diff --git a/rust/tool/shared/src/signature/local.rs b/rust/tool/shared/src/signature/local.rs index a43fe0a9..4389ec6a 100644 --- a/rust/tool/shared/src/signature/local.rs +++ b/rust/tool/shared/src/signature/local.rs @@ -8,8 +8,7 @@ use std::process::Command; use anyhow::{Context, Result}; use tempfile::tempdir; -use super::LanzabooteSigner; - +use super::Signer; /// A local keypair is a signer that reuses private key material /// on the disk. @@ -36,7 +35,7 @@ impl LocalKeyPair { } } -impl LanzabooteSigner for LocalKeyPair { +impl Signer for LocalKeyPair { fn get_public_key(&self) -> Result> { Ok(std::fs::read(&self.public_key)?) } diff --git a/rust/tool/shared/src/signature/mod.rs b/rust/tool/shared/src/signature/mod.rs index 8b8c3edd..9d21368b 100644 --- a/rust/tool/shared/src/signature/mod.rs +++ b/rust/tool/shared/src/signature/mod.rs @@ -3,7 +3,6 @@ use std::path::Path; use crate::pe::StubParameters; -pub trait LanzabooteSigner { /// This trait abstracts the concept of a signer. /// /// On a high-level, the signer only needs to know how to: @@ -22,6 +21,7 @@ pub trait LanzabooteSigner { /// To implement a new signer, provide a minimal implementation of this trait /// and pass this implementation to any front-facing tool of Lanzaboote, e.g. `lzbt-systemd` /// as all tools does not have to support a new signature scheme. +pub trait Signer { /// Tries to sign a Nix store path at this location. /// The implementation can fail if the provided path is not a Nix store path, /// or, is not a trusted Nix store path, or is not a PE binary. diff --git a/rust/tool/systemd/src/install.rs b/rust/tool/systemd/src/install.rs index db1ae5b2..95d48c35 100644 --- a/rust/tool/systemd/src/install.rs +++ b/rust/tool/systemd/src/install.rs @@ -21,10 +21,10 @@ use lanzaboote_tool::gc::Roots; use lanzaboote_tool::generation::{Generation, GenerationLink}; use lanzaboote_tool::os_release::OsRelease; use lanzaboote_tool::pe::{self, append_initrd_secrets, lanzaboote_image}; -use lanzaboote_tool::signature::LanzabooteSigner; +use lanzaboote_tool::signature::Signer; use lanzaboote_tool::utils::{file_hash, SecureTempDirExt}; -pub struct Installer { +pub struct Installer { broken_gens: BTreeSet, gc_roots: Roots, lanzaboote_stub: PathBuf, @@ -38,7 +38,7 @@ pub struct Installer { } #[allow(clippy::too_many_arguments)] -impl Installer { +impl Installer { pub fn new( lanzaboote_stub: PathBuf, arch: Architecture, @@ -373,7 +373,7 @@ fn resolve_efi_path(esp: &Path, efi_path: &[u8]) -> Result { /// Compute the file name to be used for the stub of a certain generation, signed with the given key. /// /// The generated name is input-addressed by the toplevel corresponding to the generation and the public part of the signing key. -fn stub_name(generation: &Generation, signer: &S) -> Result { +fn stub_name(generation: &Generation, signer: &S) -> Result { let bootspec = &generation.spec.bootspec.bootspec; let public_key = signer.get_public_key()?; let stub_inputs = [ @@ -407,7 +407,7 @@ fn stub_name(generation: &Generation, signer: &S) -> Result /// This is implemented as an atomic write. The file is first written to the destination with a /// `.tmp` suffix and then renamed to its final name. This is atomic, because a rename is an atomic /// operation on POSIX platforms. -fn install_signed(signer: &impl LanzabooteSigner, from: &Path, to: &Path) -> Result<()> { +fn install_signed(signer: &impl Signer, from: &Path, to: &Path) -> Result<()> { log::debug!("Signing and installing {to:?}..."); let to_tmp = to.with_extension(".tmp"); ensure_parent_dir(&to_tmp);