diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml index 5f0a5abdccd..50c0aa61895 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -27,7 +27,7 @@ jobs: - name: Store PR number in file run: | mkdir -p ./${{ env.PULL_REQUEST_METADATA_DIR }} - echo ${{ github.event.number }} > ./${{ env.PULL_REQUEST_METADATA_DIR }}/${{ env.PULL_REQUEST_METADATA_FILE }} + echo ${{ github.event.number }} >./${{ env.PULL_REQUEST_METADATA_DIR }}/${{ env.PULL_REQUEST_METADATA_FILE }} - name: Upload Pull Request Metadata artifact uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index b0d32bd136b..1ceaee1f8d1 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -28,14 +28,14 @@ create_container() { # enable source repositories so that apt-get build-dep works sudo lxc-attach -n "$CONTAINER" -- sh -ex <> /etc/apt/sources.list.d/sources.list +sed 's/^deb/deb-src/' /etc/apt/sources.list >>/etc/apt/sources.list.d/sources.list # We might attach the console too soon while ! systemctl --quiet --wait is-system-running; do sleep 1; done # Manpages database trigger takes a lot of time and is not useful in a CI echo 'man-db man-db/auto-update boolean false' | debconf-set-selections # Speed up dpkg, image is thrown away after the test mkdir -p /etc/dpkg/dpkg.cfg.d/ -echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/unsafe_io +echo 'force-unsafe-io' >/etc/dpkg/dpkg.cfg.d/unsafe_io # For some reason, it is necessary to run this manually or the interface won't be configured # Note that we avoid networkd, as some of the tests will break it later on dhclient @@ -74,7 +74,7 @@ for phase in "${PHASES[@]}"; do # craft changelog UPSTREAM_VER="$(git describe | sed 's/^v//;s/-/./g')" - cat << EOF > debian/changelog.new + cat <debian/changelog.new systemd (${UPSTREAM_VER}.0) UNRELEASED; urgency=low * Automatic build for upstream test @@ -92,7 +92,7 @@ EOF # enable more unit tests sed -i '/^CONFFLAGS =/ s/=/= --werror -Dtests=unsafe -Dsplit-usr=true -Dslow-tests=true -Dfuzz-tests=true -Dman=true /' debian/rules # no orig tarball - echo '1.0' > debian/source/format + echo '1.0' >debian/source/format # build source package dpkg-buildpackage -S -I -I"$(basename "$CACHE_DIR")" -d -us -uc -nc diff --git a/docs/HACKING.md b/docs/HACKING.md index 96133683f1d..2ce7dea05dc 100644 --- a/docs/HACKING.md +++ b/docs/HACKING.md @@ -206,7 +206,7 @@ achieve this, create a script with the following contents in systemd's project d ```sh #!/usr/bin/env sh -tee mkosi-clangd.build > /dev/null << EOF +tee mkosi-clangd.build >/dev/null <> /etc/crypttab' +sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >>/etc/crypttab' diff --git a/man/loader.conf.xml b/man/loader.conf.xml index 22f4644d9e8..c6cc4ffe37f 100644 --- a/man/loader.conf.xml +++ b/man/loader.conf.xml @@ -285,17 +285,17 @@ for key in MicWinProPCA2011_2011-10-19.crt MicCorUEFCA2011_2011-06-27.crt MicCor done # Optionally add Microsoft Windows Production CA 2011 (needed to boot into Windows). -cat MicWinProPCA2011_2011-10-19.esl >> db.esl +cat MicWinProPCA2011_2011-10-19.esl >>db.esl # Optionally add Microsoft Corporation UEFI CA 2011 for firmware drivers / option ROMs # and third-party boot loaders (including shim). This is highly recommended on real # hardware as not including this may soft-brick your device (see next paragraph). -cat MicCorUEFCA2011_2011-06-27.esl >> db.esl +cat MicCorUEFCA2011_2011-06-27.esl >>db.esl # Optionally add Microsoft Corporation KEK CA 2011. Recommended if either of the # Microsoft keys is used as the official UEFI revocation database is signed with this # key. The revocation database can be updated with fwupdmgr1. -cat MicCorKEKCA2011_2011-06-24.esl >> KEK.esl +cat MicCorKEKCA2011_2011-06-24.esl >>KEK.esl attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS sbvarsign --attr ${attr} --key PK.key --cert PK.crt --output PK.auth PK PK.esl diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml index 49d78ee7fcc..b16ee09ceec 100644 --- a/man/systemd-creds.xml +++ b/man/systemd-creds.xml @@ -436,7 +436,7 @@ SetCredentialEncrypted=mysql-password: \ xyz.service: # mkdir -p /etc/systemd/system/xyz.service.d -# systemd-ask-password -n | systemd-creds encrypt --name=mysql-password -p - - > /etc/systemd/system/xyz.service.d/50-password.conf +# systemd-ask-password -n | systemd-creds encrypt --name=mysql-password -p - - >/etc/systemd/system/xyz.service.d/50-password.conf # systemctl daemon-reload # systemctl restart xyz.service diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml index 3b014b47b88..6549aa92c85 100644 --- a/man/systemd-dissect.xml +++ b/man/systemd-dissect.xml @@ -366,7 +366,7 @@ Generate a tarball from an OS disk image - $ systemd-dissect --with foo.raw tar cz . > foo.tar.gz + $ systemd-dissect --with foo.raw tar cz . >foo.tar.gz diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml index 6c53d61d545..05966f264fb 100644 --- a/man/systemd-measure.xml +++ b/man/systemd-measure.xml @@ -240,7 +240,7 @@ --bank=sha1 \ --bank=sha256 \ --private-key=tpm2-pcr-private.pem \ - --public-key=tpm2-pcr-public.pem > tpm2-pcr-signature.json + --public-key=tpm2-pcr-public.pem >tpm2-pcr-signature.json # ukify --output foo.efi \ --os-release @os-release.txt \ --cmdline @cmdline.txt \ diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 0c91d61d763..cd9e50d5b89 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -289,7 +289,7 @@ to the service processes as-is. If the service runs with different privileges than systemd-run, this means the service might not be able to re-open the passed file descriptors, due to normal file descriptor access restrictions. If the invoked process is a shell script that - uses the echo "hello" > /dev/stderr construct for writing messages to stderr, this might + uses the echo "hello" >/dev/stderr construct for writing messages to stderr, this might cause problems, as this only works if stderr can be re-opened. To mitigate this use the construct echo "hello" >&2 instead, which is mostly equivalent and avoids this pitfall. diff --git a/man/tpm2-crypttab.sh b/man/tpm2-crypttab.sh index d109eb40cdf..c2c7405b266 100644 --- a/man/tpm2-crypttab.sh +++ b/man/tpm2-crypttab.sh @@ -9,4 +9,4 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=a # If that worked, let's now add the same line persistently to /etc/crypttab, # for the future. -sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >> /etc/crypttab' +sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >>/etc/crypttab' diff --git a/man/yubikey-crypttab.sh b/man/yubikey-crypttab.sh index ce9c2917c5c..d74dfa5cc29 100644 --- a/man/yubikey-crypttab.sh +++ b/man/yubikey-crypttab.sh @@ -25,4 +25,4 @@ sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=au # If that worked, let's now add the same line persistently to /etc/crypttab, # for the future. -sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >> /etc/crypttab' +sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >>/etc/crypttab' diff --git a/src/udev/generate-keyboard-keys-gperf.sh b/src/udev/generate-keyboard-keys-gperf.sh index 1db4cbe47de..9f4364c1725 100755 --- a/src/udev/generate-keyboard-keys-gperf.sh +++ b/src/udev/generate-keyboard-keys-gperf.sh @@ -17,4 +17,4 @@ _Pragma(\"GCC diagnostic ignored \\\"-Wimplicit-fallthrough\\\"\")\n\ /^KEY_/ { print tolower(substr($1 ,5)) ", " $1 } { print tolower($1) ", " $1 } -' < "${1:?}" +' <"${1:?}" diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh index b81b811654f..87ffaea4539 100755 --- a/test/TEST-24-CRYPTSETUP/test.sh +++ b/test/TEST-24-CRYPTSETUP/test.sh @@ -69,7 +69,7 @@ EOF # Forward journal messages to the console, so we have something # to investigate even if we fail to mount the encrypted /var - echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" + echo ForwardToConsole=yes >>"$initdir/etc/systemd/journald.conf" # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt # support diff --git a/test/TEST-77-OPENFILE/test.sh b/test/TEST-77-OPENFILE/test.sh index e4349997a0a..92afa4c716a 100755 --- a/test/TEST-77-OPENFILE/test.sh +++ b/test/TEST-77-OPENFILE/test.sh @@ -9,8 +9,8 @@ TEST_DESCRIPTION="Openfile tests" test_append_files() { local workspace="${1:?}" - echo "Open" > "$workspace/test-77-open.dat" - echo "File" > "$workspace/test-77-file.dat" + echo "Open" >"$workspace/test-77-open.dat" + echo "File" >"$workspace/test-77-file.dat" } do_test "$@" diff --git a/test/mkosi.build.networkd-test b/test/mkosi.build.networkd-test index ea97d012fa4..25c935ed611 100755 --- a/test/mkosi.build.networkd-test +++ b/test/mkosi.build.networkd-test @@ -9,7 +9,7 @@ mkdir -p "$DESTDIR"/usr/local/bin cp "$SRCDIR"/test/networkd-test.py "$DESTDIR"/usr/local/bin/networkd-test.py mkdir -p "$DESTDIR"/etc/systemd/system -cat > "$DESTDIR"/etc/systemd/system/networkd-test.service <"$DESTDIR"/etc/systemd/system/networkd-test.service <> {self.output_file}" + ExecStart=/bin/bash -c "echo foo >>{self.output_file}" ''' self.unit_files[InstallChange.NO_CHANGE] = unit_file_content unit_file_content = f''' [Service] Type=oneshot - ExecStart=/bin/bash -c "echo foo >> {self.output_file}" + ExecStart=/bin/bash -c "echo foo >>{self.output_file}" ExecStart=/bin/sleep 3 ''' self.unit_files[InstallChange.LINES_SWAPPED] = unit_file_content @@ -51,9 +51,9 @@ class ExecutionResumeTest(unittest.TestCase): unit_file_content = f''' [Service] Type=oneshot - ExecStart=/bin/bash -c "echo bar >> {self.output_file}" + ExecStart=/bin/bash -c "echo bar >>{self.output_file}" ExecStart=/bin/sleep 3 - ExecStart=/bin/bash -c "echo foo >> {self.output_file}" + ExecStart=/bin/bash -c "echo foo >>{self.output_file}" ''' self.unit_files[InstallChange.COMMAND_ADDED_BEFORE] = unit_file_content @@ -61,26 +61,26 @@ class ExecutionResumeTest(unittest.TestCase): [Service] Type=oneshot ExecStart=/bin/sleep 3 - ExecStart=/bin/bash -c "echo foo >> {self.output_file}" - ExecStart=/bin/bash -c "echo bar >> {self.output_file}" + ExecStart=/bin/bash -c "echo foo >>{self.output_file}" + ExecStart=/bin/bash -c "echo bar >>{self.output_file}" ''' self.unit_files[InstallChange.COMMAND_ADDED_AFTER] = unit_file_content unit_file_content = f''' [Service] Type=oneshot - ExecStart=/bin/bash -c "echo baz >> {self.output_file}" + ExecStart=/bin/bash -c "echo baz >>{self.output_file}" ExecStart=/bin/sleep 3 - ExecStart=/bin/bash -c "echo foo >> {self.output_file}" - ExecStart=/bin/bash -c "echo bar >> {self.output_file}" + ExecStart=/bin/bash -c "echo foo >>{self.output_file}" + ExecStart=/bin/bash -c "echo bar >>{self.output_file}" ''' self.unit_files[InstallChange.COMMAND_INTERLEAVED] = unit_file_content unit_file_content = f''' [Service] Type=oneshot - ExecStart=/bin/bash -c "echo bar >> {self.output_file}" - ExecStart=/bin/bash -c "echo baz >> {self.output_file}" + ExecStart=/bin/bash -c "echo bar >>{self.output_file}" + ExecStart=/bin/bash -c "echo baz >>{self.output_file}" ''' self.unit_files[InstallChange.REMOVAL] = unit_file_content diff --git a/test/test-execute/exec-standardinput-data.service b/test/test-execute/exec-standardinput-data.service index 83db6098c02..838fea7d047 100644 --- a/test/test-execute/exec-standardinput-data.service +++ b/test/test-execute/exec-standardinput-data.service @@ -3,7 +3,7 @@ Description=Test for StandardInputText= and StandardInputData= [Service] -ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); echo -e "this is a test\nand this is more\nsomething encoded!\nsomething in multiple lines\nand some more\nand a more bas64 data\nsomething with strange\nembedded\tcharacters\nand something with a exec-stdin-data.service specifier" > $d/text ; cmp $d/text ; rm -rf $d' +ExecStart=/bin/sh -x -c 'd=$$(mktemp -d -p /tmp); echo -e "this is a test\nand this is more\nsomething encoded!\nsomething in multiple lines\nand some more\nand a more bas64 data\nsomething with strange\nembedded\tcharacters\nand something with a exec-stdin-data.service specifier" >$d/text ; cmp $d/text ; rm -rf $d' Type=oneshot StandardInput=data StandardInputText=this is a test diff --git a/test/test-functions b/test/test-functions index c4c192885e6..d60a9bfedd1 100644 --- a/test/test-functions +++ b/test/test-functions @@ -691,7 +691,7 @@ EOF #!/bin/bash set -e test -e /usr/lib/os-release -echo bar > \${STATE_DIRECTORY}/foo +echo bar >\${STATE_DIRECTORY}/foo cat /usr/lib/extension-release.d/extension-release.app0 EOF chmod +x "$initdir/opt/script0.sh" @@ -717,7 +717,7 @@ EOF #!/bin/bash set -e test -e /usr/lib/os-release -echo baz > \${STATE_DIRECTORY}/foo +echo baz >\${STATE_DIRECTORY}/foo cat /usr/lib/extension-release.d/extension-release.app2 EOF chmod +x "$initdir/opt/script1.sh" diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh index ee84447d90f..2d438e27484 100755 --- a/test/units/testsuite-26.sh +++ b/test/units/testsuite-26.sh @@ -53,11 +53,11 @@ echo "disable $UNIT_NAME" >/run/systemd/system-preset/99-systemd-test.preset EDITOR='true' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null [ ! -e "/etc/systemd/system/$UNIT_NAME.d/override.conf" ] -printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' > "+4" +printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' >"+4" EDITOR='mv' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override.conf" -printf '%b' '[Service]\n' 'ExecStart=\n' 'ExecStart=sleep 10d' > "+4" +printf '%b' '[Service]\n' 'ExecStart=\n' 'ExecStart=sleep 10d' >"+4" EDITOR='mv' script -ec 'systemctl edit "$UNIT_NAME"' /dev/null printf '%s\n' '[Service]' 'ExecStart=' 'ExecStart=sleep 10d' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override.conf" diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 717a7ee3d0d..343fd9eb221 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -163,7 +163,7 @@ mount /usr/share/minimal_0.raw /tmp/rootdir # Fix up os-release to drop the valid PORTABLE_SERVICES field (because we are # bypassing the sysext logic in portabled here it will otherwise not see the # extensions additional valid prefix) -grep -v "^PORTABLE_PREFIXES=" /tmp/rootdir/etc/os-release > /tmp/os-release-fix/etc/os-release +grep -v "^PORTABLE_PREFIXES=" /tmp/rootdir/etc/os-release >/tmp/os-release-fix/etc/os-release mount -t overlay overlay -o lowerdir=/tmp/os-release-fix:/tmp/app1:/tmp/rootdir /tmp/overlay diff --git a/test/units/testsuite-41.sh b/test/units/testsuite-41.sh index 13bc684c2d1..a82258821f4 100755 --- a/test/units/testsuite-41.sh +++ b/test/units/testsuite-41.sh @@ -31,7 +31,7 @@ systemd-run --unit=two \ -p StartLimitBurst=3 \ -p Type=oneshot \ -p Restart=on-failure \ - -p ExecStart="/bin/bash -c \"printf a >> $TMP_FILE\"" /bin/bash -c "exit 1" \ + -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1" \ && { echo 'unexpected success'; exit 1; } # wait for at least 3 restarts diff --git a/test/units/testsuite-43.sh b/test/units/testsuite-43.sh index fec936e999b..40b94fdb486 100755 --- a/test/units/testsuite-43.sh +++ b/test/units/testsuite-43.sh @@ -106,7 +106,7 @@ runas testuser systemd-run --wait --user --unit=test-clock \ runas testuser systemd-run --wait --user --unit=test-kernel-tunable \ -p PrivateUsers=yes -p ProtectKernelTunables=yes \ - sh -c "echo 0 > /proc/sys/user/max_user_namespaces" \ + sh -c "echo 0 >/proc/sys/user/max_user_namespaces" \ && { echo 'unexpected success'; exit 1; } runas testuser systemd-run --wait --user --unit=test-kernel-mod \ diff --git a/test/units/testsuite-45.sh b/test/units/testsuite-45.sh index 24e888c5879..ebc6c7c1444 100755 --- a/test/units/testsuite-45.sh +++ b/test/units/testsuite-45.sh @@ -86,7 +86,7 @@ LOCAL" check_adjtime_not_exist echo 'UTC set in adjtime file' - printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime + printf '0.0 0 0\n0\nUTC\n' >/etc/adjtime timedatectl set-local-rtc 0 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 @@ -97,7 +97,7 @@ UTC" LOCAL" echo 'non-zero values in adjtime file' - printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime + printf '0.1 123 0\n0\nLOCAL\n' >/etc/adjtime timedatectl set-local-rtc 0 assert_eq "$(cat /etc/adjtime)" "0.1 123 0 0 @@ -108,7 +108,7 @@ UTC" LOCAL" echo 'fourth line adjtime file' - printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime + printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' >/etc/adjtime timedatectl set-local-rtc 0 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 @@ -121,60 +121,60 @@ LOCAL somethingelse" echo 'no final newline in adjtime file' - printf '0.0 0 0\n0\nUTC' > /etc/adjtime + printf '0.0 0 0\n0\nUTC' >/etc/adjtime timedatectl set-local-rtc 0 check_adjtime_not_exist - printf '0.0 0 0\n0\nUTC' > /etc/adjtime + printf '0.0 0 0\n0\nUTC' >/etc/adjtime timedatectl set-local-rtc 1 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 LOCAL" echo 'only one line in adjtime file' - printf '0.0 0 0\n' > /etc/adjtime + printf '0.0 0 0\n' >/etc/adjtime timedatectl set-local-rtc 0 check_adjtime_not_exist - printf '0.0 0 0\n' > /etc/adjtime + printf '0.0 0 0\n' >/etc/adjtime timedatectl set-local-rtc 1 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 LOCAL" echo 'only one line in adjtime file, no final newline' - printf '0.0 0 0' > /etc/adjtime + printf '0.0 0 0' >/etc/adjtime timedatectl set-local-rtc 0 check_adjtime_not_exist - printf '0.0 0 0' > /etc/adjtime + printf '0.0 0 0' >/etc/adjtime timedatectl set-local-rtc 1 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 LOCAL" echo 'only two lines in adjtime file' - printf '0.0 0 0\n0\n' > /etc/adjtime + printf '0.0 0 0\n0\n' >/etc/adjtime timedatectl set-local-rtc 0 check_adjtime_not_exist - printf '0.0 0 0\n0\n' > /etc/adjtime + printf '0.0 0 0\n0\n' >/etc/adjtime timedatectl set-local-rtc 1 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 LOCAL" echo 'only two lines in adjtime file, no final newline' - printf '0.0 0 0\n0' > /etc/adjtime + printf '0.0 0 0\n0' >/etc/adjtime timedatectl set-local-rtc 0 check_adjtime_not_exist - printf '0.0 0 0\n0' > /etc/adjtime + printf '0.0 0 0\n0' >/etc/adjtime timedatectl set-local-rtc 1 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 LOCAL" echo 'unknown value in 3rd line of adjtime file' - printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime + printf '0.0 0 0\n0\nFOO\n' >/etc/adjtime timedatectl set-local-rtc 0 check_adjtime_not_exist - printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime + printf '0.0 0 0\n0\nFOO\n' >/etc/adjtime timedatectl set-local-rtc 1 assert_eq "$(cat /etc/adjtime)" "0.0 0 0 0 diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index 088e5677277..a0723057394 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -158,7 +158,7 @@ if systemctl --version | grep -q -- +OPENSSL ; then fi HAVE_OPENSSL=1 # Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents - cat >> "${image}.openssl.cnf" <>"${image}.openssl.cnf" < "${image}.verity-sig" + echo '{"rootHash":"'"${roothash}"'","signature":"'"$(base64 -w 0 <"${image}.roothash.p7s")"'"}' >"${image}.verity-sig" # Pad it truncate -s "${signature_size}" "${image}.verity-sig" # Register certificate in the (userspace) verity key ring @@ -418,7 +418,7 @@ rm /var/lib/extensions/app-nodistro.raw mkdir -p /run/machines /run/portables /run/extensions touch /run/machines/a.raw /run/portables/b.raw /run/extensions/c.raw -systemd-dissect --discover --json=short > /tmp/discover.json +systemd-dissect --discover --json=short >/tmp/discover.json grep -q -F '{"name":"a","type":"raw","class":"machine","ro":false,"path":"/run/machines/a.raw"' /tmp/discover.json grep -q -F '{"name":"b","type":"raw","class":"portable","ro":false,"path":"/run/portables/b.raw"' /tmp/discover.json grep -q -F '{"name":"c","type":"raw","class":"extension","ro":false,"path":"/run/extensions/c.raw"' /tmp/discover.json diff --git a/test/units/testsuite-54.sh b/test/units/testsuite-54.sh index dc0c5f554f1..dd7e28392d2 100755 --- a/test/units/testsuite-54.sh +++ b/test/units/testsuite-54.sh @@ -17,7 +17,7 @@ systemd-run -p LoadCredential=passwd:/etc/passwd \ rm /tmp/ts54-concat # Test that SetCredential= acts as fallback for LoadCredential= -echo piff > /tmp/ts54-fallback +echo piff >/tmp/ts54-fallback [ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "piff" ] rm /tmp/ts54-fallback [ "$(systemd-run -p LoadCredential=paff:/tmp/ts54-fallback -p SetCredential=paff:poff --pipe --wait systemd-creds cat paff)" = "poff" ] diff --git a/test/units/testsuite-57-short-lived.sh b/test/units/testsuite-57-short-lived.sh index cd797a16e14..115b0d56f66 100755 --- a/test/units/testsuite-57-short-lived.sh +++ b/test/units/testsuite-57-short-lived.sh @@ -9,7 +9,7 @@ else counter=0 fi -echo "$counter" > /tmp/testsuite-57.counter +echo "$counter" >/tmp/testsuite-57.counter if [ "$counter" -eq 5 ] ; then systemctl kill --kill-whom=main -sUSR1 testsuite-57.service diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh index 8b52a435e6d..0ed55ac0331 100755 --- a/test/units/testsuite-58.sh +++ b/test/units/testsuite-58.sh @@ -783,7 +783,7 @@ VerityMatchKey=root EOF # Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents - runas testuser tee > "$defs/verity.openssl.cnf" <"$defs/verity.openssl.cnf" < /run/systemd/system/"$unit" </run/systemd/system/"$unit" < /testok +echo OK >/testok exit 0 diff --git a/test/units/testsuite-66-deviceisolation.service b/test/units/testsuite-66-deviceisolation.service index 9da4a0818d9..2d815a96da2 100644 --- a/test/units/testsuite-66-deviceisolation.service +++ b/test/units/testsuite-66-deviceisolation.service @@ -7,4 +7,4 @@ DevicePolicy=strict DeviceAllow=/dev/null r StandardOutput=file:/tmp/testsuite66serviceresults ExecStartPre=rm -f /tmp/testsuite66serviceresults -ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow > /dev/null && echo thisshouldnotbehere; done" +ExecStart=/bin/bash -c "while true; do sleep 0.01 && echo meow >/dev/null && echo thisshouldnotbehere; done" diff --git a/test/units/testsuite-67.sh b/test/units/testsuite-67.sh index b813621055f..c45a8bd8b36 100755 --- a/test/units/testsuite-67.sh +++ b/test/units/testsuite-67.sh @@ -29,9 +29,9 @@ trap cleanup EXIT build_integrity_tab() { -cat << _EOL > "/etc/integritytab" +cat <"/etc/integritytab" ${DM_NAME} ${loop} - integrity-algorithm=$1 -_EOL +EOF } image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)" diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh index 2ab8855ddcf..5667c8ab574 100755 --- a/test/units/testsuite-70.sh +++ b/test/units/testsuite-70.sh @@ -61,8 +61,8 @@ tpm2_pcrextend 0:sha256=00000000000000000000000000000000000000000000000000000000 rm $img if [[ -e /usr/lib/systemd/systemd-measure ]]; then - echo HALLO > /tmp/tpmdata1 - echo foobar > /tmp/tpmdata2 + echo HALLO >/tmp/tpmdata1 + echo foobar >/tmp/tpmdata2 cat >/tmp/result < /dev/null && { echo 'unexpected success'; exit 1; } + systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null && { echo 'unexpected success'; exit 1; } # Sign new PCR state, decrypting should work now. - /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig2" + /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig2" systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig2" | cmp - /tmp/pcrtestdata # Now, do the same, but with a cryptsetup binding @@ -144,18 +144,18 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; } # But once we sign the current PCRs, we should be able to unlock again - /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: > "/tmp/pcrsign.sig3" + /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig3" SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1 /usr/lib/systemd/systemd-cryptsetup detach test-volume2 SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig3",headless=1 /usr/lib/systemd/systemd-cryptsetup detach test-volume2 # Test --append mode and de-duplication. With the same parameters signing should not add a new entry - /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig3" > "/tmp/pcrsign.sig4" + /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig3" >"/tmp/pcrsign.sig4" cmp "/tmp/pcrsign.sig3" "/tmp/pcrsign.sig4" # Sign one more phase, this should - /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" > "/tmp/pcrsign.sig5" + /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" >"/tmp/pcrsign.sig5" ( ! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5" ) # Should still be good to unlock, given the old entry still exists @@ -163,8 +163,8 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \ /usr/lib/systemd/systemd-cryptsetup detach test-volume2 # Adding both signatures once more should not change anything, due to the deduplication - /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig5" > "/tmp/pcrsign.sig6" - /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig6" > "/tmp/pcrsign.sig7" + /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: --append="/tmp/pcrsign.sig5" >"/tmp/pcrsign.sig6" + /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig6" >"/tmp/pcrsign.sig7" cmp "/tmp/pcrsign.sig5" "/tmp/pcrsign.sig7" rm $img diff --git a/test/units/testsuite-71.sh b/test/units/testsuite-71.sh index 221068f284f..d9663de158a 100755 --- a/test/units/testsuite-71.sh +++ b/test/units/testsuite-71.sh @@ -114,17 +114,17 @@ EOF systemctl daemon-reload mount -t tmpfs none /sys/class/dmi/id - echo '1' > /sys/class/dmi/id/uevent + echo '1' >/sys/class/dmi/id/uevent - echo '01/01/2000' > /sys/class/dmi/id/bios_date + echo '01/01/2000' >/sys/class/dmi/id/bios_date systemctl stop systemd-hostnamed assert_in '2000-01-01' "$(hostnamectl)" - echo '2022' > /sys/class/dmi/id/bios_date + echo '2022' >/sys/class/dmi/id/bios_date systemctl stop systemd-hostnamed assert_not_in 'Firmware Date' "$(hostnamectl)" - echo 'garbage' > /sys/class/dmi/id/bios_date + echo 'garbage' >/sys/class/dmi/id/bios_date systemctl stop systemd-hostnamed assert_not_in 'Firmware Date' "$(hostnamectl)" } diff --git a/test/units/testsuite-73.sh b/test/units/testsuite-73.sh index d8f668513c7..4f33cab8482 100755 --- a/test/units/testsuite-73.sh +++ b/test/units/testsuite-73.sh @@ -79,7 +79,7 @@ test_locale() { if command -v locale-gen >/dev/null 2>&1 && ! localectl list-locales | grep -F "en_US.UTF-8"; then # ensure at least one utf8 locale exist - echo "en_US.UTF-8 UTF-8" > /etc/locale.gen + echo "en_US.UTF-8 UTF-8" >/etc/locale.gen locale-gen en_US.UTF-8 fi diff --git a/test/units/testsuite-76.sh b/test/units/testsuite-76.sh index cb571f8b977..ef1eedf68b9 100755 --- a/test/units/testsuite-76.sh +++ b/test/units/testsuite-76.sh @@ -8,11 +8,11 @@ set -o pipefail export SYSTEMD_LOG_LEVEL=debug -echo "foo.bar=42" > /tmp/foo.conf +echo "foo.bar=42" >/tmp/foo.conf assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf assert_rc 1 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf -echo "-foo.foo=42" > /tmp/foo.conf +echo "-foo.foo=42" >/tmp/foo.conf assert_rc 0 /usr/lib/systemd/systemd-sysctl /tmp/foo.conf assert_rc 0 /usr/lib/systemd/systemd-sysctl --strict /tmp/foo.conf @@ -26,9 +26,9 @@ net.ipv4.*.*.bootp_relay=1 net.ipv4.aaa.*.disable_policy=1 EOF - echo 0 > /proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp - echo 0 > /proc/sys/net/ipv4/conf/hoge/bootp_relay - echo 0 > /proc/sys/net/ipv4/conf/hoge/disable_policy + echo 0 >/proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp + echo 0 >/proc/sys/net/ipv4/conf/hoge/bootp_relay + echo 0 >/proc/sys/net/ipv4/conf/hoge/disable_policy assert_rc 0 /usr/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/hoge /tmp/foo.conf assert_eq "$(cat /proc/sys/net/ipv4/conf/hoge/drop_gratuitous_arp)" "1" diff --git a/test/units/testsuite-77.sh b/test/units/testsuite-77.sh index 13db238ba9c..61749fd0c8b 100755 --- a/test/units/testsuite-77.sh +++ b/test/units/testsuite-77.sh @@ -27,7 +27,7 @@ diff <(systemctl show -p OpenFile testsuite-77) - < /test-77-new-file.dat +echo "New" >/test-77-new-file.dat systemd-run --wait -p OpenFile=/test-77-new-file.dat:new-file:read-only "$(dirname "$0")"/testsuite-77-run.sh assert_rc 202 systemd-run --wait -p OpenFile=/test-77-new-file.dat:new-file:read-only -p OpenFile=/test-77-mssing-file.dat:missing-file:read-only "$(dirname "$0")"/testsuite-77-run.sh diff --git a/tools/debug-sd-boot.sh b/tools/debug-sd-boot.sh index 1bd2cc406db..027d607a496 100755 --- a/tools/debug-sd-boot.sh +++ b/tools/debug-sd-boot.sh @@ -60,7 +60,7 @@ while read -r line; do data="${BASH_REMATCH[2]}" break fi -done < "${2}" +done <"${2}" if [[ -z "${text}" || -z "${data}" ]]; then echo "Could not determine text and data location." diff --git a/tools/update-hwdb-autosuspend.sh b/tools/update-hwdb-autosuspend.sh index c69773087df..9f5e6e393ea 100755 --- a/tools/update-hwdb-autosuspend.sh +++ b/tools/update-hwdb-autosuspend.sh @@ -5,13 +5,13 @@ set -eu cd "${1:?}" (curl --fail -L 'https://chromium.googlesource.com/chromiumos/platform2/+/master/power_manager/udev/gen_autosuspend_rules.py?format=TEXT'; echo) \ - | base64 -d > tools/chromiumos/gen_autosuspend_rules.py + | base64 -d >tools/chromiumos/gen_autosuspend_rules.py -(cat <<%EOF +(cat < hwdb.d/60-autosuspend-fingerprint-reader.hwdb + >hwdb.d/60-autosuspend-fingerprint-reader.hwdb