[Libosinfo] [v2 6/8] installer: API to query device driver signing requirement
Christophe Fergeau
cfergeau at redhat.com
Thu Feb 14 10:47:41 UTC 2013
On Sun, Feb 10, 2013 at 06:41:07PM +0200, Zeeshan Ali (Khattak) wrote:
> From: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
>
> ---
> data/install-scripts/windows-sif.xml | 2 ++
> data/install-scripts/windows-unattend.xml | 2 ++
> data/schemas/libosinfo.rng | 16 ++++++++++++++++
> osinfo/libosinfo.syms | 3 +++
> osinfo/osinfo_install_script.c | 32 +++++++++++++++++++++++++++++++
> osinfo/osinfo_install_script.h | 31 ++++++++++++++++++++++++++++++
> osinfo/osinfo_loader.c | 2 ++
> 7 files changed, 88 insertions(+)
>
> diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
> index 3bb79c8..9d56e0e 100644
> --- a/data/install-scripts/windows-sif.xml
> +++ b/data/install-scripts/windows-sif.xml
> @@ -6,6 +6,7 @@
> <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
> <expected-filename>winnt.sif</expected-filename>
> <can-pre-install-drivers>true</can-pre-install-drivers>
> + <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
> <pre-install-driver-format>windows</pre-install-driver-format>
> <config>
> <param name="admin-password" policy="optional"/>
> @@ -77,6 +78,7 @@
> <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
> <expected-filename>winnt.sif</expected-filename>
> <can-pre-install-drivers>true</can-pre-install-drivers>
> + <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
> <pre-install-driver-format>windows</pre-install-driver-format>
> <config>
> <param name="admin-password" policy="optional"/>
> diff --git a/data/install-scripts/windows-unattend.xml b/data/install-scripts/windows-unattend.xml
> index e306ec4..03ffb84 100644
> --- a/data/install-scripts/windows-unattend.xml
> +++ b/data/install-scripts/windows-unattend.xml
> @@ -5,6 +5,7 @@
> <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
> <expected-filename>autounattend.xml</expected-filename>
> <can-pre-install-drivers>true</can-pre-install-drivers>
> + <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
> <pre-install-driver-format>windows</pre-install-driver-format>
> <config>
> <param name="admin-password" policy="optional"/>
> @@ -221,6 +222,7 @@
> <product-key-format>$$$$$-$$$$$-$$$$$-$$$$$-$$$$$</product-key-format>
> <expected-filename>autounattend.xml</expected-filename>
> <can-pre-install-drivers>true</can-pre-install-drivers>
> + <pre-install-drivers-signing-req>none</pre-install-drivers-signing-req>
> <pre-install-driver-format>windows</pre-install-driver-format>
> <config>
> <param name="admin-password" policy="optional"/>
> diff --git a/data/schemas/libosinfo.rng b/data/schemas/libosinfo.rng
> index 96b31a7..4d64f8d 100644
> --- a/data/schemas/libosinfo.rng
> +++ b/data/schemas/libosinfo.rng
> @@ -590,6 +590,11 @@
> </element>
> </zeroOrMore>
> <optional>
> + <element name='pre-install-drivers-signing-req'>
> + <ref name='driver-signing-reqs'/>
> + </element>
> + </optional>
> + <optional>
> <element name='can-post-install-drivers'>
> <ref name='bool'/>
> </element>
> @@ -599,6 +604,11 @@
> <ref name='driver-formats'/>
> </element>
> </zeroOrMore>
> + <optional>
> + <element name='post-install-drivers-signing-req'>
> + <ref name='driver-signing-reqs'/>
> + </element>
> + </optional>
> <element name='template'>
> <choice>
> <group>
> @@ -703,4 +713,10 @@
> <param name="pattern">windows|script|package</param>
> </data>
> </define>
> +
> + <define name='driver-signing-reqs'>
> + <data type="string">
> + <param name="pattern">strict|strict-mutable|warn|warn-mutable|none</param>
Really not a big fan of these -mutable things, but they should not be
needed if there's a way to reenable driver signing after disabling it
during install.
> + </data>
> + </define>
> </grammar>
> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
> index 17083ea..adba92a 100644
> --- a/osinfo/libosinfo.syms
> +++ b/osinfo/libosinfo.syms
> @@ -404,11 +404,14 @@ LIBOSINFO_0.2.4 {
> osinfo_install_config_get_driver_signing;
> osinfo_install_config_set_driver_signing;
> osinfo_device_driver_format_get_type;
> + osinfo_device_driver_signing_req_get_type;
> osinfo_device_driver_get_format;
> osinfo_device_driver_get_signed;
> osinfo_entity_get_param_value_enum_list;
> osinfo_install_script_get_pre_install_driver_formats;
> + osinfo_install_script_get_pre_install_drivers_signing_req;
> osinfo_install_script_get_post_install_driver_formats;
> + osinfo_install_script_get_post_install_drivers_signing_req;
> } LIBOSINFO_0.2.3;
>
> /* Symbols in next release...
> diff --git a/osinfo/osinfo_install_script.c b/osinfo/osinfo_install_script.c
> index 8b70365..71eab19 100644
> --- a/osinfo/osinfo_install_script.c
> +++ b/osinfo/osinfo_install_script.c
> @@ -1258,6 +1258,38 @@ GList *osinfo_install_script_get_post_install_driver_formats(OsinfoInstallScript
> OSINFO_DEVICE_DRIVER_FORMAT_SCRIPT);
> }
>
> +/**
> + * osinfo_install_script_get_pre_install_drivers_signing_req:
> + * @script: the install script
> + *
> + * If install script can install drivers at the very beginning of installation,
> + * this function retrieves the requirement about signed status of drivers.
> + */
> +OsinfoDeviceDriverSigningReq osinfo_install_script_get_pre_install_drivers_signing_req(OsinfoInstallScript *script)
> +{
> + return osinfo_entity_get_param_value_enum
> + (OSINFO_ENTITY(script),
> + OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ,
> + OSINFO_TYPE_DEVICE_DRIVER_SIGNING_REQ,
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE);
> +}
> +
> +/**
> + * osinfo_install_script_get_post_install_drivers_signing_req:
> + * @script: the install script
> + *
> + * If install script can install drivers at the end of installation, this
> + * function retrieves the requirement about signed status of drivers.
> + */
> +OsinfoDeviceDriverSigningReq osinfo_install_script_get_post_install_drivers_signing_req(OsinfoInstallScript *script)
> +{
> + return osinfo_entity_get_param_value_enum
> + (OSINFO_ENTITY(script),
> + OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ,
> + OSINFO_TYPE_DEVICE_DRIVER_SIGNING_REQ,
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE);
> +}
> +
> /*
> * Local variables:
> * indent-tabs-mode: nil
> diff --git a/osinfo/osinfo_install_script.h b/osinfo/osinfo_install_script.h
> index f9c0aaf..a80174e 100644
> --- a/osinfo/osinfo_install_script.h
> +++ b/osinfo/osinfo_install_script.h
> @@ -57,6 +57,8 @@ typedef struct _OsinfoInstallScriptPrivate OsinfoInstallScriptPrivate;
> #define OSINFO_INSTALL_SCRIPT_PROP_CAN_POST_INSTALL_DRIVERS "can-post-install-drivers"
> #define OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DEVICE_DRIVER_FORMAT "pre-install-driver-format"
> #define OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DEVICE_DRIVER_FORMAT "post-install-driver-format"
> +#define OSINFO_INSTALL_SCRIPT_PROP_PRE_INSTALL_DRIVERS_SIGNING_REQ "pre-install-drivers-signing-req"
> +#define OSINFO_INSTALL_SCRIPT_PROP_POST_INSTALL_DRIVERS_SIGNING_REQ "post-install-drivers-signing-req"
>
> /* object */
> struct _OsinfoInstallScript
> @@ -88,6 +90,32 @@ typedef enum {
> OSINFO_PATH_FORMAT_DOS
> } OsinfoPathFormat;
>
> +/**
> + * OsinfoDeviceDriverSigningReq;
> + * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE: Script do not require device drivers
> + * to be signed.
> + * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT: Script must only be given signed
> + * device drivers.
> + * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT_MUTABLE: Same as last one but driver
> + * signature checking policy can be modified using
> + * #osinfo_install_config_set_driver_signing.
> + * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN: A warning will be issued by OS
> + * installer if device drivers are not
> + * signed and most probably require user
> + * input (and thus breaking unattended
> + * installation).
> + * @OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN_MUTABLE: Same as last one but driver
> + * signature checking policy can be modified using
> + * #osinfo_install_config_set_driver_signing.
> + */
> +typedef enum {
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_NONE,
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT,
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_STRICT_MUTABLE,
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN,
> + OSINFO_DEVICE_DRIVER_SIGNING_REQ_WARN_MUTABLE,
> +} OsinfoDeviceDriverSigningReq;
> +
> GType osinfo_install_script_get_type(void);
>
> OsinfoInstallScript *osinfo_install_script_new(const gchar *id);
> @@ -168,6 +196,9 @@ gboolean osinfo_install_script_get_can_post_install_drivers(OsinfoInstallScript
> GList *osinfo_install_script_get_pre_install_driver_formats(OsinfoInstallScript *script);
> GList *osinfo_install_script_get_post_install_driver_formats(OsinfoInstallScript *script);
>
> +OsinfoDeviceDriverSigningReq osinfo_install_script_get_pre_install_drivers_signing_req(OsinfoInstallScript *script);
> +OsinfoDeviceDriverSigningReq osinfo_install_script_get_post_install_drivers_signing_req(OsinfoInstallScript *script);
Same comment as in one of the earlier patch about using enum in exported function signatures.
Patch looks ok otherwise.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20130214/e61a65b6/attachment.sig>
More information about the Libosinfo
mailing list