char **definitions,
EmptyMode empty,
bool dry_run,
- sd_id128_t seed,
- X509 *certificate,
- EVP_PKEY *private_key) {
-
- /* Note: This function takes ownership of the certificate and private_key arguments. */
+ sd_id128_t seed) {
_cleanup_strv_free_ char **d = NULL;
if (!strv_isempty(definitions)) {
.end = UINT64_MAX,
.total = UINT64_MAX,
.seed = seed,
- .certificate = certificate,
- .private_key = private_key,
.empty = empty,
.dry_run = dry_run,
.backing_fd = -EBADF,
return 0;
}
+static int context_load_keys(Context *context) {
+ int r;
+
+ assert(context);
+
+ if (arg_certificate) {
+ if (arg_certificate_source_type == OPENSSL_CERTIFICATE_SOURCE_FILE) {
+ r = parse_path_argument(arg_certificate, /*suppress_root=*/ false, &arg_certificate);
+ if (r < 0)
+ return r;
+ }
+
+ r = openssl_load_x509_certificate(
+ arg_certificate_source_type,
+ arg_certificate_source,
+ arg_certificate,
+ &context->certificate);
+ if (r < 0)
+ return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
+ }
+
+ if (arg_private_key) {
+ if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
+ r = parse_path_argument(arg_private_key, /*suppress_root=*/ false, &arg_private_key);
+ if (r < 0)
+ return r;
+ }
+
+ r = openssl_load_private_key(
+ arg_private_key_source_type,
+ arg_private_key_source,
+ arg_private_key,
+ &(AskPasswordRequest) {
+ .tty_fd = -EBADF,
+ .id = "repart-private-key-pin",
+ .keyring = arg_private_key,
+ .credential = "repart.private-key-pin",
+ .until = USEC_INFINITY,
+ .hup_fd = -EBADF,
+ },
+ &context->private_key,
+ /* ret_user_interface= */ NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
+ }
+
+ return 0;
+}
+
static int parse_partition_types(const char *p, GptPartitionType **partitions, size_t *n_partitions) {
int r;
return 0;
}
-static int parse_argv(
- int argc,
- char *argv[],
- X509 **ret_certificate,
- EVP_PKEY **ret_private_key,
- OpenSSLAskPasswordUI **ret_ui) {
-
+static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
ARG_NO_PAGER,
{}
};
- _cleanup_(X509_freep) X509 *certificate = NULL;
- _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL;
- _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
bool auto_public_key_pcr_mask = true, auto_pcrlock = true;
int c, r;
assert(argc >= 0);
assert(argv);
- assert(ret_certificate);
- assert(ret_private_key);
- assert(ret_ui);
while ((c = getopt_long(argc, argv, "hs:SCP", options, NULL)) >= 0)
*p = gpt_partition_type_override_architecture(*p, arg_architecture);
}
- if (arg_certificate) {
- if (arg_certificate_source_type == OPENSSL_CERTIFICATE_SOURCE_FILE) {
- r = parse_path_argument(arg_certificate, /*suppress_root=*/ false, &arg_certificate);
- if (r < 0)
- return r;
- }
-
- r = openssl_load_x509_certificate(
- arg_certificate_source_type,
- arg_certificate_source,
- arg_certificate,
- &certificate);
- if (r < 0)
- return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
- }
-
- if (arg_private_key) {
- if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
- r = parse_path_argument(arg_private_key, /*suppress_root=*/ false, &arg_private_key);
- if (r < 0)
- return r;
- }
-
- r = openssl_load_private_key(
- arg_private_key_source_type,
- arg_private_key_source,
- arg_private_key,
- &(AskPasswordRequest) {
- .tty_fd = -EBADF,
- .id = "repart-private-key-pin",
- .keyring = arg_private_key,
- .credential = "repart.private-key-pin",
- .until = USEC_INFINITY,
- .hup_fd = -EBADF,
- },
- &private_key,
- &ui);
- if (r < 0)
- return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
- }
-
if (arg_append_fstab && !arg_generate_fstab)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No --generate-fstab= specified for --append-fstab=%s.", append_mode_to_string(arg_append_fstab));
arg_pager_flags |= PAGER_DISABLE;
}
- *ret_certificate = TAKE_PTR(certificate);
- *ret_private_key = TAKE_PTR(private_key);
- *ret_ui = TAKE_PTR(ui);
-
return 1;
}
p.definitions,
p.empty,
p.dry_run,
- p.seed,
- /* certificate= */ NULL,
- /* private_key= */ NULL);
+ p.seed);
if (!context)
return log_oom();
}
static int run(int argc, char *argv[]) {
- _cleanup_(X509_freep) X509 *certificate = NULL;
- _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL;
- _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
_cleanup_(umount_and_freep) char *mounted_dir = NULL;
_cleanup_(context_freep) Context* context = NULL;
log_setup();
- r = parse_argv(argc, argv, &certificate, &private_key, &ui);
+ r = parse_argv(argc, argv);
if (r <= 0)
return r;
arg_definitions,
arg_empty,
arg_dry_run,
- arg_seed,
- certificate,
- private_key);
+ arg_seed);
if (!context)
return log_oom();
- TAKE_PTR(certificate);
- TAKE_PTR(private_key);
+ r = context_load_keys(context);
+ if (r < 0)
+ return r;
context->defer_partitions_empty = arg_defer_partitions_empty;
context->defer_partitions_factory_reset = arg_defer_partitions_factory_reset;
projects / thirdparty / systemd.git / commitdiff
