trust_anchors: do not bootstrap if root TA exists

Previously a typo in keyfile path triggered re-bootstrap even if root TA
was already installed.

diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in
index dce6d0689c0bd5960e5dd1ff3a0c19a618bee4ef..0643763db715247b6cba20400ae865551b18ee5f 100644 (file)
--- a/daemon/lua/trust_anchors.lua.in
+++ b/daemon/lua/trust_anchors.lua.in
@@ -317,6 +317,11 @@ local function add_file(path, unmanaged)
 
        -- Bootstrap if requested and keyfile doesn't exist
        if managed and not io.open(path, 'r') then
+               if trust_anchors.keysets['\0'] then
+                       error(string.format(
+                               "[ ta ] keyfile '%s' doesn't exist and root key is already installed, "
+                               .. "cannot bootstrap; provide a path to valid file with keys", path))
+               end
                log("[ ta ] keyfile '%s': doesn't exist, bootstrapping", path);
                local tas, msg = bootstrap(trust_anchors.bootstrap_url, trust_anchors.bootstrap_ca)
                if not tas then