mellon_create_metadata.sh never generates metadata files with /dev/urandom #118
Labels
good first issue
Good for newcomers
Comments
|
Thanks. Were you in fact using mellon 0.18.1? Because the underlying problem has been fixed there. As for the error reporting, you're right. A completely different approch could be the following:
|
I run the script in a Docker container and could not see why metadata files were not created becuase it happened silently
|
|
Yes, so 0.18.1 should at least have fixed why they weren't created. But agreed that we could improve the error reporting of the script to not be silent. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi. I added "set -x" to this script to see what happens.
`
...
++ mktemp -t mellon_create_sp.XXXXXXXXXX
The script and the last command were executed in a Docker container.
root@apache:~# openssl req -utf8 -batch -config /tmp/mellon_create_sp.rWskeaitUC -new -x509 -days 3652 -nodes -out http_apache_mellon_metadata.cert -keyout http_apache_mellon_metadata.key ... Cannot write random bytes: 4097216A697F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandomIn fact, this code has never been executed.
`
...
rm -f "$TEMPLATEFILE" "${TEMPLATEFILE}.RANDOM"
CERT="$(grep -v '^-----' "$OUTFILE.cert")"
cat >"$OUTFILE.xml" <<EOF`
The execution stops because the script contains the instruction 'set -e', but redirecting stderr to /dev/null hides that error message and the error reason is not obvious.
My proposal is something like this
openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null || true.. and to check that $OUTFILE.cert and $OUTFILE.key are created explicitly.
if [[ ! -f "$OUTFILE.cert" ]] || [[ ! -f "$OUTFILE.key" ]]; then echo "$OUTFILE.cert and $OUTFILE.key cannot be created" exit 1 fiThe text was updated successfully, but these errors were encountered: