From: Harald Hoyer Date: Fri, 26 Mar 2021 09:29:16 +0000 (+0100) Subject: fix(url-lib): shellcheck for modules.d/45url-lib X-Git-Tag: 054~246 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e84fa7262d5d3273684473538d94a008b5f583e;p=thirdparty%2Fdracut.git fix(url-lib): shellcheck for modules.d/45url-lib --- diff --git a/modules.d/45url-lib/.shchkdir b/modules.d/45url-lib/.shchkdir new file mode 100644 index 000000000..e69de29bb diff --git a/modules.d/45url-lib/module-setup.sh b/modules.d/45url-lib/module-setup.sh index bd5e1c54d..ad7817467 100755 --- a/modules.d/45url-lib/module-setup.sh +++ b/modules.d/45url-lib/module-setup.sh @@ -15,7 +15,7 @@ depends() { # called by dracut install() { - local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item + local _dir _crt _found _lib _nssckbi _p11roots _p11root inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh" inst_multiple -o ctorrent inst_multiple curl @@ -29,10 +29,12 @@ install() { for _dir in $libdirs; do [[ -d $dracutsysrootdir$_dir ]] || continue - for _lib in $dracutsysrootdir$_dir/libcurl.so.*; do + for _lib in "$dracutsysrootdir$_dir"/libcurl.so.*; do [[ -e $_lib ]] || continue - [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib) - _crt=$(grep -F --binary-files=text -z .crt $_lib) + if ! [[ $_nssckbi ]]; then + read -r -d '' _nssckbi < <(grep -F --binary-files=text -z libnssckbi "$_lib") + fi + read -r -d '' _crt < <(grep -F --binary-files=text -z .crt "$_lib") [[ $_crt ]] || continue [[ $_crt == /*/* ]] || continue if ! inst "${_crt#$dracutsysrootdir}"; then @@ -53,26 +55,26 @@ install() { for _dir in $libdirs; do [[ -e $dracutsysrootdir$_dir/libnssckbi.so ]] || continue # this looks for directory-ish strings in the file - for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $dracutsysrootdir$_dir/libnssckbi.so); do - # the string can be a :-separated list of dirs - for _p11root in $(echo "$_p11roots" | tr ':' '\n'); do - # check if it's actually a directory (there are - # several false positives in the results) - [[ -d "$dracutsysrootdir$_p11root" ]] || continue - # check if it has some specific subdirs that all - # p11-kit trust dirs have - [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue - [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue - # so now we know it's really a p11-kit trust dir; - # install everything in it - for _p11item in $(find "$dracutsysrootdir$_p11root"); do - if ! inst "${_p11item#$dracutsysrootdir}"; then - dwarn "Couldn't install '${_p11item#$dracutsysrootdir}' from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work." - continue + grep -z -o --binary-files=text '/[[:alpha:]][[:print:]]*' "${dracutsysrootdir}${_dir}"/libnssckbi.so \ + | while read -r -d '' _p11roots || [[ $_p11roots ]]; do + IFS=":" read -r -a _p11roots <<< "$_p11roots" + # the string can be a :-separated list of dirs + for _p11root in "${_p11roots[@]}"; do + # check if it's actually a directory (there are + # several false positives in the results) + [[ -d "$dracutsysrootdir$_p11root" ]] || continue + # check if it has some specific subdirs that all + # p11-kit trust dirs have + [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue + [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue + # so now we know it's really a p11-kit trust dir; + # install everything in it + mkdir -p -- "${initdir}/${_p11root}" + if ! $DRACUT_CP -L -t "${initdir}/${_p11root}" "${dracutsysrootdir}${_p11root}"/*; then + dwarn "Couldn't install from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work." fi done done - done done fi [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work." diff --git a/modules.d/45url-lib/url-lib.sh b/modules.d/45url-lib/url-lib.sh index af9d3d8bc..ac09a1f4b 100755 --- a/modules.d/45url-lib/url-lib.sh +++ b/modules.d/45url-lib/url-lib.sh @@ -20,7 +20,8 @@ type mkuniqdir > /dev/null 2>&1 || . /lib/dracut-lib.sh # other: fetch command failure (whatever curl/mount/etc return) fetch_url() { local url="$1" outloc="$2" - local handler="$(get_url_handler $url)" + local handler + handler="$(get_url_handler "$url")" [ -n "$handler" ] || return 254 [ -n "$url" ] || return 255 "$handler" "$url" "$outloc" @@ -41,14 +42,14 @@ get_url_handler() { add_url_handler() { local handler="$1" shift - local schemes="$@" scheme="" + local schemes="$*" scheme="" set -- for scheme in $schemes; do - [ "$(get_url_handler $scheme)" = "$handler" ] && continue + [ "$(get_url_handler "$scheme")" = "$handler" ] && continue set -- "$@" "$scheme:$handler" done - set -- "$@" $url_handler_map # add new items to *front* of list - url_handler_map="$@" + set -- "$@" "$url_handler_map" # add new items to *front* of list + url_handler_map="$*" } ### HTTP, HTTPS, FTP ################################################# @@ -65,14 +66,15 @@ curl_fetch_url() { local url="$1" outloc="$2" echo "$url" > /proc/self/fd/0 if [ -n "$outloc" ]; then - curl $curl_args --output - -- "$url" > "$outloc" || return $? + curl "$curl_args" --output - -- "$url" > "$outloc" || return $? else - local outdir="$(mkuniqdir /tmp curl_fetch_url)" + local outdir + outdir="$(mkuniqdir /tmp curl_fetch_url)" ( - cd "$outdir" - curl $curl_args --remote-name "$url" || return $? + cd "$outdir" || exit + curl "$curl_args" --remote-name "$url" || return $? ) - outloc="$outdir/$(ls -A $outdir)" + outloc="$outdir/$(ls -A "$outdir")" fi if ! [ -f "$outloc" ]; then warn "Downloading '$url' failed!" @@ -96,21 +98,22 @@ ctorrent_fetch_url() { torrent_outloc="$outloc.torrent" echo "$url" > /proc/self/fd/0 if [ -n "$outloc" ]; then - curl $curl_args --output - -- "$url" > "$torrent_outloc" || return $? + curl "$curl_args" --output - -- "$url" > "$torrent_outloc" || return $? else - local outdir="$(mkuniqdir /tmp torrent_fetch_url)" + local outdir + outdir="$(mkuniqdir /tmp torrent_fetch_url)" ( - cd "$outdir" - curl $curl_args --remote-name "$url" || return $? + cd "$outdir" || exit + curl "$curl_args" --remote-name "$url" || return $? ) - torrent_outloc="$outdir/$(ls -A $outdir)" + torrent_outloc="$outdir/$(ls -A "$outdir")" outloc=${torrent_outloc%.*} fi if ! [ -f "$torrent_outloc" ]; then warn "Downloading '$url' failed!" return 253 fi - ctorrent $ctorrent_args -s $outloc $torrent_outloc >&2 + ctorrent "$ctorrent_args" -s "$outloc" "$torrent_outloc" >&2 if ! [ -f "$outloc" ]; then warn "Torrent download of '$url' failed!" return 253 @@ -126,17 +129,17 @@ command -v ctorrent > /dev/null \ [ -e /lib/nfs-lib.sh ] && . /lib/nfs-lib.sh nfs_already_mounted() { - local server="$1" path="$2" localdir="" s="" p="" - cat /proc/mounts | while read src mnt rest || [ -n "$src" ]; do + local server="$1" path="$2" s="" p="" + while read -r src mnt rest || [ -n "$src" ]; do splitsep ":" "$src" s p if [ "$server" = "$s" ]; then if [ "$path" = "$p" ]; then - echo $mnt + echo "$mnt" elif str_starts "$path" "$p"; then - echo $mnt/${path#$p/} + echo "$mnt"/"${path#$p/}" fi fi - done + done < /proc/mounts } nfs_fetch_url() { @@ -147,7 +150,8 @@ nfs_fetch_url() { # skip mount if server:/filepath is already mounted mntdir=$(nfs_already_mounted "$server" "$path") if [ -z "$mntdir" ]; then - local mntdir="$(mkuniqdir /run nfs_mnt)" + local mntdir + mntdir="$(mkuniqdir /run nfs_mnt)" mount_nfs "$nfs:$server:$filepath${options:+:$options}" "$mntdir" # lazy unmount during pre-pivot hook inst_hook --hook pre-pivot --name 99url-lib-umount-nfs umount -l -- "$mntdir"