Skip to content

Signing binary on FreeBSD

Hi there,

I know that OSCam is used mostly on Linux based systems, but if you try compile and sign binary (WITH_SIGNING option) on FreeBSD you get some issues.

First issue is the date command used in cert_info() function (config.sh script)

https://git.streamboard.tv/common/oscam/-/blob/master/config.sh#L743

Trying to get info from certificate you will get mess like this:

date: illegal time format
usage: date [-jnRu] [-I[date|hours|minutes|seconds|ns]] [-f input_fmt]
            [ -z output_zone ] [-r filename|seconds] [-v[+|-]val[y|m|w|d|H|M|S]]
            [[[[[[cc]yy]mm]dd]HH]MM[.SS] | new_date] [+output_fmt]

As a workaround we can use the gdate from coreutils package (of course if it is installed).

Further more (second issue) - I used already obtained certificate from Let's Encrypt to sign the compiled binary, but if you check cert info I got this:

xargs: unterminated quote

As a workaround I added dirty hack as follows (added the second elif condition):

        if [ -f "$CERT_DIR/$CERT_X509" ]; then
                for attrib in 'Subject' 'Issuer' 'Not Before' 'Not After' 'Public Key Algorithm'\
                                        'Public-Key' 'ASN1 OID' 'NIST CURVE' 'Exponent' 'Signature Algorithm'; do
                        if [ "$attrib" = 'Not Before' ]; then
                                openssl x509 -in "$CERT_DIR/$CERT_X509" -noout -nameopt oneline,-esc_msb -startdate | awk -F '=' '{print $2}' | gdate +"%d.%m.%Y %H:%M:%S" -f - | xargs -0 printf "$attrib: %s" 2>/dev/null
                        elif [ "$attrib" = 'Not After' ]; then
                                openssl x509 -in "$CERT_DIR/$CERT_X509" -noout -nameopt oneline,-esc_msb -enddate | awk -F '=' '{print $2}' | gdate +"%d.%m.%Y %H:%M:%S" -f - | xargs -0 printf "$attrib: %s" 2>/dev/null
                        elif [ "$attrib" = 'Issuer' ]; then
                                openssl x509 -in "$CERT_DIR/$CERT_X509" -text -noout -nameopt oneline,-esc_msb | grep -m1 "$attrib" | xargs -0 printf "%s" | awk '{$1=$1};1'
                        else
                                openssl x509 -in "$CERT_DIR/$CERT_X509" -text -noout -nameopt oneline,-esc_msb | grep -m1 "$attrib" | xargs -r | cat
                        fi
                done
                return 0
        else
                echo "$HINT file not found in $(realpath $(pwd)/$CERT_DIR)!" 1>&2
                return 1
        fi
}

The result is:

./config.sh --cert-info
Subject: CN = <edited>
Issuer: C = US, O = Let's Encrypt, CN = R11
Not Before: 30.08.2024 13:16:42
Not After: 28.11.2024 11:16:41
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption

Third issue - after build process we get summary, but on FreeBSD it looks like this:

STRIP   Distribution/oscam-...-11845@44d9b86c-amd64-freebsd-ssl-libusb-pcsc
SIGN    SHA256(stat: illegal option -- c
usage: stat [-FLnq] [-f format | -l | -r | -s | -x] [-t timefmt] [file|handle ...]
): a9f8880419ce9f456dba91bbde96d51fc576bbb3fc41739fba0aa24f2da01d88 -> Verified OK <- DIGEST(stat: illegal option -- c
usage: stat [-FLnq] [-f format | -l | -r | -s | -x] [-t timefmt] [file|handle ...]
)

Again, as a workaround we may use gstat (in Makefile file) from coreutils package to get it work, but I know you'll find better solutions for signing binary on FreeBSD system in case of not coreutils package is installed :)