commit: e95be81e9a35b261c0e59272fbfd0108239f9ca3
Author: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 22 13:27:24 2023 +0000
Commit: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Tue Aug 22 13:27:24 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e95be81e
secureboot.eclass: error out early if signing key not readable
Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>
eclass/secureboot.eclass | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/eclass/secureboot.eclass b/eclass/secureboot.eclass
index 477722a83bb3..383fe7cc3afa 100644
--- a/eclass/secureboot.eclass
+++ b/eclass/secureboot.eclass
@@ -52,7 +52,7 @@ BDEPEND="secureboot? ( app-crypt/sbsigntools )"
# @DESCRIPTION:
# Used with USE=secureboot. Should be set to the path of the private
# key in PEM format to use, or a PKCS#11 URI.
-#
+
# @ECLASS_VARIABLE: SECUREBOOT_SIGN_CERT
# @USER_VARIABLE
# @DEFAULT_UNSET
@@ -75,11 +75,11 @@ _secureboot_die_if_unset() {
if [[ -z ${SECUREBOOT_SIGN_KEY} || -z ${SECUREBOOT_SIGN_CERT} ]]; then
die "USE=secureboot enabled but SECUREBOOT_SIGN_KEY and/or
SECUREBOOT_SIGN_CERT not set."
fi
- if [[ ! ${SECUREBOOT_SIGN_KEY} == pkcs11:* && ! -f
${SECUREBOOT_SIGN_KEY} ]]; then
- die "SECUREBOOT_SIGN_KEY=${SECUREBOOT_SIGN_KEY} not found"
+ if [[ ! ${SECUREBOOT_SIGN_KEY} == pkcs11:* && ! -r
${SECUREBOOT_SIGN_KEY} ]]; then
+ die "SECUREBOOT_SIGN_KEY=${SECUREBOOT_SIGN_KEY} not found or
not readable!"
fi
- if [[ ! -f ${SECUREBOOT_SIGN_CERT} ]];then
- die "SECUREBOOT_SIGN_CERT=${SECUREBOOT_SIGN_CERT} not found"
+ if [[ ! -r ${SECUREBOOT_SIGN_CERT} ]]; then
+ die "SECUREBOOT_SIGN_CERT=${SECUREBOOT_SIGN_CERT} not found or
not readable!"
fi
}
