make argument for '-u' option as optional

-u required to provide uuid or '-', which was confusing.
Now -u does not require '-' argument to read uuid automatically.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>

diff --git a/README b/README
index 32dfdde..3e8d1df 100644 (file)
--- a/README
+++ b/README
@@ -15,7 +15,8 @@ Key and signature formats
 EVM support (v2) in latest version of the kernel adds the file system UUID to
 the HMAC calculation. It is controlled by the CONFIG_EVM_HMAC_VERSION and
 version 2 is enabled by default. To include the UUID to the signature calculation,
-it is necessary to provide '--uuid -' or '-u -' parameter to the 'sign' command.
+it is necessary to provide '--uuid' or '-u' parameter to the 'sign' command.
+UUID can be provided on command line in form of '-uUUID' or '--uuid=UUID'.
 
 Latest kernel got IMA/EVM support for using X509 certificates and asymmetric key
 support for verifying digital signatures. The new command line parameter
@@ -121,15 +122,15 @@ Default private key: /etc/keys/privkey_evm.pem
 Default X509 certificate: /etc/keys/x509_evm.der
 
 Signing for using X509 certificates is done using '-x' or '--x509' parameter.
-Signing for using new the EVM HMAC format is done using '-u -' or '--uuid -' parameter.
+Signing for using new the EVM HMAC format is done using '-u' or '--uuid' parameter.
 
 Sign file with EVM signature and use hash value for IMA - common case
 
-    $ evmctl sign [-u -] [-x] --imahash test.txt
+    $ evmctl sign [-u] [-x] --imahash test.txt
 
 Sign file with both IMA and EVM signatures - for immutable files
 
-    $ evmctl sign [-u -] [-x] --imasig test.txt
+    $ evmctl sign [-u] [-x] --imasig test.txt
 
 Sign file with IMA signature - for immutable files
 
@@ -137,7 +138,7 @@ Sign file with IMA signature - for immutable files
 
 Label whole filesystem with EVM signatures
 
-    $ find / \( -fstype rootfs -o -fstype ext4 \) -exec evmctl sign [-u -] [-x] --imahash '{}' \;
+    $ find / \( -fstype rootfs -o -fstype ext4 \) -exec evmctl sign [-u] [-x] --imahash '{}' \;
 
 Label filesystem in fix mode - kernel sets correct values to IMA and EVM xattrs
 

diff --git a/src/evmctl.c b/src/evmctl.c
index 5879e5d..6c1cc52 100644 (file)
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1639,6 +1639,7 @@ static void usage(void)
                "  -x, --x509         signing key is in x509 DER format (signing v2 for using asymmetric keys)\n"
                "  -k, --key          path to signing key (default keys are /etc/keys/{privkey,pubkey}_evm.pem)\n"
                "  -p, --pass         password for encrypted signing key\n"
+               "  -u, --uuid         use file system UUID in HMAC calculation (EVM v2)\n"
                "  -n                 print result to stdout instead of setting xattr\n"
                "  -v                 increase verbosity level\n"
                "  -h, --help         display this help and exit\n"
@@ -1667,7 +1668,7 @@ static struct option opts[] = {
        {"pass", 1, 0, 'p'},
        {"sigfile", 0, 0, 'f'},
        {"modsig", 0, 0, 'm'},
-       {"uuid", 1, 0, 'u'},
+       {"uuid", 2, 0, 'u'},
        {"x509", 0, 0, 'x'},
        {"key", 1, 0, 'k'},
        {}
@@ -1685,7 +1686,7 @@ int main(int argc, char *argv[])
        verify_hash = verify_hash_v1;
 
        while (1) {
-               c = getopt_long(argc, argv, "hvnsda:p:fu:xk:", opts, &lind);
+               c = getopt_long(argc, argv, "hvnsda:p:fu::xk:", opts, &lind);
                if (c == -1)
                        break;
 
@@ -1724,7 +1725,7 @@ int main(int argc, char *argv[])
                        xattr = 0;
                        break;
                case 'u':
-                       uuid_str = optarg;
+                       uuid_str = optarg ?: "-";
                        break;
                case 'x':
                        x509 = 1;