From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 13 Jul 2021 13:52:29 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1m3Gxh-00034d-Cd
	for lore@lore.pengutronix.de; Tue, 13 Jul 2021 13:52:29 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1m3Gxh-0002t1-2U; Tue, 13 Jul 2021 13:52:29 +0200
Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1m3Gwy-0002sb-3A; Tue, 13 Jul 2021 13:51:44 +0200
Received: from rhi by dude.hi.pengutronix.de with local (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1m3Gwx-00048W-Q1; Tue, 13 Jul 2021 13:51:43 +0200
From: Roland Hieber <rhi@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Tue, 13 Jul 2021 13:51:25 +0200
Message-Id: <20210713115125.15630-1-rhi@pengutronix.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210712084247.zvazdqqsffzjotwt@pengutronix.de>
References: <20210712084247.zvazdqqsffzjotwt@pengutronix.de>
MIME-Version: 1.0
Mail-Followup-To: Roland Hieber <rhi@pengutronix.de>, ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH v4] ptxd_lib_code_signing: cs_get_ca(): improve
 error handling
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Marc Kleine-Budde <mkl@pengutronix.de>, Roland Hieber <rhi@pengutronix.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

From: Marc Kleine-Budde <mkl@pengutronix.de>

This patch changes cs_get_ca() to only output the CA if it actually
exists, or print an error and return 1 instead. This makes it possible
to use make's $(if $(filter-out, ERROR_CA_NOT_YET_SET, ...))
conditional.

Co-authored-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
PATCH v4:
 - revert to [ -e "${ca}" ] test (feeback from Michael Olbrich and Marc
   Kleine-Budde)
 - add documentation too

PATCH v3: https://lore.ptxdist.org/ptxdist/20210708203941.30212-1-rhi@pengutronix.de
 - correctly check for existence of ${keydir} instead of ${ca} (feedback
   from Michael Olbrich)
 - drop controversial re-indentation patches 6/7 and 7/7 from the series

PATCH v2 (rhi): https://lore.ptxdist.org/ptxdist/20210627231121.28313-1-rhi@pengutronix.de
 - reorder from PATCH 3/n to PATCH 1/n
 - echo "ERROR_CA_NOT_YET_SET" in case of error (feedback from Michael
   Olbrich) and also return 1

PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-3-mkl@pengutronix.de

fixup! ptxd_lib_code_signing: cs_get_ca(): improve error handling
---
 doc/ref_code_signing_helpers.rst     | 3 ++-
 scripts/lib/ptxd_lib_code_signing.sh | 8 +++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/doc/ref_code_signing_helpers.rst b/doc/ref_code_signing_helpers.rst
index 99a395b287c9..0fd61219a97a 100644
--- a/doc/ref_code_signing_helpers.rst
+++ b/doc/ref_code_signing_helpers.rst
@@ -334,4 +334,5 @@ Preconditions:
 
 - a certificate must have been appended to the CA keyring
   (see :ref:`cs_append_ca_from_pem`, :ref:`cs_append_ca_from_der`,
-  :ref:`cs_append_ca_from_uri`)
+  :ref:`cs_append_ca_from_uri`).
+  Otherwise, this function will print ``ERROR_CA_NOT_YET_SET``.
diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
index 5fa62d8372f9..ca101d635574 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -288,7 +288,13 @@ cs_get_ca() {
     local role="${1}"
     cs_init_variables
 
-    echo "${keydir}/${role}/ca.pem"
+    local ca="${keydir}/${role}/ca.pem"
+
+    if [ ! -e "${ca}" ]; then
+	echo "ERROR_CA_NOT_YET_SET"
+	return 1
+    fi
+    echo "${ca}"
 }
 export -f cs_get_ca
 
-- 
2.30.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de