load_env
Command
load_env [--file file] [--skip-sig] [whitelisted_variable_name] …
Load all variables from the environment block file into the environment.
The --file
option overrides the default location of the environment block.
The --skip-sig
option skips signature checking even when the value of environment variable check_signatures
is set to enforce
.
If one or more variable names are provided as arguments, they are interpreted as a whitelist of variables to load from the environment block file. Variables set in the file but not present in the whitelist are ignored.
The --skip-sig
option should be used with care, and should always be used in concert with a whitelist of acceptable variables whose values should be set. Failure to employ a carefully constructed whitelist could result in reading a malicious value into critical environment variables from the file, such as setting check_signatures=no
, modifying prefix
to boot from an unexpected location or not at all, etc.
When used with care, --skip-sig
and the whitelist enable an administrator to configure a system to boot only signed configurations, but to allow the user to select from among multiple configurations, and to enable “one-shot” boot attempts and “savedefault” behavior. See Using digital signatures, for more information.