fix(dracut): be more robust when using 'set -u'

From bash manpage, FUNCNAME exists only inside functions. When in debug mode, make sure to use an empty default value as FUNCNAME[0] when outside of functions. With bash4 this wasn't an issue, but is with bash5 with hardening option 'set -u' used, as shown in the example below: Incorrect: $ bash -u -c 'echo -n ${FUNCNAME[0]}' bash: line 1: FUNCNAME[0]: unbound variable $ Correct: $ bash -u -c 'echo -n ${FUNCNAME[0]-}' $ This hardening enables sourcing dracut-lib.sh from external utilities executing in the initramfs such as clevis-luks-askpass, which uses hardening option 'set -u' internally. (see Clevis PR latchset/clevis#340) Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
dracutdevs · Feb 4, 2022 · 22a8062 · 22a8062
1 parent c5907f8
commit 22a8062
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/dracut.sh b/dracut.sh
@@ -882,7 +882,7 @@ unset GREP_OPTIONS
 export DRACUT_LOG_LEVEL=warning
 [[ $debug ]] && {
     export DRACUT_LOG_LEVEL=debug
-    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
     set -x
 }
 

diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh
@@ -392,7 +392,7 @@ setdebug() {
             if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
                 RD_DEBUG=yes
                 [ -n "$BASH" ] \
-                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
             fi
         fi
         export RD_DEBUG