From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Mon, 28 Jun 2021 08:38:40 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1lxkum-0001LT-07
	for lore@lore.pengutronix.de; Mon, 28 Jun 2021 08:38:40 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1lxkul-0002NI-Kk; Mon, 28 Jun 2021 08:38:39 +0200
Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>) id 1lxkuY-0002NA-40
 for ptxdist@pengutronix.de; Mon, 28 Jun 2021 08:38:26 +0200
Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92)
 (envelope-from <mol@pengutronix.de>) id 1lxkuX-0003II-R0
 for ptxdist@pengutronix.de; Mon, 28 Jun 2021 08:38:25 +0200
Date: Mon, 28 Jun 2021 08:38:25 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Message-ID: <20210628063825.GJ25044@pengutronix.de>
Mail-Followup-To: ptxdist@pengutronix.de
References: <20210627231121.28313-1-rhi@pengutronix.de>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20210627231121.28313-1-rhi@pengutronix.de>
X-Sent-From: Pengutronix Hildesheim
X-URL: http://www.pengutronix.de/
X-IRC: #ptxdist @freenode
X-Accept-Language: de,en
X-Accept-Content-Type: text/plain
X-Uptime: 08:33:39 up 130 days,  9:57, 111 users,  load average: 0.05, 0.30,
 0.44
User-Agent: Mutt/1.10.1 (2018-07-13)
Subject: Re: [ptxdist] [PATCH v2 1/7] ptxd_lib_code_signing: cs_get_ca():
 improve error handling
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

On Mon, Jun 28, 2021 at 01:11:15AM +0200, Roland Hieber wrote:
> From: Marc Kleine-Budde <mkl@pengutronix.de>
> 
> This patch changes cs_get_ca() to only output the CA if it actually
> exists, or print an error and return 1 instead. This makes it possible
> to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
> conditional.
> 
> Co-authored-by: Roland Hieber <rhi@pengutronix.de>
> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
> PATCH v2 (rhi):
>  - reorder from PATCH 3/n to PATCH 1/n
>  - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael
>    Olbrich) and also return 1
> 
> PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de
> ---
>  scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
> index 3e1654bb36e4..0026cdc4dec0 100644
> --- a/scripts/lib/ptxd_lib_code_signing.sh
> +++ b/scripts/lib/ptxd_lib_code_signing.sh
> @@ -243,7 +243,13 @@ cs_get_ca() {
>      local role="${1}"
>      cs_init_variables
>  
> -    echo "${keydir}/${role}/ca.pem"
> +    local ca="${keydir}/${role}/ca.pem"
> +
> +    if [ ! -e "${ca}" ]; then

This is not what I suggested. I think this breaks the use-case described in
the patch description:
An empty string should be returned when the key setup is done but nothing
was added to the CA. I'm quite certain, that the file does not exist in
this case. You need to check for '[ ! -d "${keydir}" ]'.

Michael

> +	echo "ERROR_CA_NOT_YET_SET"
> +	return 1
> +    fi
> +    echo "${ca}"
>  }
>  export -f cs_get_ca
>  
> -- 
> 2.30.2
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de