Your message dated Sun, 4 Aug 2024 11:19:14 +0200
with message-id <bae041c2-ff27-4148-994a-dccb93747...@sfritsch.de>
and subject line Re: Bug#1017868: ssl-cert: Needless bash dependency
has caused the Debian Bug report #1017868,
regarding ssl-cert: Needless bash dependency
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1017868: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017868
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ssl-cert
Version: 1.1.0+nmu1
Severity: minor
Tags: patch
Dear Maintainer,
The installed make-ssl-cert depends on bash,
but doesn't really need to.
See patch based on current Salsa HEAD, below;
it's shellcheck-clean.
The same could trivially be done for the tests,
since pretty much the only extension shellcheck picks up is local.
Best,
наб
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-16-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ssl-cert depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii openssl 1.1.1n-0+deb11u3
ssl-cert recommends no packages.
ssl-cert suggests no packages.
-- debconf information excluded
diff --git a/make-ssl-cert b/make-ssl-cert
index c0b0764..7223906 100755
--- a/make-ssl-cert
+++ b/make-ssl-cert
@@ -1,4 +1,4 @@
-#!/bin/bash -e
+#!/bin/sh -e
# This is a mockup of a script to produce a snakeoil cert
# The aim is to have a debconfisable ssl-certificate script
@@ -7,7 +7,7 @@
db_version 2.0
db_capb backup
-progname=$(basename "${0}")
+progname="${0##*/}"
usage() {
cat <<EOF
@@ -26,16 +26,14 @@ EOF
ask_via_debconf() {
RET=""
- if db_settitle make-ssl-cert/title ; then
- : # OK
- else
+ if ! db_settitle make-ssl-cert/title ; then
echo "Debconf failed with error code $? $RET" >&2
echo "Maybe your debconf database is corrupt." >&2
echo "Try re-installing ssl-cert." >&2
fi
RET=""
- while [ "x$RET" = "x" ]; do
+ while [ -z "$RET" ]; do
db_fset make-ssl-cert/hostname seen false
db_input high make-ssl-cert/hostname || true
db_go
@@ -77,9 +75,8 @@ create_temporary_cnf() {
}
create_hash_link() {
- local file="$1"
- local cryptfile filename i
- filename=$(basename "$file")
+ file="$1"
+ filename="${file##*/}"
cryptfile=$(dirname "$file")/$(openssl x509 -hash -noout -in "$file")
i=0
while [ -L "${cryptfile}.$i" ] ; do
@@ -92,8 +89,7 @@ create_hash_link() {
}
check_min_algo() {
- local file="$1"
- local bits
+ file="$1"
if ! openssl x509 -text -in "$file" | grep -q 'Signature Algorithm:.*sha256' ; then
echo "Signature algorithm of $file is not sha256. Recreating." >&2
return 1
@@ -125,27 +121,37 @@ opt_no_overwrite="false"
opt_expiration_days="3650"
# Transform long options to short ones
-newargs=()
-for arg in "${@}"; do
+newargs=
+for arg; do
case "${arg}" in
- --help) newargs+=(-h) ;;
+ --help) newargs="${newargs}
+-h" ;;
--force-overwrite)
# Move to front so that we accept --force-overwrite at the end, for
# compatibility with 1.0.x.
- newargs=("-f" "${newargs[@]}") ;;
- --no-overwrite) newargs+=(-n) ;;
- --expiration-days) newargs+=(-x) ;;
+ newargs="-f
+${newargs}" ;;
+ --no-overwrite) newargs="${newargs}
+-h" ;;
+ --expiration-days) newargs="${newargs}
+-x" ;;
--*)
printf "Unrecognized option %s\n\n" "${arg}"
usage 1
;;
- *) newargs+=("$arg") ;;
+ *) newargs="${newargs}
+$arg" ;;
esac
done
-set -- "${newargs[@]}"
+OIFS="$IFS"
+IFS="
+"
+# shellcheck disable=SC2086
+set -- $newargs
+IFS="$OIFS"
# Parse short options
-while getopts "hfnx:" opt "${@}"; do
+while getopts "hfnx:" opt; do
case "${opt}" in
h) usage 0 ;;
f) opt_force_overwrite="true" ;;
@@ -211,7 +217,7 @@ fi
TMPFILE="$(mktemp)" || exit 1
TMPOUT="$(mktemp)" || exit 1
-trap 'rm -f ${TMPFILE} ${TMPOUT}' EXIT
+trap 'rm -f "${TMPFILE}" "${TMPOUT}"' EXIT
create_temporary_cnf
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
There is no advantage to not using bash here. Won't fix.
--- End Message ---
