script:
#!/bin/sh
set -x
kver="$(uname -r)"
if [ "${kver}" -ge "5.4" ]; then
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX lockdown=confidentiality"
fi
xtrace:
- uname -r
- kver=4.19.79-1.pvops.qubes.x86_64
- [ 4.19.79-1.pvops.qubes.x86_64 -ge 5.4 ]
./x: 7: [: Illegal number: 4.19.79-1.pvops.qubes.x86_64
Thinking…
dpkg --compare-versions
?
(Whonix source code uses this in some places.)
Is this required? What happens when enabling lockdown=confidentiality on a too old kernel? It’s simply ignored? If the answer is yes, then that is not so bad. Or does something break? Well, then the “if” needs to be sorted indeed.