ukify: Fix regression in --no-sign-kernel flag

The man page says that --sign-kernel and --no-sign-kernel "override the detection of whether to sign the Linux binary", so we should only autodetect if neither are specified. But as of commit 02eabaffe98c ("ukify: Add a unified interface for signing tools"), we autodetect even when --no-sign-kernel is passed, which makes the flag useless. The sign_kernel option is parsed using argparse.BooleanOptionalAction, which sets it to either True, False, or None. commit 02eabaffe98c replaced `sign_kernel is None` with `not sign_kernel`. These are not the same in Python, as the latter accepts False as well as None. Restore the original check and fix type annotations accordingly. Fixes: 02eabaffe98c ("ukify: Add a unified interface for signing tools")
2025-03-10 16:58:28 +03:00 · 2024-12-18 11:08:17 -05:00 · 2024-12-18 11:08:17 -05:00 · 32c3e1379d
commit 32c3e1379d
parent 0d1ebcf67d
1 changed files with 2 additions and 2 deletions
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@ -264,7 +264,7 @@ class UkifyConfig:
    sbat: Optional[list[str]]
    sections: list['Section']
    sections_by_name: dict[str, 'Section']
-    sign_kernel: bool
+    sign_kernel: Optional[bool]
    signing_engine: Optional[str]
    signing_provider: Optional[str]
    certificate_provider: Optional[str]
@ -1108,7 +1108,7 @@ def make_uki(opts: UkifyConfig) -> None:
        assert opts.signtool is not None
        signtool = SignTool.from_string(opts.signtool)

-        if not sign_kernel:
+        if sign_kernel is None:
            # figure out if we should sign the kernel
            sign_kernel = signtool.verify(opts)