Hi Ahmad,
On 2026-02-10 10:35, Ahmad Fatoum wrote:
On 2/6/26 1:28 PM, Jonas Rebmann wrote:
keytoc/CONFIG_CRYPTO_PUBLIC_KEYS can work with a complete keyspec
provided by an environment variable as opposed to providing single URIs.
This would be a very useful feature if it could also provide any number
of keys. Kconfig however provides keytoc with regular keyspecs already
split at spaces so without furhter measures, the env variable can only
be expanded into a single key.
Work around this by, in the special case of keytoc provided with a
single environment variable, splitting that single argument at any space
character that is not escaped with a backslash in front of it.
I think that's sensible. Do we see breakage potential for existing
users? If so, we should have a migration entry about the change in
interpretation of space.
It does break for users of the single-env-variable format if they'd been
relying on paths containing spaces or backslashes, which they'd need to
start escaping now. But I don't suppose many, if any, users are really
affected by that.
I'll add a migration entry, suppose it can't hurt.
I'll update this patch to treat multiple variables the same way as
single variables.
Right now, given a single __ENV__var1 argument, that is split but once
given a second __ENV__var2 argument, neither are split, which is
inconsistent.
I will keep not modifying plain URIs provided by env e.g.
keyring:__ENV__uri
keycount = argc - optind;
+ keyspecs = argv + optind;
+
+ if (keycount == 1 && !strncmp(argv[optind], "__ENV__", 7)) {
+ char *singlespec = try_resolve_env(keyspecs[0]);
+ /* include '\0' in length */
+ int len = strlen(singlespec) + 1;
+ char *p;
+
+ for (p = singlespec; *p; p++) {
Can you copy strsep_unescaped to scripts/ and use that instead?
Oh yes that will make things easier.
Regards,
Jonas
--
Pengutronix e.K. | Jonas Rebmann |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |
