| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
mkstemp will generate the temp file with permissions 0600 so the
umask(0644) is causing the file to have permissions of 0000, making
signature files unreadable
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
Fixes Coverity defect CIDs 143606, 143610
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix several errors in copy_file_secure_dest() found by Coverity and some
minor formatting issues:
143603: Correctly handle mkstemp() return value
143605: Avoid accessing dest_filename[-1] on readlink() error
143606, 143610: Avoid accessing dest_filename[sizeof(dest_filename)]
143607: Fix incorrectly passing sizeof(pointer) to fread()
143608, 143611: Cleanup resources on early exit
143609: Explicitly set umask before calling mkstemp()
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
|
|
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
