diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-08 11:34:21 +0100 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-08 15:00:21 +0100 |
| commit | 4b1ad0398e7b0524eac87e1b6c4fdcb8c2c40294 (patch) | |
| tree | 041410fdacae5d09a5d232db836f256c8e5ec608 /src/sbsign/sbsign.c | |
| parent | update TODO (diff) | |
| download | systemd-4b1ad0398e7b0524eac87e1b6c4fdcb8c2c40294.tar.xz systemd-4b1ad0398e7b0524eac87e1b6c4fdcb8c2c40294.zip | |
Introduce systemd-keyutil to do various key/certificate operations
Let's gather generic key/certificate operations in a new tool
systemd-keyutil instead of spreading them across various special
purpose tools.
Fixes #35087
Diffstat (limited to 'src/sbsign/sbsign.c')
| -rw-r--r-- | src/sbsign/sbsign.c | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c index d65f28b4c4..81970a7302 100644 --- a/src/sbsign/sbsign.c +++ b/src/sbsign/sbsign.c @@ -45,7 +45,6 @@ static int help(int argc, char *argv[], void *userdata) { "\n%5$sSign binaries for EFI Secure Boot%6$s\n" "\n%3$sCommands:%4$s\n" " sign EXEFILE Sign the given binary for EFI Secure Boot\n" - " validate-key Load and validate the given certificate and private key\n" "\n%3$sOptions:%4$s\n" " -h --help Show this help\n" " --version Print version\n" @@ -498,63 +497,10 @@ static int verb_sign(int argc, char *argv[], void *userdata) { return 0; } -static int verb_validate_key(int argc, char *argv[], void *userdata) { - _cleanup_(X509_freep) X509 *certificate = NULL; - _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL; - _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL; - int r; - - if (!arg_certificate) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "No certificate specified, use --certificate="); - - if (!arg_private_key) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "No private key specified, use --private-key=."); - - if (arg_certificate_source_type == OPENSSL_CERTIFICATE_SOURCE_FILE) { - r = parse_path_argument(arg_certificate, /*suppress_root=*/ false, &arg_certificate); - if (r < 0) - return r; - } - - r = openssl_load_x509_certificate( - arg_certificate_source_type, - arg_certificate_source, - arg_certificate, - &certificate); - if (r < 0) - return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate); - - if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) { - r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key); - if (r < 0) - return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key); - } - - r = openssl_load_private_key( - arg_private_key_source_type, - arg_private_key_source, - arg_private_key, - &(AskPasswordRequest) { - .id = "sbsign-private-key-pin", - .keyring = arg_private_key, - .credential = "sbsign.private-key-pin", - }, - &private_key, - &ui); - if (r < 0) - return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key); - - puts("OK"); - return 0; -} - static int run(int argc, char *argv[]) { static const Verb verbs[] = { { "help", VERB_ANY, VERB_ANY, 0, help }, { "sign", 2, 2, 0, verb_sign }, - { "validate-key", VERB_ANY, 1, 0, verb_validate_key }, {} }; int r; |