summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordoak <doak+dev@posteo.net>2019-01-30 01:09:15 +0100
committerDenis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>2019-03-06 00:39:17 +0100
commitc1c94e5fecac522387165aa10d193aa9d1a50bad (patch)
tree0a2ad2b2265665f22a5dd2fb8e7a6591d565f86a
parent1d677d9f9f7eace38feb0576b391fde8862128f4 (diff)
downloadvendor_replicant-c1c94e5fecac522387165aa10d193aa9d1a50bad.tar.gz
vendor_replicant-c1c94e5fecac522387165aa10d193aa9d1a50bad.tar.bz2
vendor_replicant-c1c94e5fecac522387165aa10d193aa9d1a50bad.zip
Do not leave certificates creation in undefined state
Create either all or none keys and certificates. Signed-off-by: doak <doak+dev@posteo.net> Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat
-rwxr-xr-xsign-build13
1 files changed, 10 insertions, 3 deletions
diff --git a/sign-build b/sign-build
index 0ef4aa11..b4b25326 100755
--- a/sign-build
+++ b/sign-build
@@ -83,10 +83,17 @@ generate_keys () {
read_var "Email Address" KEY_EA
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
- mkdir $KEY_DIR
- for x in releasekey platform shared media; do \
- ./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
+ # Ensure that all keys and certificates are deleted in case of an error during creation,
+ # i.e. either all certificates are in place or none.
+ trap 'rm -rf "$KEY_DIR"' EXIT INT
+ mkdir "$KEY_DIR"
+ for x in releasekey platform shared media; do
+ ./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
+ # The return value of 'make_key' cannot be trusted. Check on our own
+ # if key and certificate has been created successfully.
+ test -r "$KEY_DIR/$x.x509.pem"
done
+ trap - EXIT INT
}
if [ "$DEVICE" = "" ]
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 05:53:16 +0000