diff options
author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-07-21 19:28:43 (EDT) |
---|---|---|
committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-07-21 19:31:59 (EDT) |
commit | fb1cd5d9a0894eab954a47f3e9e0e8d0c8d4d359 (patch) | |
tree | f6de0b7d2694d581ddde6af33c9d94f751d4f050 /opkg-cert | |
parent | d88109911f14edbfdf063f6c90ffff330206f2a3 (diff) |
opkg-cert: Don't blame clock for bootstrap to invalid cert
When a mirror has an expired certificate, prokit and opkg-cert print:
prokit: Using architecture amd64-linux-glibc
prokit: Using platform dev
prokit: Using mirror http://files.proteanos.com/pub/proteanos/
prokit: Setting up root...
prokit: Configuring opkg and retrieving Packages files...
opkg-cert: Invalid certificate from <http://files.proteanos.com/pub/proteanos//archive.cert>!
opkg-cert: Clock incorrect
The second message from opkg-cert is wrong and confusing.
Diffstat (limited to 'opkg-cert')
-rwxr-xr-x | opkg-cert | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -227,7 +227,17 @@ check_cert() # Check dates. now=$(time) - if [ "${valid}" -eq 0 ] || [ ${now} -lt "${valid}" ]; then + if [ "${valid}" -eq 0 ]; then + # There was no "V" key in the payload, so this is most likely a + # dummy seed certificate that prokit generates to make opkg-cert + # download and verify the actual certificate from a mirror. If + # we reached here, the actual certificate was invalid. + if ${new}; then + rm -f -- "${cert}" + fi + return 1 + fi + if [ ${now} -lt "${valid}" ]; then if ${new}; then rm -f -- "${cert}" else |