From: Lennart Poettering Date: Thu, 5 Feb 2026 15:01:08 +0000 (+0100) Subject: pcrextend: fix varlink API to match what we actually take X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=823054d0791aa3948325e222e35a4c4f7df9f3f4;p=thirdparty%2Fsystemd.git pcrextend: fix varlink API to match what we actually take (Change test case slightly, to ensure we don't regress on this) --- diff --git a/src/shared/varlink-io.systemd.PCRExtend.c b/src/shared/varlink-io.systemd.PCRExtend.c index 84ee2e731ba..87783f1ee9f 100644 --- a/src/shared/varlink-io.systemd.PCRExtend.c +++ b/src/shared/varlink-io.systemd.PCRExtend.c @@ -4,9 +4,10 @@ static SD_VARLINK_DEFINE_METHOD( Extend, - SD_VARLINK_FIELD_COMMENT("PCR number to extend, in range of 0…23"), - SD_VARLINK_DEFINE_INPUT(pcr, SD_VARLINK_INT, 0), - SD_VARLINK_DEFINE_INPUT(nvpcr, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("PCR number to extend, in range of 0…23. Either this or 'nvpcr' must be specified, not both, not neither."), + SD_VARLINK_DEFINE_INPUT(pcr, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("NvPCR to extend, identified by a string. Either this or 'pcr' must be specified, not both, not neither."), + SD_VARLINK_DEFINE_INPUT(nvpcr, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("Text string to measure. (Specify either this, or the 'data' field below, not both)"), SD_VARLINK_DEFINE_INPUT(text, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("Binary data to measure, encoded in Base64. (Specify either this, or the 'text' field above, not both)"), diff --git a/test/units/TEST-70-TPM2.nvpcr.sh b/test/units/TEST-70-TPM2.nvpcr.sh index 8827acc6ed5..1539d056a4d 100755 --- a/test/units/TEST-70-TPM2.nvpcr.sh +++ b/test/units/TEST-70-TPM2.nvpcr.sh @@ -43,8 +43,8 @@ DIGEST_EXPECTED="$(echo "$DIGEST_BASE$DIGEST_MEASURED" | xxd -r -p | openssl dgs DIGEST_ACTUAL="$(systemd-analyze nvpcrs test --json=pretty | jq -r '.[] | select(.name=="test") | .value')" test "$DIGEST_ACTUAL" = "$DIGEST_EXPECTED" -# Now "destroy" the value via another measurement -/usr/lib/systemd/systemd-pcrextend --nvpcr=test schnurz +# Now "destroy" the value via another measurement (this time we use Varlink, to test the API) +varlinkctl call /usr/lib/systemd/systemd-pcrextend io.systemd.PCRExtend.Extend '{"nvpcr":"test","text":"schnurz"}' DIGEST_ACTUAL2="$(systemd-analyze nvpcrs test --json=pretty | jq -r '.[] | select(.name=="test") | .value')" test "$DIGEST_ACTUAL2" != "$DIGEST_EXPECTED"