From 82f7b8072cd1d41e6b42c1e08c9aab0430abbc3e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Wed, 21 Jan 2026 14:55:17 +0000 Subject: [PATCH] Nix bashisms. This isn't fully POSIX shell, because POSIX shell still doesn't have `local' variable declarations, but at least it is reasonably portable now. fix https://github.com/heimdal/heimdal/issues/1299 --- lib/hx509/data/mkcert.sh | 46 ++++++++++++++++++++++---------------- tests/bin/test-lib.sh | 12 ++++++---- tests/gss/check-basic.in | 2 +- tests/gss/check-context.in | 2 +- tests/gss/check-gss.in | 2 +- tests/gss/check-gssmask.in | 2 +- tests/gss/check-negoex.in | 2 +- tests/gss/check-nodns.in | 2 +- tests/gss/check-spnego.in | 2 +- tests/kdc/check-kinit.in | 2 +- 10 files changed, 43 insertions(+), 31 deletions(-) diff --git a/lib/hx509/data/mkcert.sh b/lib/hx509/data/mkcert.sh index c06528dc8..5fe5b9bae 100755 --- a/lib/hx509/data/mkcert.sh +++ b/lib/hx509/data/mkcert.sh @@ -1,41 +1,49 @@ -#! /bin/bash +#! /bin/sh set -e DAYS=182500 key() { - local key=$1; shift + local key="$1"; shift if [ ! -f "${key}.pem" ]; then + openssl ecparam -name prime256v1 | openssl genpkey \ - -paramfile <(openssl ecparam -name prime256v1) \ + -paramfile /dev/stdin \ -out "${key}.pem" fi } req() { - local key=$1; shift - local dn=$1; shift + local key="$1"; shift + local dn="$1"; shift + printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \ + "prompt = yes" "distinguished_name = dn" | openssl req -new -sha256 -key "${key}.pem" \ - -config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \ - "prompt = yes" "distinguished_name = dn") \ + -config - \ -subj "${dn}" } cert() { - local cert=$1; shift - local exts=$1; shift + local cert="$1"; shift + local exts="$1"; shift - openssl x509 -req -sha256 -out "${cert}.pem" \ - -extfile <(printf "%s\n" "$exts") "$@" + trap 'rm -f mkcert.req' EXIT HUP INT TERM + rm -f mkcert.req + cat >mkcert.req + printf "%s\n" "$exts" | + openssl x509 -req -sha256 -in mkcert.req -out "${cert}.pem" \ + -extfile - "$@" + rm -f mkcert.req + trap - EXIT HUP INT TERM } genroot() { - local dn=$1; shift - local key=$1; shift - local cert=$1; shift + local dn="$1"; shift + local key="$1"; shift + local cert="$1"; shift exts=$(printf "%s\n%s\n%s\n%s\n" \ "subjectKeyIdentifier = hash" \ @@ -48,11 +56,11 @@ genroot() { } genee() { - local dn=$1; shift - local key=$1; shift - local cert=$1; shift - local cakey=$1; shift - local cacert=$1; shift + local dn="$1"; shift + local key="$1"; shift + local cert="$1"; shift + local cakey="$1"; shift + local cacert="$1"; shift exts=$(printf "%s\n%s\n%s\n%s\n" \ "subjectKeyIdentifier = hash" \ diff --git a/tests/bin/test-lib.sh b/tests/bin/test-lib.sh index b2e20aa7b..9c385d0c8 100644 --- a/tests/bin/test-lib.sh +++ b/tests/bin/test-lib.sh @@ -142,7 +142,7 @@ test_section() { # Get caller location if available (bash only) if [ -n "$BASH_VERSION" ]; then - line_info=" (${BASH_LINENO[0]})" + eval 'line_info=" (${BASH_LINENO[0]})"' fi # Print section header with line number @@ -164,10 +164,11 @@ test_run() { local rc=0 local cmd_out local line_info="" + local restore_opts # Get caller location if available (bash only) if [ -n "$BASH_VERSION" ]; then - line_info=" (${BASH_SOURCE[1]:-}:${BASH_LINENO[0]:-})" + eval 'line_info=" (${BASH_SOURCE[1]:-}:${BASH_LINENO[0]:-})"' fi cmd_out=$(mktemp "${TMPDIR:-/tmp}/test_run.XXXXXX") || { @@ -178,8 +179,11 @@ test_run() { # Run command, capturing stdout and stderr if [ "${TEST_VERBOSE:-0}" = "1" ]; then # Verbose mode: show output in real-time and capture + restore_opts="$(set +o)" + set -o pipefail "$@" 2>&1 | tee "$cmd_out" - rc=${PIPESTATUS[0]:-$?} + rc=$? + eval "$restore_opts" else # Normal mode: capture output silently "$@" > "$cmd_out" 2>&1 @@ -260,7 +264,7 @@ test_run_x() { local line_info="" if [ -n "$BASH_VERSION" ]; then - line_info=" (${BASH_SOURCE[1]:-}:${BASH_LINENO[0]:-})" + eval 'line_info=" (${BASH_SOURCE[1]:-}:${BASH_LINENO[0]:-})"' fi cmd_out=$(mktemp "${TMPDIR:-/tmp}/test_out.XXXXXX") || return 1 diff --git a/tests/gss/check-basic.in b/tests/gss/check-basic.in index 16cb52035..ae69476a8 100644 --- a/tests/gss/check-basic.in +++ b/tests/gss/check-basic.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 3b79da40f..a5416876a 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/gss/check-gss.in b/tests/gss/check-gss.in index 6cade1b58..1896a675d 100644 --- a/tests/gss/check-gss.in +++ b/tests/gss/check-gss.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/gss/check-gssmask.in b/tests/gss/check-gssmask.in index 7deb69f3d..6cc4234e9 100644 --- a/tests/gss/check-gssmask.in +++ b/tests/gss/check-gssmask.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/gss/check-negoex.in b/tests/gss/check-negoex.in index 797c1ced9..4e3cb8401 100644 --- a/tests/gss/check-negoex.in +++ b/tests/gss/check-negoex.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/gss/check-nodns.in b/tests/gss/check-nodns.in index 9d629e5c3..faf0325c4 100644 --- a/tests/gss/check-nodns.in +++ b/tests/gss/check-nodns.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/gss/check-spnego.in b/tests/gss/check-spnego.in index 422640a8f..01cecae58 100644 --- a/tests/gss/check-spnego.in +++ b/tests/gss/check-spnego.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/tests/kdc/check-kinit.in b/tests/kdc/check-kinit.in index 97fc7e8f3..f8539b0e5 100644 --- a/tests/kdc/check-kinit.in +++ b/tests/kdc/check-kinit.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden).