summaryrefslogtreecommitdiffstats
path: root/shell-completion
diff options
context:
space:
mode:
authorDaan De Meyer <daan.j.demeyer@gmail.com>2024-11-03 12:54:20 +0100
committerGitHub <noreply@github.com>2024-11-03 12:54:20 +0100
commitc32e54456e45b62996d69faada6fb3f2a5cd38e6 (patch)
tree2aa1779ac0bf55b9521f3753977faffca2fa5f30 /shell-completion
parentmkosi: Add extra tools tree packages required to run integration tests (diff)
parentbootctl: Add --secure-boot-auto-enroll (diff)
downloadsystemd-c32e54456e45b62996d69faada6fb3f2a5cd38e6.tar.xz
systemd-c32e54456e45b62996d69faada6fb3f2a5cd38e6.zip
openssl-util: Query engine/provider pin via ask-password (#34948)
In mkosi, we want to support signing via a hardware token. We already support this in systemd-repart and systemd-measure. However, if the hardware token is protected by a pin, the pin is asked as many as 20 times when building an image as the pin is not cached and thus requested again for every operation. Let's introduce a custom openssl ui when we use engines and providers and plug systemd-ask-password into the process. With systemd-ask-password, the pin can be cached in the kernel keyring, allowing us to reuse it without querying the user again every time to enter the pin. We use the private key URI as the keyring identifier so that the cached pin can be shared across multiple tools.
Diffstat (limited to 'shell-completion')
0 files changed, 0 insertions, 0 deletions