On Thu, Jun 22, 2017 at 4:11 AM, Marek Marczykowski-Górecki
<marma...@invisiblethingslab.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Wed, Jun 21, 2017 at 11:15:30PM -0700, Andrew Morgan wrote:
>> $ qvm-trust --check ~/Downloads --quiet
>> $ echo $?
>> 2
>>
>> A reference for the return codes is as follows. Additionally I plan to
>> write up a man page with all usage information soon:
>>
>> Error codes:
>> Unable to read extended attributes: -2
>> Unable to read an input file: -1
>> No errors: 0
>> File/Folder is untrusted: 1
>> File/Folder is trusted: 2
Note that exit statuses are usually treated as 8-bit unsigned values,
so -1 and -2 would actually be 255 and 254 respectively.
Standard semantic values for exit codes have existed for several
decades, and can be found in sysexits.h (also documented in man pages
such as [1]).
Canonical usage might look something like the following:
- EXIT_SUCCESS (0) for no errors and file being trusted
- EXIT_FAILURE (1) for no errors but file being untrusted
- EX_USAGE (64) for invalid command usage
- EX_DATAERR (65) for xattr errors (such as value other than "true"
for user.qubes.untrusted)
- EX_NOINPUT (66) for specified file to check not existing
- EX_OSFILE (72) for problems with the "Qubes untrusted folders" file(s)
- EX_NOPERM (77) for e.g. chmod failing due to file ownership during
--{un,}trust operation
etc.
The fact that only no errors & file being trusted results in a zero
exit status (truthy value for shells) means that any other errors
result in the trust system failing-closed (treating as untrusted),
which IMO is what we want.
EXIT_* can be found defined in POSIX [2], and EX_* are from sysexits.
[1]: https://man.openbsd.org/sysexits
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/exit.html
> IMO --check should return 0 for trusted files. This way it would be
> possible to use `if qvm-trust --check ...; then` (or negated with `!`).
+1
> Also consider making --check default action.
+1
Also, what would you think of writing nothing to stdout by default
(essentially --quiet by default) and instead taking --verbose/-v to
print "File is {un,}trusted"?
http://www.catb.org/esr/writings/taoup/html/ch01s06.html#id2878450
http://www.catb.org/esr/writings/taoup/html/ch11s09.html
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/CABQWM_AKo72LZ_qa3QeyGWr4aZnHjv0%3DWkaXi%2BWEkVFPyZS7hQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
