Root hash: Allow configuring from unset defaults

Allow configuring the root hash feature when the variables are not set initially. This worked on Librem boards because the boards all have defaults for these variables, but didn't work when those defaults were not present. Fix set_config function to put quotes around an added variable's value. Change load_config_value function to default to empty, so it can be used with non-boolean variables. None of the existing callers cared about the 'n' default (boolean variables should always be tested ="y" or !="y" anyway). Use load_config_value in config-gui.sh for boot device and the root hash parameters, so unset defaults do not cause a failure. Improve the prompts so the "current value" text only appears if there is a current value. Use set_config instead of replace_config so the variables will be added if needed. Prevent enabling the root hash feature if it hasn't been configured yet. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-12-18 20:47:55 +00:00 · 2023-06-30 09:50:10 -04:00 · 2023-06-30 09:50:10 -04:00 · 33c2cfb9b1
commit 33c2cfb9b1
parent 861529cf69
2 changed files with 31 additions and 23 deletions
--- a/initrd/bin/config-gui.sh
+++ b/initrd/bin/config-gui.sh
@ -94,7 +94,7 @@ while true; do
      exit 0
    ;;
    "b" )
-      CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
+      CURRENT_OPTION="$(load_config_value CONFIG_BOOT_DEV)"
      if ! fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt ; then
        whiptail $BG_COLOR_ERROR --title 'ERROR: No bootable devices found' \
          --msgbox "    $ERROR\n\n" 16 60
@ -112,7 +112,7 @@ while true; do
        fi
      done
      file_selector "/tmp/boot_device_list.txt" \
-          "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." \
+          "Choose the default /boot device.\n\n${CURRENT_OPTION:+\n\nCurrently set to }$CURRENT_OPTION." \
          "Boot Device Selection"
      if [ "$FILE" == "" ]; then
        return
@ -132,7 +132,7 @@ while true; do
        exit 1
      fi

-      replace_config /etc/config.user "CONFIG_BOOT_DEV" "$SELECTED_FILE"
+      set_config /etc/config.user "CONFIG_BOOT_DEV" "$SELECTED_FILE"
      combine_configs

      whiptail --title 'Config change successful' \
@ -187,7 +187,7 @@ while true; do
      fi
    ;;
    "R" )
-      CURRENT_OPTION=`grep 'CONFIG_ROOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
+      CURRENT_OPTION="$(load_config_value CONFIG_ROOT_DEV)"
      fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt
      # filter out extraneous options
      > /tmp/root_device_list.txt
@ -201,25 +201,30 @@ while true; do
        fi
      done
      file_selector "/tmp/root_device_list.txt" \
-          "Choose the default root device.\n\nCurrently set to $CURRENT_OPTION." \
+          "Choose the default root device.${CURRENT_OPTION:+\n\nCurrently set to }$CURRENT_OPTION." \
          "Root Device Selection"
      if [ "$FILE" == "" ]; then
-        return
+        break
      else
        SELECTED_FILE=$FILE
      fi

-      replace_config /etc/config.user "CONFIG_ROOT_DEV" "$SELECTED_FILE"
+      set_config /etc/config.user "CONFIG_ROOT_DEV" "$SELECTED_FILE"
      combine_configs

      whiptail --title 'Config change successful' \
        --msgbox "The root device was successfully changed to $SELECTED_FILE" 16 60
    ;;
    "D" )
-      CURRENT_OPTION=`grep 'CONFIG_ROOT_DIRLIST=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
-      
-      echo "The current list of directories to hash is $CURRENT_OPTION"
-      echo -e "\nEnter the new list of directories separated by spaces, without any beginning forward slashes:"
+      CURRENT_OPTION="$(load_config_value CONFIG_ROOT_DIRLIST)"
+
+      # Separate from prior prompt history on the terminal with two blanks
+      echo -e "\n"
+
+      if [ -n "$CURRENT_OPTION" ]; then
+        echo -e "The current list of directories to hash is $CURRENT_OPTION"
+      fi
+      echo -e "Enter the new list of directories separated by spaces, without any beginning forward slashes:"
      echo -e "(Press enter with the list empty to cancel)"
      read -r NEW_CONFIG_ROOT_DIRLIST

@ -227,28 +232,32 @@ while true; do
      NEW_CONFIG_ROOT_DIRLIST=$(echo $NEW_CONFIG_ROOT_DIRLIST | sed -e 's/^\///;s/ \// /g')

      #check if list empty
-      if [ -s $NEW_CONFIG_ROOT_DIRLIST ] ; then
+      if [ -z "$NEW_CONFIG_ROOT_DIRLIST" ] ; then
        whiptail --title 'Config change canceled' \
        --msgbox "Root device directory change canceled by user" 16 60
        break
      fi

-      replace_config /etc/config.user "CONFIG_ROOT_DIRLIST" "$NEW_CONFIG_ROOT_DIRLIST"
+      set_config /etc/config.user "CONFIG_ROOT_DIRLIST" "$NEW_CONFIG_ROOT_DIRLIST"
      combine_configs

      whiptail --title 'Config change successful' \
        --msgbox "The root directories to hash was successfully changed to:\n$NEW_CONFIG_ROOT_DIRLIST" 16 60
    ;;
    "B" )
-      CURRENT_OPTION=`grep 'CONFIG_ROOT_CHECK_AT_BOOT=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
-      if [ "$CURRENT_OPTION" = "n" ]; then
-        if (whiptail --title 'Enable Root Hash Check at Boot?' \
+      CURRENT_OPTION="$(load_config_value CONFIG_ROOT_CHECK_AT_BOOT)"
+      if [ "$CURRENT_OPTION" != "y" ]; then
+        # Root device and directories must be set to enable this
+        if [ -z "$(load_config_value CONFIG_ROOT_DEV)" ] || [ -z "$(load_config_value CONFIG_ROOT_DIRLIST)" ]; then
+          whiptail $BG_COLOR_ERROR --title 'Root Check Not Configured' \
+            --msgbox "Set the root device and directories to hash before enabling this feature." 16 60
+        elif (whiptail --title 'Enable Root Hash Check at Boot?' \
             --yesno "This will enable checking root hashes each time you boot.
                    \nDepending on the directories you are checking, this might add
                    \na minute or more to the boot time.
                    \n\nDo you want to proceed?" 0 80) then

-          replace_config /etc/config.user "CONFIG_ROOT_CHECK_AT_BOOT" "y"
+          set_config /etc/config.user "CONFIG_ROOT_CHECK_AT_BOOT" "y"
          combine_configs

          # check that root hash file exists
@ -269,7 +278,7 @@ while true; do
             --yesno "This will disable checking root hashes each time you boot.
                    \n\nDo you want to proceed?" 0 80) then

-          replace_config /etc/config.user "CONFIG_ROOT_CHECK_AT_BOOT" "n"
+          set_config /etc/config.user "CONFIG_ROOT_CHECK_AT_BOOT" "n"
          combine_configs

          whiptail --title 'Config change successful' \
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@ -324,7 +324,7 @@ set_config() {
 	if grep -q "$CONFIG_OPTION" "$CONFIG_FILE"; then
 		replace_config "$CONFIG_FILE" "$CONFIG_OPTION" "$NEW_SETTING"
 	else
-		echo "export $CONFIG_OPTION=$NEW_SETTING" >>"$CONFIG_FILE"
+		echo "export $CONFIG_OPTION=\"$NEW_SETTING\"" >>"$CONFIG_FILE"
 	fi
 }

@ -339,14 +339,13 @@ set_user_config() {
 	. /tmp/config
 }

-# Load a config value to a variable, defaulting to 'n'
+# Load a config value to a variable, defaulting to empty.  Does not fail if the
+# config is not set (since it would expand to empty by default).
 load_config_value()
 {
  local config_name="$1"
-  if grep -q "$config_name" /tmp/config; then
+  if grep -q "$config_name=" /tmp/config; then
    grep "$config_name=" /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'
-  else
-    echo n
  fi
 }