Merge 5f05ba1d24 into 73f4882ef3

Currently translated at 89.8% (231 of 257 strings)

Co-authored-by: Anselm Schueler <mail@anselmschueler.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -18,7 +18,7 @@ body:
         If a distro build is used, please just paste the package version, e.g. `systemd-254.7-1.fc39.x86_64`.
         See https://github.com/systemd/systemd-stable/tags for the list of most recent releases.
         For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues).
-      placeholder: '255'
+      placeholder: '256.x'
     validations:
       required: true
 

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -121,6 +121,6 @@ body:
     attributes:
       label: The systemd version you checked that didn't have the feature you are asking for
       description: If this is not the most recently released upstream version, then please check first if it has that feature already.
-      placeholder: '255'
+      placeholder: '256.x'
     validations:
       required: false

man/sd_device_get_syspath.xml

@@ -191,7 +191,7 @@
     <literal>+drivers:</literal> followed by its driver subsystem and sysfs name separated with a colon.
     Example: <literal>+drivers:pci:iwlwifi</literal> for a driver device record whose driver subsystem is
     <literal>pci</literal> and sysfs name is <literal>iwlwifi</literal>,
-    When an other type of device is specified, this function returns <literal>+</literal> followed by its
+    When another type of device is specified, this function returns <literal>+</literal> followed by its
     subsystem and sysfs name separated with a colon. Example: <literal>+acpi:ACPI0003:00</literal>,
     <literal>+input:input16</literal>, or <literal>+pci:0000:00:1f.6</literal>.</para>
   </refsect1>

man/systemd-ask-password.xml

@@ -241,7 +241,7 @@
 
         <listitem><para>Controls whether to query the system-wide or the per-user password agents. By default
         if invoked privileged the system-wide agents are queried, otherwise the per-user ones. These options
-        allow to override this automatic behaviour.</para>
+        allow one to override this automatic behaviour.</para>
 
         <xi:include href="version-info.xml" xpointer="v257"/></listitem>
       </varlistentry>

man/systemd-measure.xml

@@ -104,6 +104,16 @@
 
         <xi:include href="version-info.xml" xpointer="v252"/></listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><command>pcrpkey</command></term>
+
+        <listitem><para>This commands writes the public key to stdout extracted from either the public key
+        given with <option>--public-key=</option>, the certificate given with <option>--certificate=</option>
+        or the private key given with <option>--private-key=</option>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

po/de.po

@@ -10,13 +10,13 @@
 # Christian Kirbach <christian.kirbach@gmail.com>, 2023.
 # Jarne Förster <fedora@mymailclient.de>, 2024.
 # Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>, 2024.
+# Anselm Schueler <mail@anselmschueler.com>, 2024.
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-11-05 13:46+0000\n"
+"PO-Revision-Date: 2024-11-07 13:26+0000\n"
-"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
+"Last-Translator: Anselm Schueler <mail@anselmschueler.com>\n"
-"memory@weblate.org>\n"
 "Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
 "main/de/>\n"
 "Language: de\n"
@@ -131,9 +131,8 @@ msgstr ""
 "Benutzers notwendig."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Einen persönlichen Bereich aktualisieren"
+msgstr "Deinen persönlichen Bereich aktualisieren"
 
 # https://www.freedesktop.org/software/systemd/man/sd-login.html
 #: src/home/org.freedesktop.home1.policy:54

po/fr.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-11-06 12:46+0000\n"
+"PO-Revision-Date: 2024-11-07 09:30+0000\n"
 "Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
 "Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
 "main/fr/>\n"
@@ -128,16 +128,13 @@ msgstr ""
 "utilisateur."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Mettre à jour un espace personnel"
+msgstr "Mettre à jour votre espace personnel"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
 msgstr ""
-"Une authentification est requise pour mettre à jour l'espace personnel d'un "
+"Une authentification est requise pour mettre à jour votre espace personnel."
-"utilisateur."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1261,14 +1258,12 @@ msgstr ""
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Gérer les fonctionnalités en option"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
 msgstr ""
-"Une authentification est requise pour gérer les sessions actives, les "
+"Une authentification est requise pour gérer les fonctionnalités en option."
-"utilisateurs et les postes (seats)."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/id.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-10-27 05:38+0000\n"
+"PO-Revision-Date: 2024-11-07 09:30+0000\n"
 "Last-Translator: Andika Triwidada <andika@gmail.com>\n"
 "Language-Team: Indonesian <https://translate.fedoraproject.org/projects/"
 "systemd/main/id/>\n"
@@ -15,7 +15,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.7.2\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -112,14 +112,12 @@ msgid "Authentication is required to update a user's home area."
 msgstr "Otentikasi diperlukan untuk memperbarui suatu area rumah pengguna."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Memperbarui suatu area rumah"
+msgstr "Memperbarui area rumah Anda"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
-msgstr "Otentikasi diperlukan untuk memperbarui suatu area rumah pengguna."
+msgstr "Otentikasi diperlukan untuk memperbarui area rumah Anda."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1166,12 +1164,11 @@ msgstr "Otentikasi diperlukan untuk membersihkan pembaruan sistem lama."
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Kelola fitur opsional"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr "Otentikasi diperlukan untuk mengelola seat, pengguna, dan sesi aktif."
+msgstr "Otentikasi diperlukan untuk mengelola fitur opsional"
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/ka.po

@@ -5,7 +5,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-24 10:36+0000\n"
+"PO-Revision-Date: 2024-11-07 02:35+0000\n"
 "Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n"
 "Language-Team: Georgian <https://translate.fedoraproject.org/projects/"
 "systemd/main/ka/>\n"
@@ -14,7 +14,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -108,14 +108,12 @@ msgid "Authentication is required to update a user's home area."
 msgstr "სახლის ტერიტორიის განახლებისთვის საჭიროა ავთენტიკაცია."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "სახლის ტერიტორიის განახლება"
+msgstr "თქვენი სახლის ტერიტორიის განახლება"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
-msgstr "სახლის ტერიტორიის განახლებისთვის საჭიროა ავთენტიკაცია."
+msgstr "თქვენი სახლის ტერიტორიის განახლებისთვის საჭიროა ავთენტიკაცია."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1164,14 +1162,11 @@ msgstr "ძველი სისტემური განახლებე
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "არასავალდებულო ფუნქციების მართვა"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr ""
+msgstr "არასავალდებულო ფუნქციების მართვას ავთენტიკაცია სჭირდება"
-"აქტიური სესიების, მომხმარებლებისა და სამუშაო მაგიდების მართვას ავთენტიკაცია "
-"სჭირდება."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/ko.po

@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-24 10:36+0000\n"
+"PO-Revision-Date: 2024-11-07 02:35+0000\n"
 "Last-Translator: 김인수 <simmon@nplob.com>\n"
 "Language-Team: Korean <https://translate.fedoraproject.org/projects/systemd/"
 "main/ko/>\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 "X-Poedit-SourceCharset: UTF-8\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
@@ -109,12 +109,10 @@ msgid "Authentication is required to update a user's home area."
 msgstr "사용자 홈 영역을 최신화 하려면 인증이 필요합니다."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "홈 영역을 최신화"
+msgstr "자신의 홈 영역 최신화"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
 msgstr "사용자 홈 영역을 최신화 하려면 인증이 필요합니다."
 
@@ -1117,12 +1115,11 @@ msgstr "오래된 시스템 최신화를 정리하려면 인증이 필요합니
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "추가 사양을 관리합니다"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr "활성 세션, 사용자 시트를 관리하려면 인증이 필요합니다."
+msgstr "추가 사양을 관리하려면 인증이 필요합니다"
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/pl.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-24 10:36+0000\n"
+"PO-Revision-Date: 2024-11-07 09:30+0000\n"
 "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
 "Language-Team: Polish <https://translate.fedoraproject.org/projects/systemd/"
 "main/pl/>\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -122,15 +122,13 @@ msgstr ""
 "użytkownika."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Aktualizacja przestrzeni domowej"
+msgstr "Aktualizacja przestrzeni domowej tego użytkownika"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
 msgstr ""
-"Wymagane jest uwierzytelnienie, aby zaktualizować przestrzeń domową "
+"Wymagane jest uwierzytelnienie, aby zaktualizować przestrzeń domową tego "
 "użytkownika."
 
 #: src/home/org.freedesktop.home1.policy:63
@@ -1212,14 +1210,11 @@ msgstr ""
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Zarządzanie funkcjami opcjonalnymi"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr ""
+msgstr "Wymagane jest uwierzytelnienie, aby zarządzać funkcjami opcjonalnymi."
-"Wymagane jest uwierzytelnienie, aby zarządzać aktywnymi sesjami, "
-"użytkownikami i stanowiskami."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/ru.po

@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-25 11:38+0000\n"
+"PO-Revision-Date: 2024-11-07 09:30+0000\n"
 "Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
 "Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
 "main/ru/>\n"
@@ -24,7 +24,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -130,16 +130,13 @@ msgstr ""
 "аутентификацию."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
 msgstr "Обновить домашнее пространство"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
 msgstr ""
-"Чтобы обновить домашнее пространство пользователя, необходимо пройти "
+"Чтобы обновить ваше домашнее пространство, необходимо пройти аутентификацию."
-"аутентификацию."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1278,14 +1275,12 @@ msgstr ""
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Управление дополнительными функциями"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
 msgstr ""
-"Для управления текущими сеансами, пользователями и рабочими местами, "
+"Для управления дополнительными функциями необходимо пройти аутентификацию."
-"необходимо пройти аутентификацию."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/sv.po

@@ -12,8 +12,8 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-10-24 00:56+0000\n"
+"PO-Revision-Date: 2024-11-07 09:30+0000\n"
-"Last-Translator: Anders Jonsson <anders.jonsson@norsjovallen.se>\n"
+"Last-Translator: Luna Jernberg <bittin@reimu.nl>\n"
 "Language-Team: Swedish <https://translate.fedoraproject.org/projects/systemd/"
 "main/sv/>\n"
 "Language: sv\n"
@@ -21,7 +21,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.7.2\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -117,14 +117,12 @@ msgid "Authentication is required to update a user's home area."
 msgstr "Autentisering krävs för att uppdatera en användares hemarea."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Uppdatera en hemarea"
+msgstr "Uppdatera din hemarea"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
-msgstr "Autentisering krävs för att uppdatera en användares hemarea."
+msgstr "Autentisering krävs för att uppdatera din hemarea."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1172,13 +1170,11 @@ msgstr "Autentisering krävs för att rensa gamla systemuppdateringar."
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "Hantera valfria funktioner"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr ""
+msgstr "Autentisering krävs för att hantera valfria funktioner"
-"Autentisering krävs för att hantera aktiva sessioner, användare och platser."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

po/tr.po

@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-08-25 11:38+0000\n"
+"PO-Revision-Date: 2024-11-07 09:30+0000\n"
 "Last-Translator: Oğuz Ersen <oguz@ersen.moe>\n"
 "Language-Team: Turkish <https://translate.fedoraproject.org/projects/systemd/"
 "main/tr/>\n"
@@ -19,7 +19,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.7\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -117,14 +117,12 @@ msgid "Authentication is required to update a user's home area."
 msgstr "Bir kullanıcının ev alanını güncellemek kimlik doğrulaması gerektirir."
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "Ev alanını güncelle"
+msgstr "Ev alanınızı güncelleyin"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
 msgid "Authentication is required to update your home area."
-msgstr "Bir kullanıcının ev alanını güncellemek kimlik doğrulaması gerektirir."
+msgstr "Ev alanınızı güncellemek kimlik doğrulaması gerektirir."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1221,14 +1219,11 @@ msgstr ""
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
-msgstr ""
+msgstr "İsteğe bağlı özellikleri yönet"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features"
-msgstr ""
+msgstr "İsteğe bağlı özellikleri yönetmek için kimlik doğrulaması gereklidir"
-"Aktif oturumları, kullanıcıları ve yuvaları yönetmek için kimlik doğrulaması "
-"gereklidir."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

src/boot/measure.c

@@ -77,6 +77,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "  status                 Show current PCR values\n"
                "  calculate              Calculate expected PCR values\n"
                "  sign                   Calculate and sign expected PCR values\n"
+               "  pcrpkey                Calculate the PCR public key\n"
                "\n%3$sOptions:%4$s\n"
                "  -h --help              Show this help\n"
                "     --version           Print version\n"
@@ -1173,12 +1174,100 @@ static int verb_status(int argc, char *argv[], void *userdata) {
         return 0;
 }
 
+static int verb_pcrpkey(int argc, char *argv[], void *userdata) {
+        _cleanup_(EVP_PKEY_freep) EVP_PKEY *public_key = NULL;
+        int r;
+
+        if (arg_public_key) {
+                _cleanup_fclose_ FILE *public_keyf = NULL;
+
+                public_keyf = fopen(arg_public_key, "re");
+                if (!public_keyf)
+                        return log_error_errno(errno, "Failed to open public key file '%s': %m", arg_public_key);
+
+                public_key = PEM_read_PUBKEY(public_keyf, NULL, NULL, NULL);
+                if (!public_key)
+                        return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to parse public key '%s'.", arg_public_key);
+
+        } else if (arg_certificate) {
+                _cleanup_(X509_freep) X509 *certificate = NULL;
+
+                if (arg_certificate_source_type == OPENSSL_CERTIFICATE_SOURCE_FILE) {
+                        r = parse_path_argument(arg_certificate, /*suppress_root=*/ false, &arg_certificate);
+                        if (r < 0)
+                                return r;
+                }
+
+                r = openssl_load_x509_certificate(
+                                arg_certificate_source_type,
+                                arg_certificate_source,
+                                arg_certificate,
+                                &certificate);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
+
+                public_key = X509_get_pubkey(certificate);
+                if (!public_key)
+                        return log_error_errno(
+                                        SYNTHETIC_ERRNO(EIO),
+                                        "Failed to extract public key from certificate %s.",
+                                        arg_certificate);
+
+        } else if (arg_private_key) {
+                _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL;
+                _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
+
+                if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
+                        r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
+                }
+
+                r = openssl_load_private_key(
+                                arg_private_key_source_type,
+                                arg_private_key_source,
+                                arg_private_key,
+                                &(AskPasswordRequest) {
+                                        .id = "measure-private-key-pin",
+                                        .keyring = arg_private_key,
+                                        .credential = "measure.private-key-pin",
+                                },
+                                &private_key,
+                                &ui);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
+
+                _cleanup_(memstream_done) MemStream m = {};
+                FILE *tf = memstream_init(&m);
+                if (!tf)
+                        return log_oom();
+
+                if (i2d_PUBKEY_fp(tf, private_key) != 1)
+                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
+                                               "Failed to extract public key from private key file '%s'.", arg_private_key);
+
+                fflush(tf);
+                rewind(tf);
+
+                if (!d2i_PUBKEY_fp(tf, &public_key))
+                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
+                                               "Failed to parse extracted public key of private key file '%s'.", arg_private_key);
+        } else
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "One of --public-key=, --certificate= or --private-key= must be specified");
+
+        if (PEM_write_PUBKEY(stdout, public_key) == 0)
+                return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write public key to stdout");
+
+        return 0;
+}
+
 static int measure_main(int argc, char *argv[]) {
         static const Verb verbs[] = {
                 { "help",      VERB_ANY, VERB_ANY, 0,            help           },
                 { "status",    VERB_ANY, 1,        VERB_DEFAULT, verb_status    },
                 { "calculate", VERB_ANY, 1,        0,            verb_calculate },
                 { "sign",      VERB_ANY, 1,        0,            verb_sign      },
+                { "pcrpkey",   VERB_ANY, 1,        0,            verb_pcrpkey   },
                 {}
         };
 

src/boot/sbsign.c

@@ -101,7 +101,7 @@ static int parse_argv(int argc, char *argv[]) {
         assert(argc >= 0);
         assert(argv);
 
-        while ((c = getopt_long(argc, argv, "hjc", options, NULL)) >= 0)
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
                 switch (c) {
 
                 case 'h':

src/test/test-mount-util.c

@@ -538,7 +538,6 @@ TEST(bind_mount_submounts) {
 }
 
 TEST(path_is_network_fs_harder) {
-        ASSERT_OK(path_is_network_fs_harder("/"));
         ASSERT_OK_ZERO(path_is_network_fs_harder("/dev"));
         ASSERT_OK_ZERO(path_is_network_fs_harder("/sys"));
         ASSERT_OK_ZERO(path_is_network_fs_harder("/run"));

src/ukify/test/test_ukify.py

@@ -207,11 +207,11 @@ def test_parse_args_many_deprecated():
     assert opts.uname == '1.2.3'
     assert opts.stub == pathlib.Path('STUBPATH')
     assert opts.pcr_private_keys == ['PKEY1']
-    assert opts.pcr_public_keys == [pathlib.Path('PKEY2')]
+    assert opts.pcr_public_keys == ['PKEY2']
     assert opts.pcr_banks == ['SHA1', 'SHA256']
     assert opts.signing_engine == 'ENGINE'
     assert opts.sb_key == 'SBKEY'
-    assert opts.sb_cert == 'SBCERT'
+    assert opts.sb_cert == Path('SBCERT')
     assert opts.sign_kernel is False
     assert opts.tools == [pathlib.Path('TOOLZ/')]
     assert opts.output == pathlib.Path('OUTPUT')
@@ -253,7 +253,7 @@ def test_parse_args_many():
     assert opts.uname == '1.2.3'
     assert opts.stub == pathlib.Path('STUBPATH')
     assert opts.pcr_private_keys == ['PKEY1']
-    assert opts.pcr_public_keys == [pathlib.Path('PKEY2')]
+    assert opts.pcr_public_keys == ['PKEY2']
     assert opts.pcr_banks == ['SHA1', 'SHA256']
     assert opts.signing_engine == 'ENGINE'
     assert opts.sb_key == 'SBKEY'
@@ -360,8 +360,7 @@ def test_config_priority(tmp_path):
     assert opts.uname == '1.2.3'
     assert opts.stub == pathlib.Path('STUBPATH')
     assert opts.pcr_private_keys == ['PKEY1', 'some/path7']
-    assert opts.pcr_public_keys == [pathlib.Path('PKEY2'),
+    assert opts.pcr_public_keys == ['PKEY2', 'some/path8']
-                                    pathlib.Path('some/path8')]
     assert opts.pcr_banks == ['SHA1', 'SHA256']
     assert opts.signing_engine == 'ENGINE'
     assert opts.signtool == ukify.SbSign # from args

src/ukify/ukify.py

@@ -249,7 +249,7 @@ class UkifyConfig:
     output: Optional[str]
     pcr_banks: list[str]
     pcr_private_keys: list[str]
-    pcr_public_keys: list[Path]
+    pcr_public_keys: list[str]
     pcrpkey: Optional[Path]
     phase_path_groups: Optional[list[str]]
     profile: Union[str, Path, None]
@@ -672,7 +672,7 @@ def combine_signatures(pcrsigs: list[dict[str, str]]) -> str:
     return json.dumps(combined)
 
 
-def key_path_groups(opts: UkifyConfig) -> Iterator[tuple[str, Optional[Path], Optional[str]]]:
+def key_path_groups(opts: UkifyConfig) -> Iterator[tuple[str, Optional[str], Optional[str]]]:
     if not opts.pcr_private_keys:
         return
 
@@ -765,7 +765,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) ->
                 extra += [f'--public-key={pub_key}']
 
             if opts.certificate_provider is not None:
-                extra += [f'--certificate-source={opts.certificate_provider}']
+                extra += [f'--certificate-source=provider:{opts.certificate_provider}']
 
             extra += [f'--phase={phase_path}' for phase_path in group or ()]
 
@@ -1017,34 +1017,30 @@ def make_uki(opts: UkifyConfig) -> None:
 
     pcrpkey: Union[bytes, Path, None] = opts.pcrpkey
     if pcrpkey is None:
+        measure_tool = find_tool('systemd-measure', '/usr/lib/systemd/systemd-measure')
+        cmd = [measure_tool, "pcrpkey"]
+
         if opts.pcr_public_keys and len(opts.pcr_public_keys) == 1:
-            pcrpkey = opts.pcr_public_keys[0]
+            # If we're using an engine or provider, the public key will be an X.509 certificate.
-            # If we are getting a certificate when using an engine or provider, we need to convert it to
+            if (opts.signing_engine or opts.signing_provider):
-            # public key format.
+                cmd += ["--certificate", opts.pcr_public_keys[0]]
-            if (opts.signing_engine or opts.signing_provider) and Path(pcrpkey).exists():
+                if opts.certificate_provider:
-                from cryptography.hazmat.primitives import serialization
+                    cmd += ["--certificate-source", f"provider:{opts.certificate_provider}"]
-                from cryptography.x509 import load_pem_x509_certificate
+            else:
+                cmd += ["--public-key", opts.pcr_public_keys[0]]
 
-                try:
+            print('+', shell_join(cmd))
-                    cert = load_pem_x509_certificate(Path(pcrpkey).read_bytes())
+            pcrpkey = subprocess.check_output(cmd)
-                except ValueError:
-                    raise ValueError(f'{pcrpkey} must be an X.509 certificate when signing with an engine')
-                else:
-                    pcrpkey = cert.public_key().public_bytes(
-                        encoding=serialization.Encoding.PEM,
-                        format=serialization.PublicFormat.SubjectPublicKeyInfo,
-                    )
         elif opts.pcr_private_keys and len(opts.pcr_private_keys) == 1:
-            from cryptography.hazmat.primitives import serialization
+            cmd += ["--private-key", Path(opts.pcr_private_keys[0])]
 
-            privkey = serialization.load_pem_private_key(
+            if opts.signing_engine:
-                Path(opts.pcr_private_keys[0]).read_bytes(),
+                cmd += ["--private-key-source", f"engine:{opts.signing_engine}"]
-                password=None,
+            if opts.signing_provider:
-            )
+                cmd += ["--private-key-source", f"provider:{opts.signing_provider}"]
-            pcrpkey = privkey.public_key().public_bytes(
+
-                encoding=serialization.Encoding.PEM,
+            print('+', shell_join(cmd))
-                format=serialization.PublicFormat.SubjectPublicKeyInfo,
+            pcrpkey = subprocess.check_output(cmd)
-            )
 
     sections = [
         # name,      content,         measure?
@@ -1762,7 +1758,6 @@ CONFIG_ITEMS = [
         '--pcr-public-key',
         dest='pcr_public_keys',
         metavar='PATH',
-        type=Path,
         action='append',
         help='public part of the keypair or engine/provider designation for signing PCR signatures',
         config_key='PCRSignature:/PCRPublicKey',