[PATCH] sign-file: Show -k flag in usage when built for CMS signing
From: Daniel Lublin
Date: Tue Jun 03 2025 - 08:00:25 EST
When sign-file is built for CMS signing (when USE_PKCS7 is undefined) it
handles the -k flag, so show that in the usage. The -k (keyid) flag is
not cared for used when -s rawsig is used, so that usage is not altered.
This change also makes it more obvious whether or not a sign-file binary
actually has been built for CMS signing.
Signed-off-by: Daniel Lublin <daniel@xxxxxxxxx>
---
scripts/sign-file.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 7070245edfc1..0b9a3af9115f 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -79,8 +79,13 @@ static char magic_number[] = "~Module signature appended~\n";
static __attribute__((noreturn))
void format(void)
{
+#ifndef USE_PKCS7
+ fprintf(stderr,
+ "Usage: scripts/sign-file [-dpk] <hash algo> <key> <x509> <module> [<dest>]\n");
+#else
fprintf(stderr,
"Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n");
+#endif
fprintf(stderr,
" scripts/sign-file -s <raw sig> <hash algo> <x509> <module> [<dest>]\n");
exit(2);
--
2.49.0