From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 23 Apr 2021 08:33:37 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lZpNh-0005NM-ED for lore@lore.pengutronix.de; Fri, 23 Apr 2021 08:33:37 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lZpNh-0006MO-1L; Fri, 23 Apr 2021 08:33:37 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lZpNQ-0006MA-Mt; Fri, 23 Apr 2021 08:33:20 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lZpNQ-0000wm-6F; Fri, 23 Apr 2021 08:33:20 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1lZpNQ-00723K-5N; Fri, 23 Apr 2021 08:33:20 +0200 Date: Fri, 23 Apr 2021 08:33:20 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Message-ID: <20210423063320.GE4162561@pengutronix.de> Mail-Followup-To: ptxdist@pengutronix.de, Marc Kleine-Budde References: <20210412161900.2376802-1-mkl@pengutronix.de> <20210412161900.2376802-3-mkl@pengutronix.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210412161900.2376802-3-mkl@pengutronix.de> User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [ptxdist] [PATCH 3/3] ptxd_lib_code_signing: cs_get_ca(): only output CA if existing X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Marc Kleine-Budde Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Mon, Apr 12, 2021 at 06:19:00PM +0200, Marc Kleine-Budde wrote: > This patch changes cs_get_ca() to only output the CA if it actually > exists. This makes it possible to use make's $(if ...) conditional. > > Signed-off-by: Marc Kleine-Budde > --- > scripts/lib/ptxd_lib_code_signing.sh | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh > index ba38a8edd12d..ff0eca16859c 100644 > --- a/scripts/lib/ptxd_lib_code_signing.sh > +++ b/scripts/lib/ptxd_lib_code_signing.sh > @@ -288,7 +288,11 @@ cs_get_ca() { > local role="${1}" > cs_init_variables > > - echo "${keydir}/${role}/ca.pem" > + local ca="${keydir}/${role}/ca.pem" > + > + if [ -e "${ca}" ]; then > + echo "${ca}" > + fi So, I know we talked about this, and I suggested this solution. But after thinking about this a bit more, I think it's a bit fragile: It causes silent problems if this is evaluated too early. I don't quite remember the use-case, but maybe we can add the following here: if [ ! -d "${keydir}" ]; then echo ERROR_CA_NOT_YET_SET fi Similar to what we do for URIs. So if it's evaluated in make with ':=' then we always get this string. If some tool tries to use this as a filename it should be clearer what's wrong here. And with the '$(if ..)' case, you get false positives (and that will probably fail later because there is no ca) and no false negatives that may do the wrong thing silently. Michael > } > export -f cs_get_ca > > -- > 2.30.2 > > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de