From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 15 Nov 2024 15:40:57 +0000 (+0100)
Subject: bootctl: Only create loader/keys/auto if required
X-Git-Tag: v257-rc2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f2ac4458f08ca85d530e334c645a3f07aa17b1e5;p=thirdparty%2Fsystemd.git

bootctl: Only create loader/keys/auto if required

systemd-boot uses the existance of loader/keys/auto to determine
whether to auto-enroll secure boot or not so only create the directory
if we're actually going to put auto-enroll signature lists in it.
---

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index 26ee2865b2f..7ad264d8821 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -299,7 +299,6 @@ static const char *const esp_subdirs[] = {
         "EFI/BOOT",
         "loader",
         "loader/keys",
-        "loader/keys/auto",
         NULL
 };
 
@@ -615,6 +614,10 @@ static int install_secure_boot_auto_enroll(const char *esp, X509 *certificate, E
                 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert X.509 certificate to DER: %s",
                                        ERR_error_string(ERR_get_error(), NULL));
 
+        r = mkdir_one(esp, "loader/keys/auto");
+        if (r < 0)
+                return r;
+
         _cleanup_close_ int keys_fd = chase_and_open("loader/keys/auto", esp, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, O_DIRECTORY, NULL);
         if (keys_fd < 0)
                 return log_error_errno(keys_fd, "Failed to chase loader/keys/auto in the ESP: %m");
@@ -1287,6 +1290,10 @@ int verb_remove(int argc, char *argv[], void *userdata) {
                         r = q;
         }
 
+        q = rmdir_one(arg_esp_path, "/loader/keys/auto");
+        if (q < 0 && r >= 0)
+                r = q;
+
         q = remove_subdirs(arg_esp_path, esp_subdirs);
         if (q < 0 && r >= 0)
                 r = q;