From 5a47c01b11a7fc25f7fae0685d288a78220b954a Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Sun, 27 Aug 2023 09:25:50 +0100 Subject: scripts: put quotes around file/directory names Signed-off-by: Leah Rowe --- resources/scripts/update/blobs/download | 39 +++++++++++++++--------------- resources/scripts/update/blobs/extract | 17 +++++++------ resources/scripts/update/blobs/inject | 42 ++++++++++++++++----------------- resources/scripts/update/blobs/mrc | 26 ++++++++++---------- 4 files changed, 62 insertions(+), 62 deletions(-) (limited to 'resources/scripts/update/blobs') diff --git a/resources/scripts/update/blobs/download b/resources/scripts/update/blobs/download index 422f0b3c..13a4c29d 100755 --- a/resources/scripts/update/blobs/download +++ b/resources/scripts/update/blobs/download @@ -79,7 +79,7 @@ main() detect_firmware() { set -- "${boarddir}/config/"* - . ${1} 2>/dev/null + . "${1}" . "${boarddir}/target.cfg" [ "${CONFIG_HAVE_MRC}" = "y" ] && needs="${needs} MRC" @@ -94,7 +94,7 @@ detect_firmware() [ -z ${needs+x} ] && \ printf "No binary blobs needed for this board\n" && \ return 1 - printf "Firmware needed for board '%s':\n%s\n" ${board} ${needs} + printf "Firmware needed for board '%s':\n%s\n" "${board}" "${needs}" } scan_sources_config() @@ -167,8 +167,8 @@ build_dependencies() [ -f uefitool/uefiextract ] || \ ./build src for -b uefitool || \ err "build_dependencies: can't build uefitool" - if [ ! -f ${cbdir}/util/kbc1126/kbc1126_ec_dump ]; then - make -BC ${cbdir}/util/kbc1126 || \ + if [ ! -f "${cbdir}/util/kbc1126/kbc1126_ec_dump" ]; then + make -BC "${cbdir}/util/kbc1126" || \ err "build_dependencies: can't build kbc1126_ec_dump" fi } @@ -210,7 +210,7 @@ extract_blob_intel_me() _me_destination=${CONFIG_ME_BIN_PATH#../../} [ -d "${_me_destination%/*}" ] || \ - mkdir -p ${_me_destination%/*} || \ + mkdir -p "${_me_destination%/*}" || \ err "extract_blob_intel_me: mkdir ${_me_destination%/*}" [ ! -d "${appdir}" ] || \ rm -Rf "${appdir}" || \ @@ -222,8 +222,8 @@ extract_blob_intel_me() printf "Extracting and stripping Intel ME firmware\n" - innoextract ${dl_path} -d ${appdir} || \ - 7z x ${dl_path} -o${appdir} || \ + innoextract "${dl_path}" -d "${appdir}" || \ + 7z x "${dl_path}" -o"${appdir}" || \ unar "${dl_path}" -o "${appdir}" || \ err "extract_blob_intel_me: could not extract vendor update" @@ -265,11 +265,11 @@ bruteforce_extract_blob_intel_me() && break # (we found me.bin) "${mecleaner}" -r -t -O "${_me_destination}" "${i}" \ && break # (we found me.bin) - "${me7updateparser}" -O ${_me_destination} "${i}" \ + "${me7updateparser}" -O "${_me_destination}" "${i}" \ && break # (we found me.bin) _7ztest="${_7ztest}a" - 7z x "${i}" -o${_7ztest} \ - || innoextract "${i}" -d "${_7ztest}" \ + 7z x "${i}" -o"${_7ztest}" \ + || innoextract "${i}" -d "${_7ztest}" \ || unar "${i}" -o "${_7ztest}" \ || continue bruteforce_extract_blob_intel_me "${_me_destination}" \ @@ -368,10 +368,10 @@ extract_e6400vga() return 0 fi [ -d "${_vga_destination%/*}" ] || \ - mkdir -p ${_vga_destination%/*} || \ + mkdir -p "${_vga_destination%/*}" || \ err "extract_e6400vga: can't mkdir ${_vga_destination%/*}" [ ! -d "${appdir}" ] || \ - rm -Rf ${appdir} || \ + rm -Rf "${appdir}" || \ err "extract_e6400vga: can't rm -Rf ${appdir}" mkdir -p "${appdir}" || \ @@ -482,18 +482,18 @@ fetch_update() [ -z "${dl_url+x}" ] && [ "${fw_type}" != "e6400vga" ] && \ err "fetch_update ${fw_type}: dl_url unspecified for: ${board}" - dl_path=${blobdir}/cache/${dlsum} - mkdir -p ${blobdir}/cache || err "fetch_update: !mkdir ${blobdir}/cache" + dl_path="${blobdir}/cache/${dlsum}" + mkdir -p "${blobdir}/cache" || err "fetch_update: !mkdir ${blobdir}/cache" dl_fail="y" - vendor_checksum ${dlsum} && dl_fail="n" + vendor_checksum "${dlsum}" && dl_fail="n" for x in "${dl}" "${dl_bkup}"; do [ "${dl_fail}" = "n" ] && break [ -z "${x}" ] && continue rm -f "${dl_path}" || \ err "fetch_update ${fw_type}: !rm -f ${dl_path}" - wget -U "${agent}" ${x} -O ${dl_path} || continue - vendor_checksum ${dlsum} && dl_fail="n" + wget -U "${agent}" "${x}" -O "${dl_path}" || continue + vendor_checksum "${dlsum}" && dl_fail="n" done if [ "${dl_fail}" = "y" ]; then printf "ERROR: invalid vendor updates for: %s\n" "${board}" 1>&2 @@ -504,10 +504,11 @@ fetch_update() vendor_checksum() { if [ ! -f "${dl_path}" ]; then - printf "Vendor update not found on disk for: %s\n" ${board} 1>&2 + printf "Vendor update not found on disk for: %s\n" "${board}" \ + 1>&2 return 1 elif [ "$(sha1sum ${dl_path} | awk '{print $1}')" != "${1}" ]; then - printf "Bad checksum on vendor update for: %s\n" ${board} 1>&2 + printf "Bad checksum on vendor update for: %s\n" "${board}" 1>&2 return 1 fi } diff --git a/resources/scripts/update/blobs/extract b/resources/scripts/update/blobs/extract index b6b3af3b..fa76dfb5 100755 --- a/resources/scripts/update/blobs/extract +++ b/resources/scripts/update/blobs/extract @@ -88,28 +88,27 @@ extract_blobs() # Cleans up other files extracted with ifdtool rm -f flashregion*.bin || err "extract_blobs: !rm -f flashregion*.bin" - [ -f ${_ifd_destination} ] || err "extract_blobs: Could not extract IFD" - printf "gbe, ifd, and me extracted to %s\n" \ - "${_me_destination%/*}" + [ -f "${_ifd_destination}" ] || err "extract_blobs: Cannot extract IFD" + printf "gbe, ifd, and me extracted to %s\n" "${_me_destination%/*}" } extract_blob_intel_me() { printf "extracting clean ime and modified ifd\n" - ${mecleaner} -D ${_ifd_destination} \ - -M ${_me_destination} ${vendor_rom} -t -r -S || \ - ${me7updateparser} \ - -O ${_me_destination} ${vendor_rom} || \ + "${mecleaner}" -D "${_ifd_destination}" \ + -M "${_me_destination}" "${vendor_rom}" -t -r -S || \ + "${me7updateparser}" \ + -O "${_me_destination}" "${vendor_rom}" || \ err "extract_blob_intel_me: cannot extract from vendor rom" } extract_blob_intel_gbe_nvm() { printf "extracting gigabit ethernet firmware" - ./${ifdtool} -x ${vendor_rom} || \ + ./"${ifdtool}" -x "${vendor_rom}" || \ err "extract_blob_intel_gbe_nvm: cannot extract gbe.bin from rom" - mv flashregion*gbe.bin ${_gbe_destination} || \ + mv flashregion*gbe.bin "${_gbe_destination}" || \ err "extract_blob_intel_gbe_nvm: cannot move gbe.bin" } diff --git a/resources/scripts/update/blobs/inject b/resources/scripts/update/blobs/inject index 4ab0c366..3cdf38c6 100755 --- a/resources/scripts/update/blobs/inject +++ b/resources/scripts/update/blobs/inject @@ -72,7 +72,7 @@ main() check_board() { - if ! check_release ${archive} ; then + if ! check_release "${archive}" ; then [ -f "${rom}" ] || \ err "check_board: \"${rom}\" is not a valid path" [ -z ${rom+x} ] && \ @@ -102,7 +102,7 @@ check_release() # It will only succeed if the filename is not changed from the build/download detect_board() { - path=${1} + path="${1}" filename=$(basename ${path}) case ${filename} in grub_*) @@ -146,20 +146,20 @@ patch_release_roms() tar xf "${releasearchive}" -C "${_tmpdir}" || \ err "patch_release_roms: could not extract release archive" - for x in ${_tmpdir}/bin/*/*.rom ; do + for x in "${_tmpdir}"/bin/*/*.rom ; do echo "patching rom $x" - patch_rom ${x} || err "patch_release_roms: could not patch ${x}" + patch_rom "${x}" || err "patch_release_roms: could not patch ${x}" done ( - cd ${_tmpdir}/bin/* + cd "${_tmpdir}"/bin/* sha1sum --status -c blobhashes || \ err "patch_release_roms: ROMs did not match expected hashes" ) if [ "${modifygbe}" = "true" ]; then - for x in ${_tmpdir}/bin/*/*.rom ; do - modify_gbe ${x} + for x in "${_tmpdir}"/bin/*/*.rom ; do + modify_gbe "${x}" done fi @@ -203,7 +203,7 @@ patch_rom() [ "${CONFIG_SMSC_SCH5545_EC_FW_FILE}" != "" ] && \ inject_blob_smsc_sch5545_ec "${rom}" [ "${modifygbe}" = "true" ] && ! [ "${release}" = "true" ] && \ - modify_gbe ${rom} + modify_gbe "${rom}" printf "ROM image successfully patched: %s\n" "${rom}" } @@ -232,7 +232,7 @@ inject_blob_intel_mrc() # source code, and it is *always* correct for haswell platform. # TODO: this logic should be tweaked to handle more platforms - ${cbfstool} ${rom} add -f mrc/haswell/mrc.bin -n mrc.bin -t mrc \ + "${cbfstool}" "${rom}" add -f mrc/haswell/mrc.bin -n mrc.bin -t mrc \ -b 0xfffa0000 || err "inject_blob_intel_mrc: cannot insert mrc.bin" } @@ -248,7 +248,7 @@ inject_blob_intel_me() [ ! -f "${_me_location}" ] && \ err "inject_blob_intel_me: per CONFIG_ME_BIN_PATH: file missing" - ${ifdtool} -i me:${_me_location} ${rom} -O ${rom} || \ + "${ifdtool}" -i me:"${_me_location}" "${rom}" -O "${rom}" || \ err "inject_blob_intel_me: cannot insert me.bin" } @@ -273,10 +273,10 @@ inject_blob_hp_kbc1126_ec() err "inject_blob_hp_kbc1126_ec: ${board}: ecfw not downloaded" fi - ${cbfstool} "${rom}" add -f ${_ec1_location} -n ecfw1.bin \ + "${cbfstool}" "${rom}" add -f "${_ec1_location}" -n ecfw1.bin \ -b ${_ec1_offset} -t raw || \ err "inject_blob_hp_kbc1126_ec: cannot insert ecfw1.bin" - ${cbfstool} "${rom}" add -f ${_ec2_location} -n ecfw2.bin \ + "${cbfstool}" "${rom}" add -f "${_ec2_location}" -n ecfw2.bin \ -b ${_ec2_offset} -t raw || \ err "inject_blob_hp_kbc1126_ec: cannot insert ecfw2.bin" } @@ -298,7 +298,7 @@ inject_blob_dell_e6400_vgarom_nvidia() err "inject_blob_dell_e6400vga: ${_vga_location} doesn't exist" fi - ${cbfstool} ${rom} add -f "${_vga_location}" \ + "${cbfstool}" "${rom}" add -f "${_vga_location}" \ -n "pci${CONFIG_VGA_BIOS_ID}.rom" -t optionrom || \ err "inject_blob_dell_e6400vga: cannot insert vga oprom" } @@ -322,7 +322,7 @@ modify_gbe() { printf "changing mac address in gbe to ${new_mac}\n" - rom=${1} + rom="${1}" [ -z ${CONFIG_GBE_BIN_PATH} ] && \ err "modify_gbe: ${board}: CONFIG_GBE_BIN_PATH not set" @@ -331,27 +331,27 @@ modify_gbe() [ -f "${_gbe_location}" ] || \ err "modify_gbe: CONFIG_GBE_BIN_PATH points to missing file" - [ -f ${nvmutil} ] || \ + [ -f "${nvmutil}" ] || \ make -C util/nvmutil || err "modify_gbe: couldn't build nvmutil" _gbe_tmp=$(mktemp -t gbeXXXX.bin) - cp ${_gbe_location} ${_gbe_tmp} - ${nvmutil} "${_gbe_tmp}" setmac "${new_mac}" || \ + cp "${_gbe_location}" "${_gbe_tmp}" + "${nvmutil}" "${_gbe_tmp}" setmac "${new_mac}" || \ err "modify_gbe: ${board}: failed to modify mac address" - ${ifdtool} -i GbE:${_gbe_tmp} "${rom}" -O "${rom}" || \ + "${ifdtool}" -i GbE:"${_gbe_tmp}" "${rom}" -O "${rom}" || \ err "modify_gbe: ${board}: cannot insert modified gbe.bin" - rm -f ${_gbe_tmp} + rm -f "${_gbe_tmp}" } listboards() { - for boarddir in ${cbcfgsdir}/*; do + for boarddir in "${cbcfgsdir}"/*; do [ -d "${boarddir}" ] || continue board="${boarddir##${cbcfgsdir}/}" board="${board%/}" - printf '%s\n' "${board##*/}" + printf "%s\n" "${board##*/}" done } diff --git a/resources/scripts/update/blobs/mrc b/resources/scripts/update/blobs/mrc index 74899990..c069e678 100755 --- a/resources/scripts/update/blobs/mrc +++ b/resources/scripts/update/blobs/mrc @@ -60,10 +60,10 @@ main() check_existing() { - [ -f ${_mrc_complete} ] || \ + [ -f "${_mrc_complete}" ] || \ return 0 printf 'found existing mrc.bin\n' - [ "$(sha1sum ${_mrc_complete} | awk '{print $1}')" \ + [ "$(sha1sum "${_mrc_complete}" | awk '{print $1}')" \ = "${_mrc_complete_hash}" ] && \ return 1 printf 'hashes did not match, starting over\n' @@ -84,18 +84,18 @@ fetch_mrc() ( cd mrc/haswell/ || err "fetch_mrc: !cd mrc/haswell" - download_image ${_url} ${_file} ${_sha1sum} + download_image "${_url}" "${_file}" "${_sha1sum}" [ -f ${_file} ] || \ - download_image ${_url2} ${_file} ${_sha1sum} + download_image "${_url2}" "${_file}" "${_sha1sum}" [ -f $_file ] || \ err "fetch_mrc: ${_file} not downloaded / verification failed." - extract_partition ROOT-A ${_file} root-a.ext2 + extract_partition ROOT-A "${_file}" root-a.ext2 extract_shellball root-a.ext2 chromeos-firmwareupdate-${_board} extract_coreboot chromeos-firmwareupdate-${_board} - ../../${cbfstool} coreboot-*.bin extract -f mrc.bin -n mrc.bin \ + ../../"${cbfstool}" coreboot-*.bin extract -f mrc.bin -n mrc.bin \ -r RO_SECTION || err "fetch_mrc: could not fetch mrc.bin" rm -f "chromeos-firmwareupdate-${_board}" coreboot-*.bin \ "${_file}" "root-a.ext2" || err "fetch_mrc: cannot remove files" @@ -113,7 +113,7 @@ download_image() printf "Downloading recovery image\n" curl "$url" > "$_file.zip" || err "download_image: curl failed" printf "Verifying recovery image checksum\n" - if [ "$(sha1sum ${_file}.zip | awk '{print $1}')" = "${_sha1sum}" ] + if [ "$(sha1sum "${_file}.zip" | awk '{print $1}')" = "${_sha1sum}" ] then unzip -q "${_file}.zip" || err "download_image: cannot unzip" rm -f "${_file}.zip" || err "download_image: can't rm zip {1}" @@ -132,12 +132,12 @@ extract_partition() printf "Extracting ROOT-A partition\n" ROOTP=$( printf "unit\nB\nprint\nquit\n" | \ - parted ${FILE} 2>/dev/null | grep ${NAME} ) + parted "${FILE}" 2>/dev/null | grep "${NAME}" ) START=$(( $( echo ${ROOTP} | cut -f2 -d\ | tr -d "B" ) )) SIZE=$(( $( echo ${ROOTP} | cut -f4 -d\ | tr -d "B" ) )) - dd if=${FILE} of=${ROOTFS} bs=${_bs} skip=$(( ${START} / ${_bs} )) \ + dd if="${FILE}" of="${ROOTFS}" bs=${_bs} skip=$(( ${START} / ${_bs} )) \ count=$(( ${SIZE} / ${_bs} )) || \ err "extract_partition: can't extract root file system" } @@ -149,7 +149,7 @@ extract_shellball() printf "Extracting chromeos-firmwareupdate\n" printf "cd /usr/sbin\ndump chromeos-firmwareupdate ${SHELLBALL}\nquit" \ - | debugfs ${ROOTFS} || err "extract_shellball: debugfs" + | debugfs "${ROOTFS}" || err "extract_shellball: debugfs" } extract_coreboot() @@ -162,7 +162,7 @@ extract_coreboot() [ -f "${_shellball}" ] || \ err "extract_coreboot: shellball missing in google peppy image" - sh ${_shellball} --unpack ${_unpacked} || \ + sh "${_shellball}" --unpack "${_unpacked}" || \ err "extract_coreboot: shellball exits with non-zero status" # TODO: audit the f* out of that shellball, for each mrc version. @@ -172,10 +172,10 @@ extract_coreboot() [ -f "${_unpacked}/VERSION" ] || \ err "extract_coreboot: VERSION file missing on google coreboot rom" - _version=$( cat ${_unpacked}/VERSION | grep BIOS\ version: | \ + _version=$( cat "${_unpacked}/VERSION" | grep BIOS\ version: | \ cut -f2 -d: | tr -d \ ) - cp ${_unpacked}/bios.bin coreboot-${_version}.bin || \ + cp "${_unpacked}/bios.bin" "coreboot-${_version}.bin" || \ err "extract_coreboot: cannot copy google peppy rom" rm -Rf "${_unpacked}" || \ err "extract_coreboot: cannot remove extracted google peppy archive" -- cgit v1.2.1