cs_import_cert_from_pem() uses a pipe command to do the necessary
things. If the first command in that pipe fails the whole command should
be considered failing. So add a call to check_pipe_status as is done in
cs_import_privkey_from_pem().

Fixes: 8f41183e0afe ("Add initial code signing support")
Signed-off-by: Uwe Kleine-König <u.kleine-koe...@pengutronix.de>
---
 scripts/lib/ptxd_lib_code_signing.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/lib/ptxd_lib_code_signing.sh 
b/scripts/lib/ptxd_lib_code_signing.sh
index 5ba1a4666af4..bafdc16544d3 100644
--- a/scripts/lib/ptxd_lib_code_signing.sh
+++ b/scripts/lib/ptxd_lib_code_signing.sh
@@ -213,6 +213,7 @@ cs_import_cert_from_pem() {
        "${openssl_keyopt[@]}" \
        -in "${pem}" -inform pem -outform der |
     softhsm_pkcs11_tool --type cert --write-object /dev/stdin --label "${role}"
+    check_pipe_status
 }
 export -f cs_import_cert_from_pem
 
-- 
2.37.2


Reply via email to