diff options
| author | Roland Singer <roland.singer@desertbit.com> | 2023-12-06 10:49:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-06 10:49:47 +0100 |
| commit | bf35f9c83541785726dce41e54496a07f4841621 (patch) | |
| tree | 8449db3fcc6cf5bbd791b23622b59b9fe3b9b6aa /src/ukify/ukify.py | |
| parent | repart: use correct errno (diff) | |
| download | systemd-bf35f9c83541785726dce41e54496a07f4841621.tar.xz systemd-bf35f9c83541785726dce41e54496a07f4841621.zip | |
ukify: fix handling of --secureboot-certificate-validity= (#30315)
Before:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Traceback (most recent call last):
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1660, in <module>
main()
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1652, in main
generate_keys(opts)
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 943, in generate_keys
key_pem, cert_pem = generate_key_cert_pair(
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 891, in generate_key_cert_pair
now + ONE_DAY * valid_days
~~~~~~~~^~~~~~~~~~~~
TypeError: can't multiply sequence by non-int of type 'datetime.timedelta'
Now:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Writing SecureBoot private key to sb2.key
Writing SecureBoot certificate to sb2.cert
The new code is also clearer.
Diffstat (limited to 'src/ukify/ukify.py')
| -rwxr-xr-x | src/ukify/ukify.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index b46d775a47..9fbe4d70f4 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -846,8 +846,6 @@ uki,1,UKI,uki,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.ht print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}") -ONE_DAY = datetime.timedelta(1, 0, 0) - @contextlib.contextmanager def temporary_umask(mask: int): @@ -888,7 +886,7 @@ def generate_key_cert_pair( ).not_valid_before( now, ).not_valid_after( - now + ONE_DAY * valid_days + now + datetime.timedelta(days=valid_days) ).serial_number( x509.random_serial_number() ).public_key( @@ -1335,6 +1333,7 @@ CONFIG_ITEMS = [ ConfigItem( '--secureboot-certificate-validity', metavar = 'DAYS', + type = int, dest = 'sb_cert_validity', default = 365 * 10, help = "period of validity (in days) for a certificate created by 'genkey'", |