If any tested file results in failure produce failure exit code.
Previously exit code affected only by the last file tested.
Fixes: "Allow multiple files in ima_verify"
Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
---
I decided not to rebase "Allow multiple files in ima_verify" to not create
merge conflicts with "Namespace some too generic object names".
src/evmctl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index b02be8b..d33a91e 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -887,7 +887,7 @@ static int verify_ima(const char *file)
static int cmd_verify_ima(struct command *cmd)
{
char *file = g_argv[optind++];
- int err;
+ int err, fails = 0;
if (imaevm_params.keyfile) /* Support multiple public keys */
init_public_keys(imaevm_params.keyfile);
@@ -903,10 +903,12 @@ static int cmd_verify_ima(struct command *cmd)
do {
err = verify_ima(file);
+ if (err)
+ fails++;
if (!err && imaevm_params.verbose >= LOG_INFO)
log_info("%s: verification is OK\n", file);
} while ((file = g_argv[optind++]));
- return err;
+ return fails > 0;
}
static int cmd_convert(struct command *cmd)
--
2.11.0
