Add a note to the -p option description in the help screen stating that a
password must not be provided on the command line in this case since it
will be ignored and become the name of the file to sign.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
README | 1 +
src/evmctl.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/README b/README
index 40a61f9..dbed7a5 100644
--- a/README
+++ b/README
@@ -60,6 +60,7 @@ OPTIONS
read keyid value from SKID of a x509 cert file
-o, --portable generate portable EVM signatures
-p, --pass password for encrypted signing key
+ Do not provide password on command line when using -p
-r, --recursive recurse into directories (sign)
-t, --type file types to fix 'fxm' (f: file)
x - skip fixing if both ima and evm xattrs exist (use with caution)
diff --git a/src/evmctl.c b/src/evmctl.c
index 4b68091..2d0c779 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2834,6 +2834,7 @@ static void usage(void)
" read keyid value from SKID of a x509 cert file\n"
" -o, --portable generate portable EVM signatures\n"
" -p, --pass password for encrypted signing key\n"
+ " Do not provide password on command line when using -p\n"
" -r, --recursive recurse into directories (sign)\n"
" -t, --type file types to fix 'fxm' (f: file)\n"
" x - skip fixing if both ima and evm xattrs exist (use with caution)\n"
--
2.39.2
