diff options
author | doak <doak+dev@posteo.net> | 2019-01-30 01:09:15 +0100 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2019-03-06 00:39:17 +0100 |
commit | c1c94e5fecac522387165aa10d193aa9d1a50bad (patch) | |
tree | 0a2ad2b2265665f22a5dd2fb8e7a6591d565f86a | |
parent | 1d677d9f9f7eace38feb0576b391fde8862128f4 (diff) | |
download | vendor_replicant-c1c94e5fecac522387165aa10d193aa9d1a50bad.tar.gz vendor_replicant-c1c94e5fecac522387165aa10d193aa9d1a50bad.tar.bz2 vendor_replicant-c1c94e5fecac522387165aa10d193aa9d1a50bad.zip |
Do not leave certificates creation in undefined state
Create either all or none keys and certificates.
Signed-off-by: doak <doak+dev@posteo.net>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
-rwxr-xr-x | sign-build | 13 |
1 files changed, 10 insertions, 3 deletions
@@ -83,10 +83,17 @@ generate_keys () { read_var "Email Address" KEY_EA SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA" - mkdir $KEY_DIR - for x in releasekey platform shared media; do \ - ./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \ + # Ensure that all keys and certificates are deleted in case of an error during creation, + # i.e. either all certificates are in place or none. + trap 'rm -rf "$KEY_DIR"' EXIT INT + mkdir "$KEY_DIR" + for x in releasekey platform shared media; do + ./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true + # The return value of 'make_key' cannot be trusted. Check on our own + # if key and certificate has been created successfully. + test -r "$KEY_DIR/$x.x509.pem" done + trap - EXIT INT } if [ "$DEVICE" = "" ] |