On Mon, Apr 12, 2021 at 06:19:00PM +0200, Marc Kleine-Budde wrote: > This patch changes cs_get_ca() to only output the CA if it actually > exists. This makes it possible to use make's $(if ...) conditional. > > Signed-off-by: Marc Kleine-Budde <m...@pengutronix.de> > --- > scripts/lib/ptxd_lib_code_signing.sh | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh > b/scripts/lib/ptxd_lib_code_signing.sh > index ba38a8edd12d..ff0eca16859c 100644 > --- a/scripts/lib/ptxd_lib_code_signing.sh > +++ b/scripts/lib/ptxd_lib_code_signing.sh > @@ -288,7 +288,11 @@ cs_get_ca() { > local role="${1}" > cs_init_variables > > - echo "${keydir}/${role}/ca.pem" > + local ca="${keydir}/${role}/ca.pem" > + > + if [ -e "${ca}" ]; then > + echo "${ca}" > + fi
So, I know we talked about this, and I suggested this solution. But after thinking about this a bit more, I think it's a bit fragile: It causes silent problems if this is evaluated too early. I don't quite remember the use-case, but maybe we can add the following here: if [ ! -d "${keydir}" ]; then echo ERROR_CA_NOT_YET_SET fi Similar to what we do for URIs. So if it's evaluated in make with ':=' then we always get this string. If some tool tries to use this as a filename it should be clearer what's wrong here. And with the '$(if ..)' case, you get false positives (and that will probably fail later because there is no ca) and no false negatives that may do the wrong thing silently. Michael > } > export -f cs_get_ca > > -- > 2.30.2 > > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to > ptxdist-requ...@pengutronix.de > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-requ...@pengutronix.de