From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Fri, 11 Nov 2022 15:32:11 +0100
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1otV4l-004ISd-AT
	for lore@lore.pengutronix.de; Fri, 11 Nov 2022 15:32:11 +0100
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1otV4k-0007KZ-2i; Fri, 11 Nov 2022 15:32:10 +0100
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1otV3p-0006oS-8F; Fri, 11 Nov 2022 15:31:13 +0100
Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1otV3n-003fbS-Mm; Fri, 11 Nov 2022 15:31:12 +0100
Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1otV3o-003kJF-2h; Fri, 11 Nov 2022 15:31:12 +0100
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Fri, 11 Nov 2022 15:31:12 +0100
Message-Id: <20221111143112.892934-1-m.olbrich@pengutronix.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20221025085921.986289-1-u.kleine-koenig@pengutronix.de>
References: <20221025085921.986289-1-u.kleine-koenig@pengutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: Re: [ptxdist] [APPLIED] ptxd_lib_code_signing: Check for errors in
 cs_import_cert_from_pem()
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: =?UTF-8?q?Uwe=20Kleine-K=C3=83=C2=B6nig?= <u.kleine-koenig@pengutronix.de>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Thanks, applied as cdb645fbca7ac4b4752a2eb1223ba9baf29cb969.

Michael

[sent from post-receive hook]

On Fri, 11 Nov 2022 15:31:11 +0100, Uwe Kleine-KÃ¶nig <u.kleine-koenig@pengutronix.de> wrote:
> cs_import_cert_from_pem() uses a pipe command to do the necessary
> things. If the first command in that pipe fails the whole command should
> be considered failing. So add a call to check_pipe_status as is done in
> cs_import_privkey_from_pem().
> 
> Fixes: 8f41183e0afe ("Add initial code signing support")
> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
> Message-Id: <20221025085921.986289-1-u.kleine-koenig@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/scripts/lib/ptxd_lib_code_signing.sh b/scripts/lib/ptxd_lib_code_signing.sh
> index 5ba1a4666af4..bafdc16544d3 100644
> --- a/scripts/lib/ptxd_lib_code_signing.sh
> +++ b/scripts/lib/ptxd_lib_code_signing.sh
> @@ -213,6 +213,7 @@ cs_import_cert_from_pem() {
>  	"${openssl_keyopt[@]}" \
>  	-in "${pem}" -inform pem -outform der |
>      softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}"
> +    check_pipe_status
>  }
>  export -f cs_import_cert_from_pem
>