diff options
| author | Mike Frysinger <vapier@chromium.org> | 2012-08-24 14:28:50 -0400 |
|---|---|---|
| committer | Gerrit <chrome-bot@google.com> | 2012-08-24 13:26:03 -0700 |
| commit | 16de2c7baeead3e0d9a566e89c7c50bcaab0edfe (patch) | |
| tree | b69bb115db956d7f86dbf5e302918c5a7cc978ae | |
| parent | 513be212d9ee71dfb6efe1c8d3ff49a9f8eaf4ee (diff) | |
| download | vboot-16de2c7baeead3e0d9a566e89c7c50bcaab0edfe.tar.gz | |
signer scripts: break kernel parameters on spaces rather than word boundaries
The current kernel parameter parsing logic uses word boundaries (\b) to
keep from replacing parameters inside of other parameters (like "level=1"
mangling "loglevel=1" into "log"), but this fails when the last character
isn't a "word" character. e.g. "\bconsole=\b" doesn't match "console=".
Change the \b to a space. Since we're already using spaces as our split
marker, this shouldn't be a problem.
BRANCH=None
BUG=chrome-os-partner:12780
BUG=chromium-os:33868
TEST=ran `ensure_secure_kernelparams.sh` on an image with 'console=' and saw it work
Change-Id: Id69250179ea76aabfed9cd21c1c59483d78a215d
Reviewed-on: https://gerrit.chromium.org/gerrit/31356
Reviewed-by: David McMahon <djmm@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
| -rwxr-xr-x | scripts/image_signing/ensure_secure_kernelparams.sh | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh index 1eb4364b..e0e49b90 100755 --- a/scripts/image_signing/ensure_secure_kernelparams.sh +++ b/scripts/image_signing/ensure_secure_kernelparams.sh @@ -130,8 +130,12 @@ main() { echo "Expected: ${required_dmparams[@]}" fi + # A byte that should not appear in the command line to use as a sed + # marker when doing regular expression replacements. + M=$'\001' + # Ensure all other required params are present. - for param in ${required_kparams[@]}; do + for param in "${required_kparams[@]}"; do if [[ "$kparams_nodm" != *$param* ]]; then echo "Kernel parameters missing required value: $param" testfail=1 @@ -139,25 +143,29 @@ main() { # Remove matched params as we go. If all goes well, kparams_nodm # will be nothing left but whitespace by the end. param=$(escape_regexmetas "$param") - kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") + kparams_nodm=$(echo " ${kparams_nodm} " | + sed "s${M} ${param} ${M} ${M}") fi done # Check-off each of the allowed-but-optional params that were present. - for param in ${optional_kparams[@]}; do + for param in "${optional_kparams[@]}"; do param=$(escape_regexmetas "$param") - kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") + kparams_nodm=$(echo " ${kparams_nodm} " | + sed "s${M} ${param} ${M} ${M}") done # Check-off each of the allowed-but-optional params that were present. - for param in ${optional_kparams_regex[@]}; do - kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") + for param in "${optional_kparams_regex[@]}"; do + kparams_nodm=$(echo " ${kparams_nodm} " | + sed "s${M} ${param} ${M} ${M}") done # This section enforces the default-deny for any unexpected params # not already processed by one of the above loops. if [[ ! -z ${kparams_nodm// /} ]]; then - echo "Unexpected kernel parameters found: $kparams_nodm" + echo "Unexpected kernel parameters found:" + echo " $(echo "${kparams_nodm}" | sed -r 's: +: :g')" testfail=1 fi |