diff options
author | dann frazier <dann.frazier@canonical.com> | 2020-08-12 15:27:08 -0600 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-08-18 12:06:39 -0700 |
commit | f12484869c9590682ac3253d583bf59b890bb826 (patch) | |
tree | 6273f2b255f23b9711930498ae1e261edeb5caa6 | |
parent | d52f7bbb73401aab8a1d59e8d0d686ad9641035e (diff) | |
download | sbsigntools-f12484869c9590682ac3253d583bf59b890bb826.tar.gz |
sbkeysync: Don't ignore errors from insert_new_keys()
If insert_new_keys() fails, say due to a full variable store, we currently
still exit(0). This can make it difficult to know something is wrong.
For example, Debian and Ubuntu implement a secureboot-db systemd service
to update the DB and DBX, which calls:
ExecStart=/usr/bin/sbkeysync --no-default-keystores --keystore /usr/share/secureboot/updates --verbose
But although this seemed to succeed on my system, looking at the logs shows
a different story:
Inserting key update /usr/share/secureboot/updates/dbx/dbxupdate_x64.bin into dbx
Error writing key update: Invalid argument
Error syncing keystore file /usr/share/secureboot/updates/dbx/dbxupdate_x64.bin
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | src/sbkeysync.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/sbkeysync.c b/src/sbkeysync.c index e51f177..7748990 100644 --- a/src/sbkeysync.c +++ b/src/sbkeysync.c @@ -889,10 +889,12 @@ int main(int argc, char **argv) { bool use_default_keystore_dirs; struct sync_context *ctx; + int rc; use_default_keystore_dirs = true; ctx = talloc_zero(NULL, struct sync_context); list_head_init(&ctx->new_keys); + rc = EXIT_SUCCESS; for (;;) { int idx, c; @@ -985,10 +987,10 @@ int main(int argc, char **argv) if (ctx->verbose) print_new_keys(ctx); - if (!ctx->dry_run) - insert_new_keys(ctx); + if (!ctx->dry_run && insert_new_keys(ctx)) + rc = EXIT_FAILURE; talloc_free(ctx); - return EXIT_SUCCESS; + return rc; } |