CISS.debian.installer/func/cdi_4700_verification/4690_check_grub_cmdline.sh

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
# SPDX-Comment: GRUB Kernel Parameter Linter

set -Ceuo pipefail

#######################################
# Parse GRUB_CMDLINE string into array of unique options
# Arguments:
#   1: Grub file to parse
#######################################
parse_cmdline() {
  declare var_input="${1}"
  declare -a ary_input
  ### Remove outer quotes if present.
  var_input="${var_input%\"}"
  var_input="${var_input#\"}"
  ### Split into an array.
  read -r -a ary_input <<< "${var_input}"
  printf "%s\n" "${ary_input[@]}"
}

#######################################
# Key extractor: for 'console=tty0' -> 'console'
# Arguments:
#   1:
#######################################
extract_key() {
  declare var_param="${1}"
  if [[ "${var_param}" == *=* ]]; then
    echo "${var_param%%=*}"
  else
    echo "${var_param}"
  fi
}

#######################################
# Check Grub Command Lines for duplicate entries.
# Globals:
#   TARGET
# Arguments:
#   None
# Returns:
#   0: on success
#######################################
check_grub_cmdline() {
  ### Variable and Array declaration.
  declare var_grub_file="${TARGET}/etc/default/grub"
  declare var_grub_linux_line="" var_grub_default_line="" dup="" key="" p="" source=""
  declare -a ary_default_params=() ary_linux_params=()
  ### Combine for conflict analysis.
  declare -A hmp_param_values=()
  declare -A hmp_param_sources=()
  declare -A hmp_duplicate_params=()

  ### Extract lines.
  var_grub_linux_line=$(grep -E '^GRUB_CMDLINE_LINUX=' "${var_grub_file}" | sed -E 's/GRUB_CMDLINE_LINUX=//')
  var_grub_default_line=$(grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' "${var_grub_file}" | sed -E 's/GRUB_CMDLINE_LINUX_DEFAULT=//')

  ### Parse both lines.
  mapfile -t ary_linux_params < <(parse_cmdline "${var_grub_linux_line}")
  mapfile -t ary_default_params < <(parse_cmdline "${var_grub_default_line}")

  ### Loop over all parameters.
  for source in "linux" "default"; do
    declare -n params="ary_${source}_params"
    for p in "${params[@]}"; do
      key=$(extract_key "${p}")
      if [[ -v hmp_param_values["${key}"] ]]; then
        if [[ "${hmp_param_values[${key}]}" != "${p}" ]]; then
          echo "Conflict: Parameter '${key}' has multiple values:"
          echo "- ${hmp_param_values[${key}]} (from ${hmp_param_sources[${key}]})"
          echo "- ${p} (from ${source})"
        else
          hmp_duplicate_params["${p}"]=1
        fi
      else
        hmp_param_values["${key}"]="${p}"
        hmp_param_sources["${key}"]="${source}"
      fi
    done
  done

### Report duplicates.
if (( ${#hmp_duplicate_params[@]} > 0 )); then
  echo "Duplicate parameters found:"
  for dup in "${!hmp_duplicate_params[@]}"; do
    echo "- ${dup}"
  done
fi

echo "GRUB_CMDLINE check complete."
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh