diff options
| author | hlein <hlein@korelogic.com> | 2017-03-07 22:23:08 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-07 22:23:08 +0300 |
| commit | e054e9757c3fdc0ac794e18fa7ed9e04c11b1de1 (patch) | |
| tree | e14365959cb0e18b3bfc70404dc51b827123237c /extras | |
| parent | 7e915df1ee898dae2f7ba86aa0dd09cabdd63261 (diff) | |
Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
Diffstat (limited to 'extras')
| -rwxr-xr-x | extras/build-lynis.sh | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/extras/build-lynis.sh b/extras/build-lynis.sh index 409b3c80..748bb1e2 100755 --- a/extras/build-lynis.sh +++ b/extras/build-lynis.sh @@ -112,9 +112,9 @@ NEEDED_DIRS="debbuild rpmbuild rpmbuild/BUILD rpmbuild/BUILDROOT rpmbuild/RPMS rpmbuild/SOURCES rpmbuild/SRPMS" for I in ${NEEDED_DIRS}; do if [ ! -d "${MYBUILDDIR}/${I}" ]; then - echo "[X] Missing directory: ${MYBUILDDIR}/${I}" - echo " Hint: create subdirs with cd ${MYBUILDDIR} && mkdir -p ${NEEDED_DIRS}" - ExitFatal + echo "[X] Missing directory: ${MYBUILDDIR}/${I}" + echo " Hint: create subdirs with cd ${MYBUILDDIR} && mkdir -p ${NEEDED_DIRS}" + ExitFatal fi done @@ -128,20 +128,20 @@ GITBUILDPACKAGEBINARY=$(which git-buildpackage) if [ ! "${GITBUILDPACKAGEBINARY}" = "" ]; then - echo "[=] git-buildpackage = ${GITBUILDPACKAGEBINARY}" - else - echo "[X] Can not find git-buildpackage binary" - echo " Hint: install git-buildpackage" - ExitFatal + echo "[=] git-buildpackage = ${GITBUILDPACKAGEBINARY}" + else + echo "[X] Can not find git-buildpackage binary" + echo " Hint: install git-buildpackage" + ExitFatal fi RPMBUILDBINARY=$(which rpmbuild) if [ ! "${RPMBUILDBINARY}" = "" ]; then - echo "[=] rpmbuild = ${RPMBUILDBINARY}" - else - echo "[X] Can not find rpmbuild binary" - echo " Hint: install rpmbuild" - ExitFatal + echo "[=] rpmbuild = ${RPMBUILDBINARY}" + else + echo "[X] Can not find rpmbuild binary" + echo " Hint: install rpmbuild" + ExitFatal fi @@ -195,10 +195,10 @@ else tar -C ${MYWORKDIR} --exclude=debian --exclude=README.md --exclude=.bzr* --exclude=.git* -c -z -f ${TARBALL} lynis 2> /dev/null if [ -f ${TARBALL} ]; then - echo "[V] Tarball created" - else - echo "[X] Tarball ${TARBALL} could not be created" - ExitFatal + echo "[V] Tarball created" + else + echo "[X] Tarball ${TARBALL} could not be created" + ExitFatal fi fi @@ -215,8 +215,8 @@ VERSION_IN_SPECFILE=$(awk '/^Version:/ { print $2 }' lynis.spec) echo "[=] Found version ${VERSION_IN_SPECFILE}" if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then - echo "[X] Version in specfile is outdated" - ExitFatal + echo "[X] Version in specfile is outdated" + ExitFatal fi echo "[*] Start RPM building" #${RPMBUILDBINARY} --quiet -ba -bl lynis.spec 2> /dev/null |