From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 27 Feb 2025 09:02:09 +0000 (+0100)
Subject: man: follow our certificate/public-key/private-key PEM file naming rules
X-Git-Tag: v258-rc1~1233^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da468d61eea5381b45a462f04e2fb11cc50f0cf2;p=thirdparty%2Fsystemd.git

man: follow our certificate/public-key/private-key PEM file naming rules

In 2cc58b6c8ad1826f22b120c4148d123018a7b92c and related we established
rules on naming certs/public-keys/private-keys:

*-public-key.pem
*-private-key.pem
*-certificate.pem

Let's follow that naming in repart's man page too.
---

diff --git a/man/systemd-repart.xml b/man/systemd-repart.xml
index 2e11c45993a..f4823cd0e2e 100644
--- a/man/systemd-repart.xml
+++ b/man/systemd-repart.xml
@@ -684,8 +684,8 @@ IMAGE_ID=my-motd
 IMAGE_VERSION=7
 EOF
 systemd-repart -C \
-  --private-key=privkey.pem \
-  --certificate=cert.crt \
+  --private-key=verity-private-key.pem \
+  --certificate=verity-certificate.pem \
   -s tree/ \
   /var/lib/confexts/my-motd.confext.raw
 systemd-confext refresh</programlisting>
@@ -711,7 +711,7 @@ EOF
 systemd-repart --make-ddi=sysext \
   --private-key-source=engine:pkcs11 \
   --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" \
-  --certificate=cert.crt \
+  --certificate=verity-certificate.pem \
   -s tree/ \
   /var/lib/extensions/my-foo.sysext.raw
 systemd-sysext refresh</programlisting>
@@ -763,21 +763,21 @@ EOF
 
 systemd-repart --definitions repart.d \
   --defer-partitions=root-verity-sig \
-  --copy-source /tmp/tree/ \
-  --empty create --size 600M \
+  --copy-source=/tmp/tree/ \
+  --empty=create --size=600M \
   --json=short \
   /tmp/img.raw | | jq --raw-output0 .[-1].roothash &gt; /tmp/img.roothash
 
 openssl smime -sign -in /tmp/img.roothash \
-  -inkey privkey.pem \
-  -signer cert.crt \
+  -inkey verity-private-key.pem \
+  -signer verity-certificate.pem \
   -noattr -binary -outform der \
   -out /tmp/img.roothash.p7s
 
 systemd-repart --definitions repart.d \
-  --dry-run=no --root /tmp/tree/ \
-  --join-signature "$(cat /tmp/img.roothash):/tmp/img.roothash.p7s" \
-  --certificate cert.crt \
+  --dry-run=no --root=/tmp/tree/ \
+  --join-signature="$(cat /tmp/img.roothash):/tmp/img.roothash.p7s" \
+  --certificate=verity-certificate.pem \
   /tmp/img.raw</programlisting>
     </example>