[ima-evm-utils,2/2] Add note that when -p is used password must not be provided

Commit Message

Stefan Berger June 13, 2023, 1:15 p.m. UTC

Add a note to the -p option description in the help screen stating that a
password must not be provided on the command line in this case since it
will be ignored and become the name of the file to sign.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 README       | 1 +
 src/evmctl.c | 1 +
 2 files changed, 2 insertions(+)

Patch

diff --git a/README b/README
index 40a61f9..dbed7a5 100644
--- a/README
+++ b/README
@@ -60,6 +60,7 @@  OPTIONS
                      read keyid value from SKID of a x509 cert file
   -o, --portable     generate portable EVM signatures
   -p, --pass         password for encrypted signing key
+                     Do not provide password on command line when using -p
   -r, --recursive    recurse into directories (sign)
   -t, --type         file types to fix 'fxm' (f: file)
                      x - skip fixing if both ima and evm xattrs exist (use with caution)
diff --git a/src/evmctl.c b/src/evmctl.c
index 4b68091..2d0c779 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2834,6 +2834,7 @@  static void usage(void)
 		"                     read keyid value from SKID of a x509 cert file\n"
 		"  -o, --portable     generate portable EVM signatures\n"
 		"  -p, --pass         password for encrypted signing key\n"
+		"                     Do not provide password on command line when using -p\n"
 		"  -r, --recursive    recurse into directories (sign)\n"
 		"  -t, --type         file types to fix 'fxm' (f: file)\n"
 		"                     x - skip fixing if both ima and evm xattrs exist (use with caution)\n"