[isar-cip-core,v4,5/7] initramfs-crypt-hook/systemd: Address shellcheck findings

Message ID	20230502153759.1284906-6-Quirin.Gylstorff@siemens.com (mailing list archive)
State	Accepted
Headers	show Return-Path: <quirin.gylstorff@siemens.com> ip: 185.136.65.225, mailfrom: fm-51332-2023050215380277c1d4ad8b8e5a845d-t0v_ph@rts-flowmailer.siemens.com) From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com> To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v4 5/7] initramfs-crypt-hook/systemd: Address shellcheck findings Date: Tue, 2 May 2023 17:37:57 +0200 Message-Id: <20230502153759.1284906-6-Quirin.Gylstorff@siemens.com> In-Reply-To: <20230502153759.1284906-1-Quirin.Gylstorff@siemens.com> References: <20230502153759.1284906-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-51332:519-21489:flowmailer
Series	Fixes for secure boot \| expand [isar-cip-core,v4,0/7] Fixes for secure boot [isar-cip-core,v4,1/7] secure-boot-secrets: Use distro specific snakeoil certs and keys [isar-cip-core,v4,2/7] initramfs-crypt-hook: Add support for buster [isar-cip-core,v4,3/7] linux: Add missing kernel option for LUKS2 encrpyted partitions on buster [isar-cip-core,v4,4/7] initramfs-crypt-hook: Add libcryptsetup-token-systemd-tpm2.so [isar-cip-core,v4,5/7] initramfs-crypt-hook/systemd: Address shellcheck findings [isar-cip-core,v4,6/7] .gitlabci: Enable encryption for on buster [isar-cip-core,v4,7/7] doc/README.tpm2.encryption: Correct kas option

diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook index 4f7263b..077f43a 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook @@ -43,7 +43,7 @@ copy_exec /usr/bin/systemd-cryptenroll || hook_error "/usr/bin/systemd-cryptenro copy_exec /usr/lib/systemd/systemd-cryptsetup || hook_error "/usr/lib/systemd/systemd-cryptsetup not found" copy_exec /usr/lib/*/cryptsetup/libcryptsetup-token-systemd-tpm2.so || hook_error "/usr/lib/*/cryptsetup/libcryptsetup-token-systemd-tpm2.so not found" -if [ -x cryptsetup-reencrypt ]; then +if [ -x /usr/sbin/cryptsetup-reencrypt ]; then copy_exec /usr/sbin/cryptsetup-reencrypt fi diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script index 468b308..927184c 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script @@ -41,7 +41,7 @@ partition_sets="$PARTITIONS" create_file_system_cmd="$CREATE_FILE_SYSTEM_CMD" if [ -z "${create_file_system_cmd}" ]; then - create_file_system_cmd = "mke2fs -t ext4" + create_file_system_cmd="mke2fs -t ext4" fi open_tpm2_partition() { @@ -73,17 +73,17 @@ enroll_tpm2_token() { reencrypt_existing_partition() { part_device=$(readlink -f "$partition") - part_size_blocks=$(cat /sys/class/block/"$(awk -v dev=$part_device 'BEGIN{split(dev,a,"/"); print a[3]}' )"/size) + part_size_blocks=$(cat /sys/class/block/"$(awk -v dev="$part_device" 'BEGIN{split(dev,a,"/"); print a[3]}' )"/size) # reduce the filesystem and partition by 32M to fit the LUKS header reduce_device_size=32768 - reduced_size=$(expr $part_size_blocks - 65536 ) - reduced_size_in_byte=$(expr $reduced_size \* 512) - reduced_size_in_kb=$(expr $reduced_size_in_byte / 1024)K + reduced_size=$(expr "$part_size_blocks" - 65536 ) + reduced_size_in_byte=$(expr "$reduced_size" \* 512) + reduced_size_in_kb=$(expr "$reduced_size_in_byte" / 1024)K resize2fs "$1" "${reduced_size_in_kb}" - if [ -x cryptsetup-reencrypt ]; then - /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k $1 < $2 + if [ -x /usr/sbin/cryptsetup-reencrypt ]; then + /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k "$1" < "$2" else - /usr/sbin/cryptsetup reencrypt --encrypt --reduce-device-size "$reduce_device_size"k $1 < $2 + /usr/sbin/cryptsetup reencrypt --encrypt --reduce-device-size "$reduce_device_size"k "$1" < "$2" fi } @@ -93,10 +93,10 @@ if [ ! -e "$tpm_device" ]; then fi for partition_set in $partition_sets; do - partition_label=$(awk -v var=$partition_set 'BEGIN{split(var,a,":"); print a[1]}') - partition_mountpoint=$(awk -v var=$partition_set 'BEGIN{split(var,a,":"); print a[2]}') - partition_format=$(awk -v var=$partition_set 'BEGIN{split(var,a,":"); print a[3]}') - partition=/dev/disk/by-partlabel/$partition_label + partition_label=$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[1]}') + partition_mountpoint=$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[2]}') + partition_format=$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[3]}') + partition=/dev/disk/by-partlabel/"$partition_label" crypt_mount_name="encrypted_$partition_label" decrypted_part=/dev/mapper/"$crypt_mount_name" @@ -104,7 +104,7 @@ for partition_set in $partition_sets; do if /usr/sbin/cryptsetup luksDump --batch-mode "$partition" \ | grep -q "systemd-tpm2"; then open_tpm2_partition "$partition" - if ! mount -t $(get_fstype "${decrypted_part}") "${decrypted_part}" \ + if ! mount -t "$(get_fstype "${decrypted_part}")" "${decrypted_part}" \ "${rootmnt}${partition_mountpoint}"; then panic "Can't mount encrypted partition '${decrypted_part}'!" fi @@ -134,7 +134,7 @@ for partition_set in $partition_sets; do ;; esac - if ! mount -t $(get_fstype "${decrypted_part}") "${decrypted_part}" \ + if ! mount -t "$(get_fstype "${decrypted_part}")" "${decrypted_part}" \ "${rootmnt}${partition_mountpoint}"; then panic "Can't mount encrypted partition '${decrypted_part}'!" fi

[isar-cip-core,v4,5/7] initramfs-crypt-hook/systemd: Address shellcheck findings

Commit Message

Patch