From 5dd9ea36ae5fd6b477a32ec283b928eef9900303 2018-11-17 23:19:33
From: Unknown <xyz258@abwesend.de>
Date: 2018-11-17 23:19:33
Subject: [PATCH] fixes

- replaced backticks with $()
- enhanced iptables fix
- more escape fixes thx to shellcheck.net (no sponsor just a nice page)
- if-conditions (!-z equals -n)
- if piping find in xargs - use -print0 | -0 (shellcheck.net)
- added selecting mmc dev 0 in uboot.mkimg
---

diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index 7805160..054b554 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -28,8 +28,8 @@ if [ "$BUILD_KERNEL" = true ] ; then
       as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
     else
       as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
-   fi
-    
+    fi
+
     # Copy downloaded kernel sources
     cp -r "${temp_dir}/linux/"* "${R}/usr/src/linux/"
 
@@ -107,9 +107,9 @@ if [ "$BUILD_KERNEL" = true ] ; then
             echo "CONFIG_CRYPTO_CBC=y"
             echo "CONFIG_CRYPTO_XTS=y"
             echo "CONFIG_CRYPTO_SHA512=y"
-            echo "CONFIG_CRYPTO_MANAGER=y" 
+            echo "CONFIG_CRYPTO_MANAGER=y"
           } >> ${KERNEL_DIR}/.config
-	fi
+        fi
       fi
 
       # Copy custom kernel configuration file
@@ -176,14 +176,14 @@ if [ "$BUILD_KERNEL" = true ] ; then
   mkdir "${BOOT_DIR}"
 
   # Get kernel release version
-  KERNEL_VERSION=`cat "${KERNEL_DIR}/include/config/kernel.release"`
+  KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
 
   # Copy kernel configuration file to the boot directory
   install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
 
   # Prepare device tree directory
   mkdir "${BOOT_DIR}/overlays"
-  
+
   # Ensure the proper .dtb is located
   if [ "$KERNEL_ARCH" = "arm" ] ; then
     for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh
index 1cabec2..d078ba1 100644
--- a/bootstrap.d/21-firewall.sh
+++ b/bootstrap.d/21-firewall.sh
@@ -9,10 +9,11 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
   # Create iptables configuration directory
   mkdir -p "${ETC_DIR}/iptables"
   
-  # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
-  chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
-  chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
-  chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
+  # make sure iptables-legacy is the used alternatives 
+  #iptables-save and -restore are slaves of iptables and thus are set accordingly
+  if ! [ "$RELEASE" = jessie ] ; then
+	chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
+  fi
   
   # Install iptables systemd service
   install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh
index 8b0e464..5fbfc7a 100644
--- a/bootstrap.d/30-security.sh
+++ b/bootstrap.d/30-security.sh
@@ -6,8 +6,8 @@
 . ./functions.sh
 
 # Generate crypt(3) password string
-ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`
-ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"`
+ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
+ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
 
 # Setup default user
 if [ "$ENABLE_USER" = true ] ; then
diff --git a/bootstrap.d/32-sshd.sh b/bootstrap.d/32-sshd.sh
index 162fdb2..9d28d51 100644
--- a/bootstrap.d/32-sshd.sh
+++ b/bootstrap.d/32-sshd.sh
@@ -28,7 +28,7 @@ if [ "$ENABLE_SSHD" = true ] ; then
     fi
 
     # Add SSH (v2) public key for user root
-    if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
+    if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
       # Create root SSH config directory
       mkdir -p "${R}/root/.ssh"
 
@@ -52,20 +52,20 @@ if [ "$ENABLE_SSHD" = true ] ; then
 
   if [ "$ENABLE_USER" = true ] ; then
     # Add SSH (v2) public key for user $USER_NAME
-    if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
+    if [ -n "$SSH_USER_PUB_KEY" ] ; then
       # Create $USER_NAME SSH config directory
       mkdir -p "${R}/home/${USER_NAME}/.ssh"
 
       # Set permissions of $USER_NAME SSH config directory
       chroot_exec chmod 700 "/home/${USER_NAME}/.ssh"
-      chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh"
+      chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh"
 
       # Add SSH (v2) public key(s) to authorized_keys file
       cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys"
 
       # Set permissions of $USER_NAME SSH config directory
       chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys"
-      chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys"
+      chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys"
 
       if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then
         # Allow SSH public key authentication
@@ -85,7 +85,7 @@ if [ "$ENABLE_SSHD" = true ] ; then
       allowed_users="${allowed_users} ${USER_NAME}"
     fi
 
-    if [ ! -z "$allowed_users" ] ; then
+    if [ -n "$allowed_users" ] ; then
       echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config"
     fi
   fi
@@ -113,4 +113,4 @@ if [ "$ENABLE_SSHD" = true ] ; then
   if [ "$ENABLE_REDUCE" = true ] && [ "$REDUCE_SSHD" = true ] ; then
     sed "s|^DROPBEAR_EXTRA_ARGS=.*|DROPBEAR_EXTRA_ARGS=\"${DROPBEAR_ARGS}\"|g" "${ETC_DIR}/default/dropbear"
   fi
-fi
+fi
\ No newline at end of file
diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh
index a7f4709..67c4657 100644
--- a/bootstrap.d/41-uboot.sh
+++ b/bootstrap.d/41-uboot.sh
@@ -32,7 +32,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then
   fi
 
   # Build and install U-Boot inside chroot
-  chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all
+  chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
 
   # Copy compiled bootloader binary and set config.txt to load it
   install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
diff --git a/bootstrap.d/99-reduce.sh b/bootstrap.d/99-reduce.sh
index c339e0d..25ec9fe 100644
--- a/bootstrap.d/99-reduce.sh
+++ b/bootstrap.d/99-reduce.sh
@@ -25,8 +25,8 @@ if [ "$ENABLE_REDUCE" = true ] ; then
 
   # Remove all doc files
   if [ "$REDUCE_DOC" = true ] ; then
-    find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true
-    find "${R}/usr/share/doc" -empty | xargs rmdir || true
+    find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true
+    find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true
   fi
 
   # Remove all man pages and info files
@@ -36,7 +36,7 @@ if [ "$ENABLE_REDUCE" = true ] ; then
 
   # Remove all locale translation files
   if [ "$REDUCE_LOCALE" = true ] ; then
-    find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r
+    find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r
   fi
 
   # Remove hwdb PCI device classes (experimental)
diff --git a/files/boot/uboot.mkimage b/files/boot/uboot.mkimage
index 6ce6500..13267f6 100644
--- a/files/boot/uboot.mkimage
+++ b/files/boot/uboot.mkimage
@@ -8,6 +8,7 @@ setenv machid 0x00000c42
 saveenv
 
 # Load the existing Linux kernel into RAM
+mmc dev 0
 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
 fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
 fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}