Browse Source

Do not leave certificates creation in undefined state

Create either all or none keys and certificates.

Signed-off-by: doak <doak+dev@posteo.net>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
replicant-6.0
doak 1 year ago
committed by Denis 'GNUtoo' Carikli
parent
commit
c1c94e5fec
No known key found for this signature in database GPG Key ID: 5F5DFCC14177E263
1 changed files with 10 additions and 3 deletions
  1. +10
    -3
      sign-build

+ 10
- 3
sign-build View File

@@ -83,10 +83,17 @@ generate_keys () {
read_var "Email Address" KEY_EA
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"

mkdir $KEY_DIR
for x in releasekey platform shared media; do \
./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
# Ensure that all keys and certificates are deleted in case of an error during creation,
# i.e. either all certificates are in place or none.
trap 'rm -rf "$KEY_DIR"' EXIT INT
mkdir "$KEY_DIR"
for x in releasekey platform shared media; do
./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
# The return value of 'make_key' cannot be trusted. Check on our own
# if key and certificate has been created successfully.
test -r "$KEY_DIR/$x.x509.pem"
done
trap - EXIT INT
}

if [ "$DEVICE" = "" ]


Loading…
Cancel
Save