Re: [Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state
On Wed, 30 Jan 2019 01:09:15 +0100 doak wrote: > From: doak > > Create either all or none keys and certificates. > > Signed-off-by: doak > --- Thanks a lot, I've acked and pushed the 4 patches. Denis. pgpOXjSCf89LT.pgp Description: OpenPGP digital signature ___ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state
From: doak Create either all or none keys and certificates. Signed-off-by: doak --- sign-build | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/sign-build b/sign-build index 0ef4aa11..b4b25326 100755 --- a/sign-build +++ b/sign-build @@ -83,10 +83,17 @@ generate_keys () { read_var "Email Address" KEY_EA SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA" -mkdir $KEY_DIR -for x in releasekey platform shared media; do \ -./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \ +# Ensure that all keys and certificates are deleted in case of an error during creation, +# i.e. either all certificates are in place or none. +trap 'rm -rf "$KEY_DIR"' EXIT INT +mkdir "$KEY_DIR" +for x in releasekey platform shared media; do +./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true +# The return value of 'make_key' cannot be trusted. Check on our own +# if key and certificate has been created successfully. +test -r "$KEY_DIR/$x.x509.pem" done +trap - EXIT INT } if [ "$DEVICE" = "" ] -- 2.15.1 ___ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state
Create either all or none keys and certificates. --- sign-build | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/sign-build b/sign-build index a066409b..cbf3c077 100755 --- a/sign-build +++ b/sign-build @@ -83,10 +83,17 @@ generate_keys () { read_var "Email Address" KEY_EA SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA" -mkdir $KEY_DIR -for x in releasekey platform shared media; do \ -./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \ +# Ensure that all keys and certificates are deleted in case of an error during creation, +# i.e. either all certificates are in place or none. +trap 'rm -rf "$KEY_DIR"' EXIT INT +mkdir "$KEY_DIR" +for x in releasekey platform shared media; do +./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true +# The return value of 'make_key' cannot be trusted. Check on out own +# if key and certificate has been created successfully. +test -r "$KEY_DIR/$x.x509.pem" done +trap - EXIT INT } if [ "$DEVICE" = "" ] -- 2.15.1 ___ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant