keyutil: Rename public to extract-public

author Daan De Meyer <daan.j.demeyer@gmail.com>

Fri, 12 Dec 2025 13:26:19 +0000 (14:26 +0100)

committer Daan De Meyer <daan.j.demeyer@gmail.com>

Thu, 18 Dec 2025 12:56:38 +0000 (13:56 +0100)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Fri, 12 Dec 2025 13:26:19 +0000 (14:26 +0100)
committer Daan De Meyer <daan.j.demeyer@gmail.com>
Thu, 18 Dec 2025 12:56:38 +0000 (13:56 +0100)
diff --git a/man/systemd-keyutil.xml b/man/systemd-keyutil.xml

index aaf760b948b96f82c9023dc8f6351235f29eea8f..47ab28a055e6980324d403435461a4c573b1fbf2 100644 (file)
--- a/man/systemd-keyutil.xml
+++ b/man/systemd-keyutil.xml
@@ -56,7 +56,7 @@
        </varlistentry>
  
        <varlistentry>
-        <term><command>public</command></term>
+        <term><command>extract-public</command></term>
  
          <listitem><para>This commands prints the public key in PEM format extracted from either the
          certificate given with <option>--certificate=</option> or the private key given with
diff --git a/src/keyutil/keyutil.c b/src/keyutil/keyutil.c

index 1c283d2aa7f6610792173ccfde2f233a8eeb985b..0e4e5006c7242fc9963b404c1151603570f51868 100644 (file)
--- a/src/keyutil/keyutil.c
+++ b/src/keyutil/keyutil.c
@@ -48,7 +48,7 @@ static int help(int argc, char *argv[], void *userdata) {
                 "\n%5$sPerform various operations on private keys and certificates.%6$s\n"
                 "\n%3$sCommands:%4$s\n"
                 "  validate               Load and validate the given certificate and private key\n"
-               "  public                 Extract a public key\n"
+               "  extract-public         Extract a public key\n"
                 "  pkcs7                  Generate a PKCS#7 signature\n"
                 "\n%3$sOptions:%4$s\n"
                 "  -h --help              Show this help\n"
@@ -247,7 +247,7 @@ static int verb_validate(int argc, char *argv[], void *userdata) {
          return 0;
  }
  
-static int verb_public(int argc, char *argv[], void *userdata) {
+static int verb_extract_public(int argc, char *argv[], void *userdata) {
          _cleanup_(EVP_PKEY_freep) EVP_PKEY *public_key = NULL;
          int r;
  
@@ -399,10 +399,11 @@ static int verb_pkcs7(int argc, char *argv[], void *userdata) {
  
  static int run(int argc, char *argv[]) {
          static const Verb verbs[] = {
-                { "help",     VERB_ANY, VERB_ANY, 0, help          },
-                { "validate", VERB_ANY, 1,        0, verb_validate },
-                { "public",   VERB_ANY, 1,        0, verb_public   },
-                { "pkcs7",    VERB_ANY, VERB_ANY, 0, verb_pkcs7    },
+                { "help",           VERB_ANY, VERB_ANY, 0, help                },
+                { "validate",       VERB_ANY, 1,        0, verb_validate       },
+                { "extract-public", VERB_ANY, 1,        0, verb_extract_public },
+                { "public",         VERB_ANY, 1,        0, verb_extract_public }, /* Deprecated but kept for backwards compat. */
+                { "pkcs7",          VERB_ANY, VERB_ANY, 0, verb_pkcs7          },
                  {}
          };
          int r;
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py

index ad6560534accc79e86950dae1fea96b4d3565426..c98f8e2a5dd9b3c283e70709c9edcec5bf746178 100755 (executable)
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -1364,7 +1364,7 @@ def make_uki(opts: UkifyConfig) -> None:
      pcrpkey: Union[bytes, Path, None] = opts.pcrpkey
      if pcrpkey is None:
          keyutil_tool = find_tool('systemd-keyutil', '/usr/lib/systemd/systemd-keyutil')
-        cmd = [keyutil_tool, 'public']
+        cmd = [keyutil_tool, 'extract-public']
  
          if opts.pcr_public_keys and len(opts.pcr_public_keys) == 1:
              # If we're using an engine or provider, the public key will be an X.509 certificate.
diff --git a/test/units/TEST-74-AUX-UTILS.keyutil.sh b/test/units/TEST-74-AUX-UTILS.keyutil.sh

index 172939253e4510b8fdb5d6bdf69c835146f9ef51..7cc9fd05f9fc4b137c3df2bd6e58b6c09bc5d95e 100755 (executable)
--- a/test/units/TEST-74-AUX-UTILS.keyutil.sh
+++ b/test/units/TEST-74-AUX-UTILS.keyutil.sh
@@ -37,14 +37,14 @@ testcase_validate() {
      /usr/lib/systemd/systemd-keyutil validate --certificate /tmp/test.crt --private-key /tmp/test.key
  }
  
-testcase_public() {
-    PUBLIC="$(/usr/lib/systemd/systemd-keyutil public --certificate /tmp/test.crt)"
+testcase_extract_public() {
+    PUBLIC="$(/usr/lib/systemd/systemd-keyutil extract-public --certificate /tmp/test.crt)"
      assert_eq "$PUBLIC" "$(openssl x509 -in /tmp/test.crt -pubkey -noout)"
  
-    PUBLIC="$(/usr/lib/systemd/systemd-keyutil public --private-key /tmp/test.key)"
+    PUBLIC="$(/usr/lib/systemd/systemd-keyutil extract-public --private-key /tmp/test.key)"
      assert_eq "$PUBLIC" "$(openssl x509 -in /tmp/test.crt -pubkey -noout)"
  
-    (! /usr/lib/systemd/systemd-keyutil public)
+    (! /usr/lib/systemd/systemd-keyutil extract-public)
  }
  
  verify_pkcs7() {
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Fri, 12 Dec 2025 13:26:19 +0000 (14:26 +0100)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Thu, 18 Dec 2025 12:56:38 +0000 (13:56 +0100)
man/systemd-keyutil.xml		patch \| blob \| blame \| history
src/keyutil/keyutil.c		patch \| blob \| blame \| history
src/ukify/ukify.py		patch \| blob \| blame \| history
test/units/TEST-74-AUX-UTILS.keyutil.sh		patch \| blob \| blame \| history