mellon_create_metadata.sh never generates metadata files with /dev/urandom #118
Description
Hi. I added "set -x" to this script to see what happens.
`
...
- umask 0077
++ mktemp -t mellon_create_sp.XXXXXXXXXX - TEMPLATEFILE=/tmp/mellon_create_sp.rWskeaitUC
- cat
- openssl req -utf8 -batch -config /tmp/mellon_create_sp.rWskeaitUC -new -x509 -days 3652 -nodes -out http_apache_mellon_metadata.cert -keyout http_apache_mellon_metadata.key`
The script and the last command were executed in a Docker container.
root@apache:~# openssl req -utf8 -batch -config /tmp/mellon_create_sp.rWskeaitUC -new -x509 -days 3652 -nodes -out http_apache_mellon_metadata.cert -keyout http_apache_mellon_metadata.key ... Cannot write random bytes: 4097216A697F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
In fact, this code has never been executed.
`
...
rm -f "$TEMPLATEFILE" "${TEMPLATEFILE}.RANDOM"
CERT="$(grep -v '^-----' "$OUTFILE.cert")"
cat >"$OUTFILE.xml" <<EOF`
The execution stops because the script contains the instruction 'set -e', but redirecting stderr to /dev/null hides that error message and the error reason is not obvious.
My proposal is something like this
openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null || true
.. and to check that $OUTFILE.cert and $OUTFILE.key are created explicitly.
if [[ ! -f "$OUTFILE.cert" ]] || [[ ! -f "$OUTFILE.key" ]]; then echo "$OUTFILE.cert and $OUTFILE.key cannot be created" exit 1 fi