arm-image-installer-3.7-alt1_1.noarch	checkbashisms	experimental	checkbashisms utility found possible bashisms in: /usr/bin/update-uboot /usr/bin/spi-flashing-disk /usr/bin/rpi-uboot-update; 
arm-image-installer-3.7-alt1_1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/arm-image-installer: $ grep -A5 -B5 /tmp/ /usr/bin/arm-image-installer fi } add_bls_parameter() { for bls in /tmp/boot/loader/entries/*.conf; do sed -i "s|options|& $1|" ${bls} done } add_kernel_parameter () { if [ -f /tmp/boot/extlinux/extlinux.conf ]; then sed -i "s|append|& $1 |" /tmp/boot/extlinux/extlinux.conf elif [ -f /tmp/fw/EFI/fedora/grub.cfg ]; then sed -i "s|GRUB_CMDLINE_LINUX=\"|& $1 |" ${PREFIX}/etc/default/grub if [ -f /tmp/fw/EFI/fedora/grubenv ]; then sed -i "s|kernelopts=|& $1 |" /tmp/fw/EFI/fedora/grubenv else add_bls_parameter "$1" fi fi } -- ROOTPART="/dev/$LVM_NAME/root" fi fi if [ "$FS_TYPE" = "xfs" ] && [ "$LVM_NAME" != "" ]; then mkdir /tmp/root > /dev/null 2>&1 mount "$ROOTPART" /tmp/root > /dev/null 2>&1 xfs_growfs /tmp/root elif [ "$FS_TYPE" = "btrfs" ]; then mkdir /tmp/root > /dev/null 2>&1 mount "$ROOTPART" /tmp/root > /dev/null 2>&1 btrfs filesystem resize max /tmp/root elif [ "$FS_TYPE" = "ext4" ]; then fsck.ext4 -fy "$ROOTPART" resize2fs "$ROOTPART" fi fi sleep 5 # make temp mount points mkdir /tmp/boot /tmp/root /tmp/fw > /dev/null 2>&1 mount "$BOOTPART" /tmp/boot > /dev/null 2>&1 if [ $? -ne 0 ]; then echo "Error: mount $BOOTPART /tmp/boot failed" exit 1 fi mount "$FIRMPART" /tmp/fw if [ $? -ne 0 ]; then echo "Error: mount $FIRMPART /tmp/fw failed" exit 1 fi if [ "$RESIZEFS" = "" ]; then get_lvm_name vgchange -a y $LVM_NAME > /dev/null 2>&1 fi if [ "$(grep /tmp/root /proc/mounts)" = "" ]; then if [ "$LVM_NAME" != "" ]; then mount "/dev/$LVM_NAME/root" /tmp/root > /dev/null 2>&1 else mount "$ROOTPART" /tmp/root fi fi if [ "$(echo $IMAGE | grep IoT)" != "" ]; then IOT_IMAGE="1" OSTREE_ROOT_HOME="/tmp/root/ostree/deploy/fedora-iot/var/roothome" OSTREE_PREFIX="/tmp/root/ostree/deploy/fedora-iot/deploy/*/" fi # fix up grub.cfg to reflect the new vg name if [ "$RENAME_LVM" != "" ]; then sed -i 's|/dev/mapper/fedora-root|/dev/mapper/fedora--server-root|g; s|rd.lvm.lv=fedora/root|rd.lvm.lv=fedora-server/root|g' /tmp/fw/EFI/fedora/grub.cfg sed -i 's|/dev/mapper/fedora-root|/dev/mapper/fedora--server-root|g; s|rd.lvm.lv=fedora/root|rd.lvm.lv=fedora-server/root|g' /tmp/fw/EFI/fedora/grubenv fi if [ "$IOT_IMAGE" = "1" ]; then # dd doesnt support wildcards, echo to expand PREFIX=$(echo $OSTREE_PREFIX) elif [ "$BTRFS" = "1" ]; then PREFIX="/tmp/root/root/" else PREFIX=/tmp/root fi # determine uboot and write to disk if [ "$TARGET" != "" ]; then if echo "$TARGET" | grep -q 'rpi[234]' || [ "$TARGET" = "olpc_xo175" ]; then -- echo "= Adding console $SYSCON to kernel parameters ..." add_kernel_parameter "console=$SYSCON console=tty0" if echo "$TARGET" | grep -q 'rpi[234]'; then sed -i "s|# enable_uart=1|enable_uart=1|" /tmp/fw/config.txt fi fi # fix up rpi2/3 if [ "$FIX_RPI" != "" ]; then -- echo "# The Raspberry Pi 4 must be limited to 1 GB of RAM on first boot." echo "# To enable the additional RAM, install the lpae kernel and edit the" echo "# /boot/config.txt and remove or comment the line 'total_mem=1024'." echo "#################################################################" # issue warning for the change echo "total_mem=1024" >> /tmp/fw/config.txt fi # prefer the lpae kernel if [ "$LPAE" != "" ]; then if [ -f /tmp/boot/grub2/grubenv ]; then sed -i 's|^saved_entry.*|&+lpae|' /tmp/boot/grub2/grubenv fi fi # remove quiet from kargs if [ "$SHOWBOOT" != "" ]; then sed -i 's|rhgb quiet ||g' /tmp/boot/loader/entries/*.conf fi sync umount /tmp/root $BOOTPART $FIRMPART > /dev/null 2>&1 if [ "$LVM_NAME" != "" ]; then vgchange -a n $LVM_NAME > /dev/null 2>&1 fi rmdir /tmp/root /tmp/boot /tmp/fw > /dev/null 2>&1 if [ "$URL" != "" ]; then echo echo "= NOTE" echo "= Additional instructions for $TARGET can be found at:";