projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b09a531) | patch
ukify: add 'genkey' verb
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 6 Jun 2023 19:06:20 +0000 (21:06 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 14 Jun 2023 11:17:33 +0000 (13:17 +0200)
commita1c80efddc057b4d1dcddc51dbb1244e8df51752
tree2c7fedae8ba2e2d7b9c05deb290c8bb26e1b181etree | snapshot
parentb09a5315f5263b1e344e6612514e3ea08600f1d8commit | diff
ukify: add 'genkey' verb

The idea is to make it easy to generate all the signing key and certs
that can be used for local signing. The verb is the modeled after
'mkosi genkey', but there are some important differences: we generate
the keys to the paths where they will be read from, both pcr signing
keys and the SecureBoot certificate+key.

If any of the outputs exist, operation is refused. Maybe we could add a
--force option in the future, but this operation should be rare, so I think
it's better to refuse to overwrite anything initially.

I'm only doing a token man page change here.
https://github.com/systemd/systemd/pull/27621 reworks the man page,
and the changes done here would conflict heavily with that work. I'll
submit a follow-up patch later.
man/ukify.xml diff | blob | history
src/ukify/test/test_ukify.py diff | blob | history
src/ukify/ukify.py diff | blob | history
https://github.com/systemd/systemd.git