From 49a79c91803eeb384826519256b1ef0438baebd7 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Thu, 27 Aug 2015 11:52:40 +0000 Subject: [PATCH] cli: spawn: Return error code when spawn fails --- certidude/cli.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/certidude/cli.py b/certidude/cli.py index a072375..77f9056 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -74,6 +74,11 @@ def certidude_spawn(kill, no_interaction): """ Spawn processes for signers """ + # Check whether we have privileges + os.umask(0o027) + uid = os.getuid() + if uid != 0: + raise click.ClickException("Not running as root") # Process directories run_dir = "/run/certidude" @@ -85,10 +90,6 @@ def certidude_spawn(kill, no_interaction): click.echo("Creating: %s" % signer_dir) os.makedirs(signer_dir) - os.umask(0o027) - uid = os.getuid() - assert uid == 0, "Not running as root" - # Preload charmap encoding for byte_string() function of pyOpenSSL # in order to enable chrooting "".encode("charmap") @@ -100,6 +101,7 @@ def certidude_spawn(kill, no_interaction): # TODO: use os.mknod instead os.system("mknod -m 444 %s c 1 9" % os.path.join(chroot_dir, "dev", "urandom")) + ca_loaded = False for ca in config.all_authorities(): socket_path = os.path.join(signer_dir, ca.slug + ".sock") pidfile_path = os.path.join(signer_dir, ca.slug + ".pid") @@ -141,6 +143,10 @@ def certidude_spawn(kill, no_interaction): asyncore.loop() else: click.echo("Spawned certidude signer process with PID %d at %s" % (child_pid, socket_path)) + ca_loaded = True + + if not ca_loaded: + raise click.ClickException("No CA sections defined in configuration: {}".format(config.path)) @click.command("client", help="Setup X.509 certificates for application")