@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086 \
+ shellcheck -i SC2086,SC2181 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
@@ -47,8 +47,7 @@ swtpm_start() {
fi
if [ -n "${swtpm}" ]; then
- pgrep swtpm
- if [ $? -eq 0 ]; then
+ if pgrep swtpm; then
echo "INFO: Software TPM (swtpm) already running"
return 114
else
@@ -60,8 +59,7 @@ swtpm_start() {
elif [ -n "${tpm_server}" ]; then
# tpm_server uses the Microsoft simulator encapsulated packet format
export TPM_SERVER_TYPE="mssim"
- pgrep tpm_server
- if [ $? -eq 0 ]; then
+ if pgrep tpm_server; then
echo "INFO: Software TPM (tpm_server) already running"
return 114
else
@@ -81,16 +79,13 @@ swtpm_init() {
fi
echo "INFO: Sending software TPM startup"
- "${TSSDIR}/tssstartup"
- if [ $? -ne 0 ]; then
+ if ! "${TSSDIR}/tssstartup"; then
echo "INFO: Retry sending software TPM startup"
sleep 1
- "${TSSDIR}/tssstartup"
- fi
-
- if [ $? -ne 0 ]; then
- echo "INFO: Software TPM startup failed"
- return "$SKIP"
+ if ! "${TSSDIR}/tssstartup"; then
+ echo "INFO: Software TPM startup failed"
+ return "$SKIP"
+ fi
fi
echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM"
@@ -129,8 +124,7 @@ check() {
local options=$1
echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"
- bootaggr=$(evmctl ima_boot_aggregate "${options}")
- if [ $? -ne 0 ]; then
+ if ! bootaggr=$(evmctl ima_boot_aggregate "${options}"); then
echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"
exit "$SKIP"
fi
@@ -368,8 +368,7 @@ _softhsm_setup() {
mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}"
- msg=$(./softhsm_setup setup 2>&1)
- if [ $? -eq 0 ]; then
+ if msg=$(./softhsm_setup setup 2>&1); then
echo "softhsm_setup setup succeeded: $msg"
PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p')
@@ -33,8 +33,8 @@ check() {
# unless it's negative test, then pass to evmctl
cmd="openssl dgst $OPENSSL_ENGINE -$alg $file"
echo - "$cmd"
- hash=$(set -o pipefail; $cmd 2>/dev/null | cut -d' ' -f2)
- if [ $? -ne 0 ] && _test_expected_to_pass; then
+ if ! hash=$(set -o pipefail; $cmd 2>/dev/null | cut -d' ' -f2) \
+ && _test_expected_to_pass; then
echo "${CYAN}$alg test is skipped$NORM"
rm "$file"
return "$SKIP"
@@ -185,8 +185,7 @@ check_sign() {
# Insert keyid from cert into PREFIX in-place of marker `:K:'
if [[ $PREFIX =~ :K: ]]; then
- keyid=$(_keyid_from_cert "$key")
- if [ $? -ne 0 ]; then
+ if ! keyid=$(_keyid_from_cert "$key"); then
color_red
echo "Unable to determine keyid for $key"
color_restore
@@ -30,8 +30,7 @@ UNAME_S="$(uname -s)"
case "${UNAME_S}" in
Darwin)
- msg=$(sudo -v -n)
- if [ $? -ne 0 ]; then
+ if ! msg=$(sudo -v -n); then
echo "Need password-less sudo rights on OS X to change /etc/gnutls/pkcs11.conf"
exit 1
fi
@@ -113,18 +112,16 @@ slots.removable = false
_EOF_
fi
- msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}" | tail -n1)
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}" | tail -n1); then
echo "Could not list existing tokens"
echo "$msg"
fi
tokenuri=$(echo "$msg" | sed -n 's/.*URL: \([[:print:]*]\)/\1/p')
if [ -z "$tokenuri" ]; then
- msg=$(softhsm2-util \
+ if ! msg=$(softhsm2-util \
--init-token --pin "${PIN}" --so-pin "${SO_PIN}" \
- --free --label "${NAME}" 2>&1)
- if [ $? -ne 0 ]; then
+ --free --label "${NAME}" 2>&1); then
echo "Could not initialize token"
echo "$msg"
return 2
@@ -143,9 +140,8 @@ _EOF_
fi
fi
- msg=$(p11tool --list-tokens 2>&1 | \
- grep "token=${NAME}" | tail -n1)
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-tokens 2>&1 | \
+ grep "token=${NAME}" | tail -n1); then
echo "Could not list existing tokens"
echo "$msg"
fi
@@ -156,15 +152,13 @@ _EOF_
fi
# more recent versions of p11tool have --generate-privkey ...
- msg=$(GNUTLS_PIN=$PIN p11tool \
+ if ! msg=$(GNUTLS_PIN=$PIN p11tool \
--generate-privkey=rsa --bits 2048 --label mykey --login \
- "${tokenuri}" 2>&1)
- if [ $? -ne 0 ]; then
+ "${tokenuri}" 2>&1); then
# ... older versions have --generate-rsa
- msg=$(GNUTLS_PIN=$PIN p11tool \
+ if ! msg=$(GNUTLS_PIN=$PIN p11tool \
--generate-rsa --bits 2048 --label mykey --login \
- "${tokenuri}" 2>&1)
- if [ $? -ne 0 ]; then
+ "${tokenuri}" 2>&1); then
echo "Could not create RSA key!"
echo "$msg"
return 5
@@ -184,8 +178,7 @@ _EOF_
_getkeyuri_softhsm() {
local msg tokenuri keyuri
- msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}")
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-tokens 2>&1 | grep "token=${NAME}"); then
echo "Could not list existing tokens"
echo "$msg"
return 5
@@ -196,8 +189,7 @@ _getkeyuri_softhsm() {
echo "$msg"
return 6
fi
- msg=$(p11tool --list-all "${tokenuri}" 2>&1)
- if [ $? -ne 0 ]; then
+ if ! msg=$(p11tool --list-all "${tokenuri}" 2>&1); then
echo "Could not list object under token $tokenuri"
echo "$msg"
softhsm2-util --show-slots
Address issues raised by shellcheck SC2181: "Check exit code directly with e.g. if mycmd;, not indirectly with $?." The general replacement patterns to fix this issue are: Old: <cmd> if [ $? -eq 0 ]; then ... New: if <cmd>; then ... Old: <cmd> if [ $? -ne 0 ]; then ... New: if ! <cmd>; then ... Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- tests/Makefile.am | 2 +- tests/boot_aggregate.test | 22 ++++++++-------------- tests/functions.sh | 3 +-- tests/ima_hash.test | 4 ++-- tests/sign_verify.test | 3 +-- tests/softhsm_setup | 32 ++++++++++++-------------------- 6 files changed, 25 insertions(+), 41 deletions(-)