From 05015b5957cd1b83359847a1f0f50a8869325447 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 31 Oct 2024 12:40:30 +0100
Subject: [PATCH] Pass through stdin to various signing tools if an engine is
 used

The engine might have a pin that needs to be entered via stdin so
let's pass through stdin if that's the case so that users can enter
the pin.
---
 mkosi/__init__.py   | 15 +++++++++++++++
 mkosi/bootloader.py | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index bae8baa49..513d0f29b 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1551,6 +1551,11 @@ def run_ukify(
 
     run(
         cmd,
+        stdin=(
+            sys.stdin
+            if context.config.secure_boot_key_source.type != KeySourceType.file
+            else subprocess.DEVNULL
+        ),
         sandbox=context.sandbox(
             binary=ukify,
             options=[*opt, *options],
@@ -3105,6 +3110,11 @@ def make_image(
         output = json.loads(
             run(
                 cmdline,
+                stdin=(
+                    sys.stdin
+                    if context.config.verity_key_source.type != KeySourceType.file
+                    else subprocess.DEVNULL
+                ),
                 stdout=subprocess.PIPE,
                 env=context.config.environment,
                 sandbox=context.sandbox(
@@ -3428,6 +3438,11 @@ def make_extension_image(context: Context, output: Path) -> None:
         j = json.loads(
             run(
                 cmdline,
+                stdin=(
+                    sys.stdin
+                    if context.config.verity_key_source.type != KeySourceType.file
+                    else subprocess.DEVNULL
+                ),
                 stdout=subprocess.PIPE,
                 env=context.config.environment,
                 sandbox=context.sandbox(
diff --git a/mkosi/bootloader.py b/mkosi/bootloader.py
index ff2ed0d1f..8a1c37500 100644
--- a/mkosi/bootloader.py
+++ b/mkosi/bootloader.py
@@ -527,6 +527,11 @@ def sign_efi_binary(context: Context, input: Path, output: Path) -> Path:
         cmd += [workdir(input)]
         run(
             cmd,
+            stdin=(
+                sys.stdin
+                if context.config.secure_boot_key_source.type != KeySourceType.file
+                else subprocess.DEVNULL
+            ),
             sandbox=context.sandbox(
                 binary="sbsign",
                 options=options,
@@ -549,6 +554,11 @@ def sign_efi_binary(context: Context, input: Path, output: Path) -> Path:
                 "--in", workdir(input),
                 "--out", workdir(output),
             ],
+            stdin=(
+                sys.stdin
+                if context.config.secure_boot_key_source.type != KeySourceType.file
+                else subprocess.DEVNULL
+            ),
             sandbox=context.sandbox(
                 binary="pesign",
                 options=[
@@ -764,6 +774,11 @@ def install_systemd_boot(context: Context) -> None:
                     cmd += [db, workdir(context.workspace / "mkosi.esl")]
                     run(
                         cmd,
+                        stdin=(
+                            sys.stdin
+                            if context.config.secure_boot_key_source.type != KeySourceType.file
+                            else subprocess.DEVNULL
+                        ),
                         sandbox=context.sandbox(
                             binary="sbvarsign",
                             options=options,
-- 
2.47.2