[Replicant] [PATCH 4/4] Do not leave certificates creation in undefined state

2019-01-29 Thread doak 
From: doak 

Create either all or none keys and certificates.

Signed-off-by: doak 
---
 sign-build | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/sign-build b/sign-build
index 0ef4aa11..b4b25326 100755
--- a/sign-build
+++ b/sign-build
@@ -83,10 +83,17 @@ generate_keys () {
 read_var "Email Address" KEY_EA
 
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
 
-mkdir $KEY_DIR
-for x in releasekey platform shared media; do \
-./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
+# Ensure that all keys and certificates are deleted in case of an error 
during creation,
+# i.e. either all certificates are in place or none.
+trap 'rm -rf "$KEY_DIR"' EXIT INT
+mkdir "$KEY_DIR"
+for x in releasekey platform shared media; do
+./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
+# The return value of 'make_key' cannot be trusted.  Check on our own
+# if key and certificate has been created successfully.
+test -r "$KEY_DIR/$x.x509.pem"
 done
+trap - EXIT INT
 }
 
 if [ "$DEVICE" = "" ]
-- 
2.15.1

___
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant

[Replicant] [PATCH 3/4] Make creation of certificates more robust

2019-01-29 Thread doak 
From: doak 

This fixes several issues:
  * Mostly all fields have to be set (at least it seems like this) to create 
certificates using 'make_key' successfully.
  * Handle default values.
  * Avoid unwanted whitespaces in 'SUBJECT' due of linebreak.

Signed-off-by: doak 
---
 sign-build | 42 --
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/sign-build b/sign-build
index 7a5ba25a..0ef4aa11 100755
--- a/sign-build
+++ b/sign-build
@@ -44,11 +44,27 @@ 
TARGET_FILES=$TARGET_DIR/obj/PACKAGING/target_files_intermediates/*-target_files
 DIST_OUT_DIR=$OUT_DIR/"dist"/$DEVICE
 RELEASE=replicant-6.0
 
+read_var() {
+local prompt="$1"
+local var="$2"
+# Store current value of variable as default.
+eval "local default=\"\$$var\""
+
+read -p "$prompt: [$default] " "$var"
+# Set default value if empty.
+eval "test -n \"\$$var\"" ||
+eval "$var='$default'"
+}
+
 generate_keys () {
-# keys default values
-KEY_C=AU
-KEY_ST=Some-State
-KEY_O="Internet Widgits Pty Ltd"
+local KEY_C="NA"
+local KEY_ST="unknown"
+local KEY_L="unknown"
+local KEY_O="unknown"
+local KEY_OU="unknown"
+local KEY_CN="unknown"
+local KEY_EA="unknown"
+local SUBJECT
 
 echo "No keys present. Generating them now."
 echo
@@ -58,16 +74,14 @@ generate_keys () {
 echo "There are quite a few fields but you can leave some blank."
 echo "For some fields there will be a default value."
 
-read -p "Country Name (2 letter code) [AU]:" KEY_CN
-read -p "State or Province Name (full name) [Some-State]:" KEY_ST
-read -p "Locality Name (eg, city) []:" KEY_L
-read -p "Organization Name (eg, company) [Internet Widgits Pty Ltd]:" KEY_O
-read -p "Organizational Unit Name (eg, section) []:" KEY_OU
-read -p "Common Name (e.g. your name) []:" KEY_CN
-read -p "Email Address []:" KEY_EA
-
-SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN \
-   /emailAddress=$KEY_EA"
+read_var "Country Name (2 letter code)" KEY_C
+read_var "State or Province Name (full name)" KEY_ST
+read_var "Locality Name (e.g. city)" KEY_L
+read_var "Organization Name (e.g. company)" KEY_O
+read_var "Organizational Unit Name (e.g. section)" KEY_OU
+read_var "Common Name (e.g. your name)" KEY_CN
+read_var "Email Address" KEY_EA
+
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
 
 mkdir $KEY_DIR
 for x in releasekey platform shared media; do \
-- 
2.15.1

___
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant

[Replicant] 'sign-build': Make certificate creation more robust

2019-01-29 Thread doak 
Dear Denis,
dear Replicant developers,

I adapted the patches like requested. Additionally I fixed a minor typo in a 
comment.
Sorry for the long delay.

The original description follows:

In reference to issue [#1870] I made the creation of certificates 
('./vendor/replicant/sign-build') more robust.
Please find the patches attached. Let me know if they need some rework to be 
accepted. Feel free to accept only some of them as well.

sign-build | 68 

1 file changed, 48 insertions(+), 20 deletions(-)


Best regards,
doak






___
Replicant mailing list
Replicant@osuosl.org
https://lists.osuosl.org/mailman/listinfo/replicant