From patchwork Fri Nov 10 20:21:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452763 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B4993B7A8 for ; Fri, 10 Nov 2023 20:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="M6GB/0rx" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C7933868 for ; Fri, 10 Nov 2023 12:21:48 -0800 (PST) Received: from pps.filterd (m0353728.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJlKLr007762; Fri, 10 Nov 2023 20:21:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pp1; bh=7/1MmB//fb2qL4O8k3fOa//l9+N4msN/Vr9RqwVWFr8=; b=M6GB/0rxTdIC1GJ7k1HwoMX0bMRXa+bJS7BfU6YCT0akcsqKzp8HYfVgVUpTVsIizhut /EVoWDiEKs0uHqu5NUe2idIZuVjJcs0hrtUm+1eGEkcwcxRTUcVIKq4GzYLeTgtQOdc8 JJP0g47RSEULF/+3Tm44gRyeIOoTByHAE1QHgc873/B6wmrvGwpv12p2PrWd8HU/h5ov oxJfxHAFzK1+OyGlYC6IaOh9MJK7DTL2ueM08THwEjtd3hwErUiGzQN32P54fBDgPy7l kYa5j6RXaYMdNhOlJSOiN24OvhspmZlZqb8OwCyiLEAvTr8otNLbFOYLfnlrmkS6dDlm Yg== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9tyy8w0d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:42 +0000 Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJ1Fr1000726; Fri, 10 Nov 2023 20:21:41 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3u7w23ddr7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:41 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLexn18416166 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:40 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1650D58058; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BDBB85805D; Fri, 10 Nov 2023 20:21:39 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:39 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 01/14] tests: Address issues raised by shellcheck SC2086 & enable shellcheck Date: Fri, 10 Nov 2023 15:21:24 -0500 Message-ID: <20231110202137.3978820-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: UcOYqxNxzytXzAoTs8TtEVaPs9QT4eIh X-Proofpoint-ORIG-GUID: UcOYqxNxzytXzAoTs8TtEVaPs9QT4eIh X-Proofpoint-UnRewURL: 0 URL was un-rewritten Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 phishscore=0 mlxscore=0 malwarescore=0 suspectscore=0 clxscore=1015 priorityscore=1501 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues raised by shellcheck SC2086: "Double quote to prevent globbing and word splitting." Add support for the make target 'shellcheck' on scripts in the test directory. Signed-off-by: Stefan Berger --- Makefile.am | 5 ++++- tests/Makefile.am | 11 ++++++++++- tests/boot_aggregate.test | 4 ++-- tests/fsverity.test | 16 ++++++++-------- tests/functions.sh | 30 +++++++++++++++--------------- tests/gen-keys.sh | 4 ++-- tests/install-openssl3.sh | 12 ++++++------ tests/sign_verify.test | 12 ++++++------ tests/softhsm_setup | 28 ++++++++++++++-------------- 9 files changed, 67 insertions(+), 55 deletions(-) diff --git a/Makefile.am b/Makefile.am index e686d65..a30c800 100644 --- a/Makefile.am +++ b/Makefile.am @@ -44,4 +44,7 @@ rmman: doc: evmctl.1.html rmman evmctl.1 endif -.PHONY: $(tarname) +shellcheck: + make -C tests shellcheck + +.PHONY: $(tarname) shellcheck diff --git a/tests/Makefile.am b/tests/Makefile.am index 03aa5b7..e34fd79 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -24,6 +24,15 @@ clean-local: -rm -f *.txt *.out *.sig *.sig2 distclean: distclean-keys -.PHONY: distclean-keys + +shellcheck: + shellcheck -i SC2086 \ + functions.sh gen-keys.sh install-fsverity.sh \ + install-mount-idmapped.sh install-openssl3.sh \ + install-swtpm.sh install-tss.sh softhsm_setup \ + $(check_SCRIPTS) + +.PHONY: distclean-keys shellcheck distclean-keys: ./gen-keys.sh clean + diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test index b0b2db4..ccc45f9 100755 --- a/tests/boot_aggregate.test +++ b/tests/boot_aggregate.test @@ -129,7 +129,7 @@ check() { local options=$1 echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks" - bootaggr=$(evmctl ima_boot_aggregate ${options}) + bootaggr=$(evmctl ima_boot_aggregate "${options}") if [ $? -ne 0 ]; then echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}" exit "$SKIP" @@ -197,4 +197,4 @@ if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then fi fi -expect_pass check $BOOTAGGR_OPTIONS +expect_pass check "$BOOTAGGR_OPTIONS" diff --git a/tests/fsverity.test b/tests/fsverity.test index 01d5c35..11925cb 100755 --- a/tests/fsverity.test +++ b/tests/fsverity.test @@ -50,9 +50,9 @@ _require dd mkfs blkid e2fsck tune2fs evmctl setfattr trap '_report_exit_and_cleanup _cleanup_env cleanup' SIGINT SIGTERM EXIT cleanup() { - if [ -e $TST_MNT ]; then - if [ $LOOPBACK_MOUNTED -eq 1 ]; then - umount $TST_MNT + if [ -e "$TST_MNT" ]; then + if [ "$LOOPBACK_MOUNTED" -eq 1 ]; then + umount "$TST_MNT" fi if [ -f "$TST_IMG" ]; then rm "$TST_IMG" @@ -199,7 +199,7 @@ create_file() { local test=$1 local type=$2 - TST_FILE=$(mktemp -p $TST_MNT -t "${type}".XXXXXX) + TST_FILE=$(mktemp -p "$TST_MNT" -t "${type}".XXXXXX) [ "$VERBOSE" -ge 1 ] && echo "INFO: creating $TST_FILE" # heredoc to create a script @@ -248,13 +248,13 @@ measure-verity() { digest_filename=$("$FSVERITY" digest "$TST_FILE") [ "$VERBOSE" -ge 2 ] && echo "INFO: verity:$digest_filename" - grep "verity:$digest_filename" $IMA_MEASUREMENT_LIST &> /dev/null + grep "verity:$digest_filename" "$IMA_MEASUREMENT_LIST" &> /dev/null ret=$? # Not finding the "fsverity digest" result in the IMA measurement # list is expected for non fs-verity enabled files. The measurement # list will contain zeros for the file hash. - if [ $ret -eq 1 ]; then + if [ "$ret" -eq 1 ]; then error="$FAIL" if [ "$verity" = "enabled" ]; then echo "${RED}FAILURE: ${msg} ${NORM}" @@ -282,7 +282,7 @@ measure-ima() { create_file "$test" ima-hash "$TST_FILE" - hashalg=$(grep "${TST_FILE}" $IMA_MEASUREMENT_LIST | cut -d':' -f2) + hashalg=$(grep "${TST_FILE}" "$IMA_MEASUREMENT_LIST" | cut -d':' -f2) if [ -z "${hashalg}" ]; then echo "${CYAN}SKIP: Measurement record with algorithm not found${NORM}" return "$SKIP" @@ -298,7 +298,7 @@ measure-ima() { # Remove the extra space before the filename digest_filename=$(${digestsum} "$TST_FILE" | sed "s/\ \ /\ /") [ "$VERBOSE" -ge 2 ] && echo "$test: $digest_filename" - if grep "$digest_filename" $IMA_MEASUREMENT_LIST &> /dev/null; then + if grep "$digest_filename" "$IMA_MEASUREMENT_LIST" &> /dev/null; then echo "${GREEN}SUCCESS: Measuring $TST_FILE ${NORM}" else error="$FAIL" diff --git a/tests/functions.sh b/tests/functions.sh index ed06040..15bcec4 100755 --- a/tests/functions.sh +++ b/tests/functions.sh @@ -42,7 +42,7 @@ exit_early() { _require() { ret= for i; do - if ! type $i; then + if ! type "$i"; then echo "$i is required for test" ret=1 fi @@ -79,7 +79,7 @@ expect_pass() { fi if [ $TNESTED -gt 0 ]; then - echo $RED"expect_pass should not be run nested"$NORM + echo "${RED}expect_pass should not be run nested${NORM}" testsfail+=1 exit "$HARDFAIL" fi @@ -110,9 +110,9 @@ expect_pass_if() { ret=$? if [ $ret -ne 0 ] && [ $ret -ne 77 ] && [ -n "$PATCHES" ]; then - echo $YELLOW"Possibly missing patches:"$NORM + echo "${YELLOW}Possibly missing patches:${NORM}" for idx in $indexes; do - echo $YELLOW" - ${PATCHES[$((idx))]}"$NORM + echo "${YELLOW} - ${PATCHES[$((idx))]}${NORM}" done fi @@ -130,7 +130,7 @@ expect_fail() { fi if [ $TNESTED -gt 0 ]; then - echo $RED"expect_fail should not be run nested"$NORM + echo "${RED}expect_fail should not be run nested${NORM}" testsfail+=1 exit "$HARDFAIL" fi @@ -166,9 +166,9 @@ expect_fail_if() { ret=$? if { [ $ret -eq 0 ] || [ $ret -eq 99 ]; } && [ -n "$PATCHES" ]; then - echo $YELLOW"Possibly missing patches:"$NORM + echo "${YELLOW}Possibly missing patches:${NORM}" for idx in $indexes; do - echo $YELLOW" - ${PATCHES[$((idx))]}"$NORM + echo "${YELLOW} - ${PATCHES[$((idx))]}${NORM}" done fi @@ -177,12 +177,12 @@ expect_fail_if() { # return true if current test is positive _test_expected_to_pass() { - [ ! $TFAIL ] + [ ! "$TFAIL" ] } # return true if current test is negative _test_expected_to_fail() { - [ $TFAIL ] + [ "$TFAIL" ] } # Show blank line and color following text to red @@ -201,7 +201,7 @@ color_red() { } color_restore() { - [ $COLOR_RESTORE ] && echo "$NORM" + [ "$COLOR_RESTORE" ] && echo "$NORM" COLOR_RESTORE= } @@ -216,7 +216,7 @@ _evmctl_run() { # ADD_TEXT_FOR: append to text as 'for $ADD_TEXT_FOR' cmd="evmctl $V $EVMCTL_ENGINE $*" - echo $YELLOW$TMODE "$cmd"$NORM + echo "${YELLOW}$TMODE $cmd${NORM}" $cmd >"$out" 2>&1 ret=$? @@ -226,7 +226,7 @@ _evmctl_run() { echo "evmctl $op failed hard with ($ret) $text_for" sed 's/^/ /' "$out" color_restore - rm "$out" $ADD_DEL + rm "$out" "$ADD_DEL" ADD_DEL= ADD_TEXT_FOR= return "$HARDFAIL" @@ -238,7 +238,7 @@ _evmctl_run() { sed 's/^/ /' "$out" fi color_restore - rm "$out" $ADD_DEL + rm "$out" "$ADD_DEL" ADD_DEL= ADD_TEXT_FOR= return "$FAIL" @@ -371,7 +371,7 @@ _softhsm_setup() { msg=$(./softhsm_setup setup 2>&1) if [ $? -eq 0 ]; then echo "softhsm_setup setup succeeded: $msg" - PKCS11_KEYURI=$(echo $msg | sed -n 's|^keyuri: \(.*\)|\1|p') + PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p') export EVMCTL_ENGINE="--engine pkcs11" export OPENSSL_ENGINE="-engine pkcs11" @@ -402,7 +402,7 @@ _run_env() { if [ "$TST_ENV" = "um" ]; then expect_pass "$1" rootfstype=hostfs rw init="$2" quiet mem=2048M "$3" else - echo $RED"Testing environment $TST_ENV not supported"$NORM + echo "${RED}Testing environment $TST_ENV not supported${NORM}" exit "$FAIL" fi } diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh index 8905cdf..0b03ba4 100755 --- a/tests/gen-keys.sh +++ b/tests/gen-keys.sh @@ -71,9 +71,9 @@ for m in 1024 1024_skid 2048; do ext= fi if [ ! -e test-rsa$m.key ]; then - log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 $ext \ + log openssl req -verbose -new -nodes -utf8 -sha256 -days 10000 -batch -x509 "$ext" \ -config test-ca.conf \ - -newkey rsa:$bits \ + -newkey "rsa:$bits" \ -out test-rsa$m.cer -outform DER \ -keyout test-rsa$m.key # for v1 signatures diff --git a/tests/install-openssl3.sh b/tests/install-openssl3.sh index 911c32b..29457f3 100755 --- a/tests/install-openssl3.sh +++ b/tests/install-openssl3.sh @@ -9,16 +9,16 @@ fi version=${COMPILE_SSL} -wget --no-check-certificate https://github.com/openssl/openssl/archive/refs/tags/${version}.tar.gz -tar --no-same-owner -xzf ${version}.tar.gz -cd openssl-${version} +wget --no-check-certificate "https://github.com/openssl/openssl/archive/refs/tags/${version}.tar.gz" +tar --no-same-owner -xzf "${version}.tar.gz" +cd "openssl-${version}" if [ "$VARIANT" = "i386" ]; then echo "32-bit compilation" FLAGS="-m32 linux-generic32" fi -./Configure $FLAGS no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3 +./Configure "$FLAGS" no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3 # Uncomment for debugging # perl configdata.pm --dump | grep engine make -j$(nproc) @@ -26,5 +26,5 @@ make -j$(nproc) sudo make install_sw cd .. -rm -rf ${version}.tar.gz -rm -rf openssl-${version} +rm -rf "${version}.tar.gz" +rm -rf "openssl-${version}" diff --git a/tests/sign_verify.test b/tests/sign_verify.test index 2bc365a..5cc0393 100755 --- a/tests/sign_verify.test +++ b/tests/sign_verify.test @@ -141,7 +141,7 @@ check_sign() { local FILE=${FILE:-$ALG.txt} # Normalize key filename if it's not a pkcs11 URI - if [ ${KEY:0:7} != pkcs11: ]; then + if [ "${KEY:0:7}" != pkcs11: ]; then key=${KEY%.*}.key key=test-${key#test-} else @@ -152,8 +152,8 @@ check_sign() { # leave only good files for verify tests. _test_expected_to_fail && FILE+='~' - rm -f $FILE - if ! touch $FILE; then + rm -f "$FILE" + if ! touch "$FILE"; then color_red echo "Can't create test file: $FILE" color_restore @@ -372,7 +372,7 @@ try_different_sigs() { ## Test v1 signatures # Signature v1 only supports sha1 and sha256 so any other should fail -if [ $SIGV1 -eq 0 ]; then +if [ "$SIGV1" -eq 0 ]; then __skip() { echo "IMA signature v1 tests are skipped: not supported"; return $SKIP; } expect_pass __skip else @@ -440,8 +440,8 @@ expect_fail \ # Test signing with key described by pkcs11 URI _softhsm_setup "${WORKDIR}" if [ -n "${PKCS11_KEYURI}" ]; then - expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd - expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha1 PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd + expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd + expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_KEYURI}" ALG=sha1 PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd else # to have a constant number of tests, skip these two tests __skip() { echo "pkcs11 test is skipped: could not setup softhsm"; return $SKIP; } diff --git a/tests/softhsm_setup b/tests/softhsm_setup index 35b1754..10e4013 100755 --- a/tests/softhsm_setup +++ b/tests/softhsm_setup @@ -15,7 +15,7 @@ fi MAJOR=$(softhsm2-util -v | cut -d '.' -f1) MINOR=$(softhsm2-util -v | cut -d '.' -f2) -if [ ${MAJOR} -lt 2 ] || [ ${MAJOR} -eq 2 -a ${MINOR} -lt 2 ]; then +if [ "${MAJOR}" -lt 2 ] || [ "${MAJOR}" -eq 2 -a "${MINOR}" -lt 2 ]; then echo "Need softhsm v2.2.0 or later" exit 77 fi @@ -91,21 +91,21 @@ setup_softhsm() { grep -E "\.so$")" fi sudo mkdir -p /etc/gnutls &>/dev/null - sudo bash -c "echo "load=${SONAME}" > /etc/gnutls/pkcs11.conf" + sudo bash -c "echo 'load=${SONAME}' > /etc/gnutls/pkcs11.conf" ;; esac - if ! [ -d $configdir ]; then - mkdir -p $configdir + if ! [ -d "$configdir" ]; then + mkdir -p "$configdir" fi - mkdir -p ${tokendir} + mkdir -p "${tokendir}" - if [ -f $configfile ]; then + if [ -f "$configfile" ]; then mv "$configfile" "$bakconfigfile" fi - if ! [ -f $configfile ]; then - cat <<_EOF_ > $configfile + if ! [ -f "$configfile" ]; then + cat <<_EOF_ > "$configfile" directories.tokendir = ${tokendir} objectstore.backend = file log.level = DEBUG @@ -122,8 +122,8 @@ _EOF_ if [ -z "$tokenuri" ]; then msg=$(softhsm2-util \ - --init-token --pin ${PIN} --so-pin ${SO_PIN} \ - --free --label ${NAME} 2>&1) + --init-token --pin "${PIN}" --so-pin "${SO_PIN}" \ + --free --label "${NAME}" 2>&1) if [ $? -ne 0 ]; then echo "Could not initialize token" echo "$msg" @@ -172,7 +172,7 @@ _EOF_ fi fi - getkeyuri_softhsm $slot + getkeyuri_softhsm "$slot" rc=$? if [ $rc -ne 0 ]; then teardown_softhsm @@ -196,7 +196,7 @@ _getkeyuri_softhsm() { echo "$msg" return 6 fi - msg=$(p11tool --list-all ${tokenuri} 2>&1) + msg=$(p11tool --list-all "${tokenuri}" 2>&1) if [ $? -ne 0 ]; then echo "Could not list object under token $tokenuri" echo "$msg" @@ -260,7 +260,7 @@ main() { local ret if [ $# -lt 1 ]; then - usage $0 + usage "$0" echo -e "Missing command.\n\n" return 1 fi @@ -283,7 +283,7 @@ main() { ;; *) echo -e "Unsupported command: $1\n\n" - usage $0 + usage "$0" ret=1 esac return $ret From patchwork Fri Nov 10 20:21:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452764 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 431F83B785 for ; Fri, 10 Nov 2023 20:21:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="XZaFGsuy" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D9963A82 for ; Fri, 10 Nov 2023 12:21:48 -0800 (PST) Received: from pps.filterd (m0353722.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKAhAP006071; Fri, 10 Nov 2023 20:21:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=XgYzlFyJwA8f+r/UcEhbYRhHwzqbxqNUmEQy6BhnOzI=; b=XZaFGsuywKaxtlBo0VL//i+xVCHmGwLz7fuwLiXvvi9q6eOREyK21hh4EBiE5/1lJSD7 1+yo3SeA+4jgmQU4sF3Jkqins2FvdbCzrW18hOL9Xja3aRm5TMSj/pHDYj6vAaUowq9Z KPKiXaBBiw3vfLIrYWDHyMBrVxaSadquc+67x+/EHYQOJEyx0W8ppPiLetFJ+JUonZ0g 9e75ysujwwW4UxNNUr2KYMoU8OnN2Fxu9ck3PA/u5aQFBHB5fqvhIgUjNDM8LXci4vae nD6kIC+mHAzRism4i/ve4bUMItHDLhPQvL5F0MwcfwCoTsE6QFEPmepYUdMwgnHVstqS Lw== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9uawrchr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:41 +0000 Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJ55Qu019252; Fri, 10 Nov 2023 20:21:41 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w24dcpf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:41 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLeqQ18416168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:40 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7408658058; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2B93658059; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 02/14] tests: Address issues raised by shellcheck SC2181 Date: Fri, 10 Nov 2023 15:21:25 -0500 Message-ID: <20231110202137.3978820-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: QwMdWUVj4mfb3L4vPfXpjXTRGLpmDraH X-Proofpoint-ORIG-GUID: QwMdWUVj4mfb3L4vPfXpjXTRGLpmDraH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 spamscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 adultscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issues raised by shellcheck SC2181: "Check exit code directly with e.g. if mycmd;, not indirectly with $?." The general replacement patterns to fix this issue are: Old: if [ $? -eq 0 ]; then ... New: if ; then ... Old: if [ $? -ne 0 ]; then ... New: if ! ; then ... Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/boot_aggregate.test | 22 ++++++++-------------- tests/functions.sh | 3 +-- tests/ima_hash.test | 4 ++-- tests/sign_verify.test | 3 +-- tests/softhsm_setup | 32 ++++++++++++-------------------- 6 files changed, 25 insertions(+), 41 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index e34fd79..1848091 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086 \ + shellcheck -i SC2086,SC2181 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test index ccc45f9..04aef9b 100755 --- a/tests/boot_aggregate.test +++ b/tests/boot_aggregate.test @@ -47,8 +47,7 @@ swtpm_start() { fi if [ -n "${swtpm}" ]; then - pgrep swtpm - if [ $? -eq 0 ]; then + if pgrep swtpm; then echo "INFO: Software TPM (swtpm) already running" return 114 else @@ -60,8 +59,7 @@ swtpm_start() { elif [ -n "${tpm_server}" ]; then # tpm_server uses the Microsoft simulator encapsulated packet format export TPM_SERVER_TYPE="mssim" - pgrep tpm_server - if [ $? -eq 0 ]; then + if pgrep tpm_server; then echo "INFO: Software TPM (tpm_server) already running" return 114 else @@ -81,16 +79,13 @@ swtpm_init() { fi echo "INFO: Sending software TPM startup" - "${TSSDIR}/tssstartup" - if [ $? -ne 0 ]; then + if ! "${TSSDIR}/tssstartup"; then echo "INFO: Retry sending software TPM startup" sleep 1 - "${TSSDIR}/tssstartup" - fi - - if [ $? -ne 0 ]; then - echo "INFO: Software TPM startup failed" - return "$SKIP" + if ! "${TSSDIR}/tssstartup"; then + echo "INFO: Software TPM startup failed" + return "$SKIP" + fi fi echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM" @@ -129,8 +124,7 @@ check() { local options=$1 echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks" - bootaggr=$(evmctl ima_boot_aggregate "${options}") - if [ $? -ne 0 ]; then + if ! bootaggr=$(evmctl ima_boot_aggregate "${options}"); then echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}" exit "$SKIP" fi diff --git a/tests/functions.sh b/tests/functions.sh index 15bcec4..86e6597 100755 --- a/tests/functions.sh +++ b/tests/functions.sh @@ -368,8 +368,7 @@ _softhsm_setup() { mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}" - msg=$(./softhsm_setup setup 2>&1) - if [ $? -eq 0 ]; then + if msg=$(./softhsm_setup setup 2>&1); then echo "softhsm_setup setup succeeded: $msg" PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p') diff --git a/tests/ima_hash.test b/tests/ima_hash.test index e88fd59..9a8d7b6 100755 --- a/tests/ima_hash.test +++ b/tests/ima_hash.test @@ -33,8 +33,8 @@ check() { # unless it's negative test, then pass to evmctl cmd="openssl dgst $OPENSSL_ENGINE -$alg $file" echo - "$cmd" - hash=$(set -o pipefail; $cmd 2>/dev/null | cut -d' ' -f2) - if [ $? -ne 0 ] && _test_expected_to_pass; then + if ! hash=$(set -o pipefail; $cmd 2>/dev/null | cut -d' ' -f2) \ + && _test_expected_to_pass; then echo "${CYAN}$alg test is skipped$NORM" rm "$file" return "$SKIP" diff --git a/tests/sign_verify.test b/tests/sign_verify.test index 5cc0393..1b6cf2a 100755 --- a/tests/sign_verify.test +++ b/tests/sign_verify.test @@ -185,8 +185,7 @@ check_sign() { # Insert keyid from cert into PREFIX in-place of marker `:K:' if [[ $PREFIX =~ :K: ]]; then - keyid=$(_keyid_from_cert "$key") - if [ $? -ne 0 ]; then + if ! keyid=$(_keyid_from_cert "$key"); then color_red echo "Unable to determine keyid for $key" color_restore diff --git a/tests/softhsm_setup b/tests/softhsm_setup index 10e4013..95bf0b1 100755 --- a/tests/softhsm_setup +++ b/tests/softhsm_setup @@ -30,8 +30,7 @@ UNAME_S="$(uname -s)" case "${UNAME_S}" in Darwin) - msg=$(sudo -v -n) - if [ $? -ne 0 ]; then + if ! msg=$(sudo -v -n); then echo "Need password-less sudo rights on OS X to change /etc/gnutls/pkcs11.conf" exit 1 fi @@ -113,18 +112,16 @@ slots.removable = false _EOF_ fi - msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}" | tail -n1) - if [ $? -ne 0 ]; then + if ! msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}" | tail -n1); then echo "Could not list existing tokens" echo "$msg" fi tokenuri=$(echo "$msg" | sed -n 's/.*URL: \([[:print:]*]\)/\1/p') if [ -z "$tokenuri" ]; then - msg=$(softhsm2-util \ + if ! msg=$(softhsm2-util \ --init-token --pin "${PIN}" --so-pin "${SO_PIN}" \ - --free --label "${NAME}" 2>&1) - if [ $? -ne 0 ]; then + --free --label "${NAME}" 2>&1); then echo "Could not initialize token" echo "$msg" return 2 @@ -143,9 +140,8 @@ _EOF_ fi fi - msg=$(p11tool --list-tokens 2>&1 | \ - grep "token=${NAME}" | tail -n1) - if [ $? -ne 0 ]; then + if ! msg=$(p11tool --list-tokens 2>&1 | \ + grep "token=${NAME}" | tail -n1); then echo "Could not list existing tokens" echo "$msg" fi @@ -156,15 +152,13 @@ _EOF_ fi # more recent versions of p11tool have --generate-privkey ... - msg=$(GNUTLS_PIN=$PIN p11tool \ + if ! msg=$(GNUTLS_PIN=$PIN p11tool \ --generate-privkey=rsa --bits 2048 --label mykey --login \ - "${tokenuri}" 2>&1) - if [ $? -ne 0 ]; then + "${tokenuri}" 2>&1); then # ... older versions have --generate-rsa - msg=$(GNUTLS_PIN=$PIN p11tool \ + if ! msg=$(GNUTLS_PIN=$PIN p11tool \ --generate-rsa --bits 2048 --label mykey --login \ - "${tokenuri}" 2>&1) - if [ $? -ne 0 ]; then + "${tokenuri}" 2>&1); then echo "Could not create RSA key!" echo "$msg" return 5 @@ -184,8 +178,7 @@ _EOF_ _getkeyuri_softhsm() { local msg tokenuri keyuri - msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}") - if [ $? -ne 0 ]; then + if ! msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}"); then echo "Could not list existing tokens" echo "$msg" return 5 @@ -196,8 +189,7 @@ _getkeyuri_softhsm() { echo "$msg" return 6 fi - msg=$(p11tool --list-all "${tokenuri}" 2>&1) - if [ $? -ne 0 ]; then + if ! msg=$(p11tool --list-all "${tokenuri}" 2>&1); then echo "Could not list object under token $tokenuri" echo "$msg" softhsm2-util --show-slots From patchwork Fri Nov 10 20:21:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452766 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A30783B7B4 for ; Fri, 10 Nov 2023 20:21:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="PG8vk5nW" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 203F7D64 for ; Fri, 10 Nov 2023 12:21:50 -0800 (PST) Received: from pps.filterd (m0353728.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJldfs008913; Fri, 10 Nov 2023 20:21:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pp1; bh=M+ZOge8G/C9AZiziVzVAIk2r+uc9Rur3NBbX3RHLFBo=; b=PG8vk5nWa5kxpGh61qVGHbh+otzSt06/h+R/oe8PCphxOyej+8d+ReR4D8zaoP6Az1oH ibcL81MHmOvUSRNnMYmu5Z40wdMbNnc4K3X7TgZ5Y1hoOYuDd3TqDnumpOJwuxxDa8TP shkBqPxY/9fegg4M7JpQbmuj6Nrc3Nz+4HFgUyUIdxzxHA7/+YuhyNcbdyinM9t7tAC2 AX7V1SY3z6A8uR1Fid5ywwWDxHru/bDN0LtXwB21nqtYXsb1ROK8NHUV5MnLe6ucebD6 p0mZMYvN31wMyjaPsMGTIxO5qf/m3bDCMKs4wMKz6QyttFZzk3s0YiEVLk/Kf8x/1kCS fw== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9tyy8w0k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:43 +0000 Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJDUjq000644; Fri, 10 Nov 2023 20:21:41 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3u7w23ddrb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:41 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLerR18285292 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:41 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D22C058058; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 89D0358059; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 03/14] tests: Address issues raised by shellcheck SC2046 Date: Fri, 10 Nov 2023 15:21:26 -0500 Message-ID: <20231110202137.3978820-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: TOb0CH1SgcQFfjolHcCWu85UijMdQGUm X-Proofpoint-ORIG-GUID: TOb0CH1SgcQFfjolHcCWu85UijMdQGUm X-Proofpoint-UnRewURL: 0 URL was un-rewritten Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 phishscore=0 mlxscore=0 malwarescore=0 suspectscore=0 clxscore=1015 priorityscore=1501 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues raised by shellcheck SC2046: "Quote this to prevent word splitting." Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/install-fsverity.sh | 2 +- tests/install-openssl3.sh | 2 +- tests/install-swtpm.sh | 2 +- tests/install-tss.sh | 2 +- tests/softhsm_setup | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 1848091..bcc1ee4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181 \ + shellcheck -i SC2086,SC2181,SC2046 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/install-fsverity.sh b/tests/install-fsverity.sh index c760485..fa31b2b 100755 --- a/tests/install-fsverity.sh +++ b/tests/install-fsverity.sh @@ -2,5 +2,5 @@ git clone https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git cd fsverity-utils -CC=gcc make -j$(nproc) +CC=gcc make -j"$(nproc)" cd .. diff --git a/tests/install-openssl3.sh b/tests/install-openssl3.sh index 29457f3..f27da4c 100755 --- a/tests/install-openssl3.sh +++ b/tests/install-openssl3.sh @@ -21,7 +21,7 @@ fi ./Configure "$FLAGS" no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3 # Uncomment for debugging # perl configdata.pm --dump | grep engine -make -j$(nproc) +make -j"$(nproc)" # only install apps and library sudo make install_sw diff --git a/tests/install-swtpm.sh b/tests/install-swtpm.sh index de9b5c7..4fa97eb 100755 --- a/tests/install-swtpm.sh +++ b/tests/install-swtpm.sh @@ -16,6 +16,6 @@ mkdir ibmtpm$version cd ibmtpm$version tar --no-same-owner -xvzf ../download cd src -make -j$(nproc) +make -j"$(nproc)" $SUDO cp tpm_server /usr/local/bin/ cd ../.. diff --git a/tests/install-tss.sh b/tests/install-tss.sh index c9c179e..31ea690 100755 --- a/tests/install-tss.sh +++ b/tests/install-tss.sh @@ -3,6 +3,6 @@ set -ex git clone https://git.code.sf.net/p/ibmtpm20tss/tss cd tss -autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j$(nproc) && sudo make install +autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j"$(nproc)" && sudo make install cd .. rm -rf tss diff --git a/tests/softhsm_setup b/tests/softhsm_setup index 95bf0b1..6f8a74e 100755 --- a/tests/softhsm_setup +++ b/tests/softhsm_setup @@ -82,7 +82,7 @@ setup_softhsm() { fi sudo mv /etc/gnutls/pkcs11.conf \ /etc/gnutls/pkcs11.conf.bak &>/dev/null - if [ $(id -u) -eq 0 ]; then + if [ "$(id -u)" -eq 0 ]; then SONAME="$(sudo -u nobody brew ls --verbose softhsm | \ grep -E "\.so$")" else From patchwork Fri Nov 10 20:21:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452755 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F35233B2A9 for ; Fri, 10 Nov 2023 20:21:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="CMqfNR0r" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D8771732 for ; Fri, 10 Nov 2023 12:21:46 -0800 (PST) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKHRoW020759; Fri, 10 Nov 2023 20:21:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=+2rZEPMAQFj+AunMdhU9QwFlTsBewfcZFVT7NgDnMVU=; b=CMqfNR0r1VlvHGXu/uhTXsCbWDrkWUWBBXGLtgfHbKlNcI5suZvNzU1yN7ROgCImSzrD 1rz6ADhd9fwazRTTSNRMytz/Bs9h00r/vRxc962PPQCB5nuryNBWjmJilOADl1yPqzQi iTPAOk/QaJogDBpe5SiGSw/Cx2OWuntRkTLOP9ilXb3r7TSbgG4Smis1+MiVRloYMCOI CLqDVakhyDO3faAuZ3acZqsbzoI6c3nYqxsqe60WOTxH4T4C33L2vf4hIR9G3qEpwDir ujkqpzdn3zf+xSYYOHHhR4ugtqaNWrBs2KMWArMq9yYoz0vvO73deoiJALkkUXMufYSv CQ== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9ue0g3ep-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:42 +0000 Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJMjlx019429; Fri, 10 Nov 2023 20:21:42 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w24dcpk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:42 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLfDW8651290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:41 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3C3A858057; Fri, 10 Nov 2023 20:21:41 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E804558059; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:40 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 04/14] tests: Address issues raised by shellcheck SC2320 Date: Fri, 10 Nov 2023 15:21:27 -0500 Message-ID: <20231110202137.3978820-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: oA_tKu2FG21X4bOhz9FgoXuyZONhPhRc X-Proofpoint-GUID: oA_tKu2FG21X4bOhz9FgoXuyZONhPhRc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 impostorscore=0 spamscore=0 malwarescore=0 priorityscore=1501 suspectscore=0 clxscore=1015 phishscore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=950 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues raised by shellcheck SC2320: "This $? refers to echo/printf, not a previous command. Assign to variable to avoid it being overwritten." Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/mmap_check.test | 8 +++----- tests/portable_signatures.test | 9 +++------ 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index bcc1ee4..babfa7a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181,SC2046 \ + shellcheck -i SC2086,SC2181,SC2046,SC2320 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/mmap_check.test b/tests/mmap_check.test index 2dd3433..3d2e1b1 100755 --- a/tests/mmap_check.test +++ b/tests/mmap_check.test @@ -97,11 +97,9 @@ check_load_ima_rule() { new_policy=$(mktemp -p "$g_mountpoint") echo "$1" > "$new_policy" - echo "$new_policy" > /sys/kernel/security/ima/policy - result=$? - rm -f "$new_policy" - - if [ "$result" -ne 0 ]; then + if echo "$new_policy" > /sys/kernel/security/ima/policy; then + rm -f "$new_policy" + else echo "${RED}Failed to set IMA policy${NORM}" return "$HARDFAIL" fi diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test index 9f3339b..5251211 100755 --- a/tests/portable_signatures.test +++ b/tests/portable_signatures.test @@ -80,7 +80,6 @@ METADATA_CHANGE_FOWNER_2=3002 check_load_ima_rule() { local rule_loaded - local result local new_policy rule_loaded=$(grep "$1" /sys/kernel/security/ima/policy) @@ -88,11 +87,9 @@ check_load_ima_rule() { new_policy=$(mktemp -p "$g_mountpoint") echo "$1" > "$new_policy" evmctl sign -o -a sha256 --imasig --key "$key_path" "$new_policy" &> /dev/null - echo "$new_policy" > /sys/kernel/security/ima/policy - result=$? - rm -f "$new_policy" - - if [ "$result" -ne 0 ]; then + if echo "$new_policy" > /sys/kernel/security/ima/policy; then + rm -f "$new_policy" + else echo "${RED}Failed to set IMA policy${NORM}" return "$FAIL" fi From patchwork Fri Nov 10 20:21:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452759 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B23B3B7A7 for ; Fri, 10 Nov 2023 20:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="mkDQG6MF" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A4BF421C for ; Fri, 10 Nov 2023 12:21:49 -0800 (PST) Received: from pps.filterd (m0353722.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKAf2k006022; Fri, 10 Nov 2023 20:21:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=vQfAEgIRoiPqnmXd/Ylv1IuZwVkWtJbozih+pi6ryTM=; b=mkDQG6MFDi/Cw5uZ8yPxOeuVY4sHtXe7ZL0lgkmPuivfnXUuq4paNG68wKucwCBTymlx auxFzbds/qXFKqwVP7A4f0n9GEKKOuEwtvY3PeETYyY8OWrK5jzKCpaf0wHgzc8KkYcU PXyRDaxMNDHppaNzRYKGO62bxmnCvt5MxCLXmwzZJ5g93b/8PfLqvULiSlVaeK7RGa6u nFiMOx0YSTz1SiwT2cMwlRXYLjGyyzLtcuTgFVlEwluOCQrpMHldhIkSn+cS7rkcCnta UAQhxxJzqXz5nax5GvwDN+GSMzZ/VwrUqFNQ27lQIL++7f5ROPrG+I+yaPP6nA7ZLmsz PA== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9uawrcj0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:42 +0000 Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJKNHZ003488; Fri, 10 Nov 2023 20:21:42 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w22dcqe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:42 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLfYK8651296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:41 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A31365805D; Fri, 10 Nov 2023 20:21:41 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 51B9F58059; Fri, 10 Nov 2023 20:21:41 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:41 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 05/14] tests: Address issues raised by shellcheck SC2317 Date: Fri, 10 Nov 2023 15:21:28 -0500 Message-ID: <20231110202137.3978820-6-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: rtpTm-BWSMkE-TSouJWK6VS2x62TiJyc X-Proofpoint-ORIG-GUID: rtpTm-BWSMkE-TSouJWK6VS2x62TiJyc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 spamscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 adultscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issues raised by shellcheck SC2317: "Command appears to be unreachable. Check usage (or ignore if invoked indirectly)." Disable this check in fsverity.test since functions are called indirectly there. Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/fsverity.test | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index babfa7a..d6d0068 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181,SC2046,SC2320 \ + shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/fsverity.test b/tests/fsverity.test index 11925cb..e924162 100755 --- a/tests/fsverity.test +++ b/tests/fsverity.test @@ -29,6 +29,8 @@ # since the policy rules are walked sequentially, the system's IMA # custom policy rules might take precedence. +# shellcheck disable=SC2317 + cd "$(dirname "$0")" || exit 1 PATH=../src:../fsverity-utils:$PATH source ./functions.sh From patchwork Fri Nov 10 20:21:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452758 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D0473B796 for ; Fri, 10 Nov 2023 20:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="SR6fapni" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E05293A9F for ; Fri, 10 Nov 2023 12:21:48 -0800 (PST) Received: from pps.filterd (m0353728.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJlcvh008892; Fri, 10 Nov 2023 20:21:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=vPKMllWBMv9EhZMJbHk5NfrlIlxtDmxL83EU4sHUdns=; b=SR6fapniAdXB1mZe/b/xOXtVuJ+cAWInnIVXN3Gzf/xzvEPnFbUNrquCBpktsEPWwQkD WkKNhIUdhyyi5tYgOgjKsgY8wR5Gv5bc0dfp9OagyyFCMkyIxfuW11wMD5A0smQTGWK2 wvoi9wicJDFnx6FfZzvTB/0GJbd5cTKfYsQ8Hb/w5hlVbbEnrfLwr98nzF7MiFq8c5sY MXnBilxlCtbIyJ3jSveg6TAQ35E7Xtfy5f4omDf5P5IMjfChcjQoJgejgj0SvL314GDv gywU5HMWjNIftf5n3+NPQSBF5JVaMT9B/JhKXENVwZ+XwYhbao+NXDtDSU9W7lH/kHjs dQ== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9tyy8w10-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:43 +0000 Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAIsBD2019248; Fri, 10 Nov 2023 20:21:42 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w24dcpp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:42 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLgjM21168782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:42 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CF6258059; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B8CFE58058; Fri, 10 Nov 2023 20:21:41 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:41 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 06/14] tests: Address issues raised by shellcheck SC2034 Date: Fri, 10 Nov 2023 15:21:29 -0500 Message-ID: <20231110202137.3978820-7-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: RXDZ9Rek1_m3ncG4ixEWOhVVR7CqO9cb X-Proofpoint-ORIG-GUID: RXDZ9Rek1_m3ncG4ixEWOhVVR7CqO9cb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 phishscore=0 mlxscore=0 malwarescore=0 suspectscore=0 clxscore=1015 priorityscore=1501 mlxlogscore=951 impostorscore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues raised by shellcheck SC2034: "foo appears unused. Verify it or export it." Export PKCS11_KEYURI in a separate statement to avoid the following shellcheck issue: SC2155 (warning): Declare and assign separately to avoid masking return values. Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/functions.sh | 1 + tests/mmap_check.test | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index d6d0068..2c86ba8 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317 \ + shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/functions.sh b/tests/functions.sh index 86e6597..66766ba 100755 --- a/tests/functions.sh +++ b/tests/functions.sh @@ -371,6 +371,7 @@ _softhsm_setup() { if msg=$(./softhsm_setup setup 2>&1); then echo "softhsm_setup setup succeeded: $msg" PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p') + export PKCS11_KEYURI export EVMCTL_ENGINE="--engine pkcs11" export OPENSSL_ENGINE="-engine pkcs11" diff --git a/tests/mmap_check.test b/tests/mmap_check.test index 3d2e1b1..ecca066 100755 --- a/tests/mmap_check.test +++ b/tests/mmap_check.test @@ -5,6 +5,8 @@ # # Check the behavior of MMAP_CHECK and MMAP_CHECK_REQPROT +# shellcheck disable=SC2034 + trap '_report_exit_and_cleanup _cleanup_env cleanup' SIGINT SIGTERM SIGSEGV EXIT PATCHES=( From patchwork Fri Nov 10 20:21:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452756 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92E843B785 for ; Fri, 10 Nov 2023 20:21:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="GkU4M68E" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 077B6A9 for ; Fri, 10 Nov 2023 12:21:47 -0800 (PST) Received: from pps.filterd (m0353723.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKE6Q6010973; Fri, 10 Nov 2023 20:21:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pp1; bh=+uJhgvUY7XS95kn+BR/0Rzx+H9oPkU5ICD2HnQ6hxc8=; b=GkU4M68EUMds+cv3v3cieZl5PNF4/pESzMByefh2ouRvtHA8PpMDhmWzepFIGkKxnDGS kOTNC2Kkk6gDvp3pgVNa0lLgQc6DZeVk2cZkZ1w1G5ZB607uqKWZhfBDzxU6J/vMMhYm gKuqbAw3sjcbWtOBIk4BaElLsPbWncf2FtVYJfltzk99k413yPC2FbwBFKSkcIwJm89U 8VdqagJrFzRRZ68zTvsHOTawwoqo/LYPvRzIY9UWsi9mANoOTnE6TOXQaB/ciURCFF3b JjE2BKw7AO3MhzF5GcX7bs6ep0CQn5YfYO/OXZQkKOCiFtqND08wvdOdtfMJhD23V1m2 Ew== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9ucb08e0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:44 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJQxpA004112; Fri, 10 Nov 2023 20:21:43 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w21dd49-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:43 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLgSF22741566 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:42 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6AF4958061; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 22F9458058; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 07/14] tests: Address issues raised by shellcheck SC2164 Date: Fri, 10 Nov 2023 15:21:30 -0500 Message-ID: <20231110202137.3978820-8-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: x4r-UtGJOTQwyDc2prWicbm-0uhUjR8l X-Proofpoint-ORIG-GUID: x4r-UtGJOTQwyDc2prWicbm-0uhUjR8l X-Proofpoint-UnRewURL: 0 URL was un-rewritten Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 spamscore=0 bulkscore=0 malwarescore=0 lowpriorityscore=0 phishscore=0 mlxscore=0 priorityscore=1501 clxscore=1015 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issues raised by shellcheck SC2164: "Use cd ... || exit in case cd fails." Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/boot_aggregate.test | 2 +- tests/install-fsverity.sh | 2 +- tests/install-mount-idmapped.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 2c86ba8..c3eeb43 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034 \ + shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test index 04aef9b..c7c2b21 100755 --- a/tests/boot_aggregate.test +++ b/tests/boot_aggregate.test @@ -17,7 +17,7 @@ trap '_report_exit_and_cleanup cleanup' SIGINT SIGTERM EXIT # Base VERBOSE on the environment variable, if set. VERBOSE="${VERBOSE:-0}" -cd "$(dirname "$0")" +cd "$(dirname "$0")" || exit 1 export PATH=../src:$PATH export LD_LIBRARY_PATH=$LD_LIBRARY_PATH . ./functions.sh diff --git a/tests/install-fsverity.sh b/tests/install-fsverity.sh index fa31b2b..e2b0286 100755 --- a/tests/install-fsverity.sh +++ b/tests/install-fsverity.sh @@ -1,6 +1,6 @@ #!/bin/sh git clone https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git -cd fsverity-utils +cd fsverity-utils || exit 1 CC=gcc make -j"$(nproc)" cd .. diff --git a/tests/install-mount-idmapped.sh b/tests/install-mount-idmapped.sh index c954006..d8a673c 100755 --- a/tests/install-mount-idmapped.sh +++ b/tests/install-mount-idmapped.sh @@ -1,6 +1,6 @@ #!/bin/sh git clone https://github.com/brauner/mount-idmapped.git -cd mount-idmapped +cd mount-idmapped || exit 1 gcc -o mount-idmapped mount-idmapped.c cd .. From patchwork Fri Nov 10 20:21:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452765 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E5A33B794 for ; Fri, 10 Nov 2023 20:21:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="lMEEmzzG" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D6E51732 for ; Fri, 10 Nov 2023 12:21:51 -0800 (PST) Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKGxIA022850; Fri, 10 Nov 2023 20:21:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=xfJnEGmOx8A+rV107lXUasDYNfRxN0OPwk6YLsCcgTg=; b=lMEEmzzGM27K/e3acpIuI2kQdbQZEMgwhkkU2UiNJxjOBwruaHP8Piq+cVbgHpOHCof5 M01pjXXjLOAUE+kMz4RqhFe/3HUJWgHtghcvvL8ARLUELFDOTQLQ9QxNScKKXenHfz1C 1p3OGWIM+IySClBTml8nMmjMH2JWYXvXdCjB8l7h57IrrRnvdZUN0GelkAEHhcFsw2fq Gl1DYHZgjzYImfvejAm+i0/uIBrnBGOCr42fXCS4RQSdICjE58GnI2jPy48qNkRcjw8E uEmNZCpsuS3stJu7bnDvagoAgzlGx7vW2p7PttpyVuoiD6aINRlTwvpCUMJEg5OCCNgb eg== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9udp03nj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:44 +0000 Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJCIOQ014325; Fri, 10 Nov 2023 20:21:43 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3u7w22de83-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:43 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLg2F63570210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:43 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D18A95805D; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8040058057; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 08/14] tests: Address issues raised by shellcheck SC2166 Date: Fri, 10 Nov 2023 15:21:31 -0500 Message-ID: <20231110202137.3978820-9-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: vXWgATNGKmmyn6wGlrGGRLzkcy8PaFxA X-Proofpoint-GUID: vXWgATNGKmmyn6wGlrGGRLzkcy8PaFxA X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=935 malwarescore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 spamscore=0 clxscore=1015 suspectscore=0 adultscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issues raised by shellcheck SC2166: "Prefer [ p ] && [ q ] as [ p -a q ] is not well defined." Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/softhsm_setup | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index c3eeb43..daddd0d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,7 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164 \ + shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/softhsm_setup b/tests/softhsm_setup index 6f8a74e..fc33596 100755 --- a/tests/softhsm_setup +++ b/tests/softhsm_setup @@ -15,7 +15,7 @@ fi MAJOR=$(softhsm2-util -v | cut -d '.' -f1) MINOR=$(softhsm2-util -v | cut -d '.' -f2) -if [ "${MAJOR}" -lt 2 ] || [ "${MAJOR}" -eq 2 -a "${MINOR}" -lt 2 ]; then +if [[ "${MAJOR}" -lt 2 || ( "${MAJOR}" -eq 2 && "${MINOR}" -lt 2 ) ]]; then echo "Need softhsm v2.2.0 or later" exit 77 fi From patchwork Fri Nov 10 20:21:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452762 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B2093B7A5 for ; Fri, 10 Nov 2023 20:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="e6Cck0cH" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 830DD3A99 for ; Fri, 10 Nov 2023 12:21:48 -0800 (PST) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKFISo001086; Fri, 10 Nov 2023 20:21:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=lxFOaKWhNFHhc/tATjy0VzJyvDQ7LPmxBJXDNhQXu/o=; b=e6Cck0cHO6wV8dKhkNCwSiAh0iU9ZOAkriY/1HQLgILaNVtkyzya+bO/jkes5hxSmem1 jeXuBQeKP8maGHvwdZD9cAj2nks0OVqs6RngoeOFy+laXZ9cjZ6zXAcytO4jCgs8wlxf YvtYJw5U8LfsUINwCWtjKI1Tdkt1eb+55nMeBu5w5sRrCwfDvWFmnI3GEWb5aykd5T26 QrILCETEcvtnfqGjv8IY1afYtKntC2rPdimH15a5qKYVmrxCAZDy2XJ7BqApUAPnWebn kaPcojFbOiLTMG1Z6SePvjHXBF9ftbNE7TDkxdwglEKv0eQNiex2n8zv8CW8oozhbZXj 1Q== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9ud586wk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:44 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJ4mJE004176; Fri, 10 Nov 2023 20:21:43 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w21dd4a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:43 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLhbI20775616 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:43 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 44EC958058; Fri, 10 Nov 2023 20:21:43 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E770658057; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:42 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 09/14] tests: Address issues raised by shellcheck SC2294 Date: Fri, 10 Nov 2023 15:21:32 -0500 Message-ID: <20231110202137.3978820-10-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: dSS4XsToxOKqxBv2ABAVpv5aDx-qpk0p X-Proofpoint-ORIG-GUID: dSS4XsToxOKqxBv2ABAVpv5aDx-qpk0p X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 bulkscore=0 mlxlogscore=964 suspectscore=0 clxscore=1015 adultscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 impostorscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issues raised by shellcheck SC2294: "eval negates the benefit of arrays. Drop eval to preserve whitespace/symbols (or eval as string)." Signed-off-by: Stefan Berger --- tests/Makefile.am | 4 +++- tests/gen-keys.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index daddd0d..81f2d27 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,7 +26,9 @@ clean-local: distclean: distclean-keys shellcheck: - shellcheck -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ + shellcheck \ + -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ + -i SC2294 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh index 0b03ba4..c3d5a20 100755 --- a/tests/gen-keys.sh +++ b/tests/gen-keys.sh @@ -21,7 +21,7 @@ type openssl log() { echo >&2 - "$*" - eval "$@" + eval "$*" } if [ "$1" = clean ]; then From patchwork Fri Nov 10 20:21:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452757 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74B1F3B794 for ; Fri, 10 Nov 2023 20:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="J/zqm7nF" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03AEC4205 for ; Fri, 10 Nov 2023 12:21:48 -0800 (PST) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKFKNx001405; Fri, 10 Nov 2023 20:21:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=lkQM59S73WsvR2z0npTIKx1gmb54UcrCVrkdCchj2+o=; b=J/zqm7nFsz3nL4OzNGVhvpye8FtqIOdhjzQZV5DLA1tARPzeQ/1vOOnoiWFwRQoFFVjq eJWrO8DSYvoKeLsFxFs7KNrn2sJCxqCJ5whJ9g/Gcr6gPv5j71/rnSrzlXt898rSNyTQ 0t5wS8r68KY12Wk5gLvURnR6DRkG+r2nrqo2KqyL6WOsVGfTmZtNn908Uqr8pwLFpPYY LrV8uhR9XmoUFKpkmwMlovYVdUXeRrUna6m75RAhgK6UrmgKIQnlwjmnosQoHRH/hd0I TpFIhvQzBhIc+guTSr1WrlProDX0cjiBNBrcVA44QavRB58JYUy8nIHETFPNpXKiz2P4 uw== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9ud586ww-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:45 +0000 Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJDUjt000644; Fri, 10 Nov 2023 20:21:44 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3u7w23ddrk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:44 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLhsF20775618 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:43 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC63658058; Fri, 10 Nov 2023 20:21:43 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5ACC958057; Fri, 10 Nov 2023 20:21:43 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:43 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 10/14] tests: Address issues raised by shellcheck SC2206 Date: Fri, 10 Nov 2023 15:21:33 -0500 Message-ID: <20231110202137.3978820-11-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: i5fJpPwqZkjYK9oKonwIhjVgyqanz8aj X-Proofpoint-ORIG-GUID: i5fJpPwqZkjYK9oKonwIhjVgyqanz8aj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 bulkscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 adultscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 impostorscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issue raised by shellcheck SC2206: "Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a." Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/boot_aggregate.test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 81f2d27..cd3dd89 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -28,7 +28,7 @@ distclean: distclean-keys shellcheck: shellcheck \ -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ - -i SC2294 \ + -i SC2294,SC2206 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test index c7c2b21..c9a8d67 100755 --- a/tests/boot_aggregate.test +++ b/tests/boot_aggregate.test @@ -129,7 +129,7 @@ check() { exit "$SKIP" fi - boot_aggr=( $bootaggr ) + read -r -a boot_aggr <<< "$bootaggr" echo "INFO: Searching for the boot_aggregate in ${ASCII_RUNTIME_MEASUREMENTS}" for hash in "${boot_aggr[@]}"; do From patchwork Fri Nov 10 20:21:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452761 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EECC13B7AD for ; Fri, 10 Nov 2023 20:21:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="QJYYIBqC" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34C92469A for ; Fri, 10 Nov 2023 12:21:49 -0800 (PST) Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKGuqd022765; Fri, 10 Nov 2023 20:21:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=fWNpVsHO/PVuAOL/S0Mm6vQAub1wC+L6XH0/ozRK0U8=; b=QJYYIBqCydzaSpjWAw89Wzdp9Ww/6Q4o/1gQ7alvI8vS5DdhGhxxnVZWOtelCG4hPnn1 x1IvLzT2ZOPAAXAkl73ZB8QA/lJhBwbj8vnmG0aQxez23ZViweqNuUbpK6IHUIRp3tNH R/IlZa6BggFlVFa7sh0J8JyDiEIrWbAMK3uWfFzZ4PXz0ZBf9Jjyzxymy/GuwQMtB6c0 ByaNW+f1Uk/SLQYd2n6s6YqhjtPqMc4dgNXSESM31BJhuKFgCKJ1mBW3gOog3M/IUR1F Dd8puF2n0Alu6LK7oW0DB3sLZtlYFtqpUTIOa/OJUr0bh5yT8cpbS600MQbBtguGhn0t TQ== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9udp03nv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:45 +0000 Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJaawH019286; Fri, 10 Nov 2023 20:21:44 GMT Received: from smtprelay07.dal12v.mail.ibm.com ([172.16.1.9]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w24dcq0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:44 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLiGN48628392 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:44 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1F76758058; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C21A858057; Fri, 10 Nov 2023 20:21:43 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:43 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 11/14] tests: Address issues raised by shellcheck SC2196 Date: Fri, 10 Nov 2023 15:21:34 -0500 Message-ID: <20231110202137.3978820-12-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: JmxtmjY64ddaZopJOtDoRUmMEC_cAtkz X-Proofpoint-GUID: JmxtmjY64ddaZopJOtDoRUmMEC_cAtkz X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=957 malwarescore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 spamscore=0 clxscore=1015 suspectscore=0 adultscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100170 Address issues raised by shellcheck SC2196: "egrep is non-standard and deprecated. Use grep -E instead." Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/functions.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index cd3dd89..5de1dfb 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -28,7 +28,7 @@ distclean: distclean-keys shellcheck: shellcheck \ -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ - -i SC2294,SC2206 \ + -i SC2294,SC2206,SC2196 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/functions.sh b/tests/functions.sh index 66766ba..f56dc52 100755 --- a/tests/functions.sh +++ b/tests/functions.sh @@ -272,7 +272,7 @@ _test_xattr() { local file=$1 attr=$2 prefix=$3 local text_for=${ADD_TEXT_FOR:+ for $ADD_TEXT_FOR} - if ! getfattr -n "$attr" -e hex "$file" | egrep -qx "$attr=$prefix"; then + if ! getfattr -n "$attr" -e hex "$file" | grep -qx -E "$attr=$prefix"; then color_red_on_failure echo "Did not find expected hash$text_for:" echo " $attr=$prefix" From patchwork Fri Nov 10 20:21:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452768 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B65233B785 for ; Fri, 10 Nov 2023 20:23:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="qHTVNVzA" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 400243A82 for ; Fri, 10 Nov 2023 12:23:47 -0800 (PST) Received: from pps.filterd (m0353726.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKGbn8029234; Fri, 10 Nov 2023 20:23:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=chk82VFIjXDl8jB4ID3UpeueuIYNM2C4sWz7glxFCqY=; b=qHTVNVzA8ou6erPXSLC73Cymx0HouExZv5zvdc/hvc6nQxJLJFyhMIVaLXue98MnHdfS ANxHEaiNE9j7pbYJx6w6xR5FVT4hxQbWemI12ccGZdALs+L0LMbpW0IWV/Wm9egvqxFp h+KlLyjlcMuMS4w/S57/aGMWnqnYwr0eTVpKzN04rKfGitItOGTYDOEsRVt3FyU1JFqa uMtwgKyQt1RiBmw+xU26/ukxBY/DAXMGstwAfMXhEc0wK6IfBeF4CtWMU4SlSXfcZLKo sUQPzn63/5KrbKTBn3x4krZ4enev2dqxWWrTan7zvoPrdzYqAdbp+25BxKd28URtUyEx 4w== Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9u000rru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:23:43 +0000 Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJCIOR014325; Fri, 10 Nov 2023 20:21:45 GMT Received: from smtprelay07.dal12v.mail.ibm.com ([172.16.1.9]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3u7w22de87-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:45 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLiq335258752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:44 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 870A658058; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3598B58057; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 12/14] tests: Address issues raised by shellcheck SC2043 Date: Fri, 10 Nov 2023 15:21:35 -0500 Message-ID: <20231110202137.3978820-13-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: S6DYGF2MaoD_Z11h-SJcZ-6z4R5tm9GZ X-Proofpoint-ORIG-GUID: S6DYGF2MaoD_Z11h-SJcZ-6z4R5tm9GZ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 suspectscore=0 mlxscore=0 adultscore=0 priorityscore=1501 spamscore=0 lowpriorityscore=0 mlxlogscore=849 malwarescore=0 clxscore=1015 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues raised by shellcheck SC2043: "This loop will only ever run once for a constant value. Did you perhaps mean to loop over dir/*, $var or $(cmd)? Disable this check in gen-keys.sh to leave the loop alone. Signed-off-by: Stefan Berger --- tests/Makefile.am | 2 +- tests/gen-keys.sh | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 5de1dfb..653e4dd 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -28,7 +28,7 @@ distclean: distclean-keys shellcheck: shellcheck \ -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ - -i SC2294,SC2206,SC2196 \ + -i SC2294,SC2206,SC2196,SC2043 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh index c3d5a20..601ded2 100755 --- a/tests/gen-keys.sh +++ b/tests/gen-keys.sh @@ -15,6 +15,8 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. +# shellcheck disable=SC2043 + cd "$(dirname "$0")" || exit 1 PATH=../src:$PATH type openssl From patchwork Fri Nov 10 20:21:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452760 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B1CB3B798 for ; Fri, 10 Nov 2023 20:21:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="T+zabnXk" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EAEA44B3 for ; Fri, 10 Nov 2023 12:21:49 -0800 (PST) Received: from pps.filterd (m0353728.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJlcvi008892; Fri, 10 Nov 2023 20:21:46 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=YHxiH+11atUrTFieddbFDrugkUOi3YwzCgHZ68+kqYc=; b=T+zabnXkRh6/Mpp+b6XiXlUVEYnj15w8x7eY0urOvVKYT6u7mltvd0SUq2dXvRrKjwdP Its8YBR+Fq3BgpHuZ1dGZSjk1pfixv4MxZ9/OPU0K8xaoBfsHNzEgG2bE+vVlT/n615f iMLeMj/wLEs7OUwo7maVrfIKpxzLOb4zR6Nf+9P6t09cJBrTWRpSQlyxsppSyhuCv1IB Z5CxzvEUKTibonr+EqpckqT79ZdQzFooqEfoL0oYpM146m38uBLFqf5dAfcfPCvkdGMV qBbfAb60bGlg++0j12Q5jRwZiSnn0UVyAKDdr3V2oT6E9yIrsLgEGLJ9wSPz8pGCgvt5 KQ== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9tyy8w1p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:46 +0000 Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJ0Op5003424; Fri, 10 Nov 2023 20:21:45 GMT Received: from smtprelay07.dal12v.mail.ibm.com ([172.16.1.9]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w22dcqn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:45 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLjDt46138008 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:45 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E589158058; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9D07558057; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger Subject: [ima-evm-utils PATCH 13/14] tests: Address issues raised by shellcheck SC2295 Date: Fri, 10 Nov 2023 15:21:36 -0500 Message-ID: <20231110202137.3978820-14-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: VNCN_sRZtnyuCGkZYiuvpdkf95q7vT43 X-Proofpoint-ORIG-GUID: VNCN_sRZtnyuCGkZYiuvpdkf95q7vT43 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 phishscore=0 mlxscore=0 malwarescore=0 suspectscore=0 clxscore=1015 priorityscore=1501 mlxlogscore=929 impostorscore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues raised by shellcheck SC2295: "Expansions inside ${..} need to be quoted separately, otherwise they will match as a pattern." There's not variable digest_type but it's a plain string and therefore treat it as such. Signed-off-by: Stefan Berger Cc: Mimi Zohar --- tests/Makefile.am | 2 +- tests/fsverity.test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 653e4dd..a5ee424 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -28,7 +28,7 @@ distclean: distclean-keys shellcheck: shellcheck \ -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ - -i SC2294,SC2206,SC2196,SC2043 \ + -i SC2294,SC2206,SC2196,SC2043,SC2295 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/fsverity.test b/tests/fsverity.test index e924162..bfb0a5c 100755 --- a/tests/fsverity.test +++ b/tests/fsverity.test @@ -166,7 +166,7 @@ unqualified_bprm_rule() { local rule_match="measure func=BPRM_CHECK" local rule_dontmatch="fsuuid" - if [ -z "${rule##*$digest_type=verity*}" ]; then + if [ -z "${rule##*digest_type=verity*}" ]; then if grep "$rule_match" $IMA_POLICY_FILE | grep -v "$rule_dontmatch" &> /dev/null; then return "$SKIP" fi From patchwork Fri Nov 10 20:21:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 13452769 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 831EC3AC2C for ; Fri, 10 Nov 2023 20:26:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="enWaXVQP" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E04C22D51 for ; Fri, 10 Nov 2023 12:26:13 -0800 (PST) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAKQ2Zl018332; Fri, 10 Nov 2023 20:26:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=YlMj/lub72oGyBL4jGAuS1xTsZRJr+32ugkiMJymiu8=; b=enWaXVQPU9PcWoVEaMlh2m1OUHCHXge7rSnI2CBd63lZ0b1vSm+5nUr0sCC9FGvmouvp QC9pF2rndOhc143i78VF09zbqe/jq4ys9koEWB2urH60VLKlR9E43un7yfvNmyDtN+wr 9qeSvSEs8UsDLG7UvtwaSylEzrPzaufajMZkhscRg6FyW3R1xCkDtBnAP9bXoNryKgiA NTWzo7DvXM9pn2uVuQn+3Kh2To7VIhkLKRirV3ZfL9HKp8Pwm0usnr4pVAIjSDyMW404 mIMHijGgyjZ4Y42m3MjZPIESyls5l1mm52hoho+kCsFtX0gPI5FHUod3693QG8MU6UVl Dg== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u9udwr3s2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:26:04 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAJ2O88004124; Fri, 10 Nov 2023 20:21:46 GMT Received: from smtprelay01.wdc07v.mail.ibm.com ([172.16.1.68]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3u7w21dd4n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2023 20:21:46 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3AAKLjo832375470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 20:21:45 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5A7E558059; Fri, 10 Nov 2023 20:21:45 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0749E58057; Fri, 10 Nov 2023 20:21:45 +0000 (GMT) Received: from sbct-2.pok.ibm.com?044watson.ibm.com (unknown [9.47.158.152]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Nov 2023 20:21:44 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, Stefan Berger , Roberto Sassu Subject: [ima-evm-utils PATCH 14/14] tests: Address issues raised by shellcheck SC2003 Date: Fri, 10 Nov 2023 15:21:37 -0500 Message-ID: <20231110202137.3978820-15-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231110202137.3978820-1-stefanb@linux.ibm.com> References: <20231110202137.3978820-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 9JfzonUnCZid8xEBcVcp1tD0vbUYK8wP X-Proofpoint-GUID: 9JfzonUnCZid8xEBcVcp1tD0vbUYK8wP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_18,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 clxscore=1011 priorityscore=1501 impostorscore=0 bulkscore=0 suspectscore=0 phishscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100171 Address issues detected by shellcheck SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. The following statement in portable_signatures.test causes the issue: expr index "$TST_LIST" "check_evm_revalidate" The man page for expr states: index STRING CHARS index in STRING where any CHARS is found, or 0 The intention is certainly not to find an index of any of the characters in "check_evm_revalidate" in $TST_LIST but to find the word "check_evm_revalidate" in $TST_LIST. Therefore, use grep -w to determine whether the word is there. Signed-off-by: Stefan Berger Cc: Roberto Sassu Reviewed-by: Roberto Sassu --- tests/Makefile.am | 2 -- tests/portable_signatures.test | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index a5ee424..18b134c 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -27,8 +27,6 @@ distclean: distclean-keys shellcheck: shellcheck \ - -i SC2086,SC2181,SC2046,SC2320,SC2317,SC2034,SC2164,SC2166 \ - -i SC2294,SC2206,SC2196,SC2043,SC2295 \ functions.sh gen-keys.sh install-fsverity.sh \ install-mount-idmapped.sh install-openssl3.sh \ install-swtpm.sh install-tss.sh softhsm_setup \ diff --git a/tests/portable_signatures.test b/tests/portable_signatures.test index 5251211..c6e2d99 100755 --- a/tests/portable_signatures.test +++ b/tests/portable_signatures.test @@ -1090,7 +1090,7 @@ if [ $((evm_value & EVM_INIT_X509)) -ne "$EVM_INIT_X509" ] && [ "$TST_EVM_CHANGE echo "$EVM_INIT_X509" > /sys/kernel/security/evm 2> /dev/null fi -if [ "$(expr index "$TST_LIST" "check_evm_revalidate")" -gt 0 ] && [ "$TST_EVM_CHANGE_MODE" -eq 1 ]; then +if echo "$TST_LIST" | grep -q -w check_evm_revalidate && [ "$TST_EVM_CHANGE_MODE" -eq 1 ]; then echo "$EVM_ALLOW_METADATA_WRITES" > /sys/kernel/security/evm 2> /dev/null fi