Skip to content

Commit

Permalink
Merge pull request lxc#4352 from simondeziel/shellcheck-checkconfig
Browse files Browse the repository at this point in the history 
Make `lxc-checkconfig` shellcheck clean
@stgraber
stgraber authored Oct 7, 2023
2 parents faecf3f + a87d6fc commit d39c672
Showing 1 changed file with 90 additions and 88 deletions.
178 changes: 90 additions & 88 deletions src/lxc/cmd/lxc-checkconfig.in
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
#!/bin/sh
# SPDX-License-Identifier: LGPL-2.1+

export LC_ALL=C.UTF-8
export LANGUAGE=en

# Allow environment variables to override config
: ${CONFIG:=/proc/config.gz}
: ${MODNAME:=configs}
: "${CONFIG:=/proc/config.gz}"
: "${MODNAME:=configs}"

CAT="cat"
GREP="grep"

if [ -t 1 ]; then
SETCOLOR_SUCCESS="printf \\033[1;32m"
@@ -20,21 +23,21 @@ else
fi

is_set() {
$CAT $CONFIG | grep "$1=[y|m]" > /dev/null
$GREP -wm1 "^${1}=[y|m]" "${CONFIG}" > /dev/null
return $?
}

show_enabled() {
RES=$1
RET=1
if [ $RES -eq 0 ]; then
$SETCOLOR_SUCCESS && echo -n "enabled" && $SETCOLOR_NORMAL
if [ "$RES" -eq 0 ]; then
$SETCOLOR_SUCCESS && printf "enabled" && $SETCOLOR_NORMAL
RET=0
else
if [ ! -z "$mandatory" ] && [ "$mandatory" = yes ]; then
$SETCOLOR_FAILURE && echo -n "required" && $SETCOLOR_NORMAL
if [ -n "$mandatory" ] && [ "$mandatory" = yes ]; then
$SETCOLOR_FAILURE && printf "required" && $SETCOLOR_NORMAL
else
$SETCOLOR_WARNING && echo -n "missing" && $SETCOLOR_NORMAL
$SETCOLOR_WARNING && printf "missing" && $SETCOLOR_NORMAL
fi
fi
return $RET
@@ -43,7 +46,7 @@ show_enabled() {
is_enabled() {
mandatory=$2

is_set $1
is_set "$1"
show_enabled $?
}

@@ -61,15 +64,14 @@ is_probed() {
if [ ! -f /proc/modules ]; then
return
fi
lsmod | grep $1 > /dev/null
if [ $? -eq 0 ]; then
echo -n ", loaded"
if lsmod | grep -wm1 "^${1}" > /dev/null; then
printf ", loaded"
else
echo -n ", not loaded"
printf ", not loaded"
fi
}

if type lxc-start >/dev/null 2>&1; then
if command -v lxc-start >/dev/null; then
echo "LXC version $(lxc-start --version)"
fi

@@ -81,58 +83,58 @@ if [ ! -f $CONFIG ]; then
[ -f "${HEADERS_CONFIG}" ] && CONFIG=${HEADERS_CONFIG}
[ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
if [ ! -f "$CONFIG" ]; then
MODULEFILE=$(modinfo -k $KVER -n $MODNAME 2> /dev/null)
MODULEFILE="$(modinfo -k "$KVER" -n "$MODNAME" 2> /dev/null)"
# don't want to modprobe, so give user a hint
# although scripts/extract-ikconfig could be used to extract contents without loading kernel module
# http://svn.pld-linux.org/trac/svn/browser/geninitrd/trunk/geninitrd?rev=12696#L327
fi
if [ ! -f $CONFIG ]; then
echo "$(basename $0): unable to retrieve kernel configuration" >&2
if [ ! -f "$CONFIG" ]; then
echo "$(basename "$0"): unable to retrieve kernel configuration" >&2
echo >&2
if [ -f "$MODULEFILE" ]; then
echo "Try modprobe $MODNAME module, or" >&2
fi
echo "Try recompiling with IKCONFIG_PROC, installing the kernel headers," >&2
echo "or specifying the kernel configuration path with:" >&2
echo " CONFIG=<path> $(basename $0)" >&2
echo " CONFIG=<path> $(basename "$0")" >&2
exit 1
else
echo "Kernel configuration found at $CONFIG"
fi
fi

if gunzip -tq < $CONFIG 2>/dev/null; then
CAT="zcat"
if gunzip -tq < "$CONFIG" 2>/dev/null; then
GREP="zgrep"
fi

KVER_MAJOR=$($CAT $CONFIG | grep '^# Linux.*Kernel Configuration' | \
sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
KVER_MAJOR="$($GREP -m1 '^# Linux.*Kernel Configuration' "${CONFIG}" | \
sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')"
if [ "$KVER_MAJOR" = "2" ]; then
KVER_MINOR=$($CAT $CONFIG | grep '^# Linux.*Kernel Configuration' | \
sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
KVER_MINOR="$($GREP -m1 '^# Linux.*Kernel Configuration' "${CONFIG}" | \
sed -r 's/.* 2.6.([0-9]{2}).*/\1/')"
else
KVER_MINOR=$($CAT $CONFIG | grep '^# Linux.*Kernel Configuration' | \
sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
KVER_MINOR="$($GREP -m1 '^# Linux.*Kernel Configuration' "${CONFIG}" | \
sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')"
fi

if [ -z "${KVER_MAJOR}" ]; then
echo "WARNING: Unable to detect version from configuration, assuming latest"
echo ""
echo
KVER_MAJOR="100"
KVER_MINOR="0"
fi

echo ""
echo "--- Namespaces ---"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo "
--- Namespaces ---"
printf "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
printf "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
printf "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
printf "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
printf "User namespace: " && is_enabled CONFIG_USER_NS
echo
if is_set CONFIG_USER_NS; then
if command -v newuidmap >/dev/null 2>&1; then
@@ -152,18 +154,18 @@ if is_set CONFIG_USER_NS; then
echo "newgidmap is not installed"
fi
fi
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
printf "Network namespace: " && is_enabled CONFIG_NET_NS
echo
if ([ $KVER_MAJOR -lt 4 ]) || ([ $KVER_MAJOR -eq 4 ] && [ $KVER_MINOR -lt 7 ]); then
echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
if [ $KVER_MAJOR -lt 4 ] || { [ $KVER_MAJOR -eq 4 ] && [ $KVER_MINOR -lt 7 ]; }; then
printf "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
echo
fi
echo

echo "--- Control groups ---"
echo -n "Cgroups: " && is_enabled CONFIG_CGROUPS
echo "
--- Control groups ---"
printf "Cgroups: " && is_enabled CONFIG_CGROUPS
echo
echo -n "Cgroup namespace: " && has_cgroup_ns
printf "Cgroup namespace: " && has_cgroup_ns
echo

print_cgroups() {
@@ -184,102 +186,102 @@ for mnt in ${CGROUP_V2_MNTS}; do
done

if [ "${CGROUP_V2_MNTS}" != "/sys/fs/cgroup" ]; then
CGROUP_SYSTEMD_MNTPT=$(echo "$CGROUP_V1_MNTS" | grep "/systemd")
CGROUP_SYSTEMD_MNTPT=$(echo "$CGROUP_V1_MNTS" | grep -F "/systemd")
if [ -z "$CGROUP_SYSTEMD_MNTPT" ]; then
echo -n "Cgroup v1 systemd controller: "
$SETCOLOR_FAILURE && echo -n "missing" && $SETCOLOR_NORMAL
echo
printf "Cgroup v1 systemd controller: "
$SETCOLOR_FAILURE && echo "missing" && $SETCOLOR_NORMAL
fi

CGROUP_FREEZER_MNTPT=$(echo "$CGROUP_V1_MNTS" | grep "/freezer")
CGROUP_FREEZER_MNTPT=$(echo "$CGROUP_V1_MNTS" | grep -F "/freezer")
if [ -z "$CGROUP_FREEZER_MNTPT" ]; then
echo -n "Cgroup v1 freezer controller: "
$SETCOLOR_FAILURE && echo -n "missing" && $SETCOLOR_NORMAL
echo
printf "Cgroup v1 freezer controller: "
$SETCOLOR_FAILURE && echo "missing" && $SETCOLOR_NORMAL
fi

CGROUP_MNT_PATH=$(echo "$CGROUP_V1_MNTS" | head -n 1)
if [ -f $CGROUP_MNT_PATH/cgroup.clone_children ]; then
echo -n "Cgroup v1 clone_children flag: " &&
if [ -f "$CGROUP_MNT_PATH/cgroup.clone_children" ]; then
printf "Cgroup v1 clone_children flag: " &&
$SETCOLOR_SUCCESS && echo "enabled" && $SETCOLOR_NORMAL
fi
fi

echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
printf "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo

echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
printf "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo

echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
printf "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
echo

echo -n "Cgroup memory controller: "
if ([ $KVER_MAJOR -ge 3 ] && [ $KVER_MINOR -ge 6 ]) || ([ $KVER_MAJOR -gt 3 ]); then
printf "Cgroup memory controller: "
if { [ $KVER_MAJOR -ge 3 ] && [ $KVER_MINOR -ge 6 ]; } || [ $KVER_MAJOR -gt 3 ]; then
is_enabled CONFIG_MEMCG
else
is_enabled CONFIG_CGROUP_MEM_RES_CTLR
fi
echo

is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS && echo
echo
is_set CONFIG_SMP && printf "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS && echo

echo "--- Misc ---"
echo -n "Veth pair device: " && is_enabled CONFIG_VETH && is_probed veth
echo "
--- Misc ---"
printf "Veth pair device: " && is_enabled CONFIG_VETH && is_probed veth
echo
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN && is_probed macvlan
printf "Macvlan: " && is_enabled CONFIG_MACVLAN && is_probed macvlan
echo
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q && is_probed 8021q
printf "Vlan: " && is_enabled CONFIG_VLAN_8021Q && is_probed 8021q
echo
echo -n "Bridges: " && is_enabled CONFIG_BRIDGE && is_probed bridge
printf "Bridges: " && is_enabled CONFIG_BRIDGE && is_probed bridge
echo
echo -n "Advanced netfilter: " && is_enabled CONFIG_NETFILTER_ADVANCED && is_probed nf_tables
if ( [ $KVER_MAJOR -gt 3 ] && [ $KVER_MINOR -gt 6 ] ) && [ $KVER_MAJOR -lt 5 ] ; then
printf "Advanced netfilter: " && is_enabled CONFIG_NETFILTER_ADVANCED && is_probed nf_tables
if { [ $KVER_MAJOR -gt 3 ] && [ $KVER_MINOR -gt 6 ]; } && [ $KVER_MAJOR -lt 5 ]; then
echo
echo -n "CONFIG_NF_NAT_IPV4: " && is_enabled CONFIG_NF_NAT_IPV4 && is_probed nf_nat_ipv4
printf "CONFIG_NF_NAT_IPV4: " && is_enabled CONFIG_NF_NAT_IPV4 && is_probed nf_nat_ipv4
echo
echo -n "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6
printf "CONFIG_NF_NAT_IPV6: " && is_enabled CONFIG_NF_NAT_IPV6 && is_probed nf_nat_ipv6
fi
echo
echo -n "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4
printf "CONFIG_IP_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv4
echo
echo -n "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6
printf "CONFIG_IP6_NF_TARGET_MASQUERADE: " && is_enabled CONFIG_IP6_NF_TARGET_MASQUERADE && is_probed nf_nat_masquerade_ipv6
echo
echo -n "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM
printf "CONFIG_NETFILTER_XT_TARGET_CHECKSUM: " && is_enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM && is_probed xt_CHECKSUM
echo
echo -n "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment
printf "CONFIG_NETFILTER_XT_MATCH_COMMENT: " && is_enabled CONFIG_NETFILTER_XT_MATCH_COMMENT && is_probed xt_comment
echo
echo -n "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse
printf "FUSE (for use with lxcfs): " && is_enabled CONFIG_FUSE_FS && is_probed fuse
echo

echo "
--- Checkpoint/Restore ---"
printf "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE
echo
echo "--- Checkpoint/Restore ---"
echo -n "checkpoint restore: " && is_enabled CONFIG_CHECKPOINT_RESTORE
printf "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE
echo
echo -n "CONFIG_FHANDLE: " && is_enabled CONFIG_FHANDLE
printf "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD
echo
echo -n "CONFIG_EVENTFD: " && is_enabled CONFIG_EVENTFD
printf "CONFIG_EPOLL: " && is_enabled CONFIG_EPOLL
echo
echo -n "CONFIG_EPOLL: " && is_enabled CONFIG_EPOLL
printf "CONFIG_UNIX_DIAG: " && is_enabled CONFIG_UNIX_DIAG
echo
echo -n "CONFIG_UNIX_DIAG: " && is_enabled CONFIG_UNIX_DIAG
printf "CONFIG_INET_DIAG: " && is_enabled CONFIG_INET_DIAG
echo
echo -n "CONFIG_INET_DIAG: " && is_enabled CONFIG_INET_DIAG
printf "CONFIG_PACKET_DIAG: " && is_enabled CONFIG_PACKET_DIAG
echo
echo -n "CONFIG_PACKET_DIAG: " && is_enabled CONFIG_PACKET_DIAG
printf "CONFIG_NETLINK_DIAG: " && is_enabled CONFIG_NETLINK_DIAG
echo
echo -n "CONFIG_NETLINK_DIAG: " && is_enabled CONFIG_NETLINK_DIAG
echo
echo -n "File capabilities: "
printf "File capabilities: "
if [ "${KVER_MAJOR}" = 2 ] && [ ${KVER_MINOR} -lt 33 ]; then
is_enabled CONFIG_SECURITY_FILE_CAPABILITIES
echo
else
$SETCOLOR_SUCCESS && echo "enabled" && $SETCOLOR_NORMAL
fi

echo
echo "Note : Before booting a new kernel, you can check its configuration"
echo "usage : CONFIG=/path/to/config $0"
echo
echo "
Note: Before booting a new kernel, you can check its configuration with:
CONFIG=/path/to/config $0
"

0 comments on commit d39c672

Please sign in to comment.