Re: veriexec: read from stdin

[Paul Goyette <paul%whooppee.com@localhost>]

On Sat, 27 Apr 2019, Alexander Nasonov wrote:

> It's a bit surprising that after many years of use, veriexecgen can't
> read a list of files from stdin/input-file and calculate checksums of
> those files.
>
> It can be useful, e.g. when recalculating checksums of existing
> fingerprintdb entries:
>
> 	# awk '{print $1}' /etc/signatures | veriexecgen -i
>
> or to read entries from /etc/mtree/set.* files:
>
> 	# cd /
> 	# awk '/type=dir/{next} {print $1}' /etc/mtree/set.comp | veriexecgen
>
> The latter could probably be done during the build and checksums could
> be placed to /etc/veriexec/sha256.{base,comp,...}.
>
> I wrote a patch that adds the -i option to read from stdin but I don't
> want to rush things before I hear opinions. Is it a good approach, does
> precalculating checksums at build time make sense, etc.

Insteasd of

	-i        read from stdin

why not have

	-f file   read from file, or if file is "-" read from stdin




+--------------------+--------------------------+-----------------------+
| Paul Goyette       | PGP Key fingerprint:     | E-mail addresses:     |
| (Retired)          | FA29 0E3B 35AF E8AE 6651 | paul%whooppee.com@localhost     |
| Software Developer | 0786 F758 55DE 53BA 7731 | pgoyette%netbsd.org@localhost   |
+--------------------+--------------------------+-----------------------+