From f6a40edb0efbb1eab52e1c36d381d65570ce3d74 Mon Sep 17 00:00:00 2001
From: Michal Marek <MichalMarek1@eaton.com>
Date: Fri, 29 Jun 2018 14:53:08 +0200
Subject: [PATCH 1/3] verify-fs: Fix the find command

The -path predicate matches the whole file path. And in order to ignore
a whole subtree,  -prune needs to be used.
---
 tools/verify-fs.in | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/tools/verify-fs.in b/tools/verify-fs.in
index 08fcd9262..956c90003 100755
--- a/tools/verify-fs.in
+++ b/tools/verify-fs.in
@@ -35,18 +35,15 @@ die () {
 is_tree_empty () {
     local dir excludes
     dir=${1}
+    shift 1
 
     # build chain of -not -path foo -or -not -path bar from args
-    shift 1
-    [[ -n ${1} ]] && excludes="-not -path '${1}'"
-    shift 1
     while [[ -n ${1} ]]; do
-        excludes="${excludes} -or -not -path '${1}'"
+        excludes=("${excludes[@]}" -path "$dir/$1" -prune -or)
         shift 1
     done
 
-    [[ $(find "${dir}" -xdev -type f ${excludes} | wc -l) == 0 ]]
-
+    [[ $(find "${dir}" -xdev "${excludes[@]}" -type f -print | wc -l) == 0 ]]
 }
 
 log () {

From 64fbd9cff13a3b8d66fc9a5628919366dcc06f99 Mon Sep 17 00:00:00 2001
From: Michal Marek <MichalMarek1@eaton.com>
Date: Fri, 29 Jun 2018 14:54:11 +0200
Subject: [PATCH 2/3] verify-fs: Ignore /lib/modules

On the OVA, we always copy the modules tree from the initrd environment,
tainting the overlay.
---
 tools/verify-fs.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/verify-fs.in b/tools/verify-fs.in
index 956c90003..a857b3b59 100755
--- a/tools/verify-fs.in
+++ b/tools/verify-fs.in
@@ -55,7 +55,7 @@ cat_default () {
         cat <<EOF
 bin:
 sbin:
-lib:
+lib:modules
 lib64:
 usr:local
 EOF

From 08a40adb1196d01b618c6c2d36ae4a0a0104dfa5 Mon Sep 17 00:00:00 2001
From: Michal Marek <MichalMarek1@eaton.com>
Date: Fri, 29 Jun 2018 14:54:59 +0200
Subject: [PATCH 3/3] verify-fs: Make the script more friendly to run manually

Log issues to the terminal and silence output of pushd/popd.
---
 tools/verify-fs.in | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/tools/verify-fs.in b/tools/verify-fs.in
index a857b3b59..2b80d057a 100755
--- a/tools/verify-fs.in
+++ b/tools/verify-fs.in
@@ -47,7 +47,11 @@ is_tree_empty () {
 }
 
 log () {
-    /usr/bin/logger -i -p security.err -t "verify-fs" "${@}"
+    if $interactive; then
+        echo "$@" >&2
+    else
+        /usr/bin/logger -i -p security.err -t "verify-fs" "${@}"
+    fi
 }
 
 cat_default () {
@@ -75,15 +79,20 @@ EOF
     die "Can't find images ${IMAGES}"
 
 ## 1.) Verify the images
-pushd "${IMAGES}"
+pushd "${IMAGES}" >/dev/null
 for ROOTFS in *.squashfs; do
 
     /usr/bin/md5sum -c "${ROOTFS}.md5" 2>/dev/null || \
         log "Bad integrity of ${ROOTFS}, checksum is not valid"
 
 done
-popd
+popd >/dev/null
 
+if tty -s; then
+    interactive=true
+else
+    interactive=false
+fi
 ## 2.) Verify the overlayfs
 cat_default | while read LINE; do
     TREE=${LINE%%:*}