ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-18 02:39:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

oem-factory-reset: remove duplicates and add proper error redirection to file

Browse Source 
- Trace calls need to happen after sourcing /etc/functions not before
- Move sourcing of external files at beginning of file, remove /etc/functions sourcing duplicate
- gpg error redirection was sent to /dev/null where expected to be added to whiptail in case of error (2>&1 instead and redirection to file)
This commit is contained in:
Thierry Laurion 2023-03-28 15:51:45 -04:00
parent b48b9edcbc
commit 65b81e6702
No known key found for this signature in database
GPG Key ID: E7B4A71658E36A93
1 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
initrd/bin/oem-factory-reset
View File

@ -1,10 +1,14 @@
#!/bin/bash #!/bin/bash
# Automated setup of TPM, GPG keys, and disk # Automated setup of TPM, GPG keys, and disk
TRACE "Under /bin/oem-factory-reset"
set -o pipefail set -o pipefail
## External files sourced
. /etc/functions . /etc/functions
. /etc/luks-functions
. /tmp/config
TRACE "Under /bin/oem-factory-reset"
# use TERM to exit on error # use TERM to exit on error
trap "exit 1" TERM trap "exit 1" TERM
@ -39,12 +43,6 @@ GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
GPG_USER_COMMENT="OEM-generated key" GPG_USER_COMMENT="OEM-generated key"
SKIP_BOOT="n" SKIP_BOOT="n"
## External files sourced
. /etc/functions
. /etc/luks-functions
. /tmp/config
## functions ## functions
die() { die() {
@ -81,7 +79,7 @@ gpg_key_reset()
echo y echo y
echo yes echo yes
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \ } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null > /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output` ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key factory reset failed!\n\n$ERROR" whiptail_error_die "GPG Key factory reset failed!\n\n$ERROR"
@ -97,7 +95,7 @@ gpg_key_reset()
echo forcesig echo forcesig
echo ${ADMIN_PIN_DEF} echo ${ADMIN_PIN_DEF}
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \ } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null > /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output` ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key forcesig toggle on failed!\n\n$ERROR" whiptail_error_die "GPG Key forcesig toggle on failed!\n\n$ERROR"
@ -117,7 +115,7 @@ gpg_key_reset()
echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH
echo ${ADMIN_PIN_DEF} echo ${ADMIN_PIN_DEF}
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \ } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null > /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output` ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed." whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed."
@ -135,7 +133,7 @@ gpg_key_reset()
echo ${GPG_USER_MAIL} echo ${GPG_USER_MAIL}
echo ${GPG_USER_COMMENT} echo ${GPG_USER_COMMENT}
} | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \ } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null > /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output` ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR" whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR"
@ -159,7 +157,7 @@ gpg_key_change_pin()
echo q echo q
echo q echo q
} | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \ } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null > /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output | fold -s` ERROR=`cat /tmp/gpg_card_edit_output | fold -s`
whiptail_error_die "GPG Key PIN change failed!\n\n$ERROR" whiptail_error_die "GPG Key PIN change failed!\n\n$ERROR"