commit 246a7f13acfa1580b2d529b1c6eb6f6711cba5e3
author Alan Stokes <alanstokes@google.com> Thu Jun 10 14:30:53 2021 +0100
committer Alan Stokes <alanstokes@google.com> Fri Jun 11 10:01:33 2021 +0100
tree 76e17143b5a3148c0fff93c9c0e8fb23deb3d8ab
parent 21f7f98fe885e841049ec46161ac899ab7e1d553

Improved error checking for fsverity_init/odsign.

When attempting to load a non-existent cert I got:
  06-10 12:48:11.939   662   662 E fsverity_init: Failed to add key: Invalid argument
  06-10 12:48:11.940   662   662 E fsverity_init: Failed to load key from stdin
  06-10 12:48:11.941   648   648 I odsign  : Added CompOs key to fs-verity keyring
Which looks like everything worked when nothing did.

Added more error checks on both sides.

Test: Presubmits
Test: Manual
Change-Id: Ib2b17ce75e58dafb0ad6905106e35b11b55e91d0

ondevice-signing/VerityUtils.cpp

diff --git a/ondevice-signing/VerityUtils.cpp b/ondevice-signing/VerityUtils.cpp
index 25f949c..318345a 100644
--- a/ondevice-signing/VerityUtils.cpp
+++ b/ondevice-signing/VerityUtils.cpp
@@ -247,6 +247,9 @@
     const char* const argv[] = {kFsVerityInitPath, "--load-extra-key", keyName};
 
     int fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
+    if (fd == -1) {
+        return ErrnoError() << "Failed to open " << path;
+    }
     pid_t pid = fork();
     if (pid == 0) {
         dup2(fd, STDIN_FILENO);
@@ -271,10 +274,8 @@
     if (!WIFEXITED(status)) {
         return Error() << kFsVerityInitPath << ": abnormal process exit";
     }
-    if (WEXITSTATUS(status)) {
-        if (status != 0) {
-            return Error() << kFsVerityInitPath << " exited with " << status;
-        }
+    if (WEXITSTATUS(status) != 0) {
+        return Error() << kFsVerityInitPath << " exited with " << WEXITSTATUS(status);
     }
 
     return {};