From 22a80629b4bbcef02eb8fe3611ea44e253ef4c61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renaud=20M=C3=A9trich?= Date: Thu, 6 Jan 2022 19:50:28 +0100 Subject: [PATCH] fix(dracut): be more robust when using 'set -u' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From bash manpage, FUNCNAME exists only inside functions. When in debug mode, make sure to use an empty default value as FUNCNAME[0] when outside of functions. With bash4 this wasn't an issue, but is with bash5 with hardening option 'set -u' used, as shown in the example below: Incorrect: $ bash -u -c 'echo -n ${FUNCNAME[0]}' bash: line 1: FUNCNAME[0]: unbound variable $ Correct: $ bash -u -c 'echo -n ${FUNCNAME[0]-}' $ This hardening enables sourcing dracut-lib.sh from external utilities executing in the initramfs such as clevis-luks-askpass, which uses hardening option 'set -u' internally. (see Clevis PR https://github.com/latchset/clevis/pull/340) Signed-off-by: Renaud Métrich --- dracut.sh | 2 +- modules.d/99base/dracut-lib.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dracut.sh b/dracut.sh index 58d51d71..0d67c9d4 100755 --- a/dracut.sh +++ b/dracut.sh @@ -882,7 +882,7 @@ unset GREP_OPTIONS export DRACUT_LOG_LEVEL=warning [[ $debug ]] && { export DRACUT_LOG_LEVEL=debug - export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): ' + export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): ' set -x } diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh index 591b97c6..43b023e1 100755 --- a/modules.d/99base/dracut-lib.sh +++ b/modules.d/99base/dracut-lib.sh @@ -392,7 +392,7 @@ setdebug() { if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then RD_DEBUG=yes [ -n "$BASH" ] \ - && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): ' + && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): ' fi fi export RD_DEBUG