opkg-cert: Don't blame clock for bootstrap to invalid cert

When a mirror has an expired certificate, prokit and opkg-cert print: prokit: Using architecture amd64-linux-glibc prokit: Using platform dev prokit: Using mirror http://files.proteanos.com/pub/proteanos/ prokit: Setting up root... prokit: Configuring opkg and retrieving Packages files... opkg-cert: Invalid certificate from <http://files.proteanos.com/pub/proteanos//archive.cert>! opkg-cert: Clock incorrect The second message from opkg-cert is wrong and confusing.
author: Patrick McDermott <patrick.mcdermott@libiquity.com> 2019-07-21 19:28:43 (EDT)
committer: Patrick McDermott <patrick.mcdermott@libiquity.com> 2019-07-21 19:31:59 (EDT)
commit: fb1cd5d9a0894eab954a47f3e9e0e8d0c8d4d359 (patch)
tree: f6de0b7d2694d581ddde6af33c9d94f751d4f050
parent: d88109911f14edbfdf063f6c90ffff330206f2a3 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/opkg-cert b/opkg-cert
index 82238aa..2cac000 100755
--- a/opkg-cert
+++ b/opkg-cert
@@ -227,7 +227,17 @@ check_cert()
 
 	# Check dates.
 	now=$(time)
-	if [ "${valid}" -eq 0 ] || [ ${now} -lt "${valid}" ]; then
+	if [ "${valid}" -eq 0 ]; then
+		# There was no "V" key in the payload, so this is most likely a
+		# dummy seed certificate that prokit generates to make opkg-cert
+		# download and verify the actual certificate from a mirror.  If
+		# we reached here, the actual certificate was invalid.
+		if ${new}; then
+			rm -f -- "${cert}"
+		fi
+		return 1
+	fi
+	if [ ${now} -lt "${valid}" ]; then
 		if ${new}; then
 			rm -f -- "${cert}"
 		else
author	Patrick McDermott <patrick.mcdermott@libiquity.com>	2019-07-21 19:28:43 (EDT)
committer	Patrick McDermott <patrick.mcdermott@libiquity.com>	2019-07-21 19:31:59 (EDT)
commit	fb1cd5d9a0894eab954a47f3e9e0e8d0c8d4d359 (patch)
tree	f6de0b7d2694d581ddde6af33c9d94f751d4f050
parent	d88109911f14edbfdf063f6c90ffff330206f2a3 (diff)