From 034d6aacc4a66c7adc79367f00e5b20e7ac4c7ff Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Sun, 1 Sep 2024 09:57:38 +0100 Subject: [PATCH] tangc handle non-zero exit from jwe dec Sometimes it exits non-zero but decrypts the file *anyway*. It only does this on the device and I haven't been able to reproduce on build, so this is a workaround until we find the root cause --- pkgs/tangc/tangc.fnl | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/pkgs/tangc/tangc.fnl b/pkgs/tangc/tangc.fnl index 5ed81de..6a1d6dc 100644 --- a/pkgs/tangc/tangc.fnl +++ b/pkgs/tangc/tangc.fnl @@ -75,8 +75,15 @@ (.. (json.encode clt) " " (json.encode eph)))) (fn jwe-dec [jwk ph undigested] - (josep! ["jwe" "dec" "-k-" "-i-"] - (.. (json.encode jwk) ph "." undigested))) + ;; sometimes jose jwe dec decrypts the file and exits + ;; non-zero anyway. FIXME find out why + (let [inputstr (.. (json.encode jwk) ph "." undigested) + (exitcode out) (jose ["jwe" "dec" "-k-" "-i-"] inputstr)] + (if (> exitcode 0) + (: io.stderr :write (%% "jose jwe dec exited %d\n" exitcode))) + (if (not (= out "")) + out + (error (%% "jose jwe dec produced no output, exited %d" exitcode))))) (fn parse-jwe [jwe] (assert (= jwe.clevis.pin "tang") "invalid clevis.pin")