fix(dracut): be more robust when using 'set -u'

From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.

With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:

Incorrect:

$ bash -u -c 'echo -n ${FUNCNAME[0]}'
bash: line 1: FUNCNAME[0]: unbound variable
$

Correct:

$ bash -u -c 'echo -n ${FUNCNAME[0]-}'
$

This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)

Signed-off-by: Renaud Métrich <rmetrich@redhat.com>

diff --git a/dracut.sh b/dracut.sh
index 58d51d715241b529d42561db14591fd62bdfc8e4..0d67c9d41b30f29804b76f5252c5f4a443df36f2 100755 (executable)
--- a/dracut.sh
+++ b/dracut.sh
@@ -882,7 +882,7 @@ unset GREP_OPTIONS
 export DRACUT_LOG_LEVEL=warning
 [[ $debug ]] && {
     export DRACUT_LOG_LEVEL=debug
-    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
     set -x
 }
 

diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh
index 591b97c6dc8ddb99702fdeaa4d77045134878344..43b023e141a01b162ed789e4fc36d0991f60faf7 100755 (executable)
--- a/modules.d/99base/dracut-lib.sh
+++ b/modules.d/99base/dracut-lib.sh
@@ -392,7 +392,7 @@ setdebug() {
             if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
                 RD_DEBUG=yes
                 [ -n "$BASH" ] \
-                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
             fi
         fi
         export RD_DEBUG