* [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue
@ 2023-11-10 20:21 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 01/14] tests: Address issues raised by shellcheck SC2086 & enable shellcheck Stefan Berger
` (13 more replies)
0 siblings, 14 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Enable shellcheck for the bash scripts in the tests directory. Fix issues
on the way that are found when particular checks are enabled. In the end
all shellcheck v0.9 checks are enabled and shellcheck passes without any
issues.
Shellcheck can be run using the following command:
make shellcheck
Apart from style issues two real issues are detected by SC2003 and SC2295.
Regards,
Stefan
Stefan Berger (14):
tests: Address issues raised by shellcheck SC2086 & enable shellcheck
tests: Address issues raised by shellcheck SC2181
tests: Address issues raised by shellcheck SC2046
tests: Address issues raised by shellcheck SC2320
tests: Address issues raised by shellcheck SC2317
tests: Address issues raised by shellcheck SC2034
tests: Address issues raised by shellcheck SC2164
tests: Address issues raised by shellcheck SC2166
tests: Address issues raised by shellcheck SC2294
tests: Address issues raised by shellcheck SC2206
tests: Address issues raised by shellcheck SC2196
tests: Address issues raised by shellcheck SC2043
tests: Address issues raised by shellcheck SC2295
tests: Address issues raised by shellcheck SC2003
Makefile.am | 5 ++-
tests/Makefile.am | 11 ++++++-
tests/boot_aggregate.test | 28 +++++++---------
tests/fsverity.test | 20 +++++++-----
tests/functions.sh | 36 ++++++++++----------
tests/gen-keys.sh | 8 +++--
tests/ima_hash.test | 4 +--
tests/install-fsverity.sh | 4 +--
tests/install-mount-idmapped.sh | 2 +-
tests/install-openssl3.sh | 14 ++++----
tests/install-swtpm.sh | 2 +-
tests/install-tss.sh | 2 +-
tests/mmap_check.test | 10 +++---
tests/portable_signatures.test | 11 +++----
tests/sign_verify.test | 15 ++++-----
tests/softhsm_setup | 58 ++++++++++++++-------------------
16 files changed, 114 insertions(+), 116 deletions(-)
--
2.41.0
^ permalink raw reply [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 01/14] tests: Address issues raised by shellcheck SC2086 & enable shellcheck
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 02/14] tests: Address issues raised by shellcheck SC2181 Stefan Berger
` (12 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2086:
"Double quote to prevent globbing and word splitting."
Add support for the make target 'shellcheck' on scripts in the
test directory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
Makefile.am | 5 ++++-
tests/Makefile.am | 11 ++++++++++-
tests/boot_aggregate.test | 4 ++--
tests/fsverity.test | 16 ++++++++--------
tests/functions.sh | 30 +++++++++++++++---------------
tests/gen-keys.sh | 4 ++--
tests/install-openssl3.sh | 12 ++++++------
tests/sign_verify.test | 12 ++++++------
tests/softhsm_setup | 28 ++++++++++++++--------------
9 files changed, 67 insertions(+), 55 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e686d65..a30c800 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -44,4 +44,7 @@ rmman:
doc: evmctl.1.html rmman evmctl.1
endif
-.PHONY: $(tarname)
+shellcheck:
+ make -C tests shellcheck
+
+.PHONY: $(tarname) shellcheck
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 03aa5b7..e34fd79 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -24,6 +24,15 @@ clean-local:
-rm -f *.txt *.out *.sig *.sig2
distclean: distclean-keys
-.PHONY: distclean-keys
+
+shellcheck:
+ shellcheck -i SC2086 \
+ functions.sh gen-keys.sh install-fsverity.sh \
+ install-mount-idmapped.sh install-openssl3.sh \
+ install-swtpm.sh install-tss.sh softhsm_setup \
+ $(check_SCRIPTS)
+
+.PHONY: distclean-keys shellcheck
distclean-keys:
./gen-keys.sh clean
+
diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
index b0b2db4..ccc45f9 100755
--- a/tests/boot_aggregate.test
+++ b/tests/boot_aggregate.test
@@ -129,7 +129,7 @@ check() {
local options=$1
echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"
- bootaggr=$(evmctl ima_boot_aggregate ${options})
+ bootaggr=$(evmctl ima_boot_aggregate "${options}")
if [ $? -ne 0 ]; then
echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"
exit "$SKIP"
@@ -197,4 +197,4 @@ if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then
fi
fi
-expect_pass check $BOOTAGGR_OPTIONS
+expect_pass check "$BOOTAGGR_OPTIONS"
diff --git a/tests/fsverity.test b/tests/fsverity.test
index 01d5c35..11925cb 100755
--- a/tests/fsverity.test
+++ b/tests/fsverity.test
@@ -50,9 +50,9 @@ _require dd mkfs blkid e2fsck tune2fs evmctl setfattr
trap '_report_exit_and_cleanup _cleanup_env cleanup' SIGINT SIGTERM EXIT
cleanup() {
- if [ -e $TST_MNT ]; then
- if [ $LOOPBACK_MOUNTED -eq 1 ]; then
- umount $TST_MNT
+ if [ -e "$TST_MNT" ]; then
+ if [ "$LOOPBACK_MOUNTED" -eq 1 ]; then
+ umount "$TST_MNT"
fi
if [ -f "$TST_IMG" ]; then
rm "$TST_IMG"
@@ -199,7 +199,7 @@ create_file() {
local test=$1
local type=$2
- TST_FILE=$(mktemp -p $TST_MNT -t "${type}".XXXXXX)
+ TST_FILE=$(mktemp -p "$TST_MNT" -t "${type}".XXXXXX)
[ "$VERBOSE" -ge 1 ] && echo "INFO: creating $TST_FILE"
# heredoc to create a script
@@ -248,13 +248,13 @@ measure-verity() {
digest_filename=$("$FSVERITY" digest "$TST_FILE")
[ "$VERBOSE" -ge 2 ] && echo "INFO: verity:$digest_filename"
- grep "verity:$digest_filename" $IMA_MEASUREMENT_LIST &> /dev/null
+ grep "verity:$digest_filename" "$IMA_MEASUREMENT_LIST" &> /dev/null
ret=$?
# Not finding the "fsverity digest" result in the IMA measurement
# list is expected for non fs-verity enabled files. The measurement
# list will contain zeros for the file hash.
- if [ $ret -eq 1 ]; then
+ if [ "$ret" -eq 1 ]; then
error="$FAIL"
if [ "$verity" = "enabled" ]; then
echo "${RED}FAILURE: ${msg} ${NORM}"
@@ -282,7 +282,7 @@ measure-ima() {
create_file "$test" ima-hash
"$TST_FILE"
- hashalg=$(grep "${TST_FILE}" $IMA_MEASUREMENT_LIST | cut -d':' -f2)
+ hashalg=$(grep "${TST_FILE}" "$IMA_MEASUREMENT_LIST" | cut -d':' -f2)
if [ -z "${hashalg}" ]; then
echo "${CYAN}SKIP: Measurement record with algorithm not found${NORM}"
return "$SKIP"
@@ -298,7 +298,7 @@ measure-ima() {
# Remove the extra space before the filename
digest_filename=$(${digestsum} "$TST_FILE" | sed "s/\ \ /\ /")
[ "$VERBOSE" -ge 2 ] && echo "$test: $digest_filename"
- if grep "$digest_filename" $IMA_MEASUREMENT_LIST &> /dev/null; then
+ if grep "$digest_filename" "$IMA_MEASUREMENT_LIST" &> /dev/null; then
echo "${GREEN}SUCCESS: Measuring $TST_FILE ${NORM}"
else
error="$FAIL"
diff --git a/tests/functions.sh b/tests/functions.sh
index ed06040..15bcec4 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -42,7 +42,7 @@ exit_early() {
_require() {
ret=
for i; do
- if ! type $i; then
+ if ! type "$i"; then
echo "$i is required for test"
ret=1
fi
@@ -79,7 +79,7 @@ expect_pass() {
fi
if [ $TNESTED -gt 0 ]; then
- echo $RED"expect_pass should not be run nested"$NORM
+ echo "${RED}expect_pass should not be run nested${NORM}"
testsfail+=1
exit "$HARDFAIL"
fi
@@ -110,9 +110,9 @@ expect_pass_if() {
ret=$?
if [ $ret -ne 0 ] && [ $ret -ne 77 ] && [ -n "$PATCHES" ]; then
- echo $YELLOW"Possibly missing patches:"$NORM
+ echo "${YELLOW}Possibly missing patches:${NORM}"
for idx in $indexes; do
- echo $YELLOW" - ${PATCHES[$((idx))]}"$NORM
+ echo "${YELLOW} - ${PATCHES[$((idx))]}${NORM}"
done
fi
@@ -130,7 +130,7 @@ expect_fail() {
fi
if [ $TNESTED -gt 0 ]; then
- echo $RED"expect_fail should not be run nested"$NORM
+ echo "${RED}expect_fail should not be run nested${NORM}"
testsfail+=1
exit "$HARDFAIL"
fi
@@ -166,9 +166,9 @@ expect_fail_if() {
ret=$?
if { [ $ret -eq 0 ] || [ $ret -eq 99 ]; } && [ -n "$PATCHES" ]; then
- echo $YELLOW"Possibly missing patches:"$NORM
+ echo "${YELLOW}Possibly missing patches:${NORM}"
for idx in $indexes; do
- echo $YELLOW" - ${PATCHES[$((idx))]}"$NORM
+ echo "${YELLOW} - ${PATCHES[$((idx))]}${NORM}"
done
fi
@@ -177,12 +177,12 @@ expect_fail_if() {
# return true if current test is positive
_test_expected_to_pass() {
- [ ! $TFAIL ]
+ [ ! "$TFAIL" ]
}
# return true if current test is negative
_test_expected_to_fail() {
- [ $TFAIL ]
+ [ "$TFAIL" ]
}
# Show blank line and color following text to red
@@ -201,7 +201,7 @@ color_red() {
}
color_restore() {
- [ $COLOR_RESTORE ] && echo "$NORM"
+ [ "$COLOR_RESTORE" ] && echo "$NORM"
COLOR_RESTORE=
}
@@ -216,7 +216,7 @@ _evmctl_run() {
# ADD_TEXT_FOR: append to text as 'for $ADD_TEXT_FOR'
cmd="evmctl $V $EVMCTL_ENGINE $*"
- echo $YELLOW$TMODE "$cmd"$NORM
+ echo "${YELLOW}$TMODE $cmd${NORM}"
$cmd >"$out" 2>&1
ret=$?
@@ -226,7 +226,7 @@ _evmctl_run() {
echo "evmctl $op failed hard with ($ret) $text_for"
sed 's/^/ /' "$out"
color_restore
- rm "$out" $ADD_DEL
+ rm "$out" "$ADD_DEL"
ADD_DEL=
ADD_TEXT_FOR=
return "$HARDFAIL"
@@ -238,7 +238,7 @@ _evmctl_run() {
sed 's/^/ /' "$out"
fi
color_restore
- rm "$out" $ADD_DEL
+ rm "$out" "$ADD_DEL"
ADD_DEL=
ADD_TEXT_FOR=
return "$FAIL"
@@ -371,7 +371,7 @@ _softhsm_setup() {
msg=$(./softhsm_setup setup 2>&1)
if [ $? -eq 0 ]; then
echo "softhsm_setup setup succeeded: $msg"
- PKCS11_KEYURI=$(echo $msg | sed -n 's|^keyuri: \(.*\)|\1|p')
+ PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p')
export EVMCTL_ENGINE="--engine pkcs11"
export OPENSSL_ENGINE="-engine pkcs11"
@@ -402,7 +402,7 @@ _run_env() {
if [ "$TST_ENV" = "um" ]; then
expect_pass "$1" rootfstype=hostfs rw init="$2" quiet mem=2048M "$3"
else
- echo $RED"Testing environment $TST_ENV not supported"$NORM
+ echo "${RED}Testing environment $TST_ENV not supported${NORM}"
exit "$FAIL"
fi
}
diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index 8905cdf..0b03ba4 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -71,9 +71,9 @@ for m in 1024 1024_skid 2048; do
ext=
fi
if [ ! -e test-rsa$m.key ]; then
- log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 $ext \
+ log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 "$ext" \
-config test-ca.conf \
- -newkey rsa:$bits \
+ -newkey "rsa:$bits" \
-out test-rsa$m.cer -outform DER \
-keyout test-rsa$m.key
# for v1 signatures
diff --git a/tests/install-openssl3.sh b/tests/install-openssl3.sh
index 911c32b..29457f3 100755
--- a/tests/install-openssl3.sh
+++ b/tests/install-openssl3.sh
@@ -9,16 +9,16 @@ fi
version=${COMPILE_SSL}
-wget --no-check-certificate https://github.com/openssl/openssl/archive/refs/tags/${version}.tar.gz
-tar --no-same-owner -xzf ${version}.tar.gz
-cd openssl-${version}
+wget --no-check-certificate "https://github.com/openssl/openssl/archive/refs/tags/${version}.tar.gz"
+tar --no-same-owner -xzf "${version}.tar.gz"
+cd "openssl-${version}"
if [ "$VARIANT" = "i386" ]; then
echo "32-bit compilation"
FLAGS="-m32 linux-generic32"
fi
-./Configure $FLAGS no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3
+./Configure "$FLAGS" no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3
# Uncomment for debugging
# perl configdata.pm --dump | grep engine
make -j$(nproc)
@@ -26,5 +26,5 @@ make -j$(nproc)
sudo make install_sw
cd ..
-rm -rf ${version}.tar.gz
-rm -rf openssl-${version}
+rm -rf "${version}.tar.gz"
+rm -rf "openssl-${version}"
diff --git a/tests/sign_verify.test b/tests/sign_verify.test
index 2bc365a..5cc0393 100755
--- a/tests/sign_verify.test
+++ b/tests/sign_verify.test
@@ -141,7 +141,7 @@ check_sign() {
local FILE=${FILE:-$ALG.txt}
# Normalize key filename if it's not a pkcs11 URI
- if [ ${KEY:0:7} != pkcs11: ]; then
+ if [ "${KEY:0:7}" != pkcs11: ]; then
key=${KEY%.*}.key
key=test-${key#test-}
else
@@ -152,8 +152,8 @@ check_sign() {
# leave only good files for verify tests.
_test_expected_to_fail && FILE+='~'
- rm -f $FILE
- if ! touch $FILE; then
+ rm -f "$FILE"
+ if ! touch "$FILE"; then
color_red
echo "Can't create test file: $FILE"
color_restore
@@ -372,7 +372,7 @@ try_different_sigs() {
## Test v1 signatures
# Signature v1 only supports sha1 and sha256 so any other should fail
-if [ $SIGV1 -eq 0 ]; then
+if [ "$SIGV1" -eq 0 ]; then
__skip() { echo "IMA signature v1 tests are skipped: not supported"; return $SKIP; }
expect_pass __skip
else
@@ -440,8 +440,8 @@ expect_fail \
# Test signing with key described by pkcs11 URI
_softhsm_setup "${WORKDIR}"
if [ -n "${PKCS11_KEYURI}" ]; then
- expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd
- expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha1 PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd
+ expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd
+ expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha1 PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd
else
# to have a constant number of tests, skip these two tests
__skip() { echo "pkcs11 test is skipped: could not setup softhsm"; return $SKIP; }
diff --git a/tests/softhsm_setup b/tests/softhsm_setup
index 35b1754..10e4013 100755
--- a/tests/softhsm_setup
+++ b/tests/softhsm_setup
@@ -15,7 +15,7 @@ fi
MAJOR=$(softhsm2-util -v | cut -d '.' -f1)
MINOR=$(softhsm2-util -v | cut -d '.' -f2)
-if [ ${MAJOR} -lt 2 ] || [ ${MAJOR} -eq 2 -a ${MINOR} -lt 2 ]; then
+if [ "${MAJOR}" -lt 2 ] || [ "${MAJOR}" -eq 2 -a "${MINOR}" -lt 2 ]; then
echo "Need softhsm v2.2.0 or later"
exit 77
fi
@@ -91,21 +91,21 @@ setup_softhsm() {
grep -E "\.so$")"
fi
sudo mkdir -p /etc/gnutls &>/dev/null
- sudo bash -c "echo "load=${SONAME}" > /etc/gnutls/pkcs11.conf"
+ sudo bash -c "echo 'load=${SONAME}' > /etc/gnutls/pkcs11.conf"
;;
esac
- if ! [ -d $configdir ]; then
- mkdir -p $configdir
+ if ! [ -d "$configdir" ]; then
+ mkdir -p "$configdir"
fi
- mkdir -p ${tokendir}
+ mkdir -p "${tokendir}"
- if [ -f $configfile ]; then
+ if [ -f "$configfile" ]; then
mv "$configfile" "$bakconfigfile"
fi
- if ! [ -f $configfile ]; then
- cat <<_EOF_ > $configfile
+ if ! [ -f "$configfile" ]; then
+ cat <<_EOF_ > "$configfile"
directories.tokendir = ${tokendir}
objectstore.backend = file
log.level = DEBUG
@@ -122,8 +122,8 @@ _EOF_
if [ -z "$tokenuri" ]; then
msg=$(softhsm2-util \
- --init-token --pin ${PIN} --so-pin ${SO_PIN} \
- --free --label ${NAME} 2>&1)
+ --init-token --pin "${PIN}" --so-pin "${SO_PIN}" \
+ --free --label "${NAME}" 2>&1)
if [ $? -ne 0 ]; then
echo "Could not initialize token"
echo "$msg"
@@ -172,7 +172,7 @@ _EOF_
fi
fi
- getkeyuri_softhsm $slot
+ getkeyuri_softhsm "$slot"
rc=$?
if [ $rc -ne 0 ]; then
teardown_softhsm
@@ -196,7 +196,7 @@ _getkeyuri_softhsm() {
echo "$msg"
return 6
fi
- msg=$(p11tool --list-all ${tokenuri} 2>&1)
+ msg=$(p11tool --list-all "${tokenuri}" 2>&1)
if [ $? -ne 0 ]; then
echo "Could not list object under token $tokenuri"
echo "$msg"
@@ -260,7 +260,7 @@ main() {
local ret
if [ $# -lt 1 ]; then
- usage $0
+ usage "$0"
echo -e "Missing command.\n\n"
return 1
fi
@@ -283,7 +283,7 @@ main() {
;;
*)
echo -e "Unsupported command: $1\n\n"
- usage $0
+ usage "$0"
ret=1
esac
return $ret
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 02/14] tests: Address issues raised by shellcheck SC2181
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 01/14] tests: Address issues raised by shellcheck SC2086 & enable shellcheck Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 03/14] tests: Address issues raised by shellcheck SC2046 Stefan Berger
` (11 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2181:
"Check exit code directly with e.g. if mycmd;, not indirectly with $?."
The general replacement patterns to fix this issue are:
Old:
<cmd>
if [ $? -eq 0 ]; then ...
New:
if <cmd>; then ...
Old:
<cmd>
if [ $? -ne 0 ]; then ...
New:
if ! <cmd>; then ...
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/boot_aggregate.test | 22 ++++++++--------------
tests/functions.sh | 3 +--
tests/ima_hash.test | 4 ++--
tests/sign_verify.test | 3 +--
tests/softhsm_setup | 32 ++++++++++++--------------------
6 files changed, 25 insertions(+), 41 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index e34fd79..1848091 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086 \
+ shellcheck -i SC2086,SC2181 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
index ccc45f9..04aef9b 100755
--- a/tests/boot_aggregate.test
+++ b/tests/boot_aggregate.test
@@ -47,8 +47,7 @@ swtpm_start() {
fi
if [ -n "${swtpm}" ]; then
- pgrep swtpm
- if [ $? -eq 0 ]; then
+ if pgrep swtpm; then
echo "INFO: Software TPM (swtpm) already running"
return 114
else
@@ -60,8 +59,7 @@ swtpm_start() {
elif [ -n "${tpm_server}" ]; then
# tpm_server uses the Microsoft simulator encapsulated packet format
export TPM_SERVER_TYPE="mssim"
- pgrep tpm_server
- if [ $? -eq 0 ]; then
+ if pgrep tpm_server; then
echo "INFO: Software TPM (tpm_server) already running"
return 114
else
@@ -81,16 +79,13 @@ swtpm_init() {
fi
echo "INFO: Sending software TPM startup"
- "${TSSDIR}/tssstartup"
- if [ $? -ne 0 ]; then
+ if ! "${TSSDIR}/tssstartup"; then
echo "INFO: Retry sending software TPM startup"
sleep 1
- "${TSSDIR}/tssstartup"
- fi
-
- if [ $? -ne 0 ]; then
- echo "INFO: Software TPM startup failed"
- return "$SKIP"
+ if ! "${TSSDIR}/tssstartup"; then
+ echo "INFO: Software TPM startup failed"
+ return "$SKIP"
+ fi
fi
echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM"
@@ -129,8 +124,7 @@ check() {
local options=$1
echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"
- bootaggr=$(evmctl ima_boot_aggregate "${options}")
- if [ $? -ne 0 ]; then
+ if ! bootaggr=$(evmctl ima_boot_aggregate "${options}"); then
echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"
exit "$SKIP"
fi
diff --git a/tests/functions.sh b/tests/functions.sh
index 15bcec4..86e6597 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -368,8 +368,7 @@ _softhsm_setup() {
mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}"
- msg=$(./softhsm_setup setup 2>&1)
- if [ $? -eq 0 ]; then
+ if msg=$(./softhsm_setup setup 2>&1); then
echo "softhsm_setup setup succeeded: $msg"
PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p')
diff --git a/tests/ima_hash.test b/tests/ima_hash.test
index e88fd59..9a8d7b6 100755
--- a/tests/ima_hash.test
+++ b/tests/ima_hash.test
@@ -33,8 +33,8 @@ check() {
# unless it's negative test, then pass to evmctl
cmd="openssl dgst $OPENSSL_ENGINE -$alg $file"
echo - "$cmd"
- hash=$(set -o pipefail; $cmd 2>/dev/null | cut -d' ' -f2)
- if [ $? -ne 0 ] && _test_expected_to_pass; then
+ if ! hash=$(set -o pipefail; $cmd 2>/dev/null | cut -d' ' -f2) \
+ && _test_expected_to_pass; then
echo "${CYAN}$alg test is skipped$NORM"
rm "$file"
return "$SKIP"
diff --git a/tests/sign_verify.test b/tests/sign_verify.test
index 5cc0393..1b6cf2a 100755
--- a/tests/sign_verify.test
+++ b/tests/sign_verify.test
@@ -185,8 +185,7 @@ check_sign() {
# Insert keyid from cert into PREFIX in-place of marker `:K:'
if [[ $PREFIX =~ :K: ]]; then
- keyid=$(_keyid_from_cert "$key")
- if [ $? -ne 0 ]; then
+ if ! keyid=$(_keyid_from_cert "$key"); then
color_red
echo "Unable to determine keyid for $key"
color_restore
diff --git a/tests/softhsm_setup b/tests/softhsm_setup
index 10e4013..95bf0b1 100755
--- a/tests/softhsm_setup
+++ b/tests/softhsm_setup
@@ -30,8 +30,7 @@ UNAME_S="$(uname -s)"
case "${UNAME_S}" in
Darwin)
- msg=$(sudo -v -n)
- if [ $? -ne 0 ]; then
+ if ! msg=$(sudo -v -n); then
echo "Need password-less sudo rights on OS X to change /etc/gnutls/pkcs11.conf"
exit 1
fi
@@ -113,18 +112,16 @@ slots.removable = false
_EOF_
fi
- msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}" | tail -n1)
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}" | tail -n1); then
echo "Could not list existing tokens"
echo "$msg"
fi
tokenuri=$(echo "$msg" | sed -n 's/.*URL: \([[:print:]*]\)/\1/p')
if [ -z "$tokenuri" ]; then
- msg=$(softhsm2-util \
+ if ! msg=$(softhsm2-util \
--init-token --pin "${PIN}" --so-pin "${SO_PIN}" \
- --free --label "${NAME}" 2>&1)
- if [ $? -ne 0 ]; then
+ --free --label "${NAME}" 2>&1); then
echo "Could not initialize token"
echo "$msg"
return 2
@@ -143,9 +140,8 @@ _EOF_
fi
fi
- msg=$(p11tool --list-tokens 2>&1 | \
- grep "token=${NAME}" | tail -n1)
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-tokens 2>&1 | \
+ grep "token=${NAME}" | tail -n1); then
echo "Could not list existing tokens"
echo "$msg"
fi
@@ -156,15 +152,13 @@ _EOF_
fi
# more recent versions of p11tool have --generate-privkey ...
- msg=$(GNUTLS_PIN=$PIN p11tool \
+ if ! msg=$(GNUTLS_PIN=$PIN p11tool \
--generate-privkey=rsa --bits 2048 --label mykey --login \
- "${tokenuri}" 2>&1)
- if [ $? -ne 0 ]; then
+ "${tokenuri}" 2>&1); then
# ... older versions have --generate-rsa
- msg=$(GNUTLS_PIN=$PIN p11tool \
+ if ! msg=$(GNUTLS_PIN=$PIN p11tool \
--generate-rsa --bits 2048 --label mykey --login \
- "${tokenuri}" 2>&1)
- if [ $? -ne 0 ]; then
+ "${tokenuri}" 2>&1); then
echo "Could not create RSA key!"
echo "$msg"
return 5
@@ -184,8 +178,7 @@ _EOF_
_getkeyuri_softhsm() {
local msg tokenuri keyuri
- msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}")
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}"); then
echo "Could not list existing tokens"
echo "$msg"
return 5
@@ -196,8 +189,7 @@ _getkeyuri_softhsm() {
echo "$msg"
return 6
fi
- msg=$(p11tool --list-all "${tokenuri}" 2>&1)
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-all "${tokenuri}" 2>&1); then
echo "Could not list object under token $tokenuri"
echo "$msg"
softhsm2-util --show-slots
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 03/14] tests: Address issues raised by shellcheck SC2046
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 01/14] tests: Address issues raised by shellcheck SC2086 & enable shellcheck Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 02/14] tests: Address issues raised by shellcheck SC2181 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320 Stefan Berger
` (10 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2046:
"Quote this to prevent word splitting."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/install-fsverity.sh | 2 +-
tests/install-openssl3.sh | 2 +-
tests/install-swtpm.sh | 2 +-
tests/install-tss.sh | 2 +-
tests/softhsm_setup | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 1848091..bcc1ee4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181 \
+ shellcheck -i SC2086,SC2181,SC2046 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/install-fsverity.sh b/tests/install-fsverity.sh
index c760485..fa31b2b 100755
--- a/tests/install-fsverity.sh
+++ b/tests/install-fsverity.sh
@@ -2,5 +2,5 @@
git clone https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git
cd fsverity-utils
-CC=gcc make -j$(nproc)
+CC=gcc make -j"$(nproc)"
cd ..
diff --git a/tests/install-openssl3.sh b/tests/install-openssl3.sh
index 29457f3..f27da4c 100755
--- a/tests/install-openssl3.sh
+++ b/tests/install-openssl3.sh
@@ -21,7 +21,7 @@ fi
./Configure "$FLAGS" no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3
# Uncomment for debugging
# perl configdata.pm --dump | grep engine
-make -j$(nproc)
+make -j"$(nproc)"
# only install apps and library
sudo make install_sw
diff --git a/tests/install-swtpm.sh b/tests/install-swtpm.sh
index de9b5c7..4fa97eb 100755
--- a/tests/install-swtpm.sh
+++ b/tests/install-swtpm.sh
@@ -16,6 +16,6 @@ mkdir ibmtpm$version
cd ibmtpm$version
tar --no-same-owner -xvzf ../download
cd src
-make -j$(nproc)
+make -j"$(nproc)"
$SUDO cp tpm_server /usr/local/bin/
cd ../..
diff --git a/tests/install-tss.sh b/tests/install-tss.sh
index c9c179e..31ea690 100755
--- a/tests/install-tss.sh
+++ b/tests/install-tss.sh
@@ -3,6 +3,6 @@
set -ex
git clone https://git.code.sf.net/p/ibmtpm20tss/tss
cd tss
-autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j$(nproc) && sudo make install
+autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j"$(nproc)" && sudo make install
cd ..
rm -rf tss
diff --git a/tests/softhsm_setup b/tests/softhsm_setup
index 95bf0b1..6f8a74e 100755
--- a/tests/softhsm_setup
+++ b/tests/softhsm_setup
@@ -82,7 +82,7 @@ setup_softhsm() {
fi
sudo mv /etc/gnutls/pkcs11.conf \
/etc/gnutls/pkcs11.conf.bak &>/dev/null
- if [ $(id -u) -eq 0 ]; then
+ if [ "$(id -u)" -eq 0 ]; then
SONAME="$(sudo -u nobody brew ls --verbose softhsm | \
grep -E "\.so$")"
else
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (2 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 03/14] tests: Address issues raised by shellcheck SC2046 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-21 23:03 ` Mimi Zohar
2023-11-10 20:21 ` [ima-evm-utils PATCH 05/14] tests: Address issues raised by shellcheck SC2317 Stefan Berger
` (9 subsequent siblings)
13 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2320:
"This $? refers to echo/printf, not a previous command.
Assign to variable to avoid it being overwritten."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/mmap_check.test | 8 +++-----
tests/portable_signatures.test | 9 +++------
3 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index bcc1ee4..babfa7a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046 \
+ shellcheck -i SC2086,SC2181,SC2046,SC2320 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/mmap_check.test b/tests/mmap_check.test
index 2dd3433..3d2e1b1 100755
--- a/tests/mmap_check.test
+++ b/tests/mmap_check.test
@@ -97,11 +97,9 @@ check_load_ima_rule() {
new_policy=$(mktemp -p "$g_mountpoint")
echo "$1" > "$new_policy"
- echo "$new_policy" > /sys/kernel/security/ima/policy
- result=$?
- rm -f "$new_policy"
-
- if [ "$result" -ne 0 ]; then
+ if echo "$new_policy" > /sys/kernel/security/ima/policy; then
+ rm -f "$new_policy"
+ else
echo "${RED}Failed to set IMA policy${NORM}"
return "$HARDFAIL"
fi
diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test
index 9f3339b..5251211 100755
--- a/tests/portable_signatures.test
+++ b/tests/portable_signatures.test
@@ -80,7 +80,6 @@ METADATA_CHANGE_FOWNER_2=3002
check_load_ima_rule() {
local rule_loaded
- local result
local new_policy
rule_loaded=$(grep "$1" /sys/kernel/security/ima/policy)
@@ -88,11 +87,9 @@ check_load_ima_rule() {
new_policy=$(mktemp -p "$g_mountpoint")
echo "$1" > "$new_policy"
evmctl sign -o -a sha256 --imasig --key "$key_path" "$new_policy" &> /dev/null
- echo "$new_policy" > /sys/kernel/security/ima/policy
- result=$?
- rm -f "$new_policy"
-
- if [ "$result" -ne 0 ]; then
+ if echo "$new_policy" > /sys/kernel/security/ima/policy; then
+ rm -f "$new_policy"
+ else
echo "${RED}Failed to set IMA policy${NORM}"
return "$FAIL"
fi
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 05/14] tests: Address issues raised by shellcheck SC2317
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (3 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 06/14] tests: Address issues raised by shellcheck SC2034 Stefan Berger
` (8 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2317:
"Command appears to be unreachable. Check usage (or ignore if invoked
indirectly)."
Disable this check in fsverity.test since functions are called
indirectly there.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/fsverity.test | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index babfa7a..d6d0068 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046,SC2320 \
+ shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/fsverity.test b/tests/fsverity.test
index 11925cb..e924162 100755
--- a/tests/fsverity.test
+++ b/tests/fsverity.test
@@ -29,6 +29,8 @@
# since the policy rules are walked sequentially, the system's IMA
# custom policy rules might take precedence.
+# shellcheck disable=SC2317
+
cd "$(dirname "$0")" || exit 1
PATH=../src:../fsverity-utils:$PATH
source ./functions.sh
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 06/14] tests: Address issues raised by shellcheck SC2034
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (4 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 05/14] tests: Address issues raised by shellcheck SC2317 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 07/14] tests: Address issues raised by shellcheck SC2164 Stefan Berger
` (7 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2034:
"foo appears unused. Verify it or export it."
Export PKCS11_KEYURI in a separate statement to avoid the following
shellcheck issue:
SC2155 (warning): Declare and assign separately to avoid masking
return values.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/functions.sh | 1 +
tests/mmap_check.test | 2 ++
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d6d0068..2c86ba8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317 \
+ shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/functions.sh b/tests/functions.sh
index 86e6597..66766ba 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -371,6 +371,7 @@ _softhsm_setup() {
if msg=$(./softhsm_setup setup 2>&1); then
echo "softhsm_setup setup succeeded: $msg"
PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p')
+ export PKCS11_KEYURI
export EVMCTL_ENGINE="--engine pkcs11"
export OPENSSL_ENGINE="-engine pkcs11"
diff --git a/tests/mmap_check.test b/tests/mmap_check.test
index 3d2e1b1..ecca066 100755
--- a/tests/mmap_check.test
+++ b/tests/mmap_check.test
@@ -5,6 +5,8 @@
#
# Check the behavior of MMAP_CHECK and MMAP_CHECK_REQPROT
+# shellcheck disable=SC2034
+
trap '_report_exit_and_cleanup _cleanup_env cleanup' SIGINT SIGTERM SIGSEGV EXIT
PATCHES=(
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 07/14] tests: Address issues raised by shellcheck SC2164
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (5 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 06/14] tests: Address issues raised by shellcheck SC2034 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 08/14] tests: Address issues raised by shellcheck SC2166 Stefan Berger
` (6 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2164:
"Use cd ... || exit in case cd fails."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/boot_aggregate.test | 2 +-
tests/install-fsverity.sh | 2 +-
tests/install-mount-idmapped.sh | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 2c86ba8..c3eeb43 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034 \
+ shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
index 04aef9b..c7c2b21 100755
--- a/tests/boot_aggregate.test
+++ b/tests/boot_aggregate.test
@@ -17,7 +17,7 @@ trap '_report_exit_and_cleanup cleanup' SIGINT SIGTERM EXIT
# Base VERBOSE on the environment variable, if set.
VERBOSE="${VERBOSE:-0}"
-cd "$(dirname "$0")"
+cd "$(dirname "$0")" || exit 1
export PATH=../src:$PATH
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH
. ./functions.sh
diff --git a/tests/install-fsverity.sh b/tests/install-fsverity.sh
index fa31b2b..e2b0286 100755
--- a/tests/install-fsverity.sh
+++ b/tests/install-fsverity.sh
@@ -1,6 +1,6 @@
#!/bin/sh
git clone https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git
-cd fsverity-utils
+cd fsverity-utils || exit 1
CC=gcc make -j"$(nproc)"
cd ..
diff --git a/tests/install-mount-idmapped.sh b/tests/install-mount-idmapped.sh
index c954006..d8a673c 100755
--- a/tests/install-mount-idmapped.sh
+++ b/tests/install-mount-idmapped.sh
@@ -1,6 +1,6 @@
#!/bin/sh
git clone https://github.com/brauner/mount-idmapped.git
-cd mount-idmapped
+cd mount-idmapped || exit 1
gcc -o mount-idmapped mount-idmapped.c
cd ..
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 08/14] tests: Address issues raised by shellcheck SC2166
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (6 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 07/14] tests: Address issues raised by shellcheck SC2164 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 09/14] tests: Address issues raised by shellcheck SC2294 Stefan Berger
` (5 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2166:
"Prefer [ p ] && [ q ] as [ p -a q ] is not well defined."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/softhsm_setup | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c3eeb43..daddd0d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164 \
+ shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/softhsm_setup b/tests/softhsm_setup
index 6f8a74e..fc33596 100755
--- a/tests/softhsm_setup
+++ b/tests/softhsm_setup
@@ -15,7 +15,7 @@ fi
MAJOR=$(softhsm2-util -v | cut -d '.' -f1)
MINOR=$(softhsm2-util -v | cut -d '.' -f2)
-if [ "${MAJOR}" -lt 2 ] || [ "${MAJOR}" -eq 2 -a "${MINOR}" -lt 2 ]; then
+if [[ "${MAJOR}" -lt 2 || ( "${MAJOR}" -eq 2 && "${MINOR}" -lt 2 ) ]]; then
echo "Need softhsm v2.2.0 or later"
exit 77
fi
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 09/14] tests: Address issues raised by shellcheck SC2294
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (7 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 08/14] tests: Address issues raised by shellcheck SC2166 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 10/14] tests: Address issues raised by shellcheck SC2206 Stefan Berger
` (4 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2294:
"eval negates the benefit of arrays. Drop eval to preserve
whitespace/symbols (or eval as string)."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 4 +++-
tests/gen-keys.sh | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index daddd0d..81f2d27 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -26,7 +26,9 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
+ shellcheck \
+ -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
+ -i SC2294 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index 0b03ba4..c3d5a20 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -21,7 +21,7 @@ type openssl
log() {
echo >&2 - "$*"
- eval "$@"
+ eval "$*"
}
if [ "$1" = clean ]; then
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 10/14] tests: Address issues raised by shellcheck SC2206
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (8 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 09/14] tests: Address issues raised by shellcheck SC2294 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 11/14] tests: Address issues raised by shellcheck SC2196 Stefan Berger
` (3 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issue raised by shellcheck SC2206:
"Quote to prevent word splitting/globbing, or split robustly with
mapfile or read -a."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/boot_aggregate.test | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 81f2d27..cd3dd89 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -28,7 +28,7 @@ distclean: distclean-keys
shellcheck:
shellcheck \
-i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
- -i SC2294 \
+ -i SC2294,SC2206 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
index c7c2b21..c9a8d67 100755
--- a/tests/boot_aggregate.test
+++ b/tests/boot_aggregate.test
@@ -129,7 +129,7 @@ check() {
exit "$SKIP"
fi
- boot_aggr=( $bootaggr )
+ read -r -a boot_aggr <<< "$bootaggr"
echo "INFO: Searching for the boot_aggregate in ${ASCII_RUNTIME_MEASUREMENTS}"
for hash in "${boot_aggr[@]}"; do
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 11/14] tests: Address issues raised by shellcheck SC2196
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (9 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 10/14] tests: Address issues raised by shellcheck SC2206 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 12/14] tests: Address issues raised by shellcheck SC2043 Stefan Berger
` (2 subsequent siblings)
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2196:
"egrep is non-standard and deprecated. Use grep -E instead."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/functions.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index cd3dd89..5de1dfb 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -28,7 +28,7 @@ distclean: distclean-keys
shellcheck:
shellcheck \
-i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
- -i SC2294,SC2206 \
+ -i SC2294,SC2206,SC2196 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/functions.sh b/tests/functions.sh
index 66766ba..f56dc52 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -272,7 +272,7 @@ _test_xattr() {
local file=$1 attr=$2 prefix=$3
local text_for=${ADD_TEXT_FOR:+ for $ADD_TEXT_FOR}
- if ! getfattr -n "$attr" -e hex "$file" | egrep -qx "$attr=$prefix"; then
+ if ! getfattr -n "$attr" -e hex "$file" | grep -qx -E "$attr=$prefix"; then
color_red_on_failure
echo "Did not find expected hash$text_for:"
echo " $attr=$prefix"
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 12/14] tests: Address issues raised by shellcheck SC2043
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (10 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 11/14] tests: Address issues raised by shellcheck SC2196 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 13/14] tests: Address issues raised by shellcheck SC2295 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003 Stefan Berger
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2043:
"This loop will only ever run once for a constant value. Did you
perhaps mean to loop over dir/*, $var or $(cmd)?
Disable this check in gen-keys.sh to leave the loop alone.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/gen-keys.sh | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5de1dfb..653e4dd 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -28,7 +28,7 @@ distclean: distclean-keys
shellcheck:
shellcheck \
-i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
- -i SC2294,SC2206,SC2196 \
+ -i SC2294,SC2206,SC2196,SC2043 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index c3d5a20..601ded2 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -15,6 +15,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
+# shellcheck disable=SC2043
+
cd "$(dirname "$0")" || exit 1
PATH=../src:$PATH
type openssl
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 13/14] tests: Address issues raised by shellcheck SC2295
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (11 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 12/14] tests: Address issues raised by shellcheck SC2043 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003 Stefan Berger
13 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger
Address issues raised by shellcheck SC2295:
"Expansions inside ${..} need to be quoted separately, otherwise they
will match as a pattern."
There's not variable digest_type but it's a plain string and therefore
treat it as such.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
---
tests/Makefile.am | 2 +-
tests/fsverity.test | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 653e4dd..a5ee424 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -28,7 +28,7 @@ distclean: distclean-keys
shellcheck:
shellcheck \
-i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
- -i SC2294,SC2206,SC2196,SC2043 \
+ -i SC2294,SC2206,SC2196,SC2043,SC2295 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/fsverity.test b/tests/fsverity.test
index e924162..bfb0a5c 100755
--- a/tests/fsverity.test
+++ b/tests/fsverity.test
@@ -166,7 +166,7 @@ unqualified_bprm_rule() {
local rule_match="measure func=BPRM_CHECK"
local rule_dontmatch="fsuuid"
- if [ -z "${rule##*$digest_type=verity*}" ]; then
+ if [ -z "${rule##*digest_type=verity*}" ]; then
if grep "$rule_match" $IMA_POLICY_FILE | grep -v "$rule_dontmatch" &> /dev/null; then
return "$SKIP"
fi
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
` (12 preceding siblings ...)
2023-11-10 20:21 ` [ima-evm-utils PATCH 13/14] tests: Address issues raised by shellcheck SC2295 Stefan Berger
@ 2023-11-10 20:21 ` Stefan Berger
2023-11-13 10:35 ` Roberto Sassu
13 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2023-11-10 20:21 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, roberto.sassu, Stefan Berger, Roberto Sassu
Address issues detected by shellcheck SC2003:
expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]].
The following statement in portable_signatures.test causes the issue:
expr index "$TST_LIST" "check_evm_revalidate"
The man page for expr states:
index STRING CHARS
index in STRING where any CHARS is found, or 0
The intention is certainly not to find an index of any of the characters
in "check_evm_revalidate" in $TST_LIST but to find the word
"check_evm_revalidate" in $TST_LIST. Therefore, use grep -w to determine
whether the word is there.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
---
tests/Makefile.am | 2 --
tests/portable_signatures.test | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a5ee424..18b134c 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,8 +27,6 @@ distclean: distclean-keys
shellcheck:
shellcheck \
- -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
- -i SC2294,SC2206,SC2196,SC2043,SC2295 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test
index 5251211..c6e2d99 100755
--- a/tests/portable_signatures.test
+++ b/tests/portable_signatures.test
@@ -1090,7 +1090,7 @@ if [ $((evm_value & EVM_INIT_X509)) -ne "$EVM_INIT_X509" ] && [ "$TST_EVM_CHANGE
echo "$EVM_INIT_X509" > /sys/kernel/security/evm 2> /dev/null
fi
-if [ "$(expr index "$TST_LIST" "check_evm_revalidate")" -gt 0 ] && [ "$TST_EVM_CHANGE_MODE" -eq 1 ]; then
+if echo "$TST_LIST" | grep -q -w check_evm_revalidate && [ "$TST_EVM_CHANGE_MODE" -eq 1 ]; then
echo "$EVM_ALLOW_METADATA_WRITES" > /sys/kernel/security/evm 2> /dev/null
fi
--
2.41.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003
2023-11-10 20:21 ` [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003 Stefan Berger
@ 2023-11-13 10:35 ` Roberto Sassu
0 siblings, 0 replies; 18+ messages in thread
From: Roberto Sassu @ 2023-11-13 10:35 UTC (permalink / raw)
To: Stefan Berger, linux-integrity; +Cc: zohar, Roberto Sassu
On Fri, 2023-11-10 at 15:21 -0500, Stefan Berger wrote:
> Address issues detected by shellcheck SC2003:
> expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]].
>
> The following statement in portable_signatures.test causes the issue:
>
> expr index "$TST_LIST" "check_evm_revalidate"
>
> The man page for expr states:
>
> index STRING CHARS
> index in STRING where any CHARS is found, or 0
>
> The intention is certainly not to find an index of any of the characters
> in "check_evm_revalidate" in $TST_LIST but to find the word
> "check_evm_revalidate" in $TST_LIST. Therefore, use grep -w to determine
> whether the word is there.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Thanks
Roberto
> ---
> tests/Makefile.am | 2 --
> tests/portable_signatures.test | 2 +-
> 2 files changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/tests/Makefile.am b/tests/Makefile.am
> index a5ee424..18b134c 100644
> --- a/tests/Makefile.am
> +++ b/tests/Makefile.am
> @@ -27,8 +27,6 @@ distclean: distclean-keys
>
> shellcheck:
> shellcheck \
> - -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \
> - -i SC2294,SC2206,SC2196,SC2043,SC2295 \
> functions.sh gen-keys.sh install-fsverity.sh \
> install-mount-idmapped.sh install-openssl3.sh \
> install-swtpm.sh install-tss.sh softhsm_setup \
> diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test
> index 5251211..c6e2d99 100755
> --- a/tests/portable_signatures.test
> +++ b/tests/portable_signatures.test
> @@ -1090,7 +1090,7 @@ if [ $((evm_value & EVM_INIT_X509)) -ne "$EVM_INIT_X509" ] && [ "$TST_EVM_CHANGE
> echo "$EVM_INIT_X509" > /sys/kernel/security/evm 2> /dev/null
> fi
>
> -if [ "$(expr index "$TST_LIST" "check_evm_revalidate")" -gt 0 ] && [ "$TST_EVM_CHANGE_MODE" -eq 1 ]; then
> +if echo "$TST_LIST" | grep -q -w check_evm_revalidate && [ "$TST_EVM_CHANGE_MODE" -eq 1 ]; then
> echo "$EVM_ALLOW_METADATA_WRITES" > /sys/kernel/security/evm 2> /dev/null
> fi
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320
2023-11-10 20:21 ` [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320 Stefan Berger
@ 2023-11-21 23:03 ` Mimi Zohar
2023-11-21 23:20 ` Stefan Berger
0 siblings, 1 reply; 18+ messages in thread
From: Mimi Zohar @ 2023-11-21 23:03 UTC (permalink / raw)
To: Stefan Berger, linux-integrity; +Cc: roberto.sassu
Hi Stefan,
On Fri, 2023-11-10 at 15:21 -0500, Stefan Berger wrote:
> Address issues raised by shellcheck SC2320:
> "This $? refers to echo/printf, not a previous command.
> Assign to variable to avoid it being overwritten."
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> tests/Makefile.am | 2 +-
> tests/mmap_check.test | 8 +++-----
> tests/portable_signatures.test | 9 +++------
> 3 files changed, 7 insertions(+), 12 deletions(-)
>
> diff --git a/tests/Makefile.am b/tests/Makefile.am
> index bcc1ee4..babfa7a 100644
> --- a/tests/Makefile.am
> +++ b/tests/Makefile.am
> @@ -26,7 +26,7 @@ clean-local:
> distclean: distclean-keys
>
> shellcheck:
> - shellcheck -i SC2086,SC2181,SC2046 \
> + shellcheck -i SC2086,SC2181,SC2046,SC2320 \
> functions.sh gen-keys.sh install-fsverity.sh \
> install-mount-idmapped.sh install-openssl3.sh \
> install-swtpm.sh install-tss.sh softhsm_setup \
> diff --git a/tests/mmap_check.test b/tests/mmap_check.test
> index 2dd3433..3d2e1b1 100755
> --- a/tests/mmap_check.test
> +++ b/tests/mmap_check.test
> @@ -97,11 +97,9 @@ check_load_ima_rule() {
>
> new_policy=$(mktemp -p "$g_mountpoint")
> echo "$1" > "$new_policy"
> - echo "$new_policy" > /sys/kernel/security/ima/policy
> - result=$?
> - rm -f "$new_policy"
> -
> - if [ "$result" -ne 0 ]; then
> + if echo "$new_policy" > /sys/kernel/security/ima/policy; then
> + rm -f "$new_policy"
> + else
> echo "${RED}Failed to set IMA policy${NORM}"
> return "$HARDFAIL"
> fi
This isn't equiavlent. $new_policy was previously always removed.
> diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test
> index 9f3339b..5251211 100755
> --- a/tests/portable_signatures.test
> +++ b/tests/portable_signatures.test
> @@ -80,7 +80,6 @@ METADATA_CHANGE_FOWNER_2=3002
>
> check_load_ima_rule() {
> local rule_loaded
> - local result
> local new_policy
>
> rule_loaded=$(grep "$1" /sys/kernel/security/ima/policy)
> @@ -88,11 +87,9 @@ check_load_ima_rule() {
> new_policy=$(mktemp -p "$g_mountpoint")
> echo "$1" > "$new_policy"
> evmctl sign -o -a sha256 --imasig --key "$key_path" "$new_policy" &> /dev/null
> - echo "$new_policy" > /sys/kernel/security/ima/policy
> - result=$?
> - rm -f "$new_policy"
> -
> - if [ "$result" -ne 0 ]; then
> + if echo "$new_policy" > /sys/kernel/security/ima/policy; then
> + rm -f "$new_policy"
> + else
> echo "${RED}Failed to set IMA policy${NORM}"
> return "$FAIL"
> fi
Same here.
--
thanks,
Mimi
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320
2023-11-21 23:03 ` Mimi Zohar
@ 2023-11-21 23:20 ` Stefan Berger
0 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2023-11-21 23:20 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity; +Cc: roberto.sassu
On 11/21/23 18:03, Mimi Zohar wrote:
> Hi Stefan,
>
> On Fri, 2023-11-10 at 15:21 -0500, Stefan Berger wrote:
>> Address issues raised by shellcheck SC2320:
>> "This $? refers to echo/printf, not a previous command.
>> Assign to variable to avoid it being overwritten."
>>
>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
>> ---
>> tests/Makefile.am | 2 +-
>> tests/mmap_check.test | 8 +++-----
>> tests/portable_signatures.test | 9 +++------
>> 3 files changed, 7 insertions(+), 12 deletions(-)
>>
>> diff --git a/tests/Makefile.am b/tests/Makefile.am
>> index bcc1ee4..babfa7a 100644
>> --- a/tests/Makefile.am
>> +++ b/tests/Makefile.am
>> @@ -26,7 +26,7 @@ clean-local:
>> distclean: distclean-keys
>>
>> shellcheck:
>> - shellcheck -i SC2086,SC2181,SC2046 \
>> + shellcheck -i SC2086,SC2181,SC2046,SC2320 \
>> functions.sh gen-keys.sh install-fsverity.sh \
>> install-mount-idmapped.sh install-openssl3.sh \
>> install-swtpm.sh install-tss.sh softhsm_setup \
>> diff --git a/tests/mmap_check.test b/tests/mmap_check.test
>> index 2dd3433..3d2e1b1 100755
>> --- a/tests/mmap_check.test
>> +++ b/tests/mmap_check.test
>> @@ -97,11 +97,9 @@ check_load_ima_rule() {
>>
>> new_policy=$(mktemp -p "$g_mountpoint")
>> echo "$1" > "$new_policy"
>> - echo "$new_policy" > /sys/kernel/security/ima/policy
>> - result=$?
>> - rm -f "$new_policy"
>> -
>> - if [ "$result" -ne 0 ]; then
>> + if echo "$new_policy" > /sys/kernel/security/ima/policy; then
>> + rm -f "$new_policy"
>> + else
>> echo "${RED}Failed to set IMA policy${NORM}"
>> return "$HARDFAIL"
>> fi
>
> This isn't equiavlent. $new_policy was previously always removed.
Uuuh, thanks. Fixed.
>
>> diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test
>> index 9f3339b..5251211 100755
>> --- a/tests/portable_signatures.test
>> +++ b/tests/portable_signatures.test
>> @@ -80,7 +80,6 @@ METADATA_CHANGE_FOWNER_2=3002
>>
>> check_load_ima_rule() {
>> local rule_loaded
>> - local result
>> local new_policy
>>
>> rule_loaded=$(grep "$1" /sys/kernel/security/ima/policy)
>> @@ -88,11 +87,9 @@ check_load_ima_rule() {
>> new_policy=$(mktemp -p "$g_mountpoint")
>> echo "$1" > "$new_policy"
>> evmctl sign -o -a sha256 --imasig --key "$key_path" "$new_policy" &> /dev/null
>> - echo "$new_policy" > /sys/kernel/security/ima/policy
>> - result=$?
>> - rm -f "$new_policy"
>> -
>> - if [ "$result" -ne 0 ]; then
>> + if echo "$new_policy" > /sys/kernel/security/ima/policy; then
>> + rm -f "$new_policy"
>> + else
>> echo "${RED}Failed to set IMA policy${NORM}"
>> return "$FAIL"
>> fi
>
> Same here.
>
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2023-11-21 23:20 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-10 20:21 [ima-evm-utils PATCH 00/14] Enable shellcheck and fix some issue Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 01/14] tests: Address issues raised by shellcheck SC2086 & enable shellcheck Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 02/14] tests: Address issues raised by shellcheck SC2181 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 03/14] tests: Address issues raised by shellcheck SC2046 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320 Stefan Berger
2023-11-21 23:03 ` Mimi Zohar
2023-11-21 23:20 ` Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 05/14] tests: Address issues raised by shellcheck SC2317 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 06/14] tests: Address issues raised by shellcheck SC2034 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 07/14] tests: Address issues raised by shellcheck SC2164 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 08/14] tests: Address issues raised by shellcheck SC2166 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 09/14] tests: Address issues raised by shellcheck SC2294 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 10/14] tests: Address issues raised by shellcheck SC2206 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 11/14] tests: Address issues raised by shellcheck SC2196 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 12/14] tests: Address issues raised by shellcheck SC2043 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 13/14] tests: Address issues raised by shellcheck SC2295 Stefan Berger
2023-11-10 20:21 ` [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003 Stefan Berger
2023-11-13 10:35 ` Roberto Sassu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.