Bandie/grub2-signing-extension
1
0
Fork 0
mirror of https://github.com/Bandie/grub2-signing-extension.git synced 2024-04-01 15:51:26 +00:00
Code Issues Projects Releases Wiki Activity

Follow best practices for bash

Browse Source 
- Use native bash math where doing so improves readability.
- Avoid illegal exit status codes (666 in impossible scenario).
- Avoid useless use of cat (`cat foo | bar` vs the more efficient `bar <foo`).
- Avoid needless echo pipelines (`echo foo | bar` vs `bar <<<"$foo"`).
- Never use a for loop to iterate over output from `find`; `for` loops depend
  on string-splitting, which is only available with globbing behavior. See
  http://mywiki.wooledge.org/DontReadLinesWithFor
- Use `read -s` to silence feedback rather than playing around with `stty`.
- Use `tput` to retrieve color codes correct for the current terminal rather
  than assuming a terminal compatible with ANSI color codes.
- Use a expression compatible with BSD `tr` in "passphrase-shredding" code.
  (BTW, I very much doubt that this code actually does any good; it's not a
  reasonable expectation that a new string assigned to a variable will actually
  be placed at the same location in memory).
- Implementations of `echo` which do anything other than print `-e` on output
  when `echo -e` is run are nonconformant with the POSIX spec for echo.
  Similarly, `echo -n` behavior is not defined by the standard. Avoid relying
  on either of these. (See http://pubs.opengroup.org/onlinepubs/009604599/utilities/echo.html,
  particularly the APPLICATION USAGE section).
- Always quote expansions to prevent string-splitting and glob-expansion
  (`"$i"`, not `$i`).
- Avoid `some_command; if [ $? -eq 0 ]; then` when `if some_command; then` can
  be used instead.
This commit is contained in:
Charles Duffy
2015-12-30 15:32:46 -06:00
parent cc5618ac7f
commit cc43d546b2
3 changed files with 50 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sbin/grub2-unsign Normal file → Executable file
View File

@ -5,14 +5,11 @@
# Licence: GNU-GPLv3
# Check if something is wrong
grub2-verify
if [ $? -eq 1 ]
then
echo -e "grub2-verify has detected a one or more bad signatures.\nPlease check for malicious software before you're unsigning everything!"
if ! grub2-verify; then
printf '%s\n' "grub2-verify has detected a one or more bad signatures." "Please check for malicious software before you're unsigning everything!" >&2
exit 1
fi
# Then remove the signatures.
find /boot -name '*.sig' -exec rm -- '{}' +