Dear Replicant developers,
in reference to issue [#1870] I made the creation of certificates
('./vendor/replicant/sign-build') more robust.
Please find the patches attached. Let me know if they need some rework to be
accepted. Feel free to accept only some of them as well.
[#1870] https://redmine.replicant.us/issues/1870
Best regards,
doak
From 023723c0c68444c6008bfb0f66350fc003118fd4 Mon Sep 17 00:00:00 2001
From: doak
Date: Mon, 29 Jan 2018 00:02:11 +0100
Subject: [PATCH 4/4] Do not leave certificates creation in undefined state
Create either all or none keys and certificates.
---
sign-build | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/sign-build b/sign-build
index a066409b..cbf3c077 100755
--- a/sign-build
+++ b/sign-build
@@ -83,10 +83,17 @@ generate_keys () {
read_var "Email Address" KEY_EA
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
-mkdir $KEY_DIR
-for x in releasekey platform shared media; do \
-./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
+# Ensure that all keys and certificates are deleted in case of an error during creation,
+# i.e. either all certificates are in place or none.
+trap 'rm -rf "$KEY_DIR"' EXIT INT
+mkdir "$KEY_DIR"
+for x in releasekey platform shared media; do
+./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
+# The return value of 'make_key' cannot be trusted. Check on out own
+# if key and certificate has been created successfully.
+test -r "$KEY_DIR/$x.x509.pem"
done
+trap - EXIT INT
}
if [ "$DEVICE" = "" ]
--
2.15.1
From b79503d1714df15a4eddfc34f34aa7249550c179 Mon Sep 17 00:00:00 2001
From: doak
Date: Sun, 28 Jan 2018 23:56:24 +0100
Subject: [PATCH 3/4] Make creation of certificates more robust
This fixes several issues:
* Mostly all fields have to be set (at least it seems like this) to create certificates using 'make_key' successfully.
* Handle default values.
* Avoid unwanted whitespaces in 'SUBJECT' due of linebreak.
---
sign-build | 42 --
1 file changed, 28 insertions(+), 14 deletions(-)
diff --git a/sign-build b/sign-build
index a88d0299..a066409b 100755
--- a/sign-build
+++ b/sign-build
@@ -44,11 +44,27 @@ TARGET_FILES=$TARGET_DIR/obj/PACKAGING/target_files_intermediates/*-target_files
DIST_OUT_DIR=$OUT_DIR/"dist"/$DEVICE
RELEASE=replicant-6.0
+read_var() {
+local prompt="$1"
+local var="$2"
+# Store current value of variable as default.
+eval "local default=\"\$$var\""
+
+read -p "$prompt: [$default] " "$var"
+# Set default value if empty.
+eval "test -n \"\$$var\"" ||
+eval "$var='$default'"
+}
+
generate_keys () {
-# keys default values
-KEY_C=AU
-KEY_ST=Some-State
-KEY_O="Internet Widgits Pty Ltd"
+local KEY_C="NA"
+local KEY_ST="unknown"
+local KEY_L="unknown"
+local KEY_O="unknown"
+local KEY_OU="unknown"
+local KEY_CN="unknown"
+local KEY_EA="unknown"
+local SUBJECT
echo "No keys present. Generating them now."
echo
@@ -58,16 +74,14 @@ generate_keys () {
echo "There are quite a few fields but you can leave some blank."
echo "For some fields there will be a default value."
-read -p "Country Name (2 letter code) [AU]:" KEY_CN
-read -p "State or Province Name (full name) [Some-State]:" KEY_ST
-read -p "Locality Name (eg, city) []:" KEY_L
-read -p "Organization Name (eg, company) [Internet Widgits Pty Ltd]:" KEY_O
-read -p "Organizational Unit Name (eg, section) []:" KEY_OU
-read -p "Common Name (e.g. your name) []:" KEY_CN
-read -p "Email Address []:" KEY_EA
-
-SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN \
- /emailAddress=$KEY_EA"
+read_var "Country Name (2 letter code)" KEY_C
+read_var "State or Province Name (full name)" KEY_ST
+read_var "Locality Name (e.g. city)" KEY_L
+read_var "Organization Name (e.g. company)" KEY_O
+read_var "Organizational Unit Name (e.g. section)" KEY_OU
+read_var "Common Name (e.g. your name)" KEY_CN
+read_var "Email Address" KEY_EA
+SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
mkdir $KEY_DIR
for x in releasekey platform shared media; do \
--
2.15.1
From 3af6aaa15d32bc1ed6354da485fbafaf600d4924 Mon Sep 17 00:00:00 2001
From: doak
Date: Sun, 28 Jan 2018 23:51:28 +0100
Subject: [PATCH 2/4] Formatting: Split all arguments into seperate lines
---
sign-build | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sign-build b/sign-build
index da80d125..a88d0299 100755
--- a/sign-build
+++ b/sign-build
@@ -109,7 +109,8 @@ then
-s device/samsung/galaxys2-common/releasetools/extensions/releasetools.py \
-o \
-p