man: document version for BindNetworkInterface instead of using ignore list

The ignore list is for older stuff, all new interfaces must be documented with a version. Follow-up for c1c787651b34c0a0f1082b9d32cf47ea3abe0af2
bootctl-install: Fix OpenSSL UI
2026-03-19 19:44:48 +01:00 · 2025-12-24 19:25:21 +01:00 · 2025-12-24 18:04:57 +01:00
3 changed files with 13 additions and 12 deletions
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@ -12598,6 +12598,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <varname>ManagedOOMKills</varname>,
      <varname>ExecReloadPost</varname>, and
      <varname>ExecReloadPostEx</varname> were added in version 259.</para>
+      <para><varname>BindNetworkInterface</varname> was added in version 260.</para>
    </refsect2>
    <refsect2>
      <title>Socket Unit Objects</title>
@ -12666,6 +12667,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <para><varname>OOMKills</varname>, and
      <varname>UserNamespacePath</varname>, and
      <varname>ManagedOOMKills</varname> were added in 259.</para>
+      <para><varname>BindNetworkInterface</varname> was added in version 260.</para>
    </refsect2>
    <refsect2>
      <title>Mount Unit Objects</title>
@ -12729,6 +12731,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <para><varname>UserNamespacePath</varname>,
      <varname>OOMKills</varname>, and
      <varname>ManagedOOMKills</varname> were added in 259.</para>
+      <para><varname>BindNetworkInterface</varname> was added in version 260.</para>
    </refsect2>
    <refsect2>
      <title>Swap Unit Objects</title>
@ -12790,6 +12793,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <para><varname>UserNamespacePath</varname>,
      <varname>OOMKills</varname>, and
      <varname>ManagedOOMKills</varname> were added in 259.</para>
+      <para><varname>BindNetworkInterface</varname> was added in version 260.</para>
    </refsect2>
    <refsect2>
      <title>Slice Unit Objects</title>
@ -12822,6 +12826,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <function>KillSubgroup()</function> were added in version 258.</para>
      <para><varname>OOMKills</varname>, and
      <varname>ManagedOOMKills</varname> were added in 259.</para>
+      <para><varname>BindNetworkInterface</varname> was added in version 260.</para>
    </refsect2>
    <refsect2>
      <title>Scope Unit Objects</title>
@ -12852,6 +12857,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <function>KillSubgroup()</function> were added in version 258.</para>
      <para><varname>OOMKills</varname>, and
      <varname>ManagedOOMKills</varname> were added in 259.</para>
+      <para><varname>BindNetworkInterface</varname> was added in version 260.</para>
    </refsect2>
    <refsect2>
      <title>Job Objects</title>
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@ -965,12 +965,14 @@ static int are_we_installed(const char *esp_path) {
 #if HAVE_OPENSSL
 static int load_secure_boot_auto_enroll(
                X509 **ret_certificate,
-                EVP_PKEY **ret_private_key) {
+                EVP_PKEY **ret_private_key,
+                OpenSSLAskPasswordUI **ret_ui) {

        int r;

        assert(ret_certificate);
        assert(ret_private_key);
+        assert(ret_ui);

        if (!arg_secure_boot_auto_enroll) {
                *ret_certificate = NULL;
@ -999,7 +1001,6 @@ static int load_secure_boot_auto_enroll(
                        return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
        }

-        _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
        r = openssl_load_private_key(
                        arg_private_key_source_type,
                        arg_private_key_source,
@ -1012,13 +1013,12 @@ static int load_secure_boot_auto_enroll(
                                .until = USEC_INFINITY,
                                .hup_fd = -EBADF,
                        },
-                        &private_key,
-                        /* ret_user_interface= */ NULL);
+                        ret_private_key,
+                        ret_ui);
        if (r < 0)
                return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);

        *ret_certificate = TAKE_PTR(certificate);
-        *ret_private_key = TAKE_PTR(private_key);

        return 0;
 }
@ -1039,9 +1039,10 @@ int verb_install(int argc, char *argv[], void *userdata) {
        graceful = arg_graceful() == ARG_GRACEFUL_FORCE || (!install && arg_graceful() != ARG_GRACEFUL_NO);

 #if HAVE_OPENSSL
+        _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL;
        _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
        _cleanup_(X509_freep) X509 *certificate = NULL;
-        r = load_secure_boot_auto_enroll(&certificate, &private_key);
+        r = load_secure_boot_auto_enroll(&certificate, &private_key, &ui);
        if (r < 0)
                return r;
 #endif
--- a/tools/dbus_ignorelist
+++ b/tools/dbus_ignorelist
@ -751,7 +751,6 @@ org.freedesktop.systemd1.Mount.AmbientCapabilities
 org.freedesktop.systemd1.Mount.AppArmorProfile
 org.freedesktop.systemd1.Mount.AttachProcesses()
 org.freedesktop.systemd1.Mount.BPFProgram
-org.freedesktop.systemd1.Mount.BindNetworkInterface
 org.freedesktop.systemd1.Mount.BindPaths
 org.freedesktop.systemd1.Mount.BindReadOnlyPaths
 org.freedesktop.systemd1.Mount.BlockIOAccounting
@ -1019,7 +1018,6 @@ org.freedesktop.systemd1.Scope.AllowedCPUs
 org.freedesktop.systemd1.Scope.AllowedMemoryNodes
 org.freedesktop.systemd1.Scope.AttachProcesses()
 org.freedesktop.systemd1.Scope.BPFProgram
-org.freedesktop.systemd1.Scope.BindNetworkInterface
 org.freedesktop.systemd1.Scope.BlockIOAccounting
 org.freedesktop.systemd1.Scope.BlockIODeviceWeight
 org.freedesktop.systemd1.Scope.BlockIOReadBandwidth
@ -1109,7 +1107,6 @@ org.freedesktop.systemd1.Service.AppArmorProfile
 org.freedesktop.systemd1.Service.AttachProcesses()
 org.freedesktop.systemd1.Service.BPFProgram
 org.freedesktop.systemd1.Service.BindMount()
-org.freedesktop.systemd1.Service.BindNetworkInterface
 org.freedesktop.systemd1.Service.BindPaths
 org.freedesktop.systemd1.Service.BindReadOnlyPaths
 org.freedesktop.systemd1.Service.BlockIOAccounting
@ -1412,7 +1409,6 @@ org.freedesktop.systemd1.Slice.AllowedCPUs
 org.freedesktop.systemd1.Slice.AllowedMemoryNodes
 org.freedesktop.systemd1.Slice.AttachProcesses()
 org.freedesktop.systemd1.Slice.BPFProgram
-org.freedesktop.systemd1.Slice.BindNetworkInterface
 org.freedesktop.systemd1.Slice.BlockIOAccounting
 org.freedesktop.systemd1.Slice.BlockIODeviceWeight
 org.freedesktop.systemd1.Slice.BlockIOReadBandwidth
@ -1491,7 +1487,6 @@ org.freedesktop.systemd1.Socket.AttachProcesses()
 org.freedesktop.systemd1.Socket.BPFProgram
 org.freedesktop.systemd1.Socket.Backlog
 org.freedesktop.systemd1.Socket.BindIPv6Only
-org.freedesktop.systemd1.Socket.BindNetworkInterface
 org.freedesktop.systemd1.Socket.BindPaths
 org.freedesktop.systemd1.Socket.BindReadOnlyPaths
 org.freedesktop.systemd1.Socket.BindToDevice
@ -1791,7 +1786,6 @@ org.freedesktop.systemd1.Swap.AmbientCapabilities
 org.freedesktop.systemd1.Swap.AppArmorProfile
 org.freedesktop.systemd1.Swap.AttachProcesses()
 org.freedesktop.systemd1.Swap.BPFProgram
-org.freedesktop.systemd1.Swap.BindNetworkInterface
 org.freedesktop.systemd1.Swap.BindPaths
 org.freedesktop.systemd1.Swap.BindReadOnlyPaths
 org.freedesktop.systemd1.Swap.BlockIOAccounting
Author	SHA1	Message	Date
Luca Boccassi	9463b3b51c	man: document version for BindNetworkInterface instead of using ignore list The ignore list is for older stuff, all new interfaces must be documented with a version. Follow-up for c1c787651b34c0a0f1082b9d32cf47ea3abe0af2	2025-12-24 19:25:21 +01:00
DaanDeMeyer	11f47cb700	bootctl-install: Fix OpenSSL UI Follow up for a86a366eb07294357c34122114a11ee131c25e72.	2025-12-24 18:04:57 +01:00