* [isar-cip-core][PATCH] scripts: Address shellcheck findings
@ 2023-04-05 9:38 Jan Kiszka
2023-04-05 9:41 ` Jan Kiszka
0 siblings, 1 reply; 2+ messages in thread
From: Jan Kiszka @ 2023-04-05 9:38 UTC (permalink / raw)
To: isar-users; +Cc: Quirin Gylstorff, Srinuvasan A
From: Jan Kiszka <jan.kiszka@siemens.com>
Mostly quoting warnings, but also a non-functional stderr>stdout
redirection.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
scripts/deploy-cip-core.sh | 20 ++---
...enerate-sb-db-from-existing-certificate.sh | 16 ++--
scripts/generate_secure_boot_keys.sh | 82 +++++++++----------
scripts/start-efishell.sh | 6 +-
4 files changed, 62 insertions(+), 62 deletions(-)
diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index b185a847..186e88a4 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -4,7 +4,7 @@ set -e
PATH=$PATH:~/.local/bin
-if ! which aws 2>&1 >/dev/null; then
+if ! which aws >/dev/null 2>&1; then
echo "Installing awscli..."
pip3 install wheel
pip3 install awscli
@@ -28,27 +28,27 @@ fi
BASE_PATH=build/tmp/deploy/images/$TARGET/$BASE_FILENAME
S3_TARGET=s3://download2.cip-project.org/cip-core/$REF/$TARGET/
-if [ -f $BASE_PATH.wic ]; then
+if [ -f "${BASE_PATH}.wic" ]; then
echo "Compressing $BASE_FILENAME.wic..."
- xz -9 -k -T0 $BASE_PATH.wic
+ xz -9 -k -T0 "${BASE_PATH}.wic"
echo "Uploading artifacts..."
- aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.xz ${S3_TARGET}
+ aws s3 cp --no-progress --acl public-read "${BASE_PATH}.wic.xz" "${S3_TARGET}"
fi
-if [ -f $BASE_PATH.tar.gz ]; then
+if [ -f "${BASE_PATH}.tar.gz" ]; then
echo "Uploading artifacts..."
- aws s3 cp --no-progress --acl public-read $BASE_PATH.tar.gz ${S3_TARGET}
+ aws s3 cp --no-progress --acl public-read "${BASE_PATH}.tar.gz" "${S3_TARGET}"
fi
KERNEL_IMAGE="$BASE_PATH-vmlinu[xz]"
# iwg20m workaround
-if [ -f build/tmp/deploy/images/$TARGET/zImage ]; then
+if [ -f "build/tmp/deploy/images/$TARGET/zImage" ]; then
KERNEL_IMAGE=build/tmp/deploy/images/$TARGET/zImage
fi
-aws s3 cp --no-progress --acl public-read $KERNEL_IMAGE ${S3_TARGET}
-aws s3 cp --no-progress --acl public-read $BASE_PATH-initrd.img ${S3_TARGET}
+aws s3 cp --no-progress --acl public-read "$KERNEL_IMAGE" "${S3_TARGET}"
+aws s3 cp --no-progress --acl public-read "${BASE_PATH}-initrd.img" "${S3_TARGET}"
if [ "$DTB" != "none" ]; then
- aws s3 cp --no-progress --acl public-read build/tmp/deploy/images/*/$DTB ${S3_TARGET}
+ aws s3 cp --no-progress --acl public-read build/tmp/deploy/images/*/"$DTB" "${S3_TARGET}"
fi
diff --git a/scripts/generate-sb-db-from-existing-certificate.sh b/scripts/generate-sb-db-from-existing-certificate.sh
index ddaf4c95..dddd9b5f 100755
--- a/scripts/generate-sb-db-from-existing-certificate.sh
+++ b/scripts/generate-sb-db-from-existing-certificate.sh
@@ -4,16 +4,16 @@ set -e
name=${SB_NAME:-snakeoil}
keydir=${SB_KEYDIR:-./keys}
-if [ ! -d ${keydir} ]; then
- mkdir -p ${keydir}
+if [ ! -d "${keydir}" ]; then
+ mkdir -p "${keydir}"
fi
inkey=${INKEY:-/usr/share/ovmf/PkKek-1-snakeoil.key}
incert=${INCERT:-/usr/share/ovmf/PkKek-1-snakeoil.pem}
nick_name=${IN_NICK:-snakeoil}
TMP=$(mktemp -d)
-mkdir -p ${keydir}/${name}certdb
-certutil -N --empty-password -d ${keydir}/${name}certdb
-openssl pkcs12 -export -out ${TMP}/foo_key.p12 -inkey $inkey -in $incert -name $nick_name
-pk12util -i ${TMP}/foo_key.p12 -d ${keydir}/${name}certdb
-cp $incert ${keydir}/$(basename $incert)
-rm -rf $TMP
+mkdir -p "${keydir}/${name}certdb"
+certutil -N --empty-password -d "${keydir}/${name}certdb"
+openssl pkcs12 -export -out "${TMP}/foo_key.p12" -inkey "$inkey" -in "$incert" -name "$nick_name"
+pk12util -i "${TMP}/foo_key.p12" -d "${keydir}/${name}certdb"
+cp "$incert" "${keydir}/$(basename "$incert")"
+rm -rf "$TMP"
diff --git a/scripts/generate_secure_boot_keys.sh b/scripts/generate_secure_boot_keys.sh
index 4988a689..8be05695 100755
--- a/scripts/generate_secure_boot_keys.sh
+++ b/scripts/generate_secure_boot_keys.sh
@@ -4,51 +4,51 @@ set -e
name=${SB_NAME:-demo}
keydir=${SB_KEYDIR:-./keys}
-if [ ! -d ${keydir} ]; then
- mkdir -p ${keydir}
+if [ ! -d "${keydir}" ]; then
+ mkdir -p "${keydir}"
fi
openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}PK/" -outform PEM \
- -keyout ${keydir}/${name}PK.key -out ${keydir}/${name}PK.crt -days 3650 -nodes -sha256
+ -keyout "${keydir}/${name}PK.key" -out "${keydir}/${name}PK.crt" -days 3650 -nodes -sha256
openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}KEK/" -outform PEM \
- -keyout ${keydir}/${name}KEK.key -out ${keydir}/${name}KEK.crt -days 3650 -nodes -sha256
+ -keyout "${keydir}/${name}KEK.key" -out "${keydir}/${name}KEK.crt" -days 3650 -nodes -sha256
openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}DB/" -outform PEM \
- -keyout ${keydir}/${name}DB.key -out ${keydir}/${name}DB.crt -days 3650 -nodes -sha256
-openssl x509 -in ${keydir}/${name}PK.crt -out ${keydir}/${name}PK.cer -outform DER
-openssl x509 -in ${keydir}/${name}KEK.crt -out ${keydir}/${name}KEK.cer -outform DER
-openssl x509 -in ${keydir}/${name}DB.crt -out ${keydir}/${name}DB.cer -outform DER
+ -keyout "${keydir}/${name}DB.key" -out "${keydir}/${name}DB.crt" -days 3650 -nodes -sha256
+openssl x509 -in "${keydir}/${name}PK.crt" -out "${keydir}/${name}PK.cer" -outform DER
+openssl x509 -in "${keydir}/${name}KEK.crt" -out "${keydir}/${name}KEK.cer" -outform DER
+openssl x509 -in "${keydir}/${name}DB.crt" -out "${keydir}/${name}DB.cer" -outform DER
-openssl pkcs12 -export -out ${keydir}/${name}DB.p12 \
- -in ${keydir}/${name}DB.crt -inkey ${keydir}/${name}DB.key -passout pass:
+openssl pkcs12 -export -out "${keydir}/${name}DB.p12" \
+ -in "${keydir}/${name}DB.crt" -inkey "${keydir}/${name}DB.key" -passout pass:
GUID=$(uuidgen --random)
-echo $GUID > ${keydir}/${name}GUID
-
-cert-to-efi-sig-list -g $GUID ${keydir}/${name}PK.crt ${keydir}/${name}PK.esl
-cert-to-efi-sig-list -g $GUID ${keydir}/${name}KEK.crt ${keydir}/${name}KEK.esl
-cert-to-efi-sig-list -g $GUID ${keydir}/${name}DB.crt ${keydir}/${name}DB.esl
-rm -f ${keydir}/${name}noPK.esl
-touch ${keydir}/${name}noPK.esl
-
-sign-efi-sig-list -g $GUID \
- -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
- PK ${keydir}/${name}PK.esl ${keydir}/${name}PK.auth
-sign-efi-sig-list -g $GUID \
- -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
- PK ${keydir}/${name}noPK.esl ${keydir}/${name}noPK.auth
-sign-efi-sig-list -g $GUID \
- -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
- KEK ${keydir}/${name}KEK.esl ${keydir}/${name}KEK.auth
-sign-efi-sig-list -g $GUID \
- -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
- DB ${keydir}/${name}DB.esl ${keydir}/${name}DB.auth
-
-chmod 0600 ${keydir}/${name}*.key
-mkdir -p ${keydir}/${name}certdb
-certutil -N --empty-password -d ${keydir}/${name}certdb
-
-certutil -A -n 'PK' -d ${keydir}/${name}certdb -t CT,CT,CT -i ${keydir}/${name}PK.crt
-pk12util -W "" -d ${keydir}/${name}certdb -i ${keydir}/${name}DB.p12
-certutil -d ${keydir}/${name}certdb -A -i ${keydir}/${name}DB.crt -n "" -t u
-
-certutil -d ${keydir}/${name}certdb -K
-certutil -d ${keydir}/${name}certdb -L
+echo "$GUID" > "${keydir}/${name}GUID"
+
+cert-to-efi-sig-list -g "$GUID" "${keydir}/${name}PK.crt" "${keydir}/${name}PK.esl"
+cert-to-efi-sig-list -g "$GUID" "${keydir}/${name}KEK.crt" "${keydir}/${name}KEK.esl"
+cert-to-efi-sig-list -g "$GUID" "${keydir}/${name}DB.crt" "${keydir}/${name}DB.esl"
+rm -f "${keydir}/${name}noPK.esl"
+touch "${keydir}/${name}noPK.esl"
+
+sign-efi-sig-list -g "$GUID" \
+ -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+ PK "${keydir}/${name}PK.esl" "${keydir}/${name}PK.auth"
+sign-efi-sig-list -g "$GUID" \
+ -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+ PK "${keydir}/${name}noPK.esl" "${keydir}/${name}noPK.auth"
+sign-efi-sig-list -g "$GUID" \
+ -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+ KEK "${keydir}/${name}KEK.esl" "${keydir}/${name}KEK.auth"
+sign-efi-sig-list -g "$GUID" \
+ -k "${keydir}/${name}PK.key" -c "${keydir}/${name}PK.crt" \
+ DB "${keydir}/${name}DB.esl" "${keydir}/${name}DB.auth"
+
+chmod 0600 "${keydir}/${name}"*.key
+mkdir -p "${keydir}/${name}certdb"
+certutil -N --empty-password -d "${keydir}/${name}certdb"
+
+certutil -A -n 'PK' -d "${keydir}/${name}certdb" -t CT,CT,CT -i "${keydir}/${name}PK.crt"
+pk12util -W "" -d "${keydir}/${name}certdb" -i "${keydir}/${name}DB.p12"
+certutil -d "${keydir}/${name}certdb" -A -i "${keydir}/${name}DB.crt" -n "" -t u
+
+certutil -d "${keydir}/${name}certdb" -K
+certutil -d "${keydir}/${name}certdb" -L
diff --git a/scripts/start-efishell.sh b/scripts/start-efishell.sh
index cc8dc580..5ec85e07 100755
--- a/scripts/start-efishell.sh
+++ b/scripts/start-efishell.sh
@@ -10,6 +10,6 @@ qemu-system-x86_64 -enable-kvm -M q35 -nographic \
-global ICH9-LPC.disable_s3=1 \
-global isa-fdc.driveA= \
-boot menu=on \
- -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
- -drive if=pflash,format=raw,file=${ovmf_vars} \
- -drive file=fat:rw:$DISK
+ -drive if=pflash,format=raw,unit=0,readonly=on,file="${ovmf_code}" \
+ -drive if=pflash,format=raw,file="${ovmf_vars}" \
+ -drive file=fat:rw:"$DISK"
--
2.35.3
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [isar-cip-core][PATCH] scripts: Address shellcheck findings
2023-04-05 9:38 [isar-cip-core][PATCH] scripts: Address shellcheck findings Jan Kiszka
@ 2023-04-05 9:41 ` Jan Kiszka
0 siblings, 0 replies; 2+ messages in thread
From: Jan Kiszka @ 2023-04-05 9:41 UTC (permalink / raw)
To: isar-users; +Cc: Quirin Gylstorff, Srinuvasan A
On 05.04.23 11:38, 'Jan Kiszka' via isar-users wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
>
> Mostly quoting warnings, but also a non-functional stderr>stdout
> redirection.
>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
Sorry, wrong list once again.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-04-05 9:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-05 9:38 [isar-cip-core][PATCH] scripts: Address shellcheck findings Jan Kiszka
2023-04-05 9:41 ` Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox