+ rather than using global variables, accessed all over the place, create
a local structure, and pass it down.
+ add a -p argument to denote a prefix, so that it's possible to record
a different directory hierarchy from the one that was scanned. One
typical use would be:
# ./veriexecgen -v -d /usr/dest/i386 -a -p /usr/dest/i386 -r -o fingers
to create a fingerprint database called fingers from the files located
in the /usr/dest/i386 hierarchy, but without the leading /usr/dest/i386
prefix:
# Generated by agc, Tue Dec 19 13:10:34 2006
/bin/domainname SHA256 12622c8f3698e51f090abf84ce81aaaaa1ed72135291b41a3e7d6c7b6a2a9847
/bin/chmod SHA256 5c3f8fec48601e0eaf7f47522ad8ff9fabb442b123ada97a71de285b4f6bf658
+ make veriexecgen into a host tool
1. use EXIT_SUCCESS and EXIT_FAILURE, rather than 0 or 1, throughout
2. add some comments
3. use descriptive names for variables, so that their use is easily
gleaned.
or an inability to get the real path, as fatal.
Be a bit more verbose about this in the default case - tell the user
which directory entry caused the failure.
Also introduce a new -W flag, which will warn the user about the
error, but will still continue processing - it treats errors as
warnings, and allows a signatures file to be built.
Fleming.
This one has some nice options -- for example, an admin can run right
after installing a system:
fpgen -D
and it will fingerprint a set of "common" system directories to the
default loaction. See the man-page for more stuff.
Performance-wise, here are results for both fpgen.sh (old) and this
new tool:
474.599u 574.335s 13:53.05 125.9% 0+0k 0+307io 0pf+0w
0.424u 0.131s 0:00.56 98.2% 0+0k 0+2io 0pf+0w
...guess which is which? (that's ~1500 times *faster*)
wiz