From 5c396a01104ba3de5e4e72825c019873f50bc626 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 3 Sep 2025 11:31:30 +0200
Subject: [PATCH] bootctl: switch a few getenv() calls to secure_getenv()

Following the rule that we should always prefer the secure flavour over
the regular one unless there's a clear reason for the regular one, let's
switch this over. Better safe than sorry.
---
 src/bootctl/bootctl-install.c     | 4 ++--
 src/bootctl/bootctl-random-seed.c | 2 +-
 src/bootctl/bootctl-util.c        | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index 197c9d5bd63..0d07f544780 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -102,7 +102,7 @@ static int load_kernel_install_layout(void) {
         int r;
 
         r = load_kernel_install_conf(arg_root,
-                                     getenv("KERNEL_INSTALL_CONF_ROOT"),
+                                     secure_getenv("KERNEL_INSTALL_CONF_ROOT"),
                                      /* ret_machine_id= */ NULL,
                                      /* ret_boot_root= */ NULL,
                                      &layout,
@@ -578,7 +578,7 @@ static int install_entry_token(void) {
         if (!arg_make_entry_directory && arg_entry_token_type == BOOT_ENTRY_TOKEN_MACHINE_ID)
                 return 0;
 
-        p = path_join(arg_root, getenv("KERNEL_INSTALL_CONF_ROOT") ?: "/etc/kernel/", "entry-token");
+        p = path_join(arg_root, secure_getenv("KERNEL_INSTALL_CONF_ROOT") ?: "/etc/kernel/", "entry-token");
         if (!p)
                 return log_oom();
 
diff --git a/src/bootctl/bootctl-random-seed.c b/src/bootctl/bootctl-random-seed.c
index 7cd39624c11..c4811aace33 100644
--- a/src/bootctl/bootctl-random-seed.c
+++ b/src/bootctl/bootctl-random-seed.c
@@ -61,7 +61,7 @@ static int set_system_token(void) {
         if (!touch_variables())
                 return 0;
 
-        r = getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
+        r = secure_getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
         if (r < 0) {
                 if (r != -ENXIO)
                         log_warning_errno(r, "Failed to parse $SYSTEMD_WRITE_SYSTEM_TOKEN, ignoring.");
diff --git a/src/bootctl/bootctl-util.c b/src/bootctl/bootctl-util.c
index 381c6f8af65..f5642827aca 100644
--- a/src/bootctl/bootctl-util.c
+++ b/src/bootctl/bootctl-util.c
@@ -124,7 +124,7 @@ int settle_entry_token(void) {
 
         r = boot_entry_token_ensure(
                         arg_root,
-                        getenv("KERNEL_INSTALL_CONF_ROOT"),
+                        secure_getenv("KERNEL_INSTALL_CONF_ROOT"),
                         arg_machine_id,
                         /* machine_id_is_random = */ false,
                         &arg_entry_token_type,
-- 
2.47.3