From: DaanDeMeyer <daan.j.demeyer@gmail.com>
Date: Wed, 24 Dec 2025 15:11:50 +0000 (+0100)
Subject: bootctl-install: Fix OpenSSL UI
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11f47cb70014894a9f09c730ee7aedcac89cf73e;p=thirdparty%2Fsystemd.git

bootctl-install: Fix OpenSSL UI

Follow up for a86a366eb07294357c34122114a11ee131c25e72.
---

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index 6cabf3785c4..ebaf5720b5a 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -965,12 +965,14 @@ static int are_we_installed(const char *esp_path) {
 #if HAVE_OPENSSL
 static int load_secure_boot_auto_enroll(
                 X509 **ret_certificate,
-                EVP_PKEY **ret_private_key) {
+                EVP_PKEY **ret_private_key,
+                OpenSSLAskPasswordUI **ret_ui) {
 
         int r;
 
         assert(ret_certificate);
         assert(ret_private_key);
+        assert(ret_ui);
 
         if (!arg_secure_boot_auto_enroll) {
                 *ret_certificate = NULL;
@@ -999,7 +1001,6 @@ static int load_secure_boot_auto_enroll(
                         return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
         }
 
-        _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
         r = openssl_load_private_key(
                         arg_private_key_source_type,
                         arg_private_key_source,
@@ -1012,13 +1013,12 @@ static int load_secure_boot_auto_enroll(
                                 .until = USEC_INFINITY,
                                 .hup_fd = -EBADF,
                         },
-                        &private_key,
-                        /* ret_user_interface= */ NULL);
+                        ret_private_key,
+                        ret_ui);
         if (r < 0)
                 return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
 
         *ret_certificate = TAKE_PTR(certificate);
-        *ret_private_key = TAKE_PTR(private_key);
 
         return 0;
 }
@@ -1039,9 +1039,10 @@ int verb_install(int argc, char *argv[], void *userdata) {
         graceful = arg_graceful() == ARG_GRACEFUL_FORCE || (!install && arg_graceful() != ARG_GRACEFUL_NO);
 
 #if HAVE_OPENSSL
+        _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL;
         _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
         _cleanup_(X509_freep) X509 *certificate = NULL;
-        r = load_secure_boot_auto_enroll(&certificate, &private_key);
+        r = load_secure_boot_auto_enroll(&certificate, &private_key, &ui);
         if (r < 0)
                 return r;
 #endif