make argument for '-u' option as optional

-u required to provide uuid or '-', which was confusing. Now -u does not require '-' argument to read uuid automatically. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
2025-04-28 14:43:37 +02:00 · 2013-08-13 16:08:16 +03:00 · 2013-08-13 16:08:16 +03:00 · b3a5fcbca2
commit b3a5fcbca2
parent 59ef0a0b99
2 changed files with 10 additions and 8 deletions
--- a/11
+++ b/11
@ -15,7 +15,8 @@ Key and signature formats
 EVM support (v2) in latest version of the kernel adds the file system UUID to
 the HMAC calculation. It is controlled by the CONFIG_EVM_HMAC_VERSION and
 version 2 is enabled by default. To include the UUID to the signature calculation,
-it is necessary to provide '--uuid -' or '-u -' parameter to the 'sign' command.
+it is necessary to provide '--uuid' or '-u' parameter to the 'sign' command.
 UUID can be provided on command line in form of '-uUUID' or '--uuid=UUID'.
 Latest kernel got IMA/EVM support for using X509 certificates and asymmetric key
 support for verifying digital signatures. The new command line parameter
@ -121,15 +122,15 @@ Default private key: /etc/keys/privkey_evm.pem
 Default X509 certificate: /etc/keys/x509_evm.der
 Signing for using X509 certificates is done using '-x' or '--x509' parameter.
-Signing for using new the EVM HMAC format is done using '-u -' or '--uuid -' parameter.
+Signing for using new the EVM HMAC format is done using '-u' or '--uuid' parameter.
 Sign file with EVM signature and use hash value for IMA - common case
-    $ evmctl sign [-u -] [-x] --imahash test.txt
+    $ evmctl sign [-u] [-x] --imahash test.txt
 Sign file with both IMA and EVM signatures - for immutable files
-    $ evmctl sign [-u -] [-x] --imasig test.txt
+    $ evmctl sign [-u] [-x] --imasig test.txt
 Sign file with IMA signature - for immutable files
@ -137,7 +138,7 @@ Sign file with IMA signature - for immutable files
 Label whole filesystem with EVM signatures
-    $ find / \( -fstype rootfs -o -fstype ext4 \) -exec evmctl sign [-u -] [-x] --imahash '{}' \;
+    $ find / \( -fstype rootfs -o -fstype ext4 \) -exec evmctl sign [-u] [-x] --imahash '{}' \;
 Label filesystem in fix mode - kernel sets correct values to IMA and EVM xattrs
--- a/src/evmctl.c
+++ b/src/evmctl.c
@ -1639,6 +1639,7 @@ static void usage(void)
 		"  -x, --x509         signing key is in x509 DER format (signing v2 for using asymmetric keys)\n"
 		"  -k, --key          path to signing key (default keys are /etc/keys/{privkey,pubkey}_evm.pem)\n"
 		"  -p, --pass         password for encrypted signing key\n"
 		"  -u, --uuid         use file system UUID in HMAC calculation (EVM v2)\n"
 		"  -n                 print result to stdout instead of setting xattr\n"
 		"  -v                 increase verbosity level\n"
 		"  -h, --help         display this help and exit\n"
@ -1667,7 +1668,7 @@ static struct option opts[] = {
 	{"pass", 1, 0, 'p'},
 	{"sigfile", 0, 0, 'f'},
 	{"modsig", 0, 0, 'm'},
-	{"uuid", 1, 0, 'u'},
+	{"uuid", 2, 0, 'u'},
 	{"x509", 0, 0, 'x'},
 	{"key", 1, 0, 'k'},
 	{}
@ -1685,7 +1686,7 @@ int main(int argc, char *argv[])
 	verify_hash = verify_hash_v1;
 	while (1) {
-		c = getopt_long(argc, argv, "hvnsda:p:fu:xk:", opts, &lind);
+		c = getopt_long(argc, argv, "hvnsda:p:fu::xk:", opts, &lind);
 		if (c == -1)
 			break;
@ -1724,7 +1725,7 @@ int main(int argc, char *argv[])
 			xattr = 0;
 			break;
 		case 'u':
-			uuid_str = optarg;
+			uuid_str = optarg ?: "-";
 			break;
 		case 'x':
 			x509 = 1;