From 7db71cd79fd5a9f7b469d3d2123e2eb91b3c1056 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 16 Feb 2025 16:57:11 +0100 Subject: [PATCH] ukify: Fix --sign-profile= check for main profile opts.profile is always an env file so we have to parse the default value as well to check if it's in --sign-profile= or not. --- src/ukify/ukify.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 097a7ee0c66..8c2875f43aa 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -280,7 +280,7 @@ class UkifyConfig: join_pcrsig: Optional[Path] phase_path_groups: Optional[list[str]] policy_digest: bool - profile: Union[str, Path, None] + profile: Optional[str] sb_cert: Union[str, Path, None] sb_cert_name: Optional[str] sb_cert_validity: int @@ -1425,7 +1425,10 @@ def make_uki(opts: UkifyConfig) -> None: if ( not opts.pcrsig and (opts.join_profiles or not opts.profile) - and (not opts.sign_profiles or opts.profile in opts.sign_profiles) + and ( + not opts.sign_profiles + or (opts.profile and read_env_file(opts.profile).get('ID') in opts.sign_profiles) + ) ): combined_sigs = call_systemd_measure(uki, opts=opts) @@ -2437,6 +2440,8 @@ def finalize_options(opts: argparse.Namespace) -> None: ) opts.profile = resolve_at_path(opts.profile) + if opts.profile and isinstance(opts.profile, Path): + opts.profile = opts.profile.read_text() if opts.join_profiles and not opts.profile: # If any additional profiles are added, we need a base profile as well so add one if