From 034d6aacc4a66c7adc79367f00e5b20e7ac4c7ff Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Sun, 1 Sep 2024 09:57:38 +0100
Subject: [PATCH] tangc handle non-zero exit from jwe dec

Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
---
 pkgs/tangc/tangc.fnl | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkgs/tangc/tangc.fnl b/pkgs/tangc/tangc.fnl
index 5ed81de3..6a1d6dcf 100644
--- a/pkgs/tangc/tangc.fnl
+++ b/pkgs/tangc/tangc.fnl
@@ -75,8 +75,15 @@
          (.. (json.encode clt) " " (json.encode eph))))
 
 (fn jwe-dec [jwk ph undigested]
-  (josep! ["jwe" "dec" "-k-" "-i-"]
-          (.. (json.encode jwk) ph "." undigested)))
+  ;; sometimes jose jwe dec decrypts the file and exits
+  ;; non-zero anyway. FIXME find out why
+  (let [inputstr (.. (json.encode jwk) ph "." undigested)
+        (exitcode out) (jose ["jwe" "dec" "-k-" "-i-"] inputstr)]
+    (if (> exitcode 0)
+        (: io.stderr :write (%% "jose jwe dec exited %d\n" exitcode)))
+    (if (not (= out ""))
+        out
+        (error (%% "jose jwe dec produced no output, exited %d" exitcode)))))
 
 (fn parse-jwe [jwe]
   (assert (= jwe.clevis.pin "tang") "invalid clevis.pin")