subject:"\[Replicant\] \[PATCH 4\/4\] Do not leave certificates creation in undefined state"

Re: [Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

2019-03-05 Thread Denis 'GNUtoo' Carikli

On Wed, 30 Jan 2019 01:09:15 +0100
doak  wrote:

> From: doak 
> 
> Create either all or none keys and certificates.
> 
> Signed-off-by: doak 
> ---
Thanks a lot, I've acked and pushed the 4 patches.

Denis.


pgpOXjSCf89LT.pgp
Description: OpenPGP digital signature
___
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant

[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

2019-01-29 Thread doak

From: doak 

Create either all or none keys and certificates.

Signed-off-by: doak 
---
 sign-build | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/sign-build b/sign-build
index 0ef4aa11..b4b25326 100755
--- a/sign-build
+++ b/sign-build
@@ -83,10 +83,17 @@ generate_keys () {
 read_var "Email Address" KEY_EA
 
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
 
-mkdir $KEY_DIR
-for x in releasekey platform shared media; do \
-./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
+# Ensure that all keys and certificates are deleted in case of an error 
during creation,
+# i.e. either all certificates are in place or none.
+trap 'rm -rf "$KEY_DIR"' EXIT INT
+mkdir "$KEY_DIR"
+for x in releasekey platform shared media; do
+./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
+# The return value of 'make_key' cannot be trusted.  Check on our own
+# if key and certificate has been created successfully.
+test -r "$KEY_DIR/$x.x509.pem"
 done
+trap - EXIT INT
 }
 
 if [ "$DEVICE" = "" ]
-- 
2.15.1

___
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant

[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

2018-01-31 Thread doak

Create either all or none keys and certificates.
---
 sign-build | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/sign-build b/sign-build
index a066409b..cbf3c077 100755
--- a/sign-build
+++ b/sign-build
@@ -83,10 +83,17 @@ generate_keys () {
 read_var "Email Address" KEY_EA
 
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
 
-mkdir $KEY_DIR
-for x in releasekey platform shared media; do \
-./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
+# Ensure that all keys and certificates are deleted in case of an error 
during creation,
+# i.e. either all certificates are in place or none.
+trap 'rm -rf "$KEY_DIR"' EXIT INT
+mkdir "$KEY_DIR"
+for x in releasekey platform shared media; do
+./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
+# The return value of 'make_key' cannot be trusted.  Check on out own
+# if key and certificate has been created successfully.
+test -r "$KEY_DIR/$x.x509.pem"
 done
+trap - EXIT INT
 }
 
 if [ "$DEVICE" = "" ]
-- 
2.15.1

___
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant

Re: [Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

3 matches

Site Navigation

Mail list logo

Footer information