[isar-cip-core] scripts: Address shellcheck findings

Message ID	1f6ac84a-96ad-711a-11db-f541130c0608@siemens.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <jan.kiszka@siemens.com> ip: 40.107.20.56, mailfrom: jan.kiszka@siemens.com) Message-ID: <1f6ac84a-96ad-711a-11db-f541130c0608@siemens.com> Date: Wed, 5 Apr 2023 11:41:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 From: Jan Kiszka <jan.kiszka@siemens.com> Subject: [isar-cip-core][PATCH] scripts: Address shellcheck findings To: cip-dev <cip-dev@lists.cip-project.org> Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>, Srinuvasan A <srinuvasan.a@siemens.com> Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit MIME-Version: 1.0
Series	[isar-cip-core] scripts: Address shellcheck findings \| expand [isar-cip-core] scripts: Address shellcheck findings

Message ID

1f6ac84a-96ad-711a-11db-f541130c0608@siemens.com (mailing list archive)

State

Superseded

Headers

Message-ID: <1f6ac84a-96ad-711a-11db-f541130c0608@siemens.com>
Date: Wed, 5 Apr 2023 11:41:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.1
From: Jan Kiszka <jan.kiszka@siemens.com>
Subject: [isar-cip-core][PATCH] scripts: Address shellcheck findings
To: cip-dev <cip-dev@lists.cip-project.org>
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>,
 Srinuvasan A <srinuvasan.a@siemens.com>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?HsGO6DaP4opTQr2y6yh1aV/Vk1tL?=
	=?utf-8?q?e4MXRk8xHozo2T+kYBy+sqHlx/djtbKd1JN93DTKQuvIObt70lkngWb5L2FZfmvRl?=
	=?utf-8?q?80sHjph+aJExCjKKmlywLVNA8ZmM8ghPoNzl6isbwqRDO8e7SOUVuEXlNyKfS/mDt?=
	=?utf-8?q?cT+UMgB7hJEKvqQmJ/LBGsU4Ffmv/uCE746YksT4fRhhU3wdhJeIIIbAxidAp/4R8?=
	=?utf-8?q?UGU4mOHdbMKonVg9YgdBlG8nv8Hcs2KSPmlZM8cSxOn2/GeErJMLSOWtXo6sRyGzu?=
	=?utf-8?q?6aJ9eJ3zLscdfCWu2YCxi/SdQRdlsnv2hhLpMZRkSIgiOOBt5/wZM0fZvVhYFvrlv?=
	=?utf-8?q?tanQz4fGeucAxwiTvEUT1qrpRvgh3iQcpkueh7vW0zPgKZ5HmDH0zriHrpklaMuPP?=
	=?utf-8?q?fKgIgo8LGilepxJeiokIeKy5G0zagKeNTIVsJ4hds82J3auQKo0wVOkUiKrtuRRfi?=
	=?utf-8?q?ejvSkCKfo9DDQK4Ds2l6zUY1K7Z6TdYFgAxCyaWgoLg8lPDpTQBaZyQU7hrzvLS9/?=
	=?utf-8?q?a4gZ1m0f28U3uodfM32m8aRZGUeK8AqyCtM0dSU1ewkYLRBsDA2EwmNEvnA7hzNLG?=
	=?utf-8?q?QuxwlAuH1jw9jq7kRfuRYwa1IdJXofaJYJjbGRVGyMOccmhhHccSsEMSt+0F4fQGr?=
	=?utf-8?q?9/+uyvUtncdYtNCj/ibkL5sR1JkDAKB1gq5IM/PRQ2RvLdO4tCghwYrfvCCs5oQiU?=
	=?utf-8?q?lJOXOQn2rUP06GGEjx/6m8s6nadLx12X1e6+kEz4OeroyIjt0Xz2MMWsl0mcIiZlZ?=
	=?utf-8?q?rbhVlhuH2ajf4ro2ZHlO5I0DZ2NM1mbJZ1XxOjAKfnC+IS1l3FD2wO3WGzXHrAJNp?=
	=?utf-8?q?1b2Xkx0cVYQ22YMYUH01e+QqVK/KZhPt4IPtAc8iDnryJmzraiOOT7yfSeRd9zGFV?=
	=?utf-8?q?/Lxru63Gy+yjgrTnb4SZ6Oaqa6sNFNqpTiiHF282YX6yB1haOSDvQmLF/7srbxAyp?=
	=?utf-8?q?J9Jf7VFgZRgRTmX+/ayNNJAtiGukAXZ0cf6/e15900tNFM4yJFPB8IC0/zIL337vB?=
	=?utf-8?q?8XnqzmUVYw0l4RIeikr0XXFpvdmkYIvROWeKekoSO2bmjkcwwe+w2V3VlWZOSmrPI?=
	=?utf-8?q?sxERas8Pob7jdoZ2utiW/UqZppx8phHaiMxcUsyQMQXOVXjsxE8SAaCroiIxPlxQ1?=
	=?utf-8?q?3/eJG9Scnff0vzADA18M/uRml75l73n/XmdYeBN1hm/UwxoDYk9uLlBHZdyzCPbr0?=
	=?utf-8?q?K/0CAKB6Na+X1S7UlewrvYwEHbm33RolAjgyjzawTa7EHtaPODF/vp/3FjBMss/ru?=
	=?utf-8?q?1EkeUhRJY74wJu4zjOOE8WX7HqPUB617PiZR6NJiE2tr1zb3v1XfplHnFHSKLhhO5?=
	=?utf-8?q?/+3eYknSXKMWqxpE1sBvbIjU1qYC/v1fhyrIRlkybmEqlkqc8SmbM0VmTdRiK96KA?=
	=?utf-8?q?VccTVELeNHpc3GqMOi4stygzxugFmW5IaNTCg0Dn78Y5mfSH3vClRmRTGYNUO/efn?=
	=?utf-8?q?tdp/bjpu/vnNJPe6rqqKQpjzwgsWmWx7/038rBSJtw1EwkEcebSgi9WtZIBUQZb4s?=
	=?utf-8?q?trD/esisF1MTHaOx12z3B/VR6QMAb8EXcw=3D=3D?=
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3209ddc0-c2de-425a-5770-08db35b9fe69
X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2023 09:41:55.8111
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 J4nHarXCicwK4Mwk3NLZZKzHieUSogCJ+dPi0Nkxw0CHDAHT2nQm5CIjNkF7HmSLN07oCNEMhOpekO9vqtLUcQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8259
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Wed, 05 Apr 2023 09:42:07 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/11179

Series

[isar-cip-core] scripts: Address shellcheck findings | expand

Commit Message

Jan Kiszka April 5, 2023, 9:41 a.m. UTC

From: Jan Kiszka <jan.kiszka@siemens.com>

Mostly quoting warnings, but also a non-functional stderr>stdout
redirection.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 scripts/deploy-cip-core.sh                    | 20 ++---
 ...enerate-sb-db-from-existing-certificate.sh | 16 ++--
 scripts/generate_secure_boot_keys.sh          | 82 +++++++++----------
 scripts/start-efishell.sh                     |  6 +-
 4 files changed, 62 insertions(+), 62 deletions(-)

+++ b/scripts/start-efishell.sh
@@ -10,6 +10,6 @@ qemu-system-x86_64 -enable-kvm -M q35 -nographic \
                    -global ICH9-LPC.disable_s3=1 \
                    -global isa-fdc.driveA= \
                    -boot menu=on \
-                   -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-                   -drive if=pflash,format=raw,file=${ovmf_vars} \
-                   -drive file=fat:rw:$DISK
+                   -drive if=pflash,format=raw,unit=0,readonly=on,file="${ovmf_code}" \
+                   -drive if=pflash,format=raw,file="${ovmf_vars}" \
+                   -drive file=fat:rw:"$DISK"

diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index b185a847..186e88a4 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -4,7 +4,7 @@  set -e
  PATH=$PATH:~/.local/bin
 -if ! which aws 2>&1 >/dev/null; then
+if ! which aws >/dev/null 2>&1; then
 	echo "Installing awscli..."
 	pip3 install wheel
 	pip3 install awscli
@@ -28,27 +28,27 @@  fi
 BASE_PATH=build/tmp/deploy/images/$TARGET/$BASE_FILENAME
 S3_TARGET=s3://download2.cip-project.org/cip-core/$REF/$TARGET/
 -if [ -f $BASE_PATH.wic ]; then
+if [ -f "${BASE_PATH}.wic" ]; then
 	echo "Compressing $BASE_FILENAME.wic..."
-	xz -9 -k -T0 $BASE_PATH.wic
+	xz -9 -k -T0 "${BASE_PATH}.wic"
  	echo "Uploading artifacts..."
-	aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.xz ${S3_TARGET}
+	aws s3 cp --no-progress --acl public-read "${BASE_PATH}.wic.xz" "${S3_TARGET}"
 fi
 -if [ -f $BASE_PATH.tar.gz ]; then
+if [ -f "${BASE_PATH}.tar.gz" ]; then
 	echo "Uploading artifacts..."
-	aws s3 cp --no-progress --acl public-read $BASE_PATH.tar.gz ${S3_TARGET}
+	aws s3 cp --no-progress --acl public-read "${BASE_PATH}.tar.gz" "${S3_TARGET}"
 fi
  KERNEL_IMAGE="$BASE_PATH-vmlinu[xz]"
 # iwg20m workaround
-if [ -f build/tmp/deploy/images/$TARGET/zImage ]; then
+if [ -f "build/tmp/deploy/images/$TARGET/zImage" ]; then
 	KERNEL_IMAGE=build/tmp/deploy/images/$TARGET/zImage
 fi
-aws s3 cp --no-progress --acl public-read $KERNEL_IMAGE ${S3_TARGET}
-aws s3 cp --no-progress --acl public-read $BASE_PATH-initrd.img ${S3_TARGET}
+aws s3 cp --no-progress --acl public-read "$KERNEL_IMAGE" "${S3_TARGET}"
+aws s3 cp --no-progress --acl public-read "${BASE_PATH}-initrd.img" "${S3_TARGET}"
  if [ "$DTB" != "none" ]; then
-	aws s3 cp --no-progress --acl public-read build/tmp/deploy/images/*/$DTB ${S3_TARGET}
+	aws s3 cp --no-progress --acl public-read build/tmp/deploy/images/*/"$DTB" "${S3_TARGET}"
 fi
diff --git a/scripts/generate-sb-db-from-existing-certificate.sh b/scripts/generate-sb-db-from-existing-certificate.sh
index ddaf4c95..dddd9b5f 100755
--- a/scripts/generate-sb-db-from-existing-certificate.sh
+++ b/scripts/generate-sb-db-from-existing-certificate.sh
@@ -4,16 +4,16 @@  set -e
  name=${SB_NAME:-snakeoil}
 keydir=${SB_KEYDIR:-./keys}
-if [ ! -d  ${keydir} ]; then
-    mkdir -p ${keydir}
+if [ ! -d  "${keydir}" ]; then
+    mkdir -p "${keydir}"
 fi
 inkey=${INKEY:-/usr/share/ovmf/PkKek-1-snakeoil.key}
 incert=${INCERT:-/usr/share/ovmf/PkKek-1-snakeoil.pem}
 nick_name=${IN_NICK:-snakeoil}
 TMP=$(mktemp -d)
-mkdir -p ${keydir}/${name}certdb
-certutil -N --empty-password -d ${keydir}/${name}certdb
-openssl pkcs12 -export -out ${TMP}/foo_key.p12 -inkey $inkey  -in $incert  -name $nick_name
-pk12util -i ${TMP}/foo_key.p12 -d ${keydir}/${name}certdb
-cp $incert ${keydir}/$(basename $incert)
-rm -rf $TMP
+mkdir -p "${keydir}/${name}certdb"
+certutil -N --empty-password -d "${keydir}/${name}certdb"
+openssl pkcs12 -export -out "${TMP}/foo_key.p12" -inkey "$inkey" -in "$incert" -name "$nick_name"
+pk12util -i "${TMP}/foo_key.p12" -d "${keydir}/${name}certdb"
+cp "$incert" "${keydir}/$(basename "$incert")"
+rm -rf "$TMP"
diff --git a/scripts/generate_secure_boot_keys.sh b/scripts/generate_secure_boot_keys.sh
index 4988a689..8be05695 100755
--- a/scripts/generate_secure_boot_keys.sh
+++ b/scripts/generate_secure_boot_keys.sh
@@ -4,51 +4,51 @@  set -e
  name=${SB_NAME:-demo}
 keydir=${SB_KEYDIR:-./keys}
-if [ ! -d  ${keydir} ]; then
-    mkdir -p ${keydir}
+if [ ! -d "${keydir}" ]; then
+    mkdir -p "${keydir}"
 fi
 openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}PK/" -outform PEM \
-        -keyout ${keydir}/${name}PK.key  -out ${keydir}/${name}PK.crt  -days 3650 -nodes -sha256
+        -keyout "${keydir}/${name}PK.key" -out "${keydir}/${name}PK.crt" -days 3650 -nodes -sha256
 openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}KEK/" -outform PEM \
-        -keyout ${keydir}/${name}KEK.key -out ${keydir}/${name}KEK.crt -days 3650 -nodes -sha256
+        -keyout "${keydir}/${name}KEK.key" -out "${keydir}/${name}KEK.crt" -days 3650 -nodes -sha256
 openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}DB/" -outform PEM \
-        -keyout ${keydir}/${name}DB.key  -out ${keydir}/${name}DB.crt  -days 3650 -nodes -sha256
-openssl x509 -in ${keydir}/${name}PK.crt  -out ${keydir}/${name}PK.cer  -outform DER
-openssl x509 -in ${keydir}/${name}KEK.crt -out ${keydir}/${name}KEK.cer -outform DER
-openssl x509 -in ${keydir}/${name}DB.crt  -out ${keydir}/${name}DB.cer  -outform DER
+        -keyout "${keydir}/${name}DB.key" -out "${keydir}/${name}DB.crt" -days 3650 -nodes -sha256
+openssl x509 -in "${keydir}/${name}PK.crt" -out "${keydir}/${name}PK.cer" -outform DER
+openssl x509 -in "${keydir}/${name}KEK.crt" -out "${keydir}/${name}KEK.cer" -outform DER
+openssl x509 -in "${keydir}/${name}DB.crt" -out "${keydir}/${name}DB.cer" -outform DER
 -openssl pkcs12 -export -out ${keydir}/${name}DB.p12 \
-        -in ${keydir}/${name}DB.crt -inkey ${keydir}/${name}DB.key -passout pass:
+openssl pkcs12 -export -out "${keydir}/${name}DB.p12" \
+        -in "${keydir}/${name}DB.crt" -inkey "${keydir}/${name}DB.key" -passout pass:
  GUID=$(uuidgen --random)
-echo $GUID > ${keydir}/${name}GUID
-
-cert-to-efi-sig-list -g $GUID ${keydir}/${name}PK.crt  ${keydir}/${name}PK.esl
-cert-to-efi-sig-list -g $GUID ${keydir}/${name}KEK.crt ${keydir}/${name}KEK.esl
-cert-to-efi-sig-list -g $GUID ${keydir}/${name}DB.crt  ${keydir}/${name}DB.esl
-rm -f ${keydir}/${name}noPK.esl
-touch ${keydir}/${name}noPK.esl
-
-sign-efi-sig-list -g $GUID  \
-                  -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
-                  PK ${keydir}/${name}PK.esl   ${keydir}/${name}PK.auth
-sign-efi-sig-list -g $GUID  \
-                  -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
-                  PK ${keydir}/${name}noPK.esl ${keydir}/${name}noPK.auth
-sign-efi-sig-list -g $GUID  \
-                  -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
-                  KEK ${keydir}/${name}KEK.esl ${keydir}/${name}KEK.auth
-sign-efi-sig-list -g $GUID  \
-                  -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
-                  DB ${keydir}/${name}DB.esl ${keydir}/${name}DB.auth
-
-chmod 0600 ${keydir}/${name}*.key
-mkdir -p ${keydir}/${name}certdb
-certutil -N --empty-password -d ${keydir}/${name}certdb
-
-certutil -A -n 'PK' -d ${keydir}/${name}certdb -t CT,CT,CT -i ${keydir}/${name}PK.crt
-pk12util -W "" -d ${keydir}/${name}certdb -i ${keydir}/${name}DB.p12
-certutil -d ${keydir}/${name}certdb -A -i ${keydir}/${name}DB.crt -n "" -t u
-
-certutil -d ${keydir}/${name}certdb -K
-certutil -d ${keydir}/${name}certdb -L
+echo "$GUID" > "${keydir}/${name}GUID"
+
+cert-to-efi-sig-list -g "$GUID" "${keydir}/${name}PK.crt"  "${keydir}/${name}PK.esl"
+cert-to-efi-sig-list -g "$GUID" "${keydir}/${name}KEK.crt" "${keydir}/${name}KEK.esl"
+cert-to-efi-sig-list -g "$GUID" "${keydir}/${name}DB.crt"  "${keydir}/${name}DB.esl"
+rm -f "${keydir}/${name}noPK.esl"
+touch "${keydir}/${name}noPK.esl"
+
+sign-efi-sig-list -g "$GUID" \
+                  -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+                  PK "${keydir}/${name}PK.esl" "${keydir}/${name}PK.auth"
+sign-efi-sig-list -g "$GUID" \
+                  -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+                  PK "${keydir}/${name}noPK.esl" "${keydir}/${name}noPK.auth"
+sign-efi-sig-list -g "$GUID" \
+                  -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+                  KEK "${keydir}/${name}KEK.esl" "${keydir}/${name}KEK.auth"
+sign-efi-sig-list -g "$GUID" \
+                  -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+                  DB "${keydir}/${name}DB.esl" "${keydir}/${name}DB.auth"
+
+chmod 0600 "${keydir}/${name}"*.key
+mkdir -p "${keydir}/${name}certdb"
+certutil -N --empty-password -d "${keydir}/${name}certdb"
+
+certutil -A -n 'PK' -d "${keydir}/${name}certdb" -t CT,CT,CT -i "${keydir}/${name}PK.crt"
+pk12util -W "" -d "${keydir}/${name}certdb" -i "${keydir}/${name}DB.p12"
+certutil -d "${keydir}/${name}certdb" -A -i "${keydir}/${name}DB.crt" -n "" -t u
+
+certutil -d "${keydir}/${name}certdb" -K
+certutil -d "${keydir}/${name}certdb" -L
diff --git a/scripts/start-efishell.sh b/scripts/start-efishell.sh
index cc8dc580..5ec85e07 100755
--- a/scripts/start-efishell.sh

[isar-cip-core] scripts: Address shellcheck findings

Commit Message

Patch