The engine might have a pin that needs to be entered via stdin so
let's pass through stdin if that's the case so that users can enter
the pin.
run(
cmd,
+ stdin=(
+ sys.stdin
+ if context.config.secure_boot_key_source.type != KeySourceType.file
+ else subprocess.DEVNULL
+ ),
sandbox=context.sandbox(
binary=ukify,
options=[*opt, *options],
output = json.loads(
run(
cmdline,
+ stdin=(
+ sys.stdin
+ if context.config.verity_key_source.type != KeySourceType.file
+ else subprocess.DEVNULL
+ ),
stdout=subprocess.PIPE,
env=context.config.environment,
sandbox=context.sandbox(
j = json.loads(
run(
cmdline,
+ stdin=(
+ sys.stdin
+ if context.config.verity_key_source.type != KeySourceType.file
+ else subprocess.DEVNULL
+ ),
stdout=subprocess.PIPE,
env=context.config.environment,
sandbox=context.sandbox(
cmd += [workdir(input)]
run(
cmd,
+ stdin=(
+ sys.stdin
+ if context.config.secure_boot_key_source.type != KeySourceType.file
+ else subprocess.DEVNULL
+ ),
sandbox=context.sandbox(
binary="sbsign",
options=options,
"--in", workdir(input),
"--out", workdir(output),
],
+ stdin=(
+ sys.stdin
+ if context.config.secure_boot_key_source.type != KeySourceType.file
+ else subprocess.DEVNULL
+ ),
sandbox=context.sandbox(
binary="pesign",
options=[
cmd += [db, workdir(context.workspace / "mkosi.esl")]
run(
cmd,
+ stdin=(
+ sys.stdin
+ if context.config.secure_boot_key_source.type != KeySourceType.file
+ else subprocess.DEVNULL
+ ),
sandbox=context.sandbox(
binary="sbvarsign",
options=options,