Thanks, applied as cdb645fbca7ac4b4752a2eb1223ba9baf29cb969. Michael
[sent from post-receive hook] On Fri, 11 Nov 2022 15:31:11 +0100, Uwe Kleine-König <u.kleine-koe...@pengutronix.de> wrote: > cs_import_cert_from_pem() uses a pipe command to do the necessary > things. If the first command in that pipe fails the whole command should > be considered failing. So add a call to check_pipe_status as is done in > cs_import_privkey_from_pem(). > > Fixes: 8f41183e0afe ("Add initial code signing support") > Signed-off-by: Uwe Kleine-König <u.kleine-koe...@pengutronix.de> > Message-Id: <20221025085921.986289-1-u.kleine-koe...@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de> > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh > b/scripts/lib/ptxd_lib_code_signing.sh > index 5ba1a4666af4..bafdc16544d3 100644 > --- a/scripts/lib/ptxd_lib_code_signing.sh > +++ b/scripts/lib/ptxd_lib_code_signing.sh > @@ -213,6 +213,7 @@ cs_import_cert_from_pem() { > "${openssl_keyopt[@]}" \ > -in "${pem}" -inform pem -outform der | > softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label > "${role}" > + check_pipe_status > } > export -f cs_import_cert_from_pem >