From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Tue, 24 May 2022 14:34:04 +0000 (+0200)
Subject: fix(integrity): do not display any error if there is no IMA certificate
X-Git-Tag: 057~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f63f411d52df613936082d646ab072447b8b9d7f;p=thirdparty%2Fdracut.git

fix(integrity): do not display any error if there is no IMA certificate

IMA appraisal can be used without digital signatures, just by storing hash
digests instead.
---

diff --git a/modules.d/98integrity/ima-keys-load.sh b/modules.d/98integrity/ima-keys-load.sh
index 2959331a6..be234761d 100755
--- a/modules.d/98integrity/ima-keys-load.sh
+++ b/modules.d/98integrity/ima-keys-load.sh
@@ -17,8 +17,7 @@ load_x509_keys() {
         IMAKEYSDIR="/etc/keys/ima"
     fi
 
-    PUBKEY_LIST=$(ls "${NEWROOT}"${IMAKEYSDIR}/*)
-    for PUBKEY in ${PUBKEY_LIST}; do
+    for PUBKEY in "${NEWROOT}${IMAKEYSDIR}"/*; do
         # check for public key's existence
         if [ ! -f "${PUBKEY}" ]; then
             if [ "${RD_DEBUG}" = "yes" ]; then