Do not leave certificates creation in undefined state

Create either all or none keys and certificates. Signed-off-by: doak <doak+dev@posteo.net> Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2019-01-30 01:09:15 +01:00 · 2019-01-30 01:09:15 +01:00 · c1c94e5fec
commit c1c94e5fec
parent 1d677d9f9f
1 changed files with 10 additions and 3 deletions
--- a/13
+++ b/13
@ -83,10 +83,17 @@ generate_keys () {
    read_var "Email Address" KEY_EA
    SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"

-    mkdir $KEY_DIR
-    for x in releasekey platform shared media; do \
-        ./development/tools/make_key $KEY_DIR/$x "$SUBJECT" || true; \
+    # Ensure that all keys and certificates are deleted in case of an error during creation,
+    # i.e. either all certificates are in place or none.
+    trap 'rm -rf "$KEY_DIR"' EXIT INT
+    mkdir "$KEY_DIR"
+    for x in releasekey platform shared media; do
+        ./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
+        # The return value of 'make_key' cannot be trusted.  Check on our own
+        # if key and certificate has been created successfully.
+        test -r "$KEY_DIR/$x.x509.pem"
    done
+    trap - EXIT INT
 }

 if [ "$DEVICE" = "" ]