From dc163cd40bb28064d4c57729950199894130516c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 10 Jun 2024 14:50:18 +0200
Subject: [PATCH] fileio: add new helper write_base64_file_at() which encodes a
 binary object into base64 and writes it to a file

---
 src/basic/fileio.c    | 16 ++++++++++++++++
 src/basic/fileio.h    |  2 ++
 src/pcrlock/pcrlock.c | 11 +++--------
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index 977fdd294c3..24357c1ef86 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -355,6 +355,22 @@ int write_string_filef(
         return write_string_file(fn, p, flags);
 }
 
+int write_base64_file_at(
+                int dir_fd,
+                const char *fn,
+                const struct iovec *data,
+                WriteStringFileFlags flags) {
+
+        _cleanup_free_ char *encoded = NULL;
+        ssize_t n;
+
+        n = base64mem_full(data ? data->iov_base : NULL, data ? data->iov_len : 0, 79, &encoded);
+        if (n < 0)
+                return n;
+
+        return write_string_file_at(dir_fd, fn, encoded, flags);
+}
+
 int read_one_line_file_at(int dir_fd, const char *filename, char **ret) {
         _cleanup_fclose_ FILE *f = NULL;
         int r;
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index e9fba165802..6986ed32766 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -66,6 +66,8 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin
         return write_string_file_ts(fn, line, flags, NULL);
 }
 
+int write_base64_file_at(int dir_fd, const char *fn, const struct iovec *data, WriteStringFileFlags flags);
+
 int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4);
 
 int read_one_line_file_at(int dir_fd, const char *filename, char **ret);
diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c
index c07132c1350..a40d23a347b 100644
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -4391,15 +4391,10 @@ static int write_boot_policy_file(const char *json_text) {
         if (r < 0)
                 return log_error_errno(r, "Failed to encode policy as credential: %m");
 
-        _cleanup_free_ char *base64_buf = NULL;
-        ssize_t base64_size;
-        base64_size = base64mem_full(encoded.iov_base, encoded.iov_len, 79, &base64_buf);
-        if (base64_size < 0)
-                return base64_size;
-
-        r = write_string_file(
+        r = write_base64_file_at(
+                        AT_FDCWD,
                         boot_policy_file,
-                        base64_buf,
+                        &encoded,
                         WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_MKDIR_0755);
         if (r < 0)
                 return log_error_errno(r, "Failed to write boot policy file to '%s': %m", boot_policy_file);
-- 
2.47.3