Commit 866e67ff authored by ale's avatar ale

Use custom exit status to detect file modification

With the --use-exit-status option x509ca will now exit with status 10
when the certificates have been modified successfully (unless --check
is specified, which takes precedence).
parent b2be470f
......@@ -182,6 +182,7 @@ func (c *initCmd) Execute(ctx context.Context, _ *flag.FlagSet, _ ...interface{}
return subcommands.ExitFailure
}
changed := false
ca, err := loadCA(c.caCertPath, c.caKeyPath)
if err != nil {
if c.checkOnly {
......@@ -193,6 +194,7 @@ func (c *initCmd) Execute(ctx context.Context, _ *flag.FlagSet, _ ...interface{}
log.Printf("ERROR: could not create new CA: %v", err)
return subcommands.ExitFailure
}
changed = true
}
if aboutToExpire(ca.cert) {
if c.checkOnly {
......@@ -204,8 +206,9 @@ func (c *initCmd) Execute(ctx context.Context, _ *flag.FlagSet, _ ...interface{}
log.Printf("ERROR: could not renew CA certificate: %v", err)
return subcommands.ExitFailure
}
changed = true
}
return subcommands.ExitSuccess
return exitStatus(changed)
}
func init() {
......
......@@ -193,6 +193,7 @@ func (c *signCmd) Execute(ctx context.Context, _ *flag.FlagSet, _ ...interface{}
}
}
changed := false
pkey, cert, err := loadCertificateAndPrivateKey(c.certPath, c.keyPath)
if err != nil {
if c.checkOnly {
......@@ -204,6 +205,7 @@ func (c *signCmd) Execute(ctx context.Context, _ *flag.FlagSet, _ ...interface{}
log.Printf("ERROR: could not sign certificate: %v", err)
return subcommands.ExitFailure
}
changed = true
}
if aboutToExpire(cert) || !certificateMetadataEqual(cert, c.subject.Name, c.sanList, c.ipList, c.isClient, c.isServer) {
if c.checkOnly {
......@@ -214,8 +216,9 @@ func (c *signCmd) Execute(ctx context.Context, _ *flag.FlagSet, _ ...interface{}
if err != nil {
log.Printf("ERROR: could not renew certificate: %v", err)
}
changed = true
}
return subcommands.ExitSuccess
return exitStatus(changed)
}
func init() {
......
......@@ -19,8 +19,11 @@ import (
"golang.org/x/net/context"
)
const filesModifiedExitStatus = 10
var (
certRenewalDays = flag.Int("renewal-days", 15, "How many days before expiration to renew a certificate")
certRenewalDays = flag.Int("renewal-days", 15, "How many days before expiration to renew a certificate")
useCustomExitStatus = flag.Bool("use-exit-status", false, fmt.Sprintf("Use a custom exit status (%d) to indicate that certificates have been modified", filesModifiedExitStatus))
)
func aboutToExpire(cert *x509.Certificate) bool {
......@@ -190,6 +193,13 @@ func init() {
subcommands.Register(subcommands.CommandsCommand(), "")
}
func exitStatus(changed bool) subcommands.ExitStatus {
if *useCustomExitStatus && changed {
return subcommands.ExitStatus(filesModifiedExitStatus)
}
return subcommands.ExitSuccess
}
func main() {
log.SetFlags(0)
flag.Parse()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment