lynis/extras/build-lynis.sh

404 lines
12 KiB
Bash
Raw Normal View History

2014-08-26 17:33:55 +02:00
#!/bin/sh
#########################################################################
#
# Builds Lynis distribution
#
# Usage: this script creates Lynis builds
#
# *** NOTE ***
# This script is not fully functional yet, several options like digital
# signing, RPM/DEB package creation are missing.
#
#########################################################################
#
# Options:
2014-09-14 16:40:18 +02:00
2018-04-23 10:54:44 +02:00
echo "[*] Activity [V] Successful [X] Error [=] Result"
2014-09-14 20:35:01 +02:00
echo ""
2014-09-14 16:40:18 +02:00
2014-08-26 17:33:55 +02:00
# Umask used when creating files/directories
OPTION_UMASK="027"
# Directory name used to create package related directories (like /usr/local/include/lynis)
OPTION_PACKAGE_DIRNAME="lynis"
# Binary to test
2014-09-14 16:40:18 +02:00
OPTION_BINARY_FILE="../lynis"
2014-09-14 20:35:01 +02:00
# Check number of parameters
2014-09-14 16:40:18 +02:00
if [ $# -eq 0 ]; then
echo "[X] This build tool needs at least a version number (--version). Use --help for all parameters."
exit 1
fi
2014-09-14 20:35:01 +02:00
2014-09-14 16:40:18 +02:00
# Check parameters
case $1 in
--help)
echo "Define version:"
echo "--version 1.2.3"
exit 1
;;
--version)
shift
LYNIS_VERSION=$1
;;
*)
echo "[X] Incorrect parameter"
exit 1
;;
esac
2014-08-26 17:33:55 +02:00
#
#########################################################################
#
# Functions:
# Clean temporary files up
2019-09-19 15:17:23 +02:00
CleanUp() {
2014-09-14 20:35:01 +02:00
if [ ! "${TMPDIR}" = "" -a -d "${TMPDIR}" ]; then
2014-08-26 17:33:55 +02:00
rm -rf ${TMPDIR}
fi
2019-09-19 15:17:23 +02:00
}
2014-08-26 17:33:55 +02:00
2019-09-19 15:17:23 +02:00
Exit() {
2014-09-14 16:40:18 +02:00
CleanUp
exit 0
2019-09-19 15:17:23 +02:00
}
ExitFatal() {
2014-09-14 16:40:18 +02:00
CleanUp
exit 1
2019-09-19 15:17:23 +02:00
}
2014-08-26 17:33:55 +02:00
#
#########################################################################
#
# Clean files up if we get interrupted
trap CleanUp INT
#
#########################################################################
#
MYUSER=$(whoami)
2014-09-14 20:35:01 +02:00
if [ "${MYUSER}" = "" ]; then
echo "[X] Could not determine user"
fi
if [ "${MYUSER}" = "root" ]; then
echo "[X] This script should not be executed as root"
fi
MYWORKDIR=$(pwd | awk -F / '{ for (i=1;i<=NF-2;i++){ printf $i"/" }; printf "\n"}' | sed 's./$..')
2014-09-14 20:35:01 +02:00
if [ ! -d ${MYWORKDIR} ]; then
echo "[X] Could not determine workdir (result: ${MYWORKDIR} seems invalid)"
ExitFatal
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[=] workdir: ${MYWORKDIR}"
fi
MYBUILDDIR="/home/${MYUSER}/lynis-build"
if [ ! -d ${MYBUILDDIR} ]; then
echo "[X] ${MYBUILDDIR} not found"
echo " Hint: create it with mkdir ${MYBUILDDIR}"
ExitFatal
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[=] builddir: ${MYBUILDDIR}"
fi
2014-08-26 17:33:55 +02:00
2014-09-14 20:35:01 +02:00
NEEDED_DIRS="debbuild rpmbuild rpmbuild/BUILD rpmbuild/BUILDROOT rpmbuild/RPMS rpmbuild/SOURCES rpmbuild/SRPMS"
for I in ${NEEDED_DIRS}; do
if [ ! -d "${MYBUILDDIR}/${I}" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[X] Missing directory: ${MYBUILDDIR}/${I}"
echo " Hint: create subdirs with cd ${MYBUILDDIR} && mkdir -p ${NEEDED_DIRS}"
ExitFatal
2014-09-14 20:35:01 +02:00
fi
done
DEBWORKDIR="${MYBUILDDIR}/debbuild"
RPMWORKDIR="${MYBUILDDIR}/rpmbuild"
echo "[=] RPM workdir: ${RPMWORKDIR}"
#echo "Use: cd ${MYBUILDDIR} && mkdir rpm"
# Check binaries
GITBUILDPACKAGEBINARY=$(which git-buildpackage)
2014-09-14 20:54:17 +02:00
if [ ! "${GITBUILDPACKAGEBINARY}" = "" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[=] git-buildpackage = ${GITBUILDPACKAGEBINARY}"
2019-09-19 15:17:23 +02:00
else
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[X] Can not find git-buildpackage binary"
echo " Hint: install git-buildpackage"
ExitFatal
2014-09-14 20:35:01 +02:00
fi
RPMBUILDBINARY=$(which rpmbuild)
2014-09-14 20:35:01 +02:00
if [ ! "${RPMBUILDBINARY}" = "" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[=] rpmbuild = ${RPMBUILDBINARY}"
2019-09-19 15:17:23 +02:00
else
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[X] Can not find rpmbuild binary"
echo " Hint: install rpmbuild"
ExitFatal
2014-09-14 20:35:01 +02:00
fi
# Set umask
2014-08-26 17:33:55 +02:00
umask ${OPTION_UMASK}
if [ $? -eq 0 ]; then
2014-09-14 20:35:01 +02:00
echo "[V] Setting umask to ${OPTION_UMASK}"
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[X] Could not set umask"
ExitFatal
fi
# Check if we are in dev directory
if [ -f ../lynis -a -f ./build-lynis.sh ]; then
echo "[V] Active in proper directory"
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[X] This script should be executed from dev directory itself"
ExitFatal
2014-08-26 17:33:55 +02:00
fi
2014-09-14 20:35:01 +02:00
2014-08-26 17:33:55 +02:00
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2014-09-14 20:35:01 +02:00
# Create temporary build directory
TMPDIR=$(mktemp -d /tmp/lynis-BUILDROOT.XXXXXX)
2014-08-26 17:33:55 +02:00
if [ $? -eq 0 ]; then
2014-09-14 20:35:01 +02:00
echo "[V] Creating temporary build directory"
#echo " BUILDROOT: ${TMPDIR}"
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[X] Could not create temporary build directory"
ExitFatal
2014-08-26 17:33:55 +02:00
fi
2014-09-14 16:40:18 +02:00
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2014-09-14 20:35:01 +02:00
echo "[*] Starting with building tarball"
TARBALL="${MYBUILDDIR}/lynis_${LYNIS_VERSION}.orig.tar.gz"
#if [ -f ${TARBALL} ]; then
# echo "[X] Tarball already exists "
# echo " Hint: remove ${TARBALL}"
# ExitFatal
#fi
# Create tarball
if [ -f ${TARBALL} ]; then
2014-10-26 23:34:34 +01:00
echo "Tarball already exists for this version, not overwriting it"
2019-09-19 15:17:23 +02:00
else
2014-10-26 23:34:34 +01:00
tar -C ${MYWORKDIR} --exclude=debian --exclude=README.md --exclude=.bzr* --exclude=.git* -c -z -f ${TARBALL} lynis 2> /dev/null
if [ -f ${TARBALL} ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[V] Tarball created"
2019-09-19 15:17:23 +02:00
else
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[X] Tarball ${TARBALL} could not be created"
ExitFatal
2014-10-26 23:34:34 +01:00
fi
2014-09-14 20:35:01 +02:00
fi
TARBALL_MD5=$(md5sum ${TARBALL})
TARBALL_SHA1=$(sha1sum ${TARBALL})
2014-09-14 20:35:01 +02:00
echo "[*] Starting with RPM building process"
2014-09-14 16:40:18 +02:00
# RPM creation
2014-09-14 20:35:01 +02:00
SOURCEFILE_RPM="${RPMWORKDIR}/SOURCES/lynis-${LYNIS_VERSION}.tar.gz"
2014-09-14 16:40:18 +02:00
if [ -f ${SOURCEFILE_RPM} ]; then
if [ -f lynis.spec ]; then
# adjust version in spec file
VERSION_IN_SPECFILE=$(awk '/^Version:/ { print $2 }' lynis.spec)
2014-09-14 16:40:18 +02:00
echo "[=] Found version ${VERSION_IN_SPECFILE}"
if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
echo "[X] Version in specfile is outdated"
ExitFatal
2014-09-14 16:40:18 +02:00
fi
echo "[*] Start RPM building"
2014-09-14 20:35:01 +02:00
#${RPMBUILDBINARY} --quiet -ba -bl lynis.spec 2> /dev/null
2019-09-19 15:17:23 +02:00
else
2014-09-14 16:40:18 +02:00
echo "[X] lynis.spec not found"
ExitFatal
fi
2014-09-14 20:35:01 +02:00
RPMFILE="${RPMWORKDIR}/RPMS/noarch/lynis-${LYNIS_VERSION}-1.noarch.rpm"
2014-09-14 16:40:18 +02:00
if [ -f ${RPMFILE} ]; then
2018-04-23 10:54:44 +02:00
echo "[V] Building RPM successful!"
2019-09-19 15:17:23 +02:00
else
2014-09-14 16:40:18 +02:00
echo "[X] Could not find RPM file, most likely failed"
echo " Expected: ${RPMFILE}"
ExitFatal
fi
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[X] Could not find source file (${SOURCEFILE_RPM})"
echo " Hint: cp <lynis.tar.gz> ${SOURCEFILE_RPM}"
2014-10-24 11:19:35 +02:00
#ExitFatal
2014-09-14 16:40:18 +02:00
fi
2014-09-14 20:35:01 +02:00
echo "[*] Starting with DEB building process"
DEBCHANGELOGFULLVERSION=$(head -n 1 ../debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//')
DEBCHANGELOGVERSION=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $1 }')
DEBCHANGELOGVERSIONREV=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $2 }')
2014-09-14 20:35:01 +02:00
if [ "${LYNIS_VERSION}" = "${DEBCHANGELOGVERSION}" ]; then
echo "[V] Debian/changelog up-to-date"
2019-09-19 15:17:23 +02:00
else
2014-09-14 20:35:01 +02:00
echo "[X] Debian/changelog outdated"
ExitFatal
fi
2014-09-14 20:54:17 +02:00
# BZRSTATUS=$(${BZRBINARY} status . 2>&1 > /dev/null; echo $?)
2014-09-14 20:54:17 +02:00
# if [ "${BZRSTATUS}" = "0" ]; then
# echo "[V] bzr has proper directory tree"
# DEBCHANGELOGFULLVERSION=$(head -n 1 debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//')
# DEBCHANGELOGVERSION=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $1 }')
# DEBCHANGELOGVERSIONREV=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $2 }')
2014-09-14 20:54:17 +02:00
# echo "[=] Version in Debian changelog: ${DEBCHANGELOGVERSION} (revision: ${DEBCHANGELOGVERSIONREV})"
# if [ "${LYNIS_VERSION}" = "${DEBCHANGELOGVERSION}" ]; then
# echo "[V] Debian/changelog up-to-date"
2019-09-19 15:17:23 +02:00
# else
2014-09-14 20:54:17 +02:00
# echo "[X] Debian/changelog outdated"
## ExitFatal
# fi
# # execute command
# # bzr builddeb . --build-dir ${DEBWORKDIR}/build-area/ --result-dir ${DEBWORKDIR}
2019-09-19 15:17:23 +02:00
# elif [ "${BZRSTATUS}" = "3" ]; then
2014-09-14 20:54:17 +02:00
# echo "[X] Tree is not initialized for BZR"
# echo " Hint: run bzr init while being in lynis directory (or bzr init ..)"
# ExitFatal
2019-09-19 15:17:23 +02:00
# else
2014-09-14 20:54:17 +02:00
# echo "[X] Unknown error"
# echo "Output: ${BZRSTATUS}"
# fi
2014-10-24 12:45:44 +02:00
if [ ! -d ${MYBUILDDIR}/git ]; then
mkdir ${MYBUILDDIR}/git
fi
2014-10-24 11:19:35 +02:00
if [ -d ${MYBUILDDIR}/git/Lynis ]; then
echo "git clone already exists"
rm -rf ${MYBUILDDIR}/git/Lynis
#git checkout tags/${LYNIS_VERSION}
fi
2019-09-19 15:17:23 +02:00
2014-10-24 12:02:45 +02:00
git clone https://github.com/CISOfy/Lynis.git ${MYBUILDDIR}/git/Lynis
2014-10-24 13:24:51 +02:00
if [ -d ${MYBUILDDIR}/git/Lynis/debian/ ]; then
echo "Copying build files into new tree"
cp -R ../debian/* ${MYBUILDDIR}/git/Lynis/debian/
cd ${MYBUILDDIR}/git/Lynis/debian/
git add .
git commit -m "Building process for Lynis release version ${LYNIS_VERSION}"
2019-09-19 15:17:23 +02:00
else
2014-10-24 13:24:51 +02:00
echo "[X] Could not copy debian directory and commit changes"
fi
2014-10-24 11:19:35 +02:00
#git tag -l ${MYBUILDDIR}/git/Lynis
2014-09-14 20:54:17 +02:00
cd ..
2014-10-24 12:49:59 +02:00
echo "Executing: ${GITBUILDPACKAGEBINARY} --git-tarball-dir=${MYBUILDDIR} --git-export-dir=${DEBWORKDIR} --git-ignore-new"
2014-10-24 12:54:08 +02:00
${GITBUILDPACKAGEBINARY} -S --git-tarball-dir=${MYBUILDDIR} --git-export-dir=${DEBWORKDIR} --git-ignore-new
2014-09-14 20:54:17 +02:00
cd ${MYWORKDIR}
2014-09-14 20:35:01 +02:00
echo "[V] Done"
echo ""
echo "---------------------------------------------"
echo "RPM file: ${RPMFILE}"
2014-10-24 12:45:44 +02:00
echo "DEB file: ${DEBWORKDIR}/lynis_${LYNIS_VERSION}_amd64.deb"
echo "Tarball: ${TARBALL}"
echo "Tarball (SHA1): ${TARBALL_SHA1}"
2014-09-14 20:35:01 +02:00
echo ""
2014-10-24 12:45:44 +02:00
echo "Actions:"
echo " - Upload Debian package with dput (-f) my-ppa <source.changes>"
2014-09-14 20:35:01 +02:00
2014-09-14 16:40:18 +02:00
#=====================================================================
# Stop the script at this stage, rest is under development
Exit
#=====================================================================
2014-08-26 17:33:55 +02:00
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Test script for errors
echo -n "- Test Lynis script "
2014-09-14 16:40:18 +02:00
2014-08-26 17:33:55 +02:00
# Is file there?
if [ ! -f ${OPTION_BINARY_FILE} ]; then echo "BAD (can't find ${OPTION_BINARY_FILE})"; exit 1; fi
# Check script
FIND=$(sh -n ${OPTION_BINARY_FILE} ; echo $?)
2014-08-26 17:33:55 +02:00
if [ $FIND -eq 0 ]; then
echo "OK"
2019-09-19 15:21:51 +02:00
else
2014-08-26 17:33:55 +02:00
echo "BAD"
fi
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Create SHA1 hashes
echo -n "- Create SHA1 hashes "
SHA1HASH_LYNIS=$(grep -v '^#' ${OPTION_BINARY_FILE} | sha1)
2014-08-26 17:33:55 +02:00
echo "DONE"
echo " Lynis (SHA1): ${SHA1HASH_LYNIS}"
# Add hashes to script
echo -n "- Injecting SHA1 hash into Lynis script "
echo "-NOT DONE-"
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2015-09-07 17:35:07 +02:00
echo -n "- Cleaning up OpenBSD package build... "
2014-08-26 17:33:55 +02:00
if [ -f openbsd/+CONTENTS ]; then rm openbsd/+CONTENTS; fi
echo "DONE"
OPENBSD_CONTENTS="openbsd/+CONTENTS"
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
echo -n "- Creating MD5 hashes..."
PACKAGE_LIST_FILES=$(grep "^file:" files.dat | cut -d ':' -f3)
2014-08-26 17:33:55 +02:00
for I in ${PACKAGE_LIST_FILES}; do
2014-09-14 16:40:18 +02:00
2014-08-26 17:33:55 +02:00
echo -n "${I} "
#FULLNAME=$(grep ":file:include:" files.dat)
2014-08-26 17:33:55 +02:00
#echo "${FULLNAME}" >> ${OPENBSD_CONTENTS}
echo "${I}" >> ${OPENBSD_CONTENTS}
FILE="../${I}"
MD5HASH=$(md5 -q ${FILE})
2014-08-26 17:33:55 +02:00
echo "@md5 ${MD5HASH}" >> ${OPENBSD_CONTENTS}
echo "@size 0000" >> ${OPENBSD_CONTENTS}
done
echo ""
2014-09-14 16:40:18 +02:00
2014-08-26 17:33:55 +02:00
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
echo -n "- Cleaning up... "
2014-09-14 16:40:18 +02:00
# Exit cleanly
Exit
echo "DONE"
2014-08-26 17:33:55 +02:00
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2014-09-14 16:40:18 +02:00
2014-08-26 17:33:55 +02:00
# The End!