[Libosinfo] [v2 5/8] install-config: API to enable/disable driver signing
Christophe Fergeau
cfergeau at redhat.com
Wed Feb 13 17:31:38 UTC 2013
On Sun, Feb 10, 2013 at 06:41:06PM +0200, Zeeshan Ali (Khattak) wrote:
> From: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
>
> Currently only used by Windows XP.
As we more or less agreed in the previous thread, I'd much prefer if we
could do this automatically (disable signature checks during install if the
user picked unsigned drivers, reenable signature checks after driver
installation). However, since figuring out if this is doable or not may
take some time, I suggest we get the rest of the series in first, and then
add this patch on top if there is no other choice (adding API is always ok,
removing API is not possible).
> ---
> data/install-scripts/windows-sif.xml | 8 ++++++++
> osinfo/libosinfo.syms | 2 ++
> osinfo/osinfo_install_config.c | 25 +++++++++++++++++++++++++
> osinfo/osinfo_install_config.h | 6 ++++++
> 4 files changed, 41 insertions(+)
>
> diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
> index 262e6ec..3bb79c8 100644
> --- a/data/install-scripts/windows-sif.xml
> +++ b/data/install-scripts/windows-sif.xml
> @@ -11,6 +11,7 @@
> <param name="admin-password" policy="optional"/>
> <param name="reg-product-key" policy="required"/>
> <param name="user-realname" policy="required"/>
> + <param name="driver-signing" policy="optional"/>
> </config>
> <template>
> <xsl:stylesheet
> @@ -30,6 +31,9 @@
> UnattendMode=FullUnattended
> OemSkipEula=Yes
> OemPreinstall=No
> +<xsl:if test="config/driver-signing = 'false'">
> + DriverSigningPolicy=Ignore
> +</xsl:if>
> TargetPath=\WINDOWS
> Repartition=Yes
> WaitForReboot=No
> @@ -80,6 +84,7 @@
> <param name="user-realname" policy="required"/>
> <param name="hostname" policy="required"/>
> <param name="script-disk" policy="optional"/>
> + <param name="driver-signing" policy="optional"/>
> </config>
> <template>
> <xsl:stylesheet
> @@ -136,6 +141,9 @@
> UnattendMode=FullUnattended
> OemSkipEula=Yes
> OemPreinstall=No
> +<xsl:if test="config/driver-signing = 'false'">
> + DriverSigningPolicy=Ignore
> +</xsl:if>
> <xsl:choose>
> <xsl:when test="os/version > 5.0"> <!-- winxp, win2k3, win2k3r2 -->
> TargetPath=\WINDOWS
> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
> index 70202f5..17083ea 100644
> --- a/osinfo/libosinfo.syms
> +++ b/osinfo/libosinfo.syms
> @@ -401,6 +401,8 @@ LIBOSINFO_0.2.3 {
>
> LIBOSINFO_0.2.4 {
> global:
> + osinfo_install_config_get_driver_signing;
> + osinfo_install_config_set_driver_signing;
> osinfo_device_driver_format_get_type;
> osinfo_device_driver_get_format;
> osinfo_device_driver_get_signed;
> diff --git a/osinfo/osinfo_install_config.c b/osinfo/osinfo_install_config.c
> index 1712be5..f6d2561 100644
> --- a/osinfo/osinfo_install_config.c
> +++ b/osinfo/osinfo_install_config.c
> @@ -641,6 +641,31 @@ const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInsta
> OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION);
> }
>
> +/**
> + * osinfo_install_config_set_driver_signing:
> + * @config: the install config
> + * @signing: boolean value
> + *
> + * If a script requires drivers to be signed, this function can be used to
> + * disable that security feature. WARNING: Disable driver signing may very well
> + * mean disabling it permanently.
I'd write the "WARNING" as "Disabling driver signing can disable driver
signature checks permanently, even after installation"
Looks good otherwise.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20130213/5452b9c9/attachment.sig>
More information about the Libosinfo
mailing list