-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some work on swtpm_cert #206
Conversation
Pull Request Test Coverage Report for Build 1761
💛 - Coveralls |
Passing secrets via environment variable isn't ideal. We should use fd, like existing |
I primarily did this to accommodate the invocation via shell scripts , but I agree, we should have this as well. Another option to try for the shell script would be to pass it via file and then use this construct here:
Besides this, I think it may be good to avoid introducing too many new command line options. So passing it via something like this here may be good too:
|
Looks ok, although not consistent with swtpm command line options. Although unlikely, this may also break existing users, perhaps add --signkey-pass/pwd ? |
af057e5
to
4779db8
Compare
@elmarco Thanks for the suggestion. Pushed an updated. |
fcb749c
to
15fb3d5
Compare
Also added support for |
Allow passing signing key and parent key via files and file descriptors and environment variables. Adapt a test case to exercise this new functionality. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the swtpm_cert --signkey-pwd and --parentkey-pwd to pass key passwords using files rather than using the command line options. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for the --print-capabilities option to display newly added capabilities. Adpat the man page and related test case. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Convert the code to use getopt_long_only for parsing the options. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Accept serial number that use up to 64bits. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
15fb3d5
to
5b1d9c9
Compare
looks ok to me |
This series of patches allows passing of passwords to swtpm_cert using environment variables, converts the parsing of command line options to use getopt_long_only and allow certificate serial numbers with larger values (up to 64bit).