From 035f8acdf737ee5e0c49feaa14dd8cfcea0ffa5f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 1 Jul 2022 10:58:01 +0200
Subject: [PATCH] kernel-install: do not silently ignore files we can't read

'test -r' is changed to 'test -f' everywhere. If the file exists but we
cannot read it, it would be better if we fail with a permission error. E.g. if
/etc/kernel/cmdline is unreadable, and we're running something as non-root, we
shouldn't fall back to /usr/lib/kernel/cmdline. This commit doesn't resolve
this fully, because we're not running with 'set -e', but this is a preparator
step.
---
 src/kernel-install/90-loaderentry.install | 10 +++++-----
 src/kernel-install/kernel-install.in      | 16 ++++++++++------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
index 549437c7cd..ee55965110 100644
--- a/src/kernel-install/90-loaderentry.install
+++ b/src/kernel-install/90-loaderentry.install
@@ -52,10 +52,10 @@ case "$COMMAND" in
         ;;
 esac
 
-if [ -r /etc/os-release ]; then
+if [ -f /etc/os-release ]; then
     # shellcheck source=/dev/null
     . /etc/os-release
-elif [ -r /usr/lib/os-release ]; then
+elif [ -f /usr/lib/os-release ]; then
     # shellcheck source=/dev/null
     . /usr/lib/os-release
 fi
@@ -65,9 +65,9 @@ fi
 SORT_KEY="$IMAGE_ID"
 [ -z "$SORT_KEY" ] && SORT_KEY="$ID"
 
-if [ -r /etc/kernel/cmdline ]; then
+if [ -f /etc/kernel/cmdline ]; then
     BOOT_OPTIONS="$(tr -s "$IFS" ' ' </etc/kernel/cmdline)"
-elif [ -r /usr/lib/kernel/cmdline ]; then
+elif [ -f /usr/lib/kernel/cmdline ]; then
     BOOT_OPTIONS="$(tr -s "$IFS" ' ' </usr/lib/kernel/cmdline)"
 else
     BOOT_OPTIONS="$(tr -s "$IFS" '\n' </proc/cmdline | grep -ve '^BOOT_IMAGE=' -e '^initrd=' | tr '\n' ' ')"
@@ -83,7 +83,7 @@ if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ]; then
     BOOT_OPTIONS="$BOOT_OPTIONS systemd.machine_id=$MACHINE_ID"
 fi
 
-if [ -r /etc/kernel/tries ]; then
+if [ -f /etc/kernel/tries ]; then
     read -r TRIES </etc/kernel/tries
     if ! echo "$TRIES" | grep -q '^[0-9][0-9]*$'; then
         echo "/etc/kernel/tries does not contain an integer." >&2
diff --git a/src/kernel-install/kernel-install.in b/src/kernel-install/kernel-install.in
index c3181ef5f5..044ba9f6f2 100755
--- a/src/kernel-install/kernel-install.in
+++ b/src/kernel-install/kernel-install.in
@@ -108,9 +108,9 @@ initrd_generator=
 _MACHINE_ID_SAVED="$MACHINE_ID"
 _BOOT_ROOT_SAVED="$BOOT_ROOT"
 
-if [ -r "/etc/kernel/install.conf" ]; then
+if [ -f "/etc/kernel/install.conf" ]; then
     install_conf="/etc/kernel/install.conf"
-elif [ -r "/usr/lib/kernel/install.conf" ]; then
+elif [ -f "/usr/lib/kernel/install.conf" ]; then
     install_conf="/usr/lib/kernel/install.conf"
 else
     install_conf=
@@ -150,11 +150,14 @@ fi
 # /etc/machine-info to use for our purpose, we'll use that instead (for
 # compatibility).
 # shellcheck source=/dev/null
-if [ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"; then
+if [ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ]; then
+    . /etc/machine-info
+    MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
     [ -n "$MACHINE_ID" ] && [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
         echo "machine-id $MACHINE_ID acquired from /etc/machine-info"
 fi
-if [ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id; then
+if [ -z "$MACHINE_ID" ] && [ -f /etc/machine-id ]; then
+    read -r MACHINE_ID </etc/machine-id
     [ -n "$MACHINE_ID" ] && [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
         echo "machine-id $MACHINE_ID acquired from /etc/machine-id"
 fi
@@ -168,7 +171,8 @@ fi
 # $BOOT where we want to place the kernel/initrd and related resources, as well
 # for naming the .conf boot loader spec entry. Typically this is just the
 # machine ID, but it can be anything else, too, if we are told so.
-if [ -z "$ENTRY_TOKEN" ] && [ -r /etc/kernel/entry-token ] && read -r ENTRY_TOKEN </etc/kernel/entry-token; then
+if [ -z "$ENTRY_TOKEN" ] && [ -f /etc/kernel/entry-token ]; then
+    read -r ENTRY_TOKEN </etc/kernel/entry-token
     [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
         echo "entry-token \"$ENTRY_TOKEN\" acquired from /etc/kernel/entry-token"
 fi
@@ -178,7 +182,7 @@ if [ -z "$ENTRY_TOKEN" ]; then
     # string "Default"
     ENTRY_TOKEN_SEARCH="$MACHINE_ID"
     # shellcheck source=/dev/null
-    [ -r /etc/os-release ] && . /etc/os-release
+    [ -f /etc/os-release ] && . /etc/os-release
     [ -n "$IMAGE_ID" ] && ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH $IMAGE_ID"
     [ -n "$ID" ] && ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH $ID"
     ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH Default"
-- 
2.25.1