]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
Pass through stdin to various signing tools if an engine is used 3157/head
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 31 Oct 2024 11:40:30 +0000 (12:40 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 31 Oct 2024 11:40:30 +0000 (12:40 +0100)
The engine might have a pin that needs to be entered via stdin so
let's pass through stdin if that's the case so that users can enter
the pin.

mkosi/__init__.py
mkosi/bootloader.py

index bae8baa49a837dcd03d2b8082df52fb6102161f3..513d0f29bad7bf8aae2f5658eec03ae65318288a 100644 (file)
@@ -1551,6 +1551,11 @@ def run_ukify(
 
     run(
         cmd,
+        stdin=(
+            sys.stdin
+            if context.config.secure_boot_key_source.type != KeySourceType.file
+            else subprocess.DEVNULL
+        ),
         sandbox=context.sandbox(
             binary=ukify,
             options=[*opt, *options],
@@ -3105,6 +3110,11 @@ def make_image(
         output = json.loads(
             run(
                 cmdline,
+                stdin=(
+                    sys.stdin
+                    if context.config.verity_key_source.type != KeySourceType.file
+                    else subprocess.DEVNULL
+                ),
                 stdout=subprocess.PIPE,
                 env=context.config.environment,
                 sandbox=context.sandbox(
@@ -3428,6 +3438,11 @@ def make_extension_image(context: Context, output: Path) -> None:
         j = json.loads(
             run(
                 cmdline,
+                stdin=(
+                    sys.stdin
+                    if context.config.verity_key_source.type != KeySourceType.file
+                    else subprocess.DEVNULL
+                ),
                 stdout=subprocess.PIPE,
                 env=context.config.environment,
                 sandbox=context.sandbox(
index ff2ed0d1f0b74ae8a8f1d1f92cb01721644c5da2..8a1c37500844034acc77ef97df8edf70db3a80b7 100644 (file)
@@ -527,6 +527,11 @@ def sign_efi_binary(context: Context, input: Path, output: Path) -> Path:
         cmd += [workdir(input)]
         run(
             cmd,
+            stdin=(
+                sys.stdin
+                if context.config.secure_boot_key_source.type != KeySourceType.file
+                else subprocess.DEVNULL
+            ),
             sandbox=context.sandbox(
                 binary="sbsign",
                 options=options,
@@ -549,6 +554,11 @@ def sign_efi_binary(context: Context, input: Path, output: Path) -> Path:
                 "--in", workdir(input),
                 "--out", workdir(output),
             ],
+            stdin=(
+                sys.stdin
+                if context.config.secure_boot_key_source.type != KeySourceType.file
+                else subprocess.DEVNULL
+            ),
             sandbox=context.sandbox(
                 binary="pesign",
                 options=[
@@ -764,6 +774,11 @@ def install_systemd_boot(context: Context) -> None:
                     cmd += [db, workdir(context.workspace / "mkosi.esl")]
                     run(
                         cmd,
+                        stdin=(
+                            sys.stdin
+                            if context.config.secure_boot_key_source.type != KeySourceType.file
+                            else subprocess.DEVNULL
+                        ),
                         sandbox=context.sandbox(
                             binary="sbvarsign",
                             options=options,