Make pihole-FTL verify return the result through exit code more fine-…

…grained: 0 = OK (checksum matches), 1 = FAILED (binary corrupted), 2 = ERROR (e.g. cannot open the file), 3 = NO CHECKSUM FOUND (e.g. compiled using unsupported toolchain)

Signed-off-by: DL6ER <[email protected]>

src/args.c

@@ -562,11 +562,14 @@ void parse_args(int argc, char *argv[])
 	{
 		// Enable stdout printing
 		cli_mode = true;
-		const bool match = verify_FTL(true);
+		const enum verify_result match = verify_FTL(true);
 		printf("%s Binary integrity check: %s\n",
-		       match ? cli_tick() : cli_cross() ,
-		       match ? "OK" : "FAILED");
-		exit(match ? EXIT_SUCCESS : EXIT_FAILURE);
+		       match == VERIFY_OK ? cli_tick() :
+		         match == VERIFY_NO_CHECKSUM ? cli_qst() : cli_cross(),
+		       match == VERIFY_OK ? "OK" :
+		         match == VERIFY_NO_CHECKSUM ? "No checksum found" :
+		           match == VERIFY_ERROR ? "Error" : "Failed");
+		exit(match);
 	}
 
 	// Local reverse name resolver

src/enums.h

@@ -342,4 +342,11 @@ enum api_flags {
 	API_BATCHDELETE = 1 << 2,
 };
 
+enum verify_result {
+	VERIFY_OK = 0, // EXIT_SUCCESS
+	VERIFY_FAILED,
+	VERIFY_ERROR,
+	VERIFY_NO_CHECKSUM
+} __attribute__ ((packed));
+
 #endif // ENUMS_H

src/files.c

@@ -778,14 +778,14 @@ bool sha256sum(const char *path, uint8_t checksum[SHA256_DIGEST_SIZE], const boo
  * @return Returns true if the checksum matches the expected value, false
  * otherwise.
  */
-bool verify_FTL(bool verbose)
+enum verify_result verify_FTL(bool verbose)
 {
 	// Get the filename of the current executable
 	char filename[PATH_MAX] = { 0 };
 	if(readlink("/proc/self/exe", filename, sizeof(filename)) == -1)
 	{
 		log_err("Failed to read self filename: %s", strerror(errno));
-		return false;
+		return VERIFY_ERROR;
 	}
 
 	// Read the pre-computed hash as well as the checksum mark from the
@@ -796,25 +796,25 @@ bool verify_FTL(bool verbose)
 	if(f == NULL)
 	{
 		log_err("Failed to open self file \"%s\": %s", filename, strerror(errno));
-		return false;
+		return VERIFY_ERROR;
 	}
 	if(fseek(f, -(SHA256_DIGEST_SIZE + 9), SEEK_END) != 0)
 	{
 		log_err("Failed to seek to hash: %s", strerror(errno));
 		fclose(f);
-		return false;
+		return VERIFY_ERROR;
 	}
 	if(fread(checksum_mark, 9, 1, f) != 1)
 	{
 		log_err("Failed to read checksum mark: %s", strerror(errno));
 		fclose(f);
-		return false;
+		return VERIFY_ERROR;
 	}
 	if(fread(self_hash, SHA256_DIGEST_SIZE, 1, f) != 1)
 	{
 		log_err("Failed to read hash: %s", strerror(errno));
 		fclose(f);
-		return false;
+		return VERIFY_ERROR;
 	}
 	fclose(f);
 
@@ -824,7 +824,7 @@ bool verify_FTL(bool verbose)
 		log_warn("Binary integrity check not possible: No checksum mark found");
 		// This is not an error, as the binary may not have a checksum mark
 		// if it was built with a different toolchain
-		return true;
+		return VERIFY_NO_CHECKSUM;
 	}
 
 	// Calculate the hash of the binary
@@ -856,5 +856,5 @@ bool verify_FTL(bool verbose)
 		}
 	}
 
-	return success;
+	return success ? VERIFY_OK : VERIFY_FAILED;
 }

src/files.h

@@ -37,7 +37,7 @@ bool chown_pihole(const char *path, struct passwd *pwd);
 void rotate_files(const char *path, char **first_file);
 bool files_different(const char *pathA, const char *pathB, unsigned int from);
 bool sha256sum(const char *path, uint8_t checksum[SHA256_DIGEST_SIZE], const bool skip_end);
-bool verify_FTL(bool verbose);
+enum verify_result verify_FTL(bool verbose);
 
 int parse_line(char *line, char **key, char **value);