New structure

Signed-off-by: Morten Linderud <morten@linderud.pw>

bundles.go

@@ -8,7 +8,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strings"
 
 	"github.com/foxboron/sbctl/logging"
 )
@@ -126,31 +125,3 @@ func GenerateBundle(bundle *Bundle) (bool, error) {
 	logging.Print("Wrote EFI bundle %s\n", bundle.Output)
 	return true, nil
 }
-
-func FormatBundle(name string, bundle *Bundle) {
-	logging.Println(name)
-	logging.Print("\tSigned:\t\t")
-	if ok, _ := VerifyFile(DBCert, name); ok {
-		logging.Ok("Signed")
-	} else {
-		logging.NotOk("Not Signed")
-	}
-	esp := GetESP()
-	logging.Print("\tESP Location:\t%s\n", esp)
-	logging.Print("\tOutput:\t\t└─%s\n", strings.TrimPrefix(bundle.Output, esp))
-	logging.Print("\tEFI Stub Image:\t  └─%s\n", bundle.EFIStub)
-	if bundle.Splash != "" {
-		logging.Print("\tSplash Image:\t    ├─%s\n", bundle.Splash)
-	}
-	logging.Print("\tCmdline:\t    ├─%s\n", bundle.Cmdline)
-	logging.Print("\tOS Release:\t    ├─%s\n", bundle.OSRelease)
-	logging.Print("\tKernel Image:\t    ├─%s\n", bundle.KernelImage)
-	logging.Print("\tInitramfs Image:    └─%s\n", bundle.Initramfs)
-	if bundle.AMDMicrocode != "" {
-		logging.Print("\tAMD Microcode:        └─%s\n", bundle.AMDMicrocode)
-	}
-	if bundle.IntelMicrocode != "" {
-		logging.Print("\tIntel Microcode:      └─%s\n", bundle.IntelMicrocode)
-	}
-	logging.Println("")
-}

cmd/sbctl/bundle.go

@@ -0,0 +1,99 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/foxboron/sbctl"
+	"github.com/foxboron/sbctl/logging"
+	"github.com/spf13/cobra"
+)
+
+var (
+	amducode   string
+	intelucode string
+	splashImg  string
+	osRelease  string
+	efiStub    string
+	kernelImg  string
+	cmdline    string
+	initramfs  string
+	espPath    string
+	saveBundle bool
+)
+
+var bundleCmd = &cobra.Command{
+	Use:   "bundle",
+	Short: "Bundle the needed files for an EFI stub image",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if len(args) < 1 {
+			logging.Print("Requires a file to sign...\n")
+			os.Exit(1)
+		}
+		checkFiles := []string{amducode, intelucode, splashImg, osRelease, efiStub, kernelImg, cmdline, initramfs}
+		for _, path := range checkFiles {
+			if path == "" {
+				continue
+			}
+			if _, err := os.Stat(path); os.IsNotExist(err) {
+				logging.Print("%s does not exist!\n", path)
+				os.Exit(1)
+			}
+		}
+		bundle := sbctl.NewBundle()
+		output, err := filepath.Abs(args[0])
+		if err != nil {
+			return err
+		}
+		// Fail early if user wants to save bundle but doesn't have permissions
+		var bundles sbctl.Bundles
+		if saveBundle {
+			// "err" needs to have been declared before this, otherwise it's necessary
+			// to use ":=", which shadows the "bundles" variable
+			bundles, err = sbctl.ReadBundleDatabase(sbctl.BundleDBPath)
+			if err != nil {
+				return err
+			}
+		}
+		bundle.Output = output
+		bundle.IntelMicrocode = intelucode
+		bundle.AMDMicrocode = amducode
+		bundle.KernelImage = kernelImg
+		bundle.Initramfs = initramfs
+		bundle.Cmdline = cmdline
+		bundle.Splash = splashImg
+		bundle.OSRelease = osRelease
+		bundle.EFIStub = efiStub
+		bundle.ESP = espPath
+		if err = sbctl.CreateBundle(*bundle); err != nil {
+			return err
+		}
+		if saveBundle {
+			bundles[bundle.Output] = bundle
+			sbctl.WriteBundleDatabase(sbctl.BundleDBPath, bundles)
+		}
+		return nil
+	},
+}
+
+func bundleCmdFlags(cmd *cobra.Command) {
+	esp := sbctl.GetESP()
+	f := cmd.Flags()
+	f.StringVarP(&amducode, "amducode", "a", "", "AMD microcode location")
+	f.StringVarP(&intelucode, "intelucode", "i", "", "Intel microcode location")
+	f.StringVarP(&splashImg, "splash-img", "l", "", "Boot splash image location")
+	f.StringVarP(&osRelease, "os-release", "o", "/usr/lib/os-release", "OS Release file location")
+	f.StringVarP(&efiStub, "efi-stub", "e", "/usr/lib/systemd/boot/efi/linuxx64.efi.stub", "EFI Stub location")
+	f.StringVarP(&kernelImg, "kernel-img", "k", "/boot/vmlinuz-linux", "Kernel image location")
+	f.StringVarP(&cmdline, "cmdline", "c", "/etc/kernel/cmdline", "Cmdline location")
+	f.StringVarP(&initramfs, "initramfs", "f", "/boot/initramfs-linux.img", "Initramfs location")
+	f.StringVarP(&espPath, "esp", "p", esp, "ESP location")
+	f.BoolVarP(&saveBundle, "save", "s", false, "save bundle to the database")
+}
+
+func init() {
+	bundleCmdFlags(bundleCmd)
+	CliCommands = append(CliCommands, cliCommand{
+		Cmd: bundleCmd,
+	})
+}

cmd/sbctl/completions.go

@@ -0,0 +1,51 @@
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionCmd = &cobra.Command{Use: "completion"}
+
+func completionBashCmd() *cobra.Command {
+	var completionCmd = &cobra.Command{
+		Use:    "bash",
+		Hidden: true,
+		Run: func(cmd *cobra.Command, args []string) {
+			rootCmd.GenBashCompletion(os.Stdout)
+		},
+	}
+	return completionCmd
+}
+
+func completionZshCmd() *cobra.Command {
+	var completionCmd = &cobra.Command{
+		Use:    "zsh",
+		Hidden: true,
+		Run: func(cmd *cobra.Command, args []string) {
+			rootCmd.GenZshCompletion(os.Stdout)
+		},
+	}
+	return completionCmd
+}
+
+func completionFishCmd() *cobra.Command {
+	var completionCmd = &cobra.Command{
+		Use:    "fish",
+		Hidden: true,
+		Run: func(cmd *cobra.Command, args []string) {
+			rootCmd.GenFishCompletion(os.Stdout, true)
+		},
+	}
+	return completionCmd
+}
+
+func init() {
+	completionCmd.AddCommand(completionBashCmd())
+	completionCmd.AddCommand(completionZshCmd())
+	completionCmd.AddCommand(completionFishCmd())
+	CliCommands = append(CliCommands, cliCommand{
+		Cmd: completionCmd,
+	})
+}

cmd/sbctl/create-keys.go

@@ -0,0 +1,20 @@
+package main
+
+import (
+	"github.com/foxboron/sbctl"
+	"github.com/spf13/cobra"
+)
+
+var createKeysCmd = &cobra.Command{
+	Use:   "create-keys",
+	Short: "Create a set of secure boot signing keys",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return sbctl.CreateKeys()
+	},
+}
+
+func init() {
+	CliCommands = append(CliCommands, cliCommand{
+		Cmd: createKeysCmd,
+	})
+}

cmd/sbctl/enroll-keys.go

@@ -0,0 +1,20 @@
+package main
+
+import (
+	"github.com/foxboron/sbctl"
+	"github.com/spf13/cobra"
+)
+
+var enrollKeysCmd = &cobra.Command{
+	Use:   "enroll-keys",
+	Short: "Enroll the current keys to EFI",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return sbctl.SyncKeys()
+	},
+}
+
+func init() {
+	CliCommands = append(CliCommands, cliCommand{
+		Cmd: enrollKeysCmd,
+	})
+}

cmd/sbctl/generate-bundles.go

@@ -0,0 +1,30 @@
+package main
+
+import (
+	"github.com/foxboron/sbctl"
+	"github.com/spf13/cobra"
+)
+
+var (
+	sign bool
+)
+
+var generateBundlesCmd = &cobra.Command{
+	Use:   "generate-bundles",
+	Short: "Generate all EFI stub bundles",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return sbctl.GenerateAllBundles(sign)
+	},
+}
+
+func generateBundlesCmdFlags(cmd *cobra.Command) {
+	f := cmd.Flags()
+	f.BoolVarP(&sign, "sign", "s", false, "Sign all the generated bundles")
+}
+
+func init() {
+	generateBundlesCmdFlags(generateBundlesCmd)
+	CliCommands = append(CliCommands, cliCommand{
+		Cmd: generateBundlesCmd,
+	})
+}

cmd/sbctl/list-bundles.go

@@ -0,0 +1,73 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/foxboron/sbctl"
+	"github.com/foxboron/sbctl/logging"
+	"github.com/spf13/cobra"
+)
+
+type JsonBundle struct {
+	sbctl.Bundle
+	IsSigned bool `json:"is_signed"`
+}
+
+var listBundlesCmd = &cobra.Command{
+	Use:   "list-bundles",
+	Short: "List stored bundles",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		bundles := []JsonBundle{}
+		var isSigned bool
+		err := sbctl.BundleIter(
+			func(s *sbctl.Bundle) error {
+				ok, err := sbctl.VerifyFile(sbctl.DBCert, s.Output)
+				if err != nil {
+					return err
+				}
+				logging.Println("Enrolled bundles:\n")
+				logging.Println(s.Output)
+				logging.Print("\tSigned:\t\t")
+				if ok {
+					isSigned = true
+					logging.Ok("Signed")
+				} else {
+					isSigned = false
+					logging.NotOk("Not Signed")
+				}
+				esp := sbctl.GetESP()
+				logging.Print("\tESP Location:\t%s\n", esp)
+				logging.Print("\tOutput:\t\t└─%s\n", strings.TrimPrefix(s.Output, esp))
+				logging.Print("\tEFI Stub Image:\t  └─%s\n", s.EFIStub)
+				if s.Splash != "" {
+					logging.Print("\tSplash Image:\t    ├─%s\n", s.Splash)
+				}
+				logging.Print("\tCmdline:\t    ├─%s\n", s.Cmdline)
+				logging.Print("\tOS Release:\t    ├─%s\n", s.OSRelease)
+				logging.Print("\tKernel Image:\t    ├─%s\n", s.KernelImage)
+				logging.Print("\tInitramfs Image:    └─%s\n", s.Initramfs)
+				if s.AMDMicrocode != "" {
+					logging.Print("\tAMD Microcode:        └─%s\n", s.AMDMicrocode)
+				}
+				if s.IntelMicrocode != "" {
+					logging.Print("\tIntel Microcode:      └─%s\n", s.IntelMicrocode)
+				}
+				bundles = append(bundles, JsonBundle{*s, isSigned})
+				logging.Println("")
+				return nil
+			})
+		if err != nil {
+			return err
+		}
+		if cmdOptions.JsonOutput {
+			JsonOut(bundles)
+		}
+		return nil
+	},
+}
+
+func init() {
+	CliCommands = append(CliCommands, cliCommand{
+		Cmd: listBundlesCmd,
+	})
+}