This edge case will trigger whenever a BSP is built from scratch and the code signing provider hasn't been installed yet, but a '='-style make variable is expanded early. Like in cs_get_uri, this may not be an error if the variable is expanded again after the code signing provider has been set up, so return a successful exit code here.
Cc: Marc Kleine-Budde <[email protected]> Fixes: 235332de090655007e6c (2021-07-15, "ptxd_lib_code_signing: cs_get_ca(): improve error handling") Signed-off-by: Roland Hieber <[email protected]> --- PATCH v3: - new in v3 --- scripts/lib/ptxd_lib_code_signing.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh index 5ba1a4666af4..b2dbb031d17d 100644 --- a/scripts/lib/ptxd_lib_code_signing.sh +++ b/scripts/lib/ptxd_lib_code_signing.sh @@ -291,8 +291,12 @@ cs_get_ca() { local ca="${keydir}/${role}/ca.pem" if [ ! -d "${keydir}" ]; then + # cs_get_ca was called directly from make prior to cs_set_ca, + # which may not be an error if it is evaluated early *and* later + # again - return a unique error string in case it is not expected + # and a user stumbles upon this echo "ERROR_CA_NOT_YET_SET" - return 1 + return fi if [ -e "${ca}" ]; then -- 2.30.2 _______________________________________________ ptxdist mailing list [email protected] To unsubscribe, send a mail with subject "unsubscribe" to [email protected]
