Skip to content

Rename all shell scripts to *.sh + shellcheck -x success#2050

Draft
tlaurion wants to merge 2 commits intolinuxboot:masterfrom
tlaurion:shellcheck_fixes
Draft

Rename all shell scripts to *.sh + shellcheck -x success#2050
tlaurion wants to merge 2 commits intolinuxboot:masterfrom
tlaurion:shellcheck_fixes

Conversation

@tlaurion
Copy link
Collaborator

No description provided.

Copilot AI review requested due to automatic review settings February 14, 2026 00:43
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR renames shell scripts to include .sh extensions and adds shellcheck compliance improvements. It updates script references across config files and adds shellcheck directives to scripts.

Changes:

  • Renamed shell scripts by adding .sh extension
  • Updated CONFIG_BOOTSCRIPT paths in board configuration files
  • Added shellcheck source directives and disabled warnings where appropriate
  • Improved shell script compliance with shellcheck recommendations

Reviewed changes

Copilot reviewed 105 out of 158 changed files in this pull request and generated 13 comments.

File Description
Config files (boards/*) Updated CONFIG_BOOTSCRIPT paths to use .sh extensions
Shell scripts (initrd/bin/*) Renamed scripts, added shellcheck directives, improved compliance
Config files (unmaintained_boards/*) Updated CONFIG_BOOTSCRIPT paths, some with inconsistent leading slash
initrd/init Updated script calls and added shellcheck compliance fixes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

CONFIG_LINUX_BCM=y

export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" to match the pattern used in other config files.

Copilot uses AI. Check for mistakes.

export CONFIG_TPM=n
export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" to match the pattern used in other config files.

Copilot uses AI. Check for mistakes.
CONFIG_LINUX_E1000E=y

export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" to match the pattern used in other config files.

Copilot uses AI. Check for mistakes.
export CONFIG_QUIET_MODE=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
#export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT commented line. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" for consistency.

Copilot uses AI. Check for mistakes.
#export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT=/bin/gui-init
#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
#export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT commented line. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" for consistency.

Copilot uses AI. Check for mistakes.
CONFIG_LINUX_NVME=y

export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" to match the pattern used in other config files.

Copilot uses AI. Check for mistakes.
#CONFIG_LINUX_NVME=y

export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" to match the pattern used in other config files.

Copilot uses AI. Check for mistakes.
export CONFIG_QUIET_MODE=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
#export CONFIG_BOOTSCRIPT="bin/generic-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT commented line. This line has "bin/generic-init.sh" but should be "/bin/generic-init.sh" for consistency with the pattern used in other config files.

Copilot uses AI. Check for mistakes.
#Enable quiet mode: technical information logged under /tmp/debug.log
export CONFIG_QUIET_MODE=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOTSCRIPT="bin/gui-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/gui-init.sh" but should be "/bin/gui-init.sh" to match the pattern used in other config files.

Suggested change
export CONFIG_BOOTSCRIPT="bin/gui-init.sh"
export CONFIG_BOOTSCRIPT="/bin/gui-init.sh"

Copilot uses AI. Check for mistakes.
#Enable quiet mode: technical information logged under /tmp/debug.log
export CONFIG_QUIET_MODE=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOTSCRIPT="bin/gui-init.sh"
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing leading slash in CONFIG_BOOTSCRIPT path. This line has "bin/gui-init.sh" but should be "/bin/gui-init.sh" to match the pattern used in other config files.

Suggested change
export CONFIG_BOOTSCRIPT="bin/gui-init.sh"
export CONFIG_BOOTSCRIPT="/bin/gui-init.sh"

Copilot uses AI. Check for mistakes.
@tlaurion tlaurion force-pushed the shellcheck_fixes branch 2 times, most recently from cdfe716 to b1aaf47 Compare February 16, 2026 14:35
@tlaurion tlaurion marked this pull request as draft February 16, 2026 18:22
@tlaurion
Copy link
Collaborator Author

Unfortunately something broke with tpm sealing unsealing totp and not ready for full test/review.

…s; TPM primary/unseal hardening

- Implement tpm2_verify_primary() and 'verify-primary' subcommand in `initrd/bin/tpmr.sh`.
- Make `tpm2_unseal()` non‑fatal to callers; return distinct error codes on failure.
- Invalidate cached TPM Owner Password when primary handle is missing or primhdl hash mismatches.
- Add verify‑primary pre‑checks where appropriate: `unseal-totp.sh`, `unseal-hotp.sh`, `kexec-unseal-key.sh`, and GUI (`update_totp()`).
- Fix `gui-init.sh` parsing/shellcheck issues and silence relevant shellcheck warnings.

Why: ensure 'verify before unseal' to avoid silent unseal on primary/primhdl changes, present clear tamper UI and allow caller remediation.

Validation: shellcheck and `bash -n` pass for edited scripts; runtime log re‑inspection shows `tpm2_verify_primary` runs before unseal.

TODO: oem-factory-reset fails to unseal while tpm reset + seal totp + seal hotp succeeds. Fix

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants