From 599359ec307a77b42f81b9ae781110b7712c0fc7 Mon Sep 17 00:00:00 2001 From: Itxaka Date: Wed, 17 Apr 2024 14:57:57 +0000 Subject: [PATCH] Print the EFI certs in the state command (#98) * Print the EFI certs in the state command Signed-off-by: Itxaka * Fix key for yaml/json output Signed-off-by: Itxaka * Fix go.mod Signed-off-by: Itxaka * Move things around Signed-off-by: Itxaka * Fix format Signed-off-by: Itxaka --------- Signed-off-by: Itxaka --- go.mod | 2 +- state/state.go | 27 +++++++++++++++++++++++---- types/certs.go | 7 +++++++ 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 5a626db..41f3d31 100644 --- a/go.mod +++ b/go.mod @@ -72,8 +72,8 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect github.com/jaypipes/pcidb v1.0.0 // indirect - github.com/kr/pretty v0.2.1 // indirect github.com/klauspost/compress v1.17.4 // indirect + github.com/kr/pretty v0.2.1 // indirect github.com/kr/text v0.2.0 // indirect github.com/lithammer/fuzzysearch v1.1.8 // indirect github.com/mattn/go-colorable v0.1.13 // indirect diff --git a/state/state.go b/state/state.go index fec308d..b4cb562 100644 --- a/state/state.go +++ b/state/state.go @@ -11,6 +11,7 @@ import ( "github.com/itchyny/gojq" "github.com/jaypipes/ghw" "github.com/jaypipes/ghw/pkg/block" + "github.com/kairos-io/kairos-sdk/signatures" "github.com/kairos-io/kairos-sdk/types" "github.com/kairos-io/kairos-sdk/utils" "github.com/rs/zerolog" @@ -47,10 +48,11 @@ type PartitionState struct { } type Kairos struct { - Flavor string `yaml:"flavor" json:"flavor"` - Version string `yaml:"version" json:"version"` - Init string `yaml:"init" json:"init"` - SecureBoot bool `yaml:"secureboot" json:"secureboot"` + Flavor string `yaml:"flavor" json:"flavor"` + Version string `yaml:"version" json:"version"` + Init string `yaml:"init" json:"init"` + SecureBoot bool `yaml:"secureboot" json:"secureboot"` + EfiCerts types.EfiCerts `yaml:"eficerts,omitempty" json:"eficerts,omitempty"` } type Runtime struct { @@ -309,11 +311,28 @@ func detectKairos(r *Runtime) { k.Version = v } k.Init = utils.GetInit() + k.EfiCerts = getEfiCertsCommonNames() k.SecureBoot = efi.GetSecureBoot() r.Kairos = *k } +// getEfiCertsCommonNames returns a simple list of the Common names of the certs +func getEfiCertsCommonNames() types.EfiCerts { + var data types.EfiCerts + certs, _ := signatures.GetAllCerts() // Ignore errors here, we dont care about them, we only want the presentation of the names + for _, c := range certs.PK { + data.PK = append(data.PK, c.Issuer.CommonName) + } + for _, c := range certs.KEK { + data.KEK = append(data.KEK, c.Issuer.CommonName) + } + for _, c := range certs.DB { + data.DB = append(data.DB, c.Issuer.CommonName) + } + return data +} + func NewRuntimeWithLogger(logger zerolog.Logger) (Runtime, error) { logger.Info().Msg("creating a runtime") runtime := &Runtime{ diff --git a/types/certs.go b/types/certs.go index 66c7ed1..5f5e0ed 100644 --- a/types/certs.go +++ b/types/certs.go @@ -13,3 +13,10 @@ type CertDetail struct { Owner pkix.Name Issuer pkix.Name } + +// EfiCerts is a simplified version of a CertList which only provides the Common names for the certs +type EfiCerts struct { + PK []string + KEK []string + DB []string +}