeysync-image.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbkeysync-sbkeysync.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsiglist-fileio.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsiglist-idc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsiglist-image.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsiglist-sbsiglist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-fileio.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-idc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-image.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbsign-sbsign.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbvarsign-fileio.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbvarsign-idc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbvarsign-image.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbvarsign-sbvarsign.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-fileio.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-idc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-image.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sbverify-sbverify.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +sbattach-sbattach.o: sbattach.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-sbattach.o -MD -MP -MF $(DEPDIR)/sbattach-sbattach.Tpo -c -o sbattach-sbattach.o `test -f 'sbattach.c' || echo '$(srcdir)/'`sbattach.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-sbattach.Tpo $(DEPDIR)/sbattach-sbattach.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbattach.c' object='sbattach-sbattach.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-sbattach.o `test -f 'sbattach.c' || echo '$(srcdir)/'`sbattach.c + +sbattach-sbattach.obj: sbattach.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-sbattach.obj -MD -MP -MF $(DEPDIR)/sbattach-sbattach.Tpo -c -o sbattach-sbattach.obj `if test -f 'sbattach.c'; then $(CYGPATH_W) 'sbattach.c'; else $(CYGPATH_W) '$(srcdir)/sbattach.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-sbattach.Tpo $(DEPDIR)/sbattach-sbattach.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbattach.c' object='sbattach-sbattach.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-sbattach.obj `if test -f 'sbattach.c'; then $(CYGPATH_W) 'sbattach.c'; else $(CYGPATH_W) '$(srcdir)/sbattach.c'; fi` + +sbattach-idc.o: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-idc.o -MD -MP -MF $(DEPDIR)/sbattach-idc.Tpo -c -o sbattach-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-idc.Tpo $(DEPDIR)/sbattach-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbattach-idc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c + +sbattach-idc.obj: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-idc.obj -MD -MP -MF $(DEPDIR)/sbattach-idc.Tpo -c -o sbattach-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-idc.Tpo $(DEPDIR)/sbattach-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbattach-idc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` + +sbattach-image.o: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-image.o -MD -MP -MF $(DEPDIR)/sbattach-image.Tpo -c -o sbattach-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-image.Tpo $(DEPDIR)/sbattach-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbattach-image.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c + +sbattach-image.obj: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-image.obj -MD -MP -MF $(DEPDIR)/sbattach-image.Tpo -c -o sbattach-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-image.Tpo $(DEPDIR)/sbattach-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbattach-image.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` + +sbattach-fileio.o: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-fileio.o -MD -MP -MF $(DEPDIR)/sbattach-fileio.Tpo -c -o sbattach-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-fileio.Tpo $(DEPDIR)/sbattach-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbattach-fileio.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c + +sbattach-fileio.obj: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -MT sbattach-fileio.obj -MD -MP -MF $(DEPDIR)/sbattach-fileio.Tpo -c -o sbattach-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbattach-fileio.Tpo $(DEPDIR)/sbattach-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbattach-fileio.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbattach_CFLAGS) $(CFLAGS) -c -o sbattach-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` + +sbkeysync-sbkeysync.o: sbkeysync.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-sbkeysync.o -MD -MP -MF $(DEPDIR)/sbkeysync-sbkeysync.Tpo -c -o sbkeysync-sbkeysync.o `test -f 'sbkeysync.c' || echo '$(srcdir)/'`sbkeysync.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-sbkeysync.Tpo $(DEPDIR)/sbkeysync-sbkeysync.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbkeysync.c' object='sbkeysync-sbkeysync.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-sbkeysync.o `test -f 'sbkeysync.c' || echo '$(srcdir)/'`sbkeysync.c + +sbkeysync-sbkeysync.obj: sbkeysync.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-sbkeysync.obj -MD -MP -MF $(DEPDIR)/sbkeysync-sbkeysync.Tpo -c -o sbkeysync-sbkeysync.obj `if test -f 'sbkeysync.c'; then $(CYGPATH_W) 'sbkeysync.c'; else $(CYGPATH_W) '$(srcdir)/sbkeysync.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-sbkeysync.Tpo $(DEPDIR)/sbkeysync-sbkeysync.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbkeysync.c' object='sbkeysync-sbkeysync.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-sbkeysync.obj `if test -f 'sbkeysync.c'; then $(CYGPATH_W) 'sbkeysync.c'; else $(CYGPATH_W) '$(srcdir)/sbkeysync.c'; fi` + +sbkeysync-idc.o: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-idc.o -MD -MP -MF $(DEPDIR)/sbkeysync-idc.Tpo -c -o sbkeysync-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-idc.Tpo $(DEPDIR)/sbkeysync-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbkeysync-idc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c + +sbkeysync-idc.obj: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-idc.obj -MD -MP -MF $(DEPDIR)/sbkeysync-idc.Tpo -c -o sbkeysync-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-idc.Tpo $(DEPDIR)/sbkeysync-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbkeysync-idc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` + +sbkeysync-image.o: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-image.o -MD -MP -MF $(DEPDIR)/sbkeysync-image.Tpo -c -o sbkeysync-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-image.Tpo $(DEPDIR)/sbkeysync-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbkeysync-image.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c + +sbkeysync-image.obj: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-image.obj -MD -MP -MF $(DEPDIR)/sbkeysync-image.Tpo -c -o sbkeysync-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-image.Tpo $(DEPDIR)/sbkeysync-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbkeysync-image.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` + +sbkeysync-fileio.o: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-fileio.o -MD -MP -MF $(DEPDIR)/sbkeysync-fileio.Tpo -c -o sbkeysync-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-fileio.Tpo $(DEPDIR)/sbkeysync-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbkeysync-fileio.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c + +sbkeysync-fileio.obj: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -MT sbkeysync-fileio.obj -MD -MP -MF $(DEPDIR)/sbkeysync-fileio.Tpo -c -o sbkeysync-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbkeysync-fileio.Tpo $(DEPDIR)/sbkeysync-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbkeysync-fileio.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbkeysync_CPPFLAGS) $(CPPFLAGS) $(sbkeysync_CFLAGS) $(CFLAGS) -c -o sbkeysync-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` + +sbsiglist-sbsiglist.o: sbsiglist.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-sbsiglist.o -MD -MP -MF $(DEPDIR)/sbsiglist-sbsiglist.Tpo -c -o sbsiglist-sbsiglist.o `test -f 'sbsiglist.c' || echo '$(srcdir)/'`sbsiglist.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-sbsiglist.Tpo $(DEPDIR)/sbsiglist-sbsiglist.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbsiglist.c' object='sbsiglist-sbsiglist.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-sbsiglist.o `test -f 'sbsiglist.c' || echo '$(srcdir)/'`sbsiglist.c + +sbsiglist-sbsiglist.obj: sbsiglist.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-sbsiglist.obj -MD -MP -MF $(DEPDIR)/sbsiglist-sbsiglist.Tpo -c -o sbsiglist-sbsiglist.obj `if test -f 'sbsiglist.c'; then $(CYGPATH_W) 'sbsiglist.c'; else $(CYGPATH_W) '$(srcdir)/sbsiglist.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-sbsiglist.Tpo $(DEPDIR)/sbsiglist-sbsiglist.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbsiglist.c' object='sbsiglist-sbsiglist.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-sbsiglist.obj `if test -f 'sbsiglist.c'; then $(CYGPATH_W) 'sbsiglist.c'; else $(CYGPATH_W) '$(srcdir)/sbsiglist.c'; fi` + +sbsiglist-idc.o: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-idc.o -MD -MP -MF $(DEPDIR)/sbsiglist-idc.Tpo -c -o sbsiglist-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-idc.Tpo $(DEPDIR)/sbsiglist-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbsiglist-idc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c + +sbsiglist-idc.obj: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-idc.obj -MD -MP -MF $(DEPDIR)/sbsiglist-idc.Tpo -c -o sbsiglist-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-idc.Tpo $(DEPDIR)/sbsiglist-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbsiglist-idc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` + +sbsiglist-image.o: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-image.o -MD -MP -MF $(DEPDIR)/sbsiglist-image.Tpo -c -o sbsiglist-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-image.Tpo $(DEPDIR)/sbsiglist-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbsiglist-image.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c + +sbsiglist-image.obj: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-image.obj -MD -MP -MF $(DEPDIR)/sbsiglist-image.Tpo -c -o sbsiglist-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-image.Tpo $(DEPDIR)/sbsiglist-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbsiglist-image.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` + +sbsiglist-fileio.o: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-fileio.o -MD -MP -MF $(DEPDIR)/sbsiglist-fileio.Tpo -c -o sbsiglist-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-fileio.Tpo $(DEPDIR)/sbsiglist-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbsiglist-fileio.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c + +sbsiglist-fileio.obj: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -MT sbsiglist-fileio.obj -MD -MP -MF $(DEPDIR)/sbsiglist-fileio.Tpo -c -o sbsiglist-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsiglist-fileio.Tpo $(DEPDIR)/sbsiglist-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbsiglist-fileio.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbsiglist_CPPFLAGS) $(CPPFLAGS) $(sbsiglist_CFLAGS) $(CFLAGS) -c -o sbsiglist-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` + +sbsign-sbsign.o: sbsign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-sbsign.o -MD -MP -MF $(DEPDIR)/sbsign-sbsign.Tpo -c -o sbsign-sbsign.o `test -f 'sbsign.c' || echo '$(srcdir)/'`sbsign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-sbsign.Tpo $(DEPDIR)/sbsign-sbsign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbsign.c' object='sbsign-sbsign.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-sbsign.o `test -f 'sbsign.c' || echo '$(srcdir)/'`sbsign.c + +sbsign-sbsign.obj: sbsign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-sbsign.obj -MD -MP -MF $(DEPDIR)/sbsign-sbsign.Tpo -c -o sbsign-sbsign.obj `if test -f 'sbsign.c'; then $(CYGPATH_W) 'sbsign.c'; else $(CYGPATH_W) '$(srcdir)/sbsign.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-sbsign.Tpo $(DEPDIR)/sbsign-sbsign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbsign.c' object='sbsign-sbsign.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-sbsign.obj `if test -f 'sbsign.c'; then $(CYGPATH_W) 'sbsign.c'; else $(CYGPATH_W) '$(srcdir)/sbsign.c'; fi` + +sbsign-idc.o: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-idc.o -MD -MP -MF $(DEPDIR)/sbsign-idc.Tpo -c -o sbsign-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-idc.Tpo $(DEPDIR)/sbsign-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbsign-idc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c + +sbsign-idc.obj: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-idc.obj -MD -MP -MF $(DEPDIR)/sbsign-idc.Tpo -c -o sbsign-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-idc.Tpo $(DEPDIR)/sbsign-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbsign-idc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` + +sbsign-image.o: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-image.o -MD -MP -MF $(DEPDIR)/sbsign-image.Tpo -c -o sbsign-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-image.Tpo $(DEPDIR)/sbsign-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbsign-image.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c + +sbsign-image.obj: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-image.obj -MD -MP -MF $(DEPDIR)/sbsign-image.Tpo -c -o sbsign-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-image.Tpo $(DEPDIR)/sbsign-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbsign-image.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` + +sbsign-fileio.o: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-fileio.o -MD -MP -MF $(DEPDIR)/sbsign-fileio.Tpo -c -o sbsign-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-fileio.Tpo $(DEPDIR)/sbsign-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbsign-fileio.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c + +sbsign-fileio.obj: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -MT sbsign-fileio.obj -MD -MP -MF $(DEPDIR)/sbsign-fileio.Tpo -c -o sbsign-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbsign-fileio.Tpo $(DEPDIR)/sbsign-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbsign-fileio.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbsign_CFLAGS) $(CFLAGS) -c -o sbsign-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` + +sbvarsign-sbvarsign.o: sbvarsign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-sbvarsign.o -MD -MP -MF $(DEPDIR)/sbvarsign-sbvarsign.Tpo -c -o sbvarsign-sbvarsign.o `test -f 'sbvarsign.c' || echo '$(srcdir)/'`sbvarsign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-sbvarsign.Tpo $(DEPDIR)/sbvarsign-sbvarsign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbvarsign.c' object='sbvarsign-sbvarsign.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-sbvarsign.o `test -f 'sbvarsign.c' || echo '$(srcdir)/'`sbvarsign.c + +sbvarsign-sbvarsign.obj: sbvarsign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-sbvarsign.obj -MD -MP -MF $(DEPDIR)/sbvarsign-sbvarsign.Tpo -c -o sbvarsign-sbvarsign.obj `if test -f 'sbvarsign.c'; then $(CYGPATH_W) 'sbvarsign.c'; else $(CYGPATH_W) '$(srcdir)/sbvarsign.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-sbvarsign.Tpo $(DEPDIR)/sbvarsign-sbvarsign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbvarsign.c' object='sbvarsign-sbvarsign.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-sbvarsign.obj `if test -f 'sbvarsign.c'; then $(CYGPATH_W) 'sbvarsign.c'; else $(CYGPATH_W) '$(srcdir)/sbvarsign.c'; fi` + +sbvarsign-idc.o: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-idc.o -MD -MP -MF $(DEPDIR)/sbvarsign-idc.Tpo -c -o sbvarsign-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-idc.Tpo $(DEPDIR)/sbvarsign-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbvarsign-idc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c + +sbvarsign-idc.obj: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-idc.obj -MD -MP -MF $(DEPDIR)/sbvarsign-idc.Tpo -c -o sbvarsign-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-idc.Tpo $(DEPDIR)/sbvarsign-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbvarsign-idc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` + +sbvarsign-image.o: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-image.o -MD -MP -MF $(DEPDIR)/sbvarsign-image.Tpo -c -o sbvarsign-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-image.Tpo $(DEPDIR)/sbvarsign-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbvarsign-image.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c + +sbvarsign-image.obj: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-image.obj -MD -MP -MF $(DEPDIR)/sbvarsign-image.Tpo -c -o sbvarsign-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-image.Tpo $(DEPDIR)/sbvarsign-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbvarsign-image.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` + +sbvarsign-fileio.o: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-fileio.o -MD -MP -MF $(DEPDIR)/sbvarsign-fileio.Tpo -c -o sbvarsign-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-fileio.Tpo $(DEPDIR)/sbvarsign-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbvarsign-fileio.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c + +sbvarsign-fileio.obj: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -MT sbvarsign-fileio.obj -MD -MP -MF $(DEPDIR)/sbvarsign-fileio.Tpo -c -o sbvarsign-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbvarsign-fileio.Tpo $(DEPDIR)/sbvarsign-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbvarsign-fileio.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(sbvarsign_CPPFLAGS) $(CPPFLAGS) $(sbvarsign_CFLAGS) $(CFLAGS) -c -o sbvarsign-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` + +sbverify-sbverify.o: sbverify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-sbverify.o -MD -MP -MF $(DEPDIR)/sbverify-sbverify.Tpo -c -o sbverify-sbverify.o `test -f 'sbverify.c' || echo '$(srcdir)/'`sbverify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-sbverify.Tpo $(DEPDIR)/sbverify-sbverify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbverify.c' object='sbverify-sbverify.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-sbverify.o `test -f 'sbverify.c' || echo '$(srcdir)/'`sbverify.c + +sbverify-sbverify.obj: sbverify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-sbverify.obj -MD -MP -MF $(DEPDIR)/sbverify-sbverify.Tpo -c -o sbverify-sbverify.obj `if test -f 'sbverify.c'; then $(CYGPATH_W) 'sbverify.c'; else $(CYGPATH_W) '$(srcdir)/sbverify.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-sbverify.Tpo $(DEPDIR)/sbverify-sbverify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sbverify.c' object='sbverify-sbverify.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-sbverify.obj `if test -f 'sbverify.c'; then $(CYGPATH_W) 'sbverify.c'; else $(CYGPATH_W) '$(srcdir)/sbverify.c'; fi` + +sbverify-idc.o: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-idc.o -MD -MP -MF $(DEPDIR)/sbverify-idc.Tpo -c -o sbverify-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-idc.Tpo $(DEPDIR)/sbverify-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbverify-idc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-idc.o `test -f 'idc.c' || echo '$(srcdir)/'`idc.c + +sbverify-idc.obj: idc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-idc.obj -MD -MP -MF $(DEPDIR)/sbverify-idc.Tpo -c -o sbverify-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-idc.Tpo $(DEPDIR)/sbverify-idc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='idc.c' object='sbverify-idc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-idc.obj `if test -f 'idc.c'; then $(CYGPATH_W) 'idc.c'; else $(CYGPATH_W) '$(srcdir)/idc.c'; fi` + +sbverify-image.o: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-image.o -MD -MP -MF $(DEPDIR)/sbverify-image.Tpo -c -o sbverify-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-image.Tpo $(DEPDIR)/sbverify-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbverify-image.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-image.o `test -f 'image.c' || echo '$(srcdir)/'`image.c + +sbverify-image.obj: image.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-image.obj -MD -MP -MF $(DEPDIR)/sbverify-image.Tpo -c -o sbverify-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-image.Tpo $(DEPDIR)/sbverify-image.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='image.c' object='sbverify-image.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-image.obj `if test -f 'image.c'; then $(CYGPATH_W) 'image.c'; else $(CYGPATH_W) '$(srcdir)/image.c'; fi` + +sbverify-fileio.o: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-fileio.o -MD -MP -MF $(DEPDIR)/sbverify-fileio.Tpo -c -o sbverify-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-fileio.Tpo $(DEPDIR)/sbverify-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbverify-fileio.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-fileio.o `test -f 'fileio.c' || echo '$(srcdir)/'`fileio.c + +sbverify-fileio.obj: fileio.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -MT sbverify-fileio.obj -MD -MP -MF $(DEPDIR)/sbverify-fileio.Tpo -c -o sbverify-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sbverify-fileio.Tpo $(DEPDIR)/sbverify-fileio.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fileio.c' object='sbverify-fileio.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sbverify_CFLAGS) $(CFLAGS) -c -o sbverify-fileio.obj `if test -f 'fileio.c'; then $(CYGPATH_W) 'fileio.c'; else $(CYGPATH_W) '$(srcdir)/fileio.c'; fi` + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic ctags distclean distclean-compile \ + distclean-generic distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-binPROGRAMS + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru sbsigntool-0.3/src/sbattach.c sbsigntool-0.4/src/sbattach.c --- sbsigntool-0.3/src/sbattach.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/sbattach.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,245 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include + +#include +#include + +#include "config.h" + +#include "image.h" +#include "fileio.h" + +static const char *toolname = "sbattach"; + +static struct option options[] = { + { "attach", required_argument, NULL, 'a' }, + { "detach", required_argument, NULL, 'd' }, + { "remove", no_argument, NULL, 'r' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 }, +}; + +static void usage(void) +{ + printf("Usage: %s --attach \n" + " or: %s --detach [--remove] \n" + " or: %s --remove \n" + "Attach or detach a signature file to/from a boot image\n" + "\n" + "Options:\n" + "\t--attach set as the boot image's\n" + "\t signature table\n" + "\t--detach copy the boot image's signature table\n" + "\t to \n" + "\t--remove remove the boot image's signature\n" + "\t table from the original file\n", + toolname, toolname, toolname); +} + +static void version(void) +{ + printf("%s %s\n", toolname, VERSION); +} + +static int detach_sig(struct image *image, const char *sig_filename) +{ + return image_write_detached(image, sig_filename); +} + +static int attach_sig(struct image *image, const char *image_filename, + const char *sig_filename) +{ + const uint8_t *tmp_buf; + uint8_t *sigbuf; + size_t size; + PKCS7 *p7; + int rc; + + rc = fileio_read_file(image, sig_filename, &sigbuf, &size); + if (rc) + goto out; + + image_add_signature(image, sigbuf, size); + + rc = -1; + tmp_buf = sigbuf; + p7 = d2i_PKCS7(NULL, &tmp_buf, size); + if (!p7) { + fprintf(stderr, "Unable to parse signature data in file: %s\n", + sig_filename); + ERR_print_errors_fp(stderr); + goto out; + } + rc = PKCS7_verify(p7, NULL, NULL, NULL, NULL, + PKCS7_BINARY | PKCS7_NOVERIFY | PKCS7_NOSIGS); + if (!rc) { + fprintf(stderr, "PKCS7 verification failed for file %s\n", + sig_filename); + ERR_print_errors_fp(stderr); + goto out; + } + + rc = image_write(image, image_filename); + if (rc) + fprintf(stderr, "Error writing %s: %s\n", image_filename, + strerror(errno)); + +out: + talloc_free(sigbuf); + return rc; +} + +static int remove_sig(struct image *image, const char *image_filename) +{ + int rc; + + image_remove_signature(image); + + rc = image_write(image, image_filename); + if (rc) + fprintf(stderr, "Error writing %s: %s\n", image_filename, + strerror(errno)); + + return rc; +} + +enum action { + ACTION_NONE, + ACTION_ATTACH, + ACTION_DETACH, +}; + +int main(int argc, char **argv) +{ + const char *image_filename, *sig_filename; + struct image *image; + enum action action; + bool remove; + int c, rc; + + action = ACTION_NONE; + sig_filename = NULL; + remove = false; + + for (;;) { + int idx; + c = getopt_long(argc, argv, "a:d:rhV", options, &idx); + if (c == -1) + break; + + switch (c) { + case 'a': + case 'd': + if (action != ACTION_NONE) { + fprintf(stderr, "Multiple actions specified\n"); + usage(); + return EXIT_FAILURE; + } + action = (c == 'a') ? ACTION_ATTACH : ACTION_DETACH; + sig_filename = optarg; + break; + case 'r': + remove = true; + break; + case 'V': + version(); + return EXIT_SUCCESS; + case 'h': + usage(); + return EXIT_SUCCESS; + } + } + + if (argc != optind + 1) { + usage(); + return EXIT_FAILURE; + } + image_filename = argv[optind]; + + /* sanity check action combinations */ + if (action == ACTION_ATTACH && remove) { + fprintf(stderr, "Can't use --remove with --attach\n"); + return EXIT_FAILURE; + } + + if (action == ACTION_NONE && !remove) { + fprintf(stderr, "No action (attach/detach/remove) specified\n"); + usage(); + return EXIT_FAILURE; + } + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + + image = image_load(image_filename); + if (!image) { + fprintf(stderr, "Can't load image file %s\n", image_filename); + return EXIT_FAILURE; + } + + rc = 0; + + if (action == ACTION_ATTACH) + rc = attach_sig(image, image_filename, sig_filename); + + else if (action == ACTION_DETACH) + rc = detach_sig(image, sig_filename); + + if (rc) + goto out; + + if (remove) + rc = remove_sig(image, image_filename); + +out: + talloc_free(image); + return (rc == 0) ? EXIT_SUCCESS : EXIT_FAILURE; +} diff -Nru sbsigntool-0.3/src/sbkeysync.c sbsigntool-0.4/src/sbkeysync.c --- sbsigntool-0.3/src/sbkeysync.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/sbkeysync.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,979 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include + +#include +#include + +#include "fileio.h" +#include "efivars.h" + +#define EFIVARS_MOUNTPOINT "/sys/firmware/efi/vars" +#define EFIVARS_FSTYPE 0x6165676C + +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { 0xd719b2cb, 0x3d3a, 0x4596, \ + { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } } + +static const char *toolname = "sbkeysync"; + +static const uint32_t sigdb_attrs = EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | + EFI_VARIABLE_APPEND_WRITE; + +struct key_database_type { + const char *name; + EFI_GUID guid; +}; + +struct key_database_type keydb_types[] = { + { "PK", EFI_GLOBAL_VARIABLE }, + { "KEK", EFI_GLOBAL_VARIABLE }, + { "db", EFI_IMAGE_SECURITY_DATABASE_GUID }, + { "dbx", EFI_IMAGE_SECURITY_DATABASE_GUID }, +}; + +enum keydb_type { + KEYDB_PK = 0, + KEYDB_KEK = 1, + KEYDB_DB = 2, + KEYDB_DBX = 3, +}; + +static const char *default_keystore_dirs[] = { + "/etc/secureboot/keys", + "/usr/share/secureboot/keys", +}; + + +struct key { + EFI_GUID type; + int id_len; + uint8_t *id; + + char *description; + + struct list_node list; + + /* set for keys loaded from a filesystem keystore */ + struct fs_keystore_entry *keystore_entry; +}; + +typedef int (*key_parse_func)(struct key *, uint8_t *, size_t); + +struct cert_type { + EFI_GUID guid; + key_parse_func parse; +}; + +struct key_database { + const struct key_database_type *type; + struct list_head keys; +}; + +struct keyset { + struct key_database pk; + struct key_database kek; + struct key_database db; + struct key_database dbx; +}; + +struct fs_keystore_entry { + const struct key_database_type *type; + const char *root; + const char *name; + uint8_t *data; + size_t len; + struct list_node keystore_list; + struct list_node new_list; +}; + +struct fs_keystore { + struct list_head keys; +}; + +struct sync_context { + const char *efivars_dir; + struct keyset *filesystem_keys; + struct keyset *firmware_keys; + struct fs_keystore *fs_keystore; + const char **keystore_dirs; + unsigned int n_keystore_dirs; + struct list_head new_keys; + bool verbose; + bool dry_run; + bool set_pk; +}; + + +#define GUID_STRLEN (8 + 1 + 4 + 1 + 4 + 1 + 4 + 1 + 12 + 1) +static void guid_to_str(const EFI_GUID *guid, char *str) +{ + snprintf(str, GUID_STRLEN, + "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + guid->Data1, guid->Data2, guid->Data3, + guid->Data4[0], guid->Data4[1], + guid->Data4[2], guid->Data4[3], + guid->Data4[4], guid->Data4[5], + guid->Data4[6], guid->Data4[7]); +} + +static int sha256_key_parse(struct key *key, uint8_t *data, size_t len) +{ + const unsigned int sha256_id_size = 256 / 8; + unsigned int i; + + if (len != sha256_id_size) + return -1; + + key->id = talloc_memdup(key, data, sha256_id_size); + key->id_len = sha256_id_size; + + key->description = talloc_array(key, char, len * 2 + 1); + for (i = 0; i < len; i++) + snprintf(&key->description[i*2], 3, "%02x", data[i]); + key->description[len*2] = '\0'; + + return 0; +} + +static int x509_key_parse(struct key *key, uint8_t *data, size_t len) +{ + const int description_len = 160; + ASN1_INTEGER *serial; + const uint8_t *tmp; + X509 *x509; + int rc; + + rc = -1; + + tmp = data; + + x509 = d2i_X509(NULL, &tmp, len); + if (!x509) + return -1; + + /* we use the X509 serial number as the key ID */ + if (!x509->cert_info || !x509->cert_info->serialNumber) + goto out; + + serial = x509->cert_info->serialNumber; + + key->id_len = ASN1_STRING_length(serial); + key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); + + key->description = talloc_array(key, char, description_len); + X509_NAME_oneline(x509->cert_info->subject, + key->description, description_len); + + rc = 0; + +out: + X509_free(x509); + return rc; +} + +struct cert_type cert_types[] = { + { EFI_CERT_SHA256_GUID, sha256_key_parse }, + { EFI_CERT_X509_GUID, x509_key_parse }, +}; + +static int guidcmp(const EFI_GUID *a, const EFI_GUID *b) +{ + return memcmp(a, b, sizeof(EFI_GUID)); +} + +static int key_parse(struct key *key, const EFI_GUID *type, + uint8_t *data, size_t len) +{ + char guid_str[GUID_STRLEN]; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(cert_types); i++) { + if (guidcmp(&cert_types[i].guid, type)) + continue; + + return cert_types[i].parse(key, data, len); + } + + guid_to_str(type, guid_str); + printf("warning: unknown signature type found:\n %s\n", + guid_str); + return -1; + +} + +typedef int (*sigdata_fn)(EFI_SIGNATURE_DATA *, int, const EFI_GUID *, void *); + +/** + * Iterates an buffer of EFI_SIGNATURE_LISTs (at db_data, of length len), + * and calls fn on each EFI_SIGNATURE_DATA item found. + * + * fn is passed the EFI_SIGNATURE_DATA pointer, and the length of the + * signature data (including GUID header), the type of the signature list, + * and a context pointer. + */ +static int sigdb_iterate(void *db_data, size_t len, + sigdata_fn fn, void *arg) +{ + EFI_SIGNATURE_LIST *siglist; + EFI_SIGNATURE_DATA *sigdata; + unsigned int i, j; + int rc = 0; + + if (len == 0) + return 0; + + if (len < sizeof(*siglist)) + return -1; + + for (i = 0, siglist = db_data + i; + i + sizeof(*siglist) <= len && + i + siglist->SignatureListSize > i && + i + siglist->SignatureListSize <= len && !rc; + i += siglist->SignatureListSize, + siglist = db_data + i) { + + /* ensure that the header & sig sizes are sensible */ + if (siglist->SignatureHeaderSize > siglist->SignatureListSize) + continue; + + if (siglist->SignatureSize > siglist->SignatureListSize) + continue; + + if (siglist->SignatureSize < sizeof(*sigdata)) + continue; + + /* iterate through the (constant-sized) signature data blocks */ + for (j = sizeof(*siglist) + siglist->SignatureHeaderSize; + j < siglist->SignatureListSize && !rc; + j += siglist->SignatureSize) + { + sigdata = (void *)(siglist) + j; + + rc = fn(sigdata, siglist->SignatureSize, + &siglist->SignatureType, arg); + + } + + } + + return rc; +} + +struct keydb_add_ctx { + struct fs_keystore_entry *ke; + struct key_database *kdb; + struct keyset *keyset; +}; + +static int keydb_add_key(EFI_SIGNATURE_DATA *sigdata, int len, + const EFI_GUID *type, void *arg) +{ + struct keydb_add_ctx *add_ctx = arg; + struct key *key; + int rc; + + key = talloc(add_ctx->keyset, struct key); + + rc = key_parse(key, type, sigdata->SignatureData, + len - sizeof(*sigdata)); + + if (rc) { + talloc_free(key); + return 0; + } + key->keystore_entry = add_ctx->ke; + key->type = *type; + + /* add a reference to the keystore entry: we don't want it to be + * deallocated if the keystore is deallocated before the + * struct key. */ + if (key->keystore_entry) + talloc_reference(key, key->keystore_entry); + + list_add(&add_ctx->kdb->keys, &key->list); + + return 0; +} + +static int read_firmware_keydb(struct sync_context *ctx, + struct key_database *kdb) +{ + struct keydb_add_ctx add_ctx; + char guid_str[GUID_STRLEN]; + char *filename; + uint8_t *buf; + int rc = -1; + size_t len; + + add_ctx.keyset = ctx->firmware_keys; + add_ctx.kdb = kdb; + add_ctx.ke = NULL; + + guid_to_str(&kdb->type->guid, guid_str); + + filename = talloc_asprintf(ctx->firmware_keys, "%s/%s-%s", + ctx->efivars_dir, kdb->type->name, guid_str); + + buf = NULL; + rc = fileio_read_file_noerror(ctx->firmware_keys, filename, &buf, &len); + if (rc) + goto out; + + /* efivars files start with a 32-bit attribute block */ + if (len < sizeof(uint32_t)) + goto out; + + buf += sizeof(uint32_t); + len -= sizeof(uint32_t); + + rc = 0; + sigdb_iterate(buf, len, keydb_add_key, &add_ctx); + +out: + if (rc) + talloc_free(buf); + talloc_free(filename); + + return rc; +} + +static void __attribute__((format(printf, 2, 3))) print_keystore_key_error( + struct fs_keystore_entry *ke, const char *fmt, ...) +{ + char *errstr; + va_list ap; + + va_start(ap, fmt); + errstr = talloc_vasprintf(ke, fmt, ap); + + fprintf(stderr, "Invalid key %s/%s\n - %s\n", ke->root, ke->name, + errstr); + + talloc_free(errstr); + va_end(ap); +} + +static int read_filesystem_keydb(struct sync_context *ctx, + struct key_database *kdb) +{ + EFI_GUID cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; + EFI_VARIABLE_AUTHENTICATION_2 *auth; + struct keydb_add_ctx add_ctx; + struct fs_keystore_entry *ke; + int rc; + + add_ctx.keyset = ctx->filesystem_keys; + add_ctx.kdb = kdb; + + list_for_each(&ctx->fs_keystore->keys, ke, keystore_list) { + unsigned int len; + void *buf; + + if (ke->len == 0) + continue; + + if (ke->type != kdb->type) + continue; + + /* parse the three data structures: + * EFI_VARIABLE_AUTHENTICATION_2 token + * EFI_SIGNATURE_LIST + * EFI_SIGNATURE_DATA + * ensuring that we have enough data for each + */ + + buf = ke->data; + len = ke->len; + + if (len < sizeof(*auth)) { + print_keystore_key_error(ke, "does not contain an " + "EFI_VARIABLE_AUTHENTICATION_2 descriptor"); + continue; + } + + auth = buf; + + if (guidcmp(&auth->AuthInfo.CertType, &cert_type_pkcs7)) { + print_keystore_key_error(ke, "unknown cert type"); + continue; + } + + if (auth->AuthInfo.Hdr.dwLength > len) { + print_keystore_key_error(ke, + "invalid WIN_CERTIFICATE length"); + continue; + } + + /* the dwLength field includes the size of the WIN_CERTIFICATE, + * but not the other data in the EFI_VARIABLE_AUTHENTICATION_2 + * descriptor */ + buf += sizeof(*auth) - sizeof(auth->AuthInfo) + + auth->AuthInfo.Hdr.dwLength; + len -= sizeof(*auth) - sizeof(auth->AuthInfo) + + auth->AuthInfo.Hdr.dwLength; + + add_ctx.ke = ke; + rc = sigdb_iterate(buf, len, keydb_add_key, &add_ctx); + if (rc) { + print_keystore_key_error(ke, "error parsing " + "EFI_SIGNATURE_LIST"); + continue; + } + + } + + return 0; +} + +static int read_keysets(struct sync_context *ctx) +{ + read_firmware_keydb(ctx, &ctx->firmware_keys->pk); + read_firmware_keydb(ctx, &ctx->firmware_keys->kek); + read_firmware_keydb(ctx, &ctx->firmware_keys->db); + read_firmware_keydb(ctx, &ctx->firmware_keys->dbx); + + read_filesystem_keydb(ctx, &ctx->filesystem_keys->pk); + read_filesystem_keydb(ctx, &ctx->filesystem_keys->kek); + read_filesystem_keydb(ctx, &ctx->filesystem_keys->db); + read_filesystem_keydb(ctx, &ctx->filesystem_keys->dbx); + + return 0; +} + +static int check_pk(struct sync_context *ctx) +{ + struct key *key; + int i = 0; + + list_for_each(&ctx->filesystem_keys->pk.keys, key, list) + i++; + + return (i <= 1) ? 0 : 1; +} + +static void print_keyset(struct keyset *keyset, const char *name) +{ + struct key_database *kdbs[] = + { &keyset->pk, &keyset->kek, &keyset->db, &keyset->dbx }; + struct key *key; + unsigned int i; + + printf("%s keys:\n", name); + + for (i = 0; i < ARRAY_SIZE(kdbs); i++) { + printf(" %s:\n", kdbs[i]->type->name); + + list_for_each(&kdbs[i]->keys, key, list) { + printf(" %s\n", key->description); + if (key->keystore_entry) + printf(" from %s/%s\n", + key->keystore_entry->root, + key->keystore_entry->name); + } + } +} + +static int check_efivars_mount(const char *mountpoint) +{ + struct statfs statbuf; + int rc; + + rc = statfs(mountpoint, &statbuf); + if (rc) + return -1; + + if (statbuf.f_type != EFIVARS_FSTYPE) + return -1; + + return 0; +} + +static int keystore_entry_read(struct fs_keystore_entry *ke) +{ + const char *path; + int rc; + + path = talloc_asprintf(ke, "%s/%s", ke->root, ke->name); + + rc = fileio_read_file(ke, path, &ke->data, &ke->len); + + talloc_free(path); + + return rc; +} + +static bool keystore_contains_file(struct fs_keystore *keystore, + const char *filename) +{ + struct fs_keystore_entry *ke; + + list_for_each(&keystore->keys, ke, keystore_list) { + if (!strcmp(ke->name, filename)) + return true; + } + + return false; +} + +static int update_keystore(struct fs_keystore *keystore, const char *root) +{ + struct fs_keystore_entry *ke; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(keydb_types); i++) { + const char *filename, *dirname; + struct dirent *dirent; + DIR *dir; + + dirname = talloc_asprintf(keystore, "%s/%s", root, + keydb_types[i].name); + + dir = opendir(dirname); + if (!dir) + continue; + + for (dirent = readdir(dir); dirent; dirent = readdir(dir)) { + + if (dirent->d_name[0] == '.') + continue; + + filename = talloc_asprintf(dirname, "%s/%s", + keydb_types[i].name, + dirent->d_name); + + if (keystore_contains_file(keystore, filename)) + continue; + + ke = talloc(keystore, struct fs_keystore_entry); + ke->name = filename; + ke->root = root; + ke->type = &keydb_types[i]; + talloc_steal(ke, ke->name); + + if (keystore_entry_read(ke)) + talloc_free(ke); + else + list_add(&keystore->keys, &ke->keystore_list); + } + + closedir(dir); + talloc_free(dirname); + } + + return 0; +} + +static int read_keystore(struct sync_context *ctx) +{ + struct fs_keystore *keystore; + unsigned int i; + + keystore = talloc(ctx, struct fs_keystore); + list_head_init(&keystore->keys); + + for (i = 0; i < ctx->n_keystore_dirs; i++) { + update_keystore(keystore, ctx->keystore_dirs[i]); + } + + ctx->fs_keystore = keystore; + + return 0; +} + +static void print_keystore(struct fs_keystore *keystore) +{ + struct fs_keystore_entry *ke; + + printf("Filesystem keystore:\n"); + + list_for_each(&keystore->keys, ke, keystore_list) + printf(" %s/%s [%zd bytes]\n", ke->root, ke->name, ke->len); +} + +static int key_cmp(struct key *a, struct key *b) +{ + if (a->id_len != b->id_len) + return a->id_len - b->id_len; + + return memcmp(a->id, b->id, a->id_len); +} + +/** + * Finds the set-difference of the filesystem and firmware keys, and + * populates ctx->new_keys with the keystore_entries that should be + * inserted into firmware + */ +static int find_new_keys(struct sync_context *ctx) +{ + struct { + struct key_database *fs_kdb, *fw_kdb; + } kdbs[] = { + { &ctx->filesystem_keys->pk, &ctx->firmware_keys->pk }, + { &ctx->filesystem_keys->kek, &ctx->firmware_keys->kek }, + { &ctx->filesystem_keys->db, &ctx->firmware_keys->db }, + { &ctx->filesystem_keys->dbx, &ctx->firmware_keys->dbx }, + }; + unsigned int i; + int n = 0; + + for (i = 0; i < ARRAY_SIZE(kdbs); i++ ) { + struct fs_keystore_entry *ke; + struct key *fs_key, *fw_key; + bool found; + + list_for_each(&kdbs[i].fs_kdb->keys, fs_key, list) { + found = false; + list_for_each(&kdbs[i].fw_kdb->keys, fw_key, list) { + if (!key_cmp(fs_key, fw_key)) { + found = true; + break; + } + } + if (found) + continue; + + /* add the keystore entry if it's not already present */ + found = false; + list_for_each(&ctx->new_keys, ke, new_list) { + if (fs_key->keystore_entry == ke) { + found = true; + break; + } + } + + if (found) + continue; + + list_add(&ctx->new_keys, + &fs_key->keystore_entry->new_list); + n++; + } + } + + return n; +} + +static void print_new_keys(struct sync_context *ctx) +{ + struct fs_keystore_entry *ke; + + printf("New keys in filesystem:\n"); + + list_for_each(&ctx->new_keys, ke, new_list) + printf(" %s/%s\n", ke->root, ke->name); +} + +static int insert_key(struct sync_context *ctx, struct fs_keystore_entry *ke) +{ + char guid_str[GUID_STRLEN]; + char *efivars_filename; + unsigned int buf_len; + uint8_t *buf; + int fd, rc; + + fd = -1; + rc = -1; + + if (ctx->verbose) + printf("Inserting key update %s/%s into %s\n", + ke->root, ke->name, ke->type->name); + + /* we create a contiguous buffer of attributes & key data, so that + * we write to the efivars file in a single syscall */ + buf_len = sizeof(sigdb_attrs) + ke->len; + buf = talloc_array(ke, uint8_t, buf_len); + memcpy(buf, &sigdb_attrs, sizeof(sigdb_attrs)); + memcpy(buf + sizeof(sigdb_attrs), ke->data, ke->len); + + guid_to_str(&ke->type->guid, guid_str); + + efivars_filename = talloc_asprintf(ke, "%s/%s-%s", ctx->efivars_dir, + ke->type->name, guid_str); + + fd = open(efivars_filename, O_WRONLY | O_CREAT, 0600); + if (fd < 0) { + fprintf(stderr, "Can't create key file %s: %s\n", + efivars_filename, strerror(errno)); + goto out; + } + + rc = write(fd, buf, buf_len); + if (rc <= 0) { + fprintf(stderr, "Error writing key update: %s\n", + strerror(errno)); + goto out; + } + + if (rc != (int)buf_len) { + fprintf(stderr, "Partial write during key update: " + "wrote %d bytes, expecting %d\n", + rc, buf_len); + goto out; + } + + rc = 0; + +out: + if (fd >= 0) + close(fd); + talloc_free(efivars_filename); + talloc_free(buf); + if (rc) + fprintf(stderr, "Error syncing keystore file %s/%s\n", + ke->root, ke->name); + return rc; +} + +static int insert_new_keys(struct sync_context *ctx) +{ + struct fs_keystore_entry *ke, *ke_pk; + int pks, rc; + + rc = 0; + pks = 0; + ke_pk = NULL; + + list_for_each(&ctx->new_keys, ke, new_list) { + + /* we handle PK last */ + if (ke->type == &keydb_types[KEYDB_PK]) { + ke_pk = ke; + pks++; + continue; + } + + if (insert_key(ctx, ke)) + rc = -1; + } + + if (rc) + return rc; + + if (pks == 0 || !ctx->set_pk) + return 0; + + if (pks > 1) { + fprintf(stderr, "Skipping PK update due to mutiple PKs\n"); + return -1; + } + + rc = insert_key(ctx, ke_pk); + + return rc; +} + +static struct keyset *init_keyset(struct sync_context *ctx) +{ + struct keyset *keyset; + + keyset = talloc(ctx, struct keyset); + + list_head_init(&keyset->pk.keys); + keyset->pk.type = &keydb_types[KEYDB_PK]; + + list_head_init(&keyset->kek.keys); + keyset->kek.type = &keydb_types[KEYDB_KEK]; + + list_head_init(&keyset->db.keys); + keyset->db.type = &keydb_types[KEYDB_DB]; + + list_head_init(&keyset->dbx.keys); + keyset->dbx.type = &keydb_types[KEYDB_DBX]; + + return keyset; +} + +static struct option options[] = { + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, + { "efivars-path", required_argument, NULL, 'e' }, + { "verbose", no_argument, NULL, 'v' }, + { "dry-run", no_argument, NULL, 'n' }, + { "pk", no_argument, NULL, 'p' }, + { "no-default-keystores", no_argument, NULL, 'd' }, + { "keystore", required_argument, NULL, 'k' }, + { NULL, 0, NULL, 0 }, +}; + +static void usage(void) +{ + printf("Usage: %s [options]\n" + "Update EFI key databases from the filesystem\n" + "\n" + "Options:\n" + "\t--efivars-path Path to efivars mountpoint\n" + "\t (or regular directory for testing)\n" + "\t--verbose Print verbose progress information\n" + "\t--dry-run Don't update firmware key databases\n" + "\t--pk Set PK\n" + "\t--keystore Read keys from /{db,dbx,KEK}/*\n" + "\t (can be specified multiple times,\n" + "\t first dir takes precedence)\n" + "\t--no-default-keystores\n" + "\t Don't read keys from the default\n" + "\t keystore dirs\n", + toolname); +} + +static void version(void) +{ + printf("%s %s\n", toolname, VERSION); +} + +static void add_keystore_dir(struct sync_context *ctx, const char *dir) +{ + ctx->keystore_dirs = talloc_realloc(ctx, ctx->keystore_dirs, + const char *, ++ctx->n_keystore_dirs); + + ctx->keystore_dirs[ctx->n_keystore_dirs - 1] = + talloc_strdup(ctx->keystore_dirs, dir); +} + +int main(int argc, char **argv) +{ + bool use_default_keystore_dirs; + struct sync_context *ctx; + + use_default_keystore_dirs = true; + ctx = talloc_zero(NULL, struct sync_context); + list_head_init(&ctx->new_keys); + + for (;;) { + int idx, c; + c = getopt_long(argc, argv, "e:dpkvhV", options, &idx); + if (c == -1) + break; + + switch (c) { + case 'e': + ctx->efivars_dir = optarg; + break; + case 'd': + use_default_keystore_dirs = false; + break; + case 'k': + add_keystore_dir(ctx, optarg); + break; + case 'p': + ctx->set_pk = true; + break; + case 'v': + ctx->verbose = true; + break; + case 'n': + ctx->dry_run = true; + break; + case 'V': + version(); + return EXIT_SUCCESS; + case 'h': + usage(); + return EXIT_SUCCESS; + } + } + + if (argc != optind) { + usage(); + return EXIT_FAILURE; + } + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); + + ctx->filesystem_keys = init_keyset(ctx); + ctx->firmware_keys = init_keyset(ctx); + + if (!ctx->efivars_dir) { + ctx->efivars_dir = EFIVARS_MOUNTPOINT; + if (check_efivars_mount(ctx->efivars_dir)) { + fprintf(stderr, "Can't access efivars filesystem " + "at %s, aborting\n", ctx->efivars_dir); + return EXIT_FAILURE; + } + } + + if (use_default_keystore_dirs) { + unsigned int i; + for (i = 0; i < ARRAY_SIZE(default_keystore_dirs); i++) + add_keystore_dir(ctx, default_keystore_dirs[i]); + } + + + read_keystore(ctx); + + if (ctx->verbose) + print_keystore(ctx->fs_keystore); + + read_keysets(ctx); + if (ctx->verbose) { + print_keyset(ctx->firmware_keys, "firmware"); + print_keyset(ctx->filesystem_keys, "filesystem"); + } + + if (check_pk(ctx)) + fprintf(stderr, "WARNING: multiple PKs found in filesystem\n"); + + find_new_keys(ctx); + + if (ctx->verbose) + print_new_keys(ctx); + + if (!ctx->dry_run) + insert_new_keys(ctx); + + talloc_free(ctx); + + return EXIT_SUCCESS; +} diff -Nru sbsigntool-0.3/src/sbsiglist.c sbsigntool-0.4/src/sbsiglist.c --- sbsigntool-0.3/src/sbsiglist.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/sbsiglist.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,280 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "efivars.h" +#include "fileio.h" + +static const char *toolname = "sbsiglist"; + +static struct option options[] = { + { "output", required_argument, NULL, 'o' }, + { "type", required_argument, NULL, 't' }, + { "owner", required_argument, NULL, 'w' }, + { "verbose", no_argument, NULL, 'v' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 }, +}; + +struct cert_type { + const char *name; + const EFI_GUID guid; + unsigned int sigsize; +}; + +struct cert_type cert_types[] = { + { "x509", EFI_CERT_X509_GUID, 0 }, + { "sha256", EFI_CERT_SHA256_GUID, 32 }, +}; + +struct siglist_context { + int verbose; + + const char *infilename; + const char *outfilename; + const struct cert_type *type; + EFI_GUID owner; + + uint8_t *data; + size_t data_len; + + EFI_SIGNATURE_LIST *siglist; +}; + + +void usage(void) +{ + unsigned int i; + + printf("Usage: %s [options] --owner --type \n" + "Create an EFI_SIGNATURE_LIST from a signature file\n" + "Options:\n" + "\t--owner Signature owner GUID\n" + "\t--type Signature type. One of:\n", + toolname); + + for (i = 0; i < ARRAY_SIZE(cert_types); i++) + printf("\t %s\n", cert_types[i].name); + + printf("\t--output write signed data to \n" + "\t (default .siglist)\n"); +} + +static void version(void) +{ + printf("%s %s\n", toolname, VERSION); +} + +static int siglist_create(struct siglist_context *ctx) +{ + EFI_SIGNATURE_LIST *siglist; + EFI_SIGNATURE_DATA *sigdata; + uint32_t size; + + if (ctx->type->sigsize && ctx->data_len != ctx->type->sigsize) { + fprintf(stderr, "Error: signature lists of type '%s' expect " + "%d bytes of data, " + "%zd bytes provided.\n", + ctx->type->name, + ctx->type->sigsize, + ctx->data_len); + return -1; + } + + size = sizeof(*siglist) + sizeof(*sigdata) + ctx->data_len; + + siglist = talloc_size(ctx, size); + sigdata = (void *)(siglist + 1); + + siglist->SignatureType = ctx->type->guid; + siglist->SignatureListSize = size; + siglist->SignatureHeaderSize = 0; + siglist->SignatureSize = ctx->data_len + sizeof(*sigdata); + + sigdata->SignatureOwner = ctx->owner; + + memcpy(sigdata->SignatureData, ctx->data, ctx->data_len); + + ctx->siglist = siglist; + + return 0; +} + +static int parse_guid(const char *str, EFI_GUID *guid) +{ + uuid_t uuid; + + if (uuid_parse(str, uuid)) + return -1; + + /* convert to an EFI_GUID */ + guid->Data1 = uuid[0] << 24 | uuid[1] << 16 | uuid[2] << 8 | uuid[3]; + guid->Data2 = uuid[4] << 8 | uuid[5]; + guid->Data3 = uuid[6] << 8 | uuid[7]; + memcpy(guid->Data4, &uuid[8], sizeof(guid->Data4)); + + return 0; +} + +static struct cert_type *parse_type(const char *str) +{ + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(cert_types); i++) + if (!strcasecmp(cert_types[i].name, str)) + return &cert_types[i]; + + return NULL; +} + +static void set_default_outfilename(struct siglist_context *ctx) +{ + const char *extension = "siglist"; + + ctx->outfilename = talloc_asprintf(ctx, "%s.%s", + ctx->infilename, extension); +} +int main(int argc, char **argv) +{ + const char *type_str, *owner_guid_str; + struct siglist_context *ctx; + int c; + + ctx = talloc_zero(NULL, struct siglist_context); + + owner_guid_str = NULL; + type_str = NULL; + + for (;;) { + int idx; + c = getopt_long(argc, argv, "o:t:w:ivVh", options, &idx); + if (c == -1) + break; + + switch (c) { + case 'o': + ctx->outfilename = optarg; + break; + case 't': + type_str = optarg; + break; + case 'w': + owner_guid_str = optarg; + break; + case 'v': + ctx->verbose = 1; + break; + case 'V': + version(); + return EXIT_SUCCESS; + case 'h': + usage(); + return EXIT_SUCCESS; + } + } + + if (argc != optind + 1) { + usage(); + return EXIT_FAILURE; + } + + ctx->infilename = argv[optind]; + + if (!type_str) { + fprintf(stderr, "No type specified\n"); + usage(); + return EXIT_FAILURE; + } + + if (!type_str) { + fprintf(stderr, "No owner specified\n"); + usage(); + return EXIT_FAILURE; + } + + ctx->type = parse_type(type_str); + if (!ctx->type) { + fprintf(stderr, "Invalid type '%s'\n", type_str); + return EXIT_FAILURE; + } + + if (parse_guid(owner_guid_str, &ctx->owner)) { + fprintf(stderr, "Invalid owner GUID '%s'\n", owner_guid_str); + return EXIT_FAILURE; + } + + if (!ctx->outfilename) + set_default_outfilename(ctx); + + if (fileio_read_file(ctx, ctx->infilename, + &ctx->data, &ctx->data_len)) { + fprintf(stderr, "Can't read input file %s\n", ctx->infilename); + return EXIT_FAILURE; + } + + if (siglist_create(ctx)) + return EXIT_FAILURE; + + if (fileio_write_file(ctx->outfilename, + (void *)ctx->siglist, + ctx->siglist->SignatureListSize)) { + fprintf(stderr, "Can't write output file %s\n", + ctx->outfilename); + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} diff -Nru sbsigntool-0.3/src/sbsign.c sbsigntool-0.4/src/sbsign.c --- sbsigntool-0.3/src/sbsign.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/sbsign.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,231 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include "idc.h" +#include "image.h" +#include "fileio.h" + +static const char *toolname = "sbsign"; + +struct sign_context { + struct image *image; + const char *infilename; + const char *outfilename; + int verbose; + int detached; +}; + +static struct option options[] = { + { "output", required_argument, NULL, 'o' }, + { "cert", required_argument, NULL, 'c' }, + { "key", required_argument, NULL, 'k' }, + { "detached", no_argument, NULL, 'd' }, + { "verbose", no_argument, NULL, 'v' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 }, +}; + +static void usage(void) +{ + printf("Usage: %s [options] --key --cert " + "\n" + "Sign an EFI boot image for use with secure boot.\n\n" + "Options:\n" + "\t--key signing key (PEM-encoded RSA " + "private key)\n" + "\t--cert certificate (x509 certificate)\n" + "\t--detached write a detached signature, instead of\n" + "\t a signed binary\n" + "\t--output write signed data to \n" + "\t (default .signed,\n" + "\t or .pk7 for detached\n" + "\t signatures)\n", + toolname); +} + +static void version(void) +{ + printf("%s %s\n", toolname, VERSION); +} + +static void set_default_outfilename(struct sign_context *ctx) +{ + const char *extension; + + extension = ctx->detached ? "pk7" : "signed"; + + ctx->outfilename = talloc_asprintf(ctx, "%s.%s", + ctx->infilename, extension); +} + +int main(int argc, char **argv) +{ + const char *keyfilename, *certfilename; + struct sign_context *ctx; + uint8_t *buf, *tmp; + int rc, c, sigsize; + + ctx = talloc_zero(NULL, struct sign_context); + + keyfilename = NULL; + certfilename = NULL; + + for (;;) { + int idx; + c = getopt_long(argc, argv, "o:c:k:dvVh", options, &idx); + if (c == -1) + break; + + switch (c) { + case 'o': + ctx->outfilename = talloc_strdup(ctx, optarg); + break; + case 'c': + certfilename = optarg; + break; + case 'k': + keyfilename = optarg; + break; + case 'd': + ctx->detached = 1; + break; + case 'v': + ctx->verbose = 1; + break; + case 'V': + version(); + return EXIT_SUCCESS; + case 'h': + usage(); + return EXIT_SUCCESS; + } + } + + if (argc != optind + 1) { + usage(); + return EXIT_FAILURE; + } + + ctx->infilename = argv[optind]; + if (!ctx->outfilename) + set_default_outfilename(ctx); + + if (!certfilename) { + fprintf(stderr, + "error: No certificate specified (with --cert)\n"); + usage(); + return EXIT_FAILURE; + } + if (!keyfilename) { + fprintf(stderr, + "error: No key specified (with --key)\n"); + usage(); + return EXIT_FAILURE; + } + + ctx->image = image_load(ctx->infilename); + if (!ctx->image) + return EXIT_FAILURE; + + talloc_steal(ctx, ctx->image); + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); + + EVP_PKEY *pkey = fileio_read_pkey(keyfilename); + if (!pkey) + return EXIT_FAILURE; + + X509 *cert = fileio_read_cert(certfilename); + if (!cert) + return EXIT_FAILURE; + + const EVP_MD *md = EVP_get_digestbyname("SHA256"); + + /* set up the PKCS7 object */ + PKCS7 *p7 = PKCS7_new(); + PKCS7_set_type(p7, NID_pkcs7_signed); + + PKCS7_SIGNER_INFO *si = PKCS7_sign_add_signer(p7, cert, + pkey, md, PKCS7_BINARY); + if (!si) { + fprintf(stderr, "error in key/certificate chain\n"); + ERR_print_errors_fp(stderr); + return EXIT_FAILURE; + } + + PKCS7_content_new(p7, NID_pkcs7_data); + + rc = IDC_set(p7, si, ctx->image); + if (rc) + return EXIT_FAILURE; + + sigsize = i2d_PKCS7(p7, NULL); + tmp = buf = talloc_array(ctx->image, uint8_t, sigsize); + i2d_PKCS7(p7, &tmp); + ERR_print_errors_fp(stdout); + + image_add_signature(ctx->image, buf, sigsize); + + if (ctx->detached) + image_write_detached(ctx->image, ctx->outfilename); + else + image_write(ctx->image, ctx->outfilename); + + talloc_free(ctx); + + return EXIT_SUCCESS; +} + diff -Nru sbsigntool-0.3/src/sbvarsign.c sbsigntool-0.4/src/sbvarsign.c --- sbsigntool-0.3/src/sbvarsign.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/sbvarsign.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,555 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "efivars.h" +#include "fileio.h" + +static const char *toolname = "sbvarsign"; + +struct varsign_context { + const char *infilename; + const char *outfilename; + + uint8_t *data; + size_t data_len; + + CHAR16 *var_name; + int var_name_bytes; + EFI_GUID var_guid; + uint32_t var_attrs; + + EVP_PKEY *key; + X509 *cert; + + EFI_VARIABLE_AUTHENTICATION_2 *auth_descriptor; + int auth_descriptor_len; + EFI_TIME timestamp; + + int verbose; +}; + +struct attr { + const char *name; + int value; +}; + +#define EFI_VAR_ATTR(n) { #n, EFI_VARIABLE_ ## n } +static struct attr attrs[] = { + EFI_VAR_ATTR(NON_VOLATILE), + EFI_VAR_ATTR(BOOTSERVICE_ACCESS), + EFI_VAR_ATTR(RUNTIME_ACCESS), + EFI_VAR_ATTR(TIME_BASED_AUTHENTICATED_WRITE_ACCESS), + EFI_VAR_ATTR(APPEND_WRITE), +}; + +static uint32_t default_attrs = EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | + EFI_VARIABLE_APPEND_WRITE; + +static uint32_t attr_invalid = 0xffffffffu; +static const char *attr_prefix = "EFI_VARIABLE_"; + +static const EFI_GUID default_guid = EFI_GLOBAL_VARIABLE; +static const EFI_GUID cert_pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; + +static void set_default_outfilename(struct varsign_context *ctx) +{ + const char *extension = "signed"; + + ctx->outfilename = talloc_asprintf(ctx, "%s.%s", + ctx->infilename, extension); +} + +static uint32_t parse_single_attr(const char *attr_str) +{ + unsigned int i; + + /* skip standard prefix, if present */ + if (!strncmp(attr_str, attr_prefix, strlen(attr_prefix))) + attr_str += strlen(attr_prefix); + + for (i = 0; i < ARRAY_SIZE(attrs); i++) { + if (!strcmp(attr_str, attrs[i].name)) + return attrs[i].value; + } + + return attr_invalid; +} + +static uint32_t parse_attrs(const char *attrs_str) +{ + uint32_t attr, attrs_val; + const char *attr_str; + char *str; + + /* we always need E_V_T_B_A_W_A */ + attrs_val = EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + + if (!attrs_str[0]) + return attrs_val; + + str = strdup(attrs_str); + + for (attr_str = strtok(str, ","); attr_str; + attr_str = strtok(NULL, ",")) { + + attr = parse_single_attr(attr_str); + if (attr == attr_invalid) { + fprintf(stderr, "Invalid attribute string %s\n", + attr_str); + return attr_invalid; + } + + attrs_val |= attr; + } + + return attrs_val; +} + +static int set_varname(struct varsign_context *ctx, const char *str) +{ + CHAR16 *wstr; + int i, len; + + len = strlen(str); + + wstr = talloc_array(ctx, CHAR16, len); + + for (i = 0; i < len; i++) + wstr[i] = str[i]; + + ctx->var_name = wstr; + ctx->var_name_bytes = len * sizeof(CHAR16); + + return 0; +} + +static int parse_guid(const char *str, EFI_GUID *guid) +{ + uuid_t uuid; + + if (uuid_parse(str, uuid)) + return -1; + + /* convert to an EFI_GUID */ + guid->Data1 = uuid[0] << 24 | uuid[1] << 16 | uuid[2] << 8 | uuid[3]; + guid->Data2 = uuid[4] << 8 | uuid[5]; + guid->Data3 = uuid[6] << 8 | uuid[7]; + memcpy(guid->Data4, &uuid[8], sizeof(guid->Data4)); + + return 0; +} + +static int set_timestamp(EFI_TIME *timestamp) +{ + struct tm *tm; + time_t t; + + time(&t); + + tm = gmtime(&t); + if (!tm) { + perror("gmtime"); + return -1; + } + + /* copy to our EFI-specific time structure. Other fields (Nanosecond, + * TimeZone, Daylight and Pad) are defined to be zero */ + memset(timestamp, 0, sizeof(*timestamp)); + timestamp->Year = tm->tm_year; + timestamp->Month = tm->tm_mon; + timestamp->Day = tm->tm_mday; + timestamp->Hour = tm->tm_hour; + timestamp->Minute = tm->tm_min; + timestamp->Second = tm->tm_sec; + + return 0; +} + +static int add_auth_descriptor(struct varsign_context *ctx) +{ + EFI_VARIABLE_AUTHENTICATION_2 *auth; + int rc, len, flags; + EFI_TIME timestamp; + const EVP_MD *md; + BIO *data_bio; + uint8_t *tmp; + PKCS7 *p7; + + if (set_timestamp(×tamp)) + return -1; + + /* create a BIO for our variable data, containing: + * * Variablename (not including trailing nul) + * * VendorGUID + * * Attributes + * * TimeStamp + * * Data + */ + data_bio = BIO_new(BIO_s_mem()); + BIO_write(data_bio, ctx->var_name, ctx->var_name_bytes); + BIO_write(data_bio, &ctx->var_guid, sizeof(ctx->var_guid)); + BIO_write(data_bio, &ctx->var_attrs, sizeof(ctx->var_attrs)); + BIO_write(data_bio, ×tamp, sizeof(timestamp)); + BIO_write(data_bio, ctx->data, ctx->data_len); + + md = EVP_get_digestbyname("SHA256"); + + p7 = PKCS7_new(); + flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_NOSMIMECAP;; + PKCS7_set_type(p7, NID_pkcs7_signed); + + PKCS7_content_new(p7, NID_pkcs7_data); + + PKCS7_sign_add_signer(p7, ctx->cert, ctx->key, md, flags); + + PKCS7_set_detached(p7, 1); + + rc = PKCS7_final(p7, data_bio, flags); + if (!rc) { + fprintf(stderr, "Error signing variable data\n"); + ERR_print_errors_fp(stderr); + BIO_free_all(data_bio); + return -1; + } + + len = i2d_PKCS7(p7, NULL); + + + /* set up our auth descriptor */ + auth = talloc_size(ctx, sizeof(*auth) + len); + + auth->TimeStamp = timestamp; + auth->AuthInfo.Hdr.dwLength = len + sizeof(auth->AuthInfo); + auth->AuthInfo.Hdr.wRevision = 0x0200; + auth->AuthInfo.Hdr.wCertificateType = 0x0EF1; + auth->AuthInfo.CertType = cert_pkcs7_guid; + tmp = auth->AuthInfo.CertData; + i2d_PKCS7(p7, &tmp); + + ctx->auth_descriptor = auth; + ctx->auth_descriptor_len = sizeof(*auth) + len; + + BIO_free_all(data_bio); + + return 0; +} + +int write_signed(struct varsign_context *ctx, int include_attrs) +{ + int fd, rc; + + fd = open(ctx->outfilename, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd < 0) { + perror("open"); + goto err; + } + + /* For some uses (eg, writing to the efivars filesystem), we may + * want to prefix the signed variable with four bytes of attribute + * data + */ + if (include_attrs) { + rc = write_all(fd, &ctx->var_attrs, sizeof(ctx->var_attrs)); + if (!rc) { + perror("write_all"); + goto err; + } + } + + /* Write the authentication descriptor */ + rc = write_all(fd, ctx->auth_descriptor, ctx->auth_descriptor_len); + if (!rc) { + perror("write_all"); + goto err; + } + + /* ... and the variable data itself */ + rc = write_all(fd, ctx->data, ctx->data_len); + if (!rc) { + perror("write_all"); + goto err; + } + + if (ctx->verbose) { + size_t i = 0; + + printf("Wrote signed data:\n"); + if (include_attrs) { + i = sizeof(ctx->var_attrs); + printf(" [%04zx:%04zx] attrs\n", 0l, i); + } + + printf(" [%04zx:%04x] authentication descriptor\n", + i, ctx->auth_descriptor_len); + + printf(" [%04zx:%04zx] EFI_VAR_AUTH_2 header\n", + i, + sizeof(EFI_VARIABLE_AUTHENTICATION_2)); + + printf(" [%04zx:%04zx] WIN_CERT_UEFI_GUID header\n", + i + offsetof(EFI_VARIABLE_AUTHENTICATION_2, + AuthInfo), + sizeof(WIN_CERTIFICATE_UEFI_GUID)); + + printf(" [%04zx:%04zx] WIN_CERT header\n", + i + offsetof(EFI_VARIABLE_AUTHENTICATION_2, + AuthInfo.Hdr), + sizeof(WIN_CERTIFICATE)); + + printf(" [%04zx:%04zx] pkcs7 data\n", + i + offsetof(EFI_VARIABLE_AUTHENTICATION_2, + AuthInfo.CertData), + ctx->auth_descriptor_len - + sizeof(EFI_VARIABLE_AUTHENTICATION_2)); + + i += ctx->auth_descriptor_len; + + printf(" [%04zx:%04zx] variable data\n", + i, i + ctx->data_len); + } + + close(fd); + return 0; + +err: + fprintf(stderr, "Can't write signed data to file '%s'\n", + ctx->outfilename); + if (fd >= 0) + close(fd); + return -1; + +} + +static void set_default_guid(struct varsign_context *ctx, const char *varname) +{ + EFI_GUID secdb_guid = EFI_IMAGE_SECURITY_DATABASE_GUID; + EFI_GUID global_guid = EFI_GLOBAL_VARIABLE; + + if (!strcmp(varname, "db") || !strcmp(varname, "dbx")) + ctx->var_guid = secdb_guid; + else + ctx->var_guid = global_guid; +} + +static struct option options[] = { + { "output", required_argument, NULL, 'o' }, + { "guid", required_argument, NULL, 'g' }, + { "attrs", required_argument, NULL, 'a' }, + { "key", required_argument, NULL, 'k' }, + { "cert", required_argument, NULL, 'c' }, + { "include-attrs", no_argument, NULL, 'i' }, + { "verbose", no_argument, NULL, 'v' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 }, +}; + +void usage(void) +{ + unsigned int i; + + printf("Usage: %s [options] --key --cert " + " \n" + "Sign a blob of data for use in SetVariable().\n\n" + "Options:\n" + "\t--key signing key (PEM-encoded RSA " + "private key)\n" + "\t--cert certificate (x509 certificate)\n" + "\t--include-attrs include attrs at beginning of output file\n" + "\t--guid EFI GUID for the variable. If omitted,\n" + "\t EFI_IMAGE_SECURITY_DATABASE or\n" + "\t EFI_GLOBAL_VARIABLE (depending on\n" + "\t ) will be used.\n" + "\t--attr variable attributes. One or more of:\n", + toolname); + + for (i = 0; i < ARRAY_SIZE(attrs); i++) + printf("\t %s\n", attrs[i].name); + + printf("\t Separate multiple attrs with a comma,\n" + "\t default is all attributes,\n" + "\t TIME_BASED_AUTH... is always included.\n" + "\t--output write signed data to \n" + "\t (default .signed)\n"); +} + +static void version(void) +{ + printf("%s %s\n", toolname, VERSION); +} + +int main(int argc, char **argv) +{ + const char *guid_str, *attr_str, *varname; + const char *keyfilename, *certfilename; + struct varsign_context *ctx; + bool include_attrs; + int c; + + ctx = talloc_zero(NULL, struct varsign_context); + + keyfilename = NULL; + certfilename = NULL; + guid_str = NULL; + attr_str= NULL; + include_attrs = false; + + for (;;) { + int idx; + c = getopt_long(argc, argv, "o:g:a:k:c:ivVh", options, &idx); + if (c == -1) + break; + + switch (c) { + case 'o': + ctx->outfilename = optarg; + break; + case 'g': + guid_str = optarg; + break; + case 'a': + attr_str = optarg; + break; + case 'k': + keyfilename = optarg; + break; + case 'c': + certfilename = optarg; + break; + case 'i': + include_attrs = true; + break; + case 'v': + ctx->verbose = 1; + break; + case 'V': + version(); + return EXIT_SUCCESS; + case 'h': + usage(); + return EXIT_SUCCESS; + } + } + + if (argc != optind + 2) { + usage(); + return EXIT_FAILURE; + } + + if (!keyfilename) { + fprintf(stderr, "No signing key specified\n"); + return EXIT_FAILURE; + } + + if (!certfilename) { + fprintf(stderr, "No signing certificate specified\n"); + return EXIT_FAILURE; + } + + /* initialise openssl */ + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); + ERR_load_crypto_strings(); + + /* set up the variable signing context */ + varname = argv[optind]; + set_varname(ctx, varname); + ctx->infilename = argv[optind+1]; + + if (!ctx->outfilename) + set_default_outfilename(ctx); + + if (attr_str) { + ctx->var_attrs = parse_attrs(attr_str); + if (ctx->var_attrs == attr_invalid) + return EXIT_FAILURE; + } else { + ctx->var_attrs = default_attrs; + } + + if (guid_str) { + if (parse_guid(guid_str, &ctx->var_guid)) { + fprintf(stderr, "Invalid GUID '%s'\n", guid_str); + return EXIT_FAILURE; + } + } else { + set_default_guid(ctx, varname); + } + + if (fileio_read_file(ctx, ctx->infilename, &ctx->data, &ctx->data_len)) + return EXIT_FAILURE; + + ctx->key = fileio_read_pkey(keyfilename); + if (!ctx->key) + return EXIT_FAILURE; + + ctx->cert = fileio_read_cert(certfilename); + if (!ctx->cert) + return EXIT_FAILURE; + + /* do the signing */ + if (add_auth_descriptor(ctx)) + return EXIT_FAILURE; + + /* write the resulting image */ + if (write_signed(ctx, include_attrs)) + return EXIT_FAILURE; + + return EXIT_SUCCESS; +} diff -Nru sbsigntool-0.3/src/sbverify.c sbsigntool-0.4/src/sbverify.c --- sbsigntool-0.3/src/sbverify.c 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/src/sbverify.c 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,252 @@ +/* + * Copyright (C) 2012 Jeremy Kerr + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the OpenSSL + * library under certain conditions as described in each individual source file, + * and distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all + * of the code used other than OpenSSL. If you modify file(s) with this + * exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do + * so, delete this exception statement from your version. If you delete + * this exception statement from all source files in the program, then + * also delete it here. + */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include "image.h" +#include "idc.h" +#include "fileio.h" + +#include +#include +#include +#include +#include +#include + +static const char *toolname = "sbverify"; + +enum verify_status { + VERIFY_FAIL = 0, + VERIFY_OK = 1, +}; + +static struct option options[] = { + { "cert", required_argument, NULL, 'c' }, + { "no-verify", no_argument, NULL, 'n' }, + { "detached", required_argument, NULL, 'd' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 }, +}; + +static void usage(void) +{ + printf("Usage: %s [options] --cert \n" + "Verify a UEFI secure boot image.\n\n" + "Options:\n" + "\t--cert certificate (x509 certificate)\n" + "\t--no-verify don't perform certificate verification\n" + "\t--detached read signature from , instead of\n" + "\t looking for an embedded signature\n", + toolname); +} + +static void version(void) +{ + printf("%s %s\n", toolname, VERSION); +} + +int load_cert(X509_STORE *certs, const char *filename) +{ + X509 *cert; + + cert = fileio_read_cert(filename); + if (!cert) + return -1; + + X509_STORE_add_cert(certs, cert); + return 0; +} + +static int load_image_signature_data(struct image *image, + uint8_t **buf, size_t *len) +{ + struct cert_table_header *header; + + if (!image->data_dir_sigtable->addr + || !image->data_dir_sigtable->size) { + fprintf(stderr, "No signature table present\n"); + return -1; + } + + header = (void *)image->buf + image->data_dir_sigtable->addr; + *buf = (void *)(header + 1); + *len = header->size - sizeof(*header); + return 0; +} + +static int load_detached_signature_data(struct image *image, + const char *filename, uint8_t **buf, size_t *len) +{ + return fileio_read_file(image, filename, buf, len); +} + +static int x509_verify_cb(int status, X509_STORE_CTX *ctx) +{ + int err = X509_STORE_CTX_get_error(ctx); + + /* also accept code-signing keys */ + if (err == X509_V_ERR_INVALID_PURPOSE + && ctx->cert->ex_xkusage == XKU_CODE_SIGN) + status = 1; + + return status; +} + +int main(int argc, char **argv) +{ + const char *detached_sig_filename, *image_filename; + enum verify_status status; + int rc, c, flags, verify; + const uint8_t *tmp_buf; + struct image *image; + X509_STORE *certs; + uint8_t *sig_buf; + size_t sig_size; + struct idc *idc; + BIO *idcbio; + PKCS7 *p7; + + status = VERIFY_FAIL; + certs = X509_STORE_new(); + verify = 1; + detached_sig_filename = NULL; + + OpenSSL_add_all_digests(); + ERR_load_crypto_strings(); + + for (;;) { + int idx; + c = getopt_long(argc, argv, "c:d:nVh", options, &idx); + if (c == -1) + break; + + switch (c) { + case 'c': + rc = load_cert(certs, optarg); + if (rc) + return EXIT_FAILURE; + break; + case 'd': + detached_sig_filename = optarg; + break; + case 'n': + verify = 0; + break; + case 'V': + version(); + return EXIT_SUCCESS; + case 'h': + usage(); + return EXIT_SUCCESS; + } + + } + + if (argc != optind + 1) { + usage(); + return EXIT_FAILURE; + } + + image_filename = argv[optind]; + + image = image_load(image_filename); + if (!image) { + fprintf(stderr, "Can't open image %s\n", image_filename); + return EXIT_FAILURE; + } + + if (detached_sig_filename) + rc = load_detached_signature_data(image, detached_sig_filename, + &sig_buf, &sig_size); + else + rc = load_image_signature_data(image, &sig_buf, &sig_size); + + if (rc) { + fprintf(stderr, "Unable to read signature data from %s\n", + detached_sig_filename ? : image_filename); + goto out; + } + + tmp_buf = sig_buf; + p7 = d2i_PKCS7(NULL, &tmp_buf, sig_size); + if (!p7) { + fprintf(stderr, "Unable to parse signature data\n"); + ERR_print_errors_fp(stderr); + goto out; + } + + idcbio = BIO_new(BIO_s_mem()); + idc = IDC_get(p7, idcbio); + if (!idc) + goto out; + + rc = IDC_check_hash(idc, image); + if (rc) + goto out; + + flags = PKCS7_BINARY; + if (!verify) + flags |= PKCS7_NOVERIFY; + + X509_STORE_set_verify_cb_func(certs, x509_verify_cb); + rc = PKCS7_verify(p7, NULL, certs, idcbio, NULL, flags); + if (!rc) { + printf("PKCS7 verification failed\n"); + ERR_print_errors_fp(stderr); + goto out; + } + + status = VERIFY_OK; + +out: + talloc_free(image); + if (status == VERIFY_OK) + printf("Signature verification OK\n"); + else + printf("Signature verification failed\n"); + + return status == VERIFY_OK ? EXIT_SUCCESS : EXIT_FAILURE; +} diff -Nru sbsigntool-0.3/tests/cert-table-header.sh sbsigntool-0.4/tests/cert-table-header.sh --- sbsigntool-0.3/tests/cert-table-header.sh 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/tests/cert-table-header.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - # Parse the data directory of a PE/COFF file and returns two hex values: # the file offset and size of the signature table. function sigtable_params() { diff -Nru sbsigntool-0.3/tests/common.sh sbsigntool-0.4/tests/common.sh --- sbsigntool-0.3/tests/common.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/common.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ - -basedir=$(cd $srcdir && pwd) -datadir=$(pwd) -bindir="$datadir/.." - -sbsign=$bindir/sbsign -sbverify=$bindir/sbverify -sbattach=$bindir/sbattach - -key="$datadir/private-key.rsa" -cert="$datadir/public-cert.pem" -image="$datadir/test.pecoff" - -tempdir=$(mktemp --directory) -exit_trap='rm -rf $tempdir' -trap "$exit_trap" EXIT - -cd "$tempdir" diff -Nru sbsigntool-0.3/tests/detach-remove.sh sbsigntool-0.4/tests/detach-remove.sh --- sbsigntool-0.3/tests/detach-remove.sh 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/detach-remove.sh 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,15 @@ +#!/bin/bash -ex + +signed="test.signed" +unsigned="test.unsigned" + +"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image" +cp "$signed" "$unsigned" +"$sbattach" --remove "$unsigned" + +# ensure that there is no security directory +objdump -p $unsigned | grep -q '0\+ 0\+ Security Directory' + +# ensure that the unsigned file is the same size as our original binary +[ $(stat --format=%s "$image") -eq $(stat --format=%s "$unsigned") ] + diff -Nru sbsigntool-0.3/tests/Makefile.am sbsigntool-0.4/tests/Makefile.am --- sbsigntool-0.3/tests/Makefile.am 2012-06-30 01:02:05.000000000 +0100 +++ sbsigntool-0.4/tests/Makefile.am 2012-10-01 14:33:31.000000000 +0100 @@ -1,32 +1,39 @@ +AUTOMAKE_OPTIONS = parallel-tests + test_key = private-key.rsa test_cert = public-cert.pem -test_image = test.pecoff +test_arches = x86_64 i386 +test_images = test-x86_64.pecoff test-i386.pecoff -check_PROGRAMS = test.pecoff +check_PROGRAMS = test-x86_64.pecoff test-i386.pecoff check_DATA = $(test_key) $(test_cert) -check_SCRIPTS = common.sh - -test_image_arch = x86-64 -test_lds = $(srcdir)/test.lds +check_SCRIPTS = test-wrapper.sh -test_pecoff_SOURCES = +test_i386_pecoff_SOURCES = test.S test-i386.lds +test_x86_64_pecoff_SOURCES = test.S test-x86_64.lds -test.pecoff: test.elf +test-%.pecoff: test-%.elf $(OBJCOPY) -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel \ -j .rela -j .reloc \ --target=efi-app-$(test_image_arch) $^ $@ $(STRIP) $@ -test.elf: LDFLAGS = -nostdlib -T $(test_lds) -m64 -test.elf: test.$(OBJEXT) $(test_lds) - $(LINK) $< +test-x86_64.pecoff: test_image_arch = x86-64 +test-x86_64.pecoff: test_lds = $(srcdir)/test-x86_64.lds +test-x86_64.pecoff: ASFLAGS += -m64 +test-x86_64.pecoff: LDFLAGS += -m64 +test-i386.pecoff: test_image_arch = i386 +test-i386.pecoff: test_lds = $(srcdir)/test-i386.lds +test-i386.pecoff: ASFLAGS += -m32 +test-i386.pecoff: LDFLAGS += -m32 -.INTERMEDIATE: test.elf +test-%.elf: LDFLAGS = -nostdlib -T $(test_lds) +test-%.elf: test-%.$(OBJEXT) $(test_lds) + $(LINK) $< -test.$(OBJEXT): ASFLAGS = -m64 -test.$(OBJEXT): $(srcdir)/test.S +test-%.$(OBJEXT): $(srcdir)/test.S $(COMPILE.S) -o $@ $^ $(test_key): Makefile @@ -37,6 +44,7 @@ TESTS = sign-verify.sh \ sign-verify-detached.sh \ + sign-detach-verify.sh \ sign-attach-verify.sh \ sign-missing-image.sh \ sign-missing-cert.sh \ @@ -44,7 +52,13 @@ verify-missing-image.sh \ verify-missing-cert.sh \ sign-invalidattach-verify.sh \ - cert-table-header.sh + cert-table-header.sh \ + resign-warning.sh \ + reattach-warning.sh \ + detach-remove.sh + +TEST_EXTENSIONS = .sh +SH_LOG_COMPILER = TEST_ARCHES="$(test_arches)" $(srcdir)/test-wrapper.sh EXTRA_DIST = $(test_lds) test.S $(TESTS) $(check_SCRIPTS) -CLEANFILES = $(test_key) $(test_cert) $(test_image) +CLEANFILES = $(test_key) $(test_cert) $(test_images) diff -Nru sbsigntool-0.3/tests/Makefile.in sbsigntool-0.4/tests/Makefile.in --- sbsigntool-0.3/tests/Makefile.in 2012-06-30 01:09:02.000000000 +0100 +++ sbsigntool-0.4/tests/Makefile.in 2012-10-02 10:13:41.000000000 +0100 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.5 from Makefile.am. +# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -15,23 +15,6 @@ @SET_MAKE@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -48,7 +31,7 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -check_PROGRAMS = test.pecoff$(EXEEXT) +check_PROGRAMS = test-x86_64.pecoff$(EXEEXT) test-i386.pecoff$(EXEEXT) subdir = tests DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -59,23 +42,138 @@ CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am_test_pecoff_OBJECTS = -test_pecoff_OBJECTS = $(am_test_pecoff_OBJECTS) -test_pecoff_LDADD = $(LDADD) +am_test_i386_pecoff_OBJECTS = test.$(OBJEXT) +test_i386_pecoff_OBJECTS = $(am_test_i386_pecoff_OBJECTS) +test_i386_pecoff_LDADD = $(LDADD) +am_test_x86_64_pecoff_OBJECTS = test.$(OBJEXT) +test_x86_64_pecoff_OBJECTS = $(am_test_x86_64_pecoff_OBJECTS) +test_x86_64_pecoff_LDADD = $(LDADD) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +CPPASCOMPILE = $(CCAS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CCASFLAGS) $(CCASFLAGS) COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = $(test_pecoff_SOURCES) -DIST_SOURCES = $(test_pecoff_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac +SOURCES = $(test_i386_pecoff_SOURCES) $(test_x86_64_pecoff_SOURCES) +DIST_SOURCES = $(test_i386_pecoff_SOURCES) \ + $(test_x86_64_pecoff_SOURCES) +ETAGS = etags +CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +# Restructured Text title and section. +am__rst_title = sed 's/.*/ & /;h;s/./=/g;p;x;p;g;p;s/.*//' +am__rst_section = sed 'p;s/./=/g;p;g' +# Put stdin (possibly several lines separated by ". ") in a box. +# Prefix each line by 'col' and terminate each with 'std', for coloring. +# Multi line coloring is problematic with "less -R", so we really need +# to color each line individually. +am__text_box = $(AWK) '{ \ + n = split($$0, lines, "\\. "); max = 0; \ + for (i = 1; i <= n; ++i) \ + if (max < length(lines[i])) \ + max = length(lines[i]); \ + for (i = 0; i < max; ++i) \ + line = line "="; \ + print col line std; \ + for (i = 1; i <= n; ++i) \ + if (lines[i]) \ + print col lines[i] std; \ + print col line std; \ +}' +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log, and passes +# TESTS_ENVIRONMENT. Save and restore TERM around use of +# TESTS_ENVIRONMENT, in case that unsets it. +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +srcdir=$(srcdir); export srcdir; \ +rm -f $@-t; \ +am__trap='rm -f '\''$(abs_builddir)/$@-t'\''; (exit $$st); exit $$st'; \ +trap "st=129; $$am__trap" 1; trap "st=130; $$am__trap" 2; \ +trap "st=141; $$am__trap" 13; trap "st=143; $$am__trap" 15; \ +am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`; \ +test "x$$am__odir" = x. || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; __SAVED_TERM=$$TERM; \ +$(TESTS_ENVIRONMENT) +# To be appended to the command running the test. Handle the stdout +# and stderr redirection, and catch the exit status. +am__check_post = \ +>$@-t 2>&1; \ +estatus=$$?; \ +if test -n '$(DISABLE_HARD_ERRORS)' \ + && test $$estatus -eq 99; then \ + estatus=1; \ +fi; \ +TERM=$$__SAVED_TERM; export TERM; \ +$(am__tty_colors); \ +xfailed=PASS; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + xfailed=XFAIL;; \ +esac; \ +case $$estatus.$$xfailed in \ + 0.XFAIL) col=$$red; res=XPASS;; \ + 0.*) col=$$grn; res=PASS ;; \ + 77.*) col=$$blu; res=SKIP ;; \ + 99.*) col=$$red; res=FAIL ;; \ + *.XFAIL) col=$$lgn; res=XFAIL;; \ + *.*) col=$$red; res=FAIL ;; \ +esac; \ +echo "$${col}$$res$${std}: $$f"; \ +echo "$$res: $$f (exit: $$estatus)" | \ + $(am__rst_section) >$@; \ +cat $@-t >>$@; \ +rm -f $@-t +RECHECK_LOGS = $(TEST_LOGS) +AM_RECURSIVE_TARGETS = check recheck check-html recheck-html +TEST_SUITE_HTML = $(TEST_SUITE_LOG:.log=.html) +TEST_SUITE_LOG = test-suite.log +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.sh.log=.log) +SH_LOG_COMPILE = $(SH_LOG_COMPILER) $(AM_SH_LOG_FLAGS) $(SH_LOG_FLAGS) +TEST_LOGS_TMP = $(TEST_LOGS:.log=.log-t) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -97,6 +195,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EFI_CPPFLAGS = @EFI_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ @@ -174,16 +273,20 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +uuid_CFLAGS = @uuid_CFLAGS@ +uuid_LIBS = @uuid_LIBS@ +AUTOMAKE_OPTIONS = parallel-tests test_key = private-key.rsa test_cert = public-cert.pem -test_image = test.pecoff +test_arches = x86_64 i386 +test_images = test-x86_64.pecoff test-i386.pecoff check_DATA = $(test_key) $(test_cert) -check_SCRIPTS = common.sh -test_image_arch = x86-64 -test_lds = $(srcdir)/test.lds -test_pecoff_SOURCES = +check_SCRIPTS = test-wrapper.sh +test_i386_pecoff_SOURCES = test.S test-i386.lds +test_x86_64_pecoff_SOURCES = test.S test-x86_64.lds TESTS = sign-verify.sh \ sign-verify-detached.sh \ + sign-detach-verify.sh \ sign-attach-verify.sh \ sign-missing-image.sh \ sign-missing-cert.sh \ @@ -191,13 +294,19 @@ verify-missing-image.sh \ verify-missing-cert.sh \ sign-invalidattach-verify.sh \ - cert-table-header.sh + cert-table-header.sh \ + resign-warning.sh \ + reattach-warning.sh \ + detach-remove.sh +TEST_EXTENSIONS = .sh +SH_LOG_COMPILER = TEST_ARCHES="$(test_arches)" $(srcdir)/test-wrapper.sh EXTRA_DIST = $(test_lds) test.S $(TESTS) $(check_SCRIPTS) -CLEANFILES = $(test_key) $(test_cert) $(test_image) +CLEANFILES = $(test_key) $(test_cert) $(test_images) all: all-am .SUFFIXES: +.SUFFIXES: .S .html .log .o .obj .sh .sh$(EXEEXT) $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -237,105 +346,206 @@ distclean-compile: -rm -f *.tab.c -tags: TAGS -TAGS: -ctags: CTAGS -CTAGS: +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test.Po@am__quote@ +.S.o: +@am__fastdepCCAS_TRUE@ $(CPPASCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCCAS_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCCAS_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCCAS_FALSE@ DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCCAS_FALSE@ $(CPPASCOMPILE) -c -o $@ $< + +.S.obj: +@am__fastdepCCAS_TRUE@ $(CPPASCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCCAS_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCCAS_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCCAS_FALSE@ DEPDIR=$(DEPDIR) $(CCASDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCCAS_FALSE@ $(CPPASCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS -check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; \ - srcdir=$(srcdir); export srcdir; \ - list=' $(TESTS) '; \ - $(am__tty_colors); \ - if test -n "$$list"; then \ - for tst in $$list; do \ - if test -f ./$$tst; then dir=./; \ - elif test -f $$tst; then dir=; \ - else dir="$(srcdir)/"; fi; \ - if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ - all=`expr $$all + 1`; \ - case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$tst[\ \ ]*) \ - xpass=`expr $$xpass + 1`; \ - failed=`expr $$failed + 1`; \ - col=$$red; res=XPASS; \ - ;; \ - *) \ - col=$$grn; res=PASS; \ - ;; \ - esac; \ - elif test $$? -ne 77; then \ - all=`expr $$all + 1`; \ - case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$tst[\ \ ]*) \ - xfail=`expr $$xfail + 1`; \ - col=$$lgn; res=XFAIL; \ - ;; \ - *) \ - failed=`expr $$failed + 1`; \ - col=$$red; res=FAIL; \ - ;; \ - esac; \ - else \ - skip=`expr $$skip + 1`; \ - col=$$blu; res=SKIP; \ - fi; \ - echo "$${col}$$res$${std}: $$tst"; \ - done; \ - if test "$$all" -eq 1; then \ - tests="test"; \ - All=""; \ - else \ - tests="tests"; \ - All="All "; \ - fi; \ - if test "$$failed" -eq 0; then \ - if test "$$xfail" -eq 0; then \ - banner="$$All$$all $$tests passed"; \ - else \ - if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ - banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ - fi; \ +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ else \ - if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all $$tests failed"; \ - else \ - if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ - banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ - fi; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ fi; \ - dashes="$$banner"; \ - skipped=""; \ - if test "$$skip" -ne 0; then \ - if test "$$skip" -eq 1; then \ - skipped="($$skip test was not run)"; \ - else \ - skipped="($$skip tests were not run)"; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__sh_e_setup); \ + list='$(TEST_LOGS)'; \ + results=`for f in $$list; do \ + test -r $$f && read line < $$f && echo "$$line" \ + || echo FAIL; \ + done`; \ + all=`echo "$$results" | sed '/^$$/d' | wc -l | sed -e 's/^[ ]*//'`; \ + fail=`echo "$$results" | grep -c '^FAIL'`; \ + pass=`echo "$$results" | grep -c '^PASS'`; \ + skip=`echo "$$results" | grep -c '^SKIP'`; \ + xfail=`echo "$$results" | grep -c '^XFAIL'`; \ + xpass=`echo "$$results" | grep -c '^XPASS'`; \ + failures=`expr $$fail + $$xpass`; \ + all=`expr $$all - $$skip`; \ + if test "$$all" -eq 1; then tests=test; All=; \ + else tests=tests; All="All "; fi; \ + case fail=$$fail:xpass=$$xpass:xfail=$$xfail in \ + fail=0:xpass=0:xfail=0) \ + msg="$$All$$all $$tests passed. "; \ + exit=true;; \ + fail=0:xpass=0:xfail=*) \ + msg="$$All$$all $$tests behaved as expected"; \ + if test "$$xfail" -eq 1; then xfailures=failure; \ + else xfailures=failures; fi; \ + msg="$$msg ($$xfail expected $$xfailures). "; \ + exit=true;; \ + fail=*:xpass=0:xfail=*) \ + msg="$$fail of $$all $$tests failed. "; \ + exit=false;; \ + fail=*:xpass=*:xfail=*) \ + msg="$$failures of $$all $$tests did not behave as expected"; \ + if test "$$xpass" -eq 1; then xpasses=pass; \ + else xpasses=passes; fi; \ + msg="$$msg ($$xpass unexpected $$xpasses). "; \ + exit=false;; \ + *) \ + echo >&2 "incorrect case"; exit 4;; \ + esac; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + msg="$$msg($$skip test was not run). "; \ + else \ + msg="$$msg($$skip tests were not run). "; \ + fi; \ + fi; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + echo "$$msg"; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for f in $$list; do \ + test -r $$f && read line < $$f || line=; \ + case $$line in \ + PASS:*|XFAIL:*);; \ + *) echo; cat $$f;; \ + esac; \ + done; \ + } >$(TEST_SUITE_LOG).tmp; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if test "$$failures" -ne 0; then \ + msg="$${msg}See $(subdir)/$(TEST_SUITE_LOG). "; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + msg="$${msg}Please report to $(PACKAGE_BUGREPORT). "; \ + fi; \ + fi; \ + test x"$$VERBOSE" = x || $$exit || cat $(TEST_SUITE_LOG); \ + $(am__tty_colors); \ + if $$exit; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$$msg" | $(am__text_box) "col=$$col" "std=$$std"; \ + $$exit || exit 1 + +check-TESTS recheck: + @if test $@ != recheck; then \ + list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list; \ + fi + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @list='' list2='$(TEST_LOGS)'; for f in $$list2; do \ + test .log = $$f && continue; \ + if test $@ = recheck; then \ + test -f $$f || continue; \ + if test -r $$f && read line < $$f; then \ + case $$line in FAIL*|XPASS*) : ;; *) continue;; esac; \ fi; \ - test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ - dashes="$$skipped"; \ fi; \ - report=""; \ - if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ - report="Please report to $(PACKAGE_BUGREPORT)"; \ - test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ - dashes="$$report"; \ - fi; \ - dashes=`echo "$$dashes" | sed s/./=/g`; \ - if test "$$failed" -eq 0; then \ - col="$$grn"; \ - else \ - col="$$red"; \ - fi; \ - echo "$${col}$$dashes$${std}"; \ - echo "$${col}$$banner$${std}"; \ - test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ - test -z "$$report" || echo "$${col}$$report$${std}"; \ - echo "$${col}$$dashes$${std}"; \ - test "$$failed" -eq 0; \ - else :; fi + if test -z "$$list"; then list=$$f; else list="$$list $$f"; fi; \ + done; \ + if test $@ = recheck && test -n "$$list"; then \ + echo "am--clean: ; rm -f $$list" \ + | $(MAKE) $(AM_MAKEFLAGS) -f - am--clean || exit 1; \ + fi; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$list" +recheck: $(check_PROGRAMS) $(check_SCRIPTS) $(check_DATA) + +am--mostlyclean-test-html: + list='$(TEST_LOGS:.log=.html)'; test -z "$$list" || rm -f $$list + rm -f $(TEST_SUITE_HTML) + +.log.html: + @list='$(RST2HTML) $$RST2HTML rst2html rst2html.py'; \ + for r2h in $$list; do \ + if ($$r2h --version) >/dev/null 2>&1; then \ + R2H=$$r2h; \ + fi; \ + done; \ + if test -z "$$R2H"; then \ + echo >&2 "cannot find rst2html, cannot create $@"; \ + exit 2; \ + fi; \ + $$R2H $< >$@.tmp + @mv $@.tmp $@ + +# Be sure to run check first, and then to convert the result. +# Beware of concurrent executions. Run "check" not "check-TESTS", as +# check-SCRIPTS and other dependencies are rebuilt by the former only. +# And expect check to fail. +check-html recheck-html: + @target=`echo $@ | sed 's/-html$$//'`; \ + rv=0; $(MAKE) $(AM_MAKEFLAGS) $$target || rv=$$?; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_HTML) TEST_LOGS= || exit 4; \ + exit $$rv +.sh.log: + @p='$<'; $(am__check_pre) $(SH_LOG_COMPILE) "$$tst" $(am__check_post) +@am__EXEEXT_TRUE@.sh$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; $(am__check_pre) $(SH_LOG_COMPILE) "$$tst" $(am__check_post) distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -394,6 +604,9 @@ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS_TMP)" || rm -f $(TEST_LOGS_TMP) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) @@ -410,8 +623,10 @@ clean-am: clean-checkPROGRAMS clean-generic mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags dvi: dvi-am @@ -454,12 +669,14 @@ installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am -mostlyclean-am: mostlyclean-compile mostlyclean-generic +mostlyclean-am: am--mostlyclean-test-html mostlyclean-compile \ + mostlyclean-generic pdf: pdf-am @@ -471,36 +688,44 @@ uninstall-am: -.MAKE: check-am install-am install-strip +.MAKE: check-am check-html install-am install-strip recheck-html -.PHONY: all all-am check check-TESTS check-am clean \ - clean-checkPROGRAMS clean-generic distclean distclean-compile \ - distclean-generic distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ - uninstall uninstall-am +.PHONY: CTAGS GTAGS all all-am am--mostlyclean-test-html check \ + check-TESTS check-am check-html clean clean-checkPROGRAMS \ + clean-generic ctags distclean distclean-compile \ + distclean-generic distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic pdf pdf-am ps ps-am recheck recheck-html \ + tags uninstall uninstall-am -test.pecoff: test.elf +test-%.pecoff: test-%.elf $(OBJCOPY) -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel \ -j .rela -j .reloc \ --target=efi-app-$(test_image_arch) $^ $@ $(STRIP) $@ -test.elf: LDFLAGS = -nostdlib -T $(test_lds) -m64 -test.elf: test.$(OBJEXT) $(test_lds) - $(LINK) $< +test-x86_64.pecoff: test_image_arch = x86-64 +test-x86_64.pecoff: test_lds = $(srcdir)/test-x86_64.lds +test-x86_64.pecoff: ASFLAGS += -m64 +test-x86_64.pecoff: LDFLAGS += -m64 +test-i386.pecoff: test_image_arch = i386 +test-i386.pecoff: test_lds = $(srcdir)/test-i386.lds +test-i386.pecoff: ASFLAGS += -m32 +test-i386.pecoff: LDFLAGS += -m32 -.INTERMEDIATE: test.elf +test-%.elf: LDFLAGS = -nostdlib -T $(test_lds) +test-%.elf: test-%.$(OBJEXT) $(test_lds) + $(LINK) $< -test.$(OBJEXT): ASFLAGS = -m64 -test.$(OBJEXT): $(srcdir)/test.S +test-%.$(OBJEXT): $(srcdir)/test.S $(COMPILE.S) -o $@ $^ $(test_key): Makefile diff -Nru sbsigntool-0.3/tests/reattach-warning.sh sbsigntool-0.4/tests/reattach-warning.sh --- sbsigntool-0.3/tests/reattach-warning.sh 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/reattach-warning.sh 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,10 @@ +#!/bin/bash -e + +signed="test.signed" +sig="test.sig" + +"$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image" +cp "$image" "$signed" +"$sbattach" --attach "$sig" "$signed" +"$sbattach" --attach "$sig" "$signed" 2>&1 | + grep '^warning: overwriting' diff -Nru sbsigntool-0.3/tests/resign-warning.sh sbsigntool-0.4/tests/resign-warning.sh --- sbsigntool-0.3/tests/resign-warning.sh 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/resign-warning.sh 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,7 @@ +#!/bin/bash -e + +signed="test.signed" + +"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image" +"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$signed" 2>&1 | + grep '^warning: overwriting' diff -Nru sbsigntool-0.3/tests/sign-attach-verify.sh sbsigntool-0.4/tests/sign-attach-verify.sh --- sbsigntool-0.3/tests/sign-attach-verify.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-attach-verify.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - sig="test.sig" signed="test.signed" diff -Nru sbsigntool-0.3/tests/sign-detach-verify.sh sbsigntool-0.4/tests/sign-detach-verify.sh --- sbsigntool-0.3/tests/sign-detach-verify.sh 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/sign-detach-verify.sh 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,8 @@ +#!/bin/bash -e + +signed="test.signed" +sig="test.sig" + +"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image" +"$sbattach" --detach "$sig" "$signed" +"$sbverify" --cert "$cert" --detached $sig "$image" diff -Nru sbsigntool-0.3/tests/sign-invalidattach-verify.sh sbsigntool-0.4/tests/sign-invalidattach-verify.sh --- sbsigntool-0.3/tests/sign-invalidattach-verify.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-invalidattach-verify.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - invsig="test.invsig" dd if=/dev/zero of="$invsig" bs=1 count=1k tmp_image=test.pecoff diff -Nru sbsigntool-0.3/tests/sign-missing-cert.sh sbsigntool-0.4/tests/sign-missing-cert.sh --- sbsigntool-0.3/tests/sign-missing-cert.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-missing-cert.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - signed="test.signed" set +e diff -Nru sbsigntool-0.3/tests/sign-missing-image.sh sbsigntool-0.4/tests/sign-missing-image.sh --- sbsigntool-0.3/tests/sign-missing-image.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-missing-image.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - signed="test.signed" set +e diff -Nru sbsigntool-0.3/tests/sign-missing-key.sh sbsigntool-0.4/tests/sign-missing-key.sh --- sbsigntool-0.3/tests/sign-missing-key.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-missing-key.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - signed="test.signed" set +e diff -Nru sbsigntool-0.3/tests/sign-verify-detached.sh sbsigntool-0.4/tests/sign-verify-detached.sh --- sbsigntool-0.3/tests/sign-verify-detached.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-verify-detached.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - sig="test.sig" "$sbsign" --cert "$cert" --key "$key" --detached --output $sig "$image" diff -Nru sbsigntool-0.3/tests/sign-verify.sh sbsigntool-0.4/tests/sign-verify.sh --- sbsigntool-0.3/tests/sign-verify.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/sign-verify.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - signed="test.signed" "$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image" diff -Nru sbsigntool-0.3/tests/test-i386.lds sbsigntool-0.4/tests/test-i386.lds --- sbsigntool-0.3/tests/test-i386.lds 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/test-i386.lds 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,59 @@ +OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386") +OUTPUT_ARCH(i386) +ENTRY(_start) +SECTIONS +{ + . = 0; + ImageBase = .; + .hash : { *(.hash) } /* this MUST come first! */ + . = ALIGN(4096); + .eh_frame : + { + *(.eh_frame) + } + . = ALIGN(4096); + .text : + { + *(.text) + } + . = ALIGN(4096); + .reloc : + { + *(.reloc) + } + . = ALIGN(4096); + .data : + { + *(.rodata*) + *(.got.plt) + *(.got) + *(.data*) + *(.sdata) + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + *(.rel.local) + } + . = ALIGN(4096); + .dynamic : { *(.dynamic) } + . = ALIGN(4096); + .rela : + { + *(.rela.data*) + *(.rela.got) + *(.rela.stab) + } + . = ALIGN(4096); + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + .ignored.reloc : + { + *(.rela.reloc) + } +} diff -Nru sbsigntool-0.3/tests/test.lds sbsigntool-0.4/tests/test.lds --- sbsigntool-0.3/tests/test.lds 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/test.lds 1970-01-01 01:00:00.000000000 +0100 @@ -1,60 +0,0 @@ -/* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */ -OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64") -OUTPUT_ARCH(i386:x86-64) -ENTRY(_start) -SECTIONS -{ - . = 0; - ImageBase = .; - .hash : { *(.hash) } /* this MUST come first! */ - . = ALIGN(4096); - .eh_frame : - { - *(.eh_frame) - } - . = ALIGN(4096); - .text : - { - *(.text) - } - . = ALIGN(4096); - .reloc : - { - *(.reloc) - } - . = ALIGN(4096); - .data : - { - *(.rodata*) - *(.got.plt) - *(.got) - *(.data*) - *(.sdata) - /* the EFI loader doesn't seem to like a .bss section, so we stick - it all into .data: */ - *(.sbss) - *(.scommon) - *(.dynbss) - *(.bss) - *(COMMON) - *(.rel.local) - } - . = ALIGN(4096); - .dynamic : { *(.dynamic) } - . = ALIGN(4096); - .rela : - { - *(.rela.data*) - *(.rela.got) - *(.rela.stab) - } - . = ALIGN(4096); - .dynsym : { *(.dynsym) } - . = ALIGN(4096); - .dynstr : { *(.dynstr) } - . = ALIGN(4096); - .ignored.reloc : - { - *(.rela.reloc) - } -} diff -Nru sbsigntool-0.3/tests/test-wrapper.sh sbsigntool-0.4/tests/test-wrapper.sh --- sbsigntool-0.3/tests/test-wrapper.sh 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/test-wrapper.sh 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,52 @@ +#!/bin/bash + +# set a few global variables that may be used by the test +basedir=$(cd $srcdir && pwd) +datadir=$(pwd) +bindir="$datadir/../src" + +sbsign=$bindir/sbsign +sbverify=$bindir/sbverify +sbattach=$bindir/sbattach + +key="$datadir/private-key.rsa" +cert="$datadir/public-cert.pem" + +export basedir datadir bindir sbsign sbverify sbattach key cert + +# 'test' needs to be an absolute path, as we will cd to a temporary +# directory before running the test +test="$PWD/$1" +rc=0 + +function run_test() +{ + test="$1" + + # image depends on the test arch + image="$datadir/test-$arch.pecoff" + export image + + # create the temporary directory... + tempdir=$(mktemp --directory) + + # ... and run the test in it. + ( cd "$tempdir"; $test ) + + if [ $? -ne 0 ] + then + echo "test $(basename $test) failed on arch $arch" + echo + rc=1 + fi + + rm -rf "$tempdir" +} + +# run test on all available arches +for arch in $TEST_ARCHES +do + run_test $test +done + +exit $rc diff -Nru sbsigntool-0.3/tests/test-x86_64.lds sbsigntool-0.4/tests/test-x86_64.lds --- sbsigntool-0.3/tests/test-x86_64.lds 1970-01-01 01:00:00.000000000 +0100 +++ sbsigntool-0.4/tests/test-x86_64.lds 2012-10-01 14:33:31.000000000 +0100 @@ -0,0 +1,60 @@ +/* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */ +OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64") +OUTPUT_ARCH(i386:x86-64) +ENTRY(_start) +SECTIONS +{ + . = 0; + ImageBase = .; + .hash : { *(.hash) } /* this MUST come first! */ + . = ALIGN(4096); + .eh_frame : + { + *(.eh_frame) + } + . = ALIGN(4096); + .text : + { + *(.text) + } + . = ALIGN(4096); + .reloc : + { + *(.reloc) + } + . = ALIGN(4096); + .data : + { + *(.rodata*) + *(.got.plt) + *(.got) + *(.data*) + *(.sdata) + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + *(.rel.local) + } + . = ALIGN(4096); + .dynamic : { *(.dynamic) } + . = ALIGN(4096); + .rela : + { + *(.rela.data*) + *(.rela.got) + *(.rela.stab) + } + . = ALIGN(4096); + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + .ignored.reloc : + { + *(.rela.reloc) + } +} diff -Nru sbsigntool-0.3/tests/verify-missing-cert.sh sbsigntool-0.4/tests/verify-missing-cert.sh --- sbsigntool-0.3/tests/verify-missing-cert.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/verify-missing-cert.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - signed="test.signed" "$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image" diff -Nru sbsigntool-0.3/tests/verify-missing-image.sh sbsigntool-0.4/tests/verify-missing-image.sh --- sbsigntool-0.3/tests/verify-missing-image.sh 2012-06-26 16:28:29.000000000 +0100 +++ sbsigntool-0.4/tests/verify-missing-image.sh 2012-10-01 14:33:31.000000000 +0100 @@ -1,7 +1,5 @@ #!/bin/bash -e -. "$srcdir/common.sh" - signed="test.signed" set +e