Print the EFI certs in the state command (#98)

* Print the EFI certs in the state command Signed-off-by: Itxaka <[email protected]> * Fix key for yaml/json output Signed-off-by: Itxaka <[email protected]> * Fix go.mod Signed-off-by: Itxaka <[email protected]> * Move things around Signed-off-by: Itxaka <[email protected]> * Fix format Signed-off-by: Itxaka <[email protected]> --------- Signed-off-by: Itxaka <[email protected]>
kairos-io · Apr 17, 2024 · 599359e · 599359e
1 parent 3a78f99
commit 599359e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 5 deletions.
diff --git a/go.mod b/go.mod
@@ -72,8 +72,8 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/itchyny/timefmt-go v0.1.5 // indirect
 	github.com/jaypipes/pcidb v1.0.0 // indirect
-	github.com/kr/pretty v0.2.1 // indirect
 	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/kr/pretty v0.2.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/lithammer/fuzzysearch v1.1.8 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect

diff --git a/state/state.go b/state/state.go
@@ -11,6 +11,7 @@ import (
 	"github.com/itchyny/gojq"
 	"github.com/jaypipes/ghw"
 	"github.com/jaypipes/ghw/pkg/block"
+	"github.com/kairos-io/kairos-sdk/signatures"
 	"github.com/kairos-io/kairos-sdk/types"
 	"github.com/kairos-io/kairos-sdk/utils"
 	"github.com/rs/zerolog"
@@ -47,10 +48,11 @@ type PartitionState struct {
 }
 
 type Kairos struct {
-	Flavor     string `yaml:"flavor" json:"flavor"`
-	Version    string `yaml:"version" json:"version"`
-	Init       string `yaml:"init" json:"init"`
-	SecureBoot bool   `yaml:"secureboot" json:"secureboot"`
+	Flavor     string         `yaml:"flavor" json:"flavor"`
+	Version    string         `yaml:"version" json:"version"`
+	Init       string         `yaml:"init" json:"init"`
+	SecureBoot bool           `yaml:"secureboot" json:"secureboot"`
+	EfiCerts   types.EfiCerts `yaml:"eficerts,omitempty" json:"eficerts,omitempty"`
 }
 
 type Runtime struct {
@@ -309,11 +311,28 @@ func detectKairos(r *Runtime) {
 		k.Version = v
 	}
 	k.Init = utils.GetInit()
+	k.EfiCerts = getEfiCertsCommonNames()
 	k.SecureBoot = efi.GetSecureBoot()
 	r.Kairos = *k
 
 }
 
+// getEfiCertsCommonNames returns a simple list of the Common names of the certs
+func getEfiCertsCommonNames() types.EfiCerts {
+	var data types.EfiCerts
+	certs, _ := signatures.GetAllCerts() // Ignore errors here, we dont care about them, we only want the presentation of the names
+	for _, c := range certs.PK {
+		data.PK = append(data.PK, c.Issuer.CommonName)
+	}
+	for _, c := range certs.KEK {
+		data.KEK = append(data.KEK, c.Issuer.CommonName)
+	}
+	for _, c := range certs.DB {
+		data.DB = append(data.DB, c.Issuer.CommonName)
+	}
+	return data
+}
+
 func NewRuntimeWithLogger(logger zerolog.Logger) (Runtime, error) {
 	logger.Info().Msg("creating a runtime")
 	runtime := &Runtime{

diff --git a/types/certs.go b/types/certs.go
@@ -13,3 +13,10 @@ type CertDetail struct {
 	Owner  pkix.Name
 	Issuer pkix.Name
 }
+
+// EfiCerts is a simplified version of a CertList which only provides the Common names for the certs
+type EfiCerts struct {
+	PK  []string
+	KEK []string
+	DB  []string
+}