Package: initramfs-tools
Version: 0.92o
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu jaunty ubuntu-patch
The final stage of mkinitramfs that builds the image does not verify the
exit codes of find or cpio:
(cd "${DESTDIR}" && find . | cpio --quiet --dereference -o -H newc | gzip
>"${outfile}") || exit 1
Once bug 514936 is solved, this will be even more important, since cpio
will actually return errors. In bash, there is support for checking more
than just the final pipe command's exit code via the "pipefail" option.
Attached patch adds this behavior, and make sure the script uses bash (to
avoid future dash/bash migration issues).
Current behavior:
$ find /fail | cpio --quiet --dereference -o -H newc | gzip > /tmp/archive.gz
find: `/fail': No such file or directory
$ echo $?
0
Desired behavior:
$ set -o pipefail
$ find /fail | cpio --quiet --dereference -o -H newc | gzip > /tmp/archive.gz
find: `/fail': No such file or directory
$ echo $?
1
Also, I would recommend adding "-e" to the shell to catch single-command
failures during execution, though that's out of scope for this particular
bug.
Thanks!
-Kees
--
Kees Cook @debian.org
--- mkinitramfs~ 2009-02-11 17:18:41.000000000 -0800
+++ mkinitramfs 2009-02-11 17:19:40.000000000 -0800
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
umask 0022
export PATH='/usr/bin:/sbin:/bin'
@@ -296,6 +296,7 @@
fi
[ "${verbose}" = y ] && echo "Building cpio ${outfile} initramfs"
+set -o pipefail
(cd "${DESTDIR}" && find . | cpio --quiet --dereference -o -H newc | gzip >"${outfile}") || exit 1
if [ -s "${__TMPCPIOGZ}" ]; then
