From: Viktor Szakats Date: Sun, 7 Apr 2024 10:02:49 +0000 (+0000) Subject: GHA: add shellcheck job and fix warnings, shell tidy-ups X-Git-Tag: curl-8_8_0~280 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fa69b41c7790fab86fd363242c81d8ef2e89e183;p=thirdparty%2Fcurl.git GHA: add shellcheck job and fix warnings, shell tidy-ups Reviewed-by: Daniel Stenberg Closes #13307 --- diff --git a/.github/scripts/shellcheck.sh b/.github/scripts/shellcheck.sh new file mode 100755 index 0000000000..dabea19f35 --- /dev/null +++ b/.github/scripts/shellcheck.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +# FIXME: packages/OS400/* scripts + +shellcheck --version +# shellcheck disable=SC2046 +shellcheck --exclude=1091 \ + --enable=avoid-nullary-conditions,deprecate-which \ + $(grep -l -E '^#!(/usr/bin/env bash|/bin/sh|/bin/bash)' $(git ls-files | grep -v -F 'packages/OS400/')) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 0000000000..a0beb71b00 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,28 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: shellcheck + +on: + push: + branches: + - master + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + shellcheck: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v4 + - name: 'shellcheck' + run: .github/scripts/shellcheck.sh diff --git a/MacOSX-Framework b/MacOSX-Framework index 5ac537633c..8b0690f42f 100755 --- a/MacOSX-Framework +++ b/MacOSX-Framework @@ -22,139 +22,143 @@ # SPDX-License-Identifier: curl # ########################################################################### + +set -eu + # This script performs all of the steps needed to build a # universal binary libcurl.framework for Mac OS X 10.4 or greater. # # Hendrik Visage: -# Generalizations added since Snowleopard (10.6) do not include -# the 10.4u SDK. +# Generalizations added since Snow Leopard (10.6) do not include the 10.4 SDK. # # Also note: -# 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support -#If you need to have PPC64 support then change below to 1 +# 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have PPC64 support +# If you need to have PPC64 support then change below to 1 PPC64_NEEDED=0 # Apple does not support building for PPC anymore in Xcode 4 and later. -# If you're using Xcode 3 or earlier and need PPC support, then change +# If you are using Xcode 3 or earlier and need PPC support, then change # the setting below to 1 PPC_NEEDED=0 # For me the default is to develop for the platform I am on, and if you -#desire compatibility with older versions then change USE_OLD to 1 :) +# desire compatibility with older versions then change USE_OLD to 1 :) USE_OLD=0 -VERSION=`/usr/bin/sed -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' include/curl/curlver.h` +VERSION=$(/usr/bin/sed -ne \ + 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' include/curl/curlver.h) FRAMEWORK_VERSION=Versions/Release-$VERSION -#I also wanted to "copy over" the system, and thus the reason I added the +# I also wanted to "copy over" the system, and thus the reason I added the # version to Versions/Release-7.20.1 etc. # now a simple rsync -vaP libcurl.framework /Library/Frameworks will install it # and setup the right paths to this version, leaving the system version # "intact", so you can "fix" it later with the links to Versions/A/... -DEVELOPER_PATH=`xcode-select --print-path` +DEVELOPER_PATH=$(xcode-select --print-path) # Around Xcode 4.3, SDKs were moved from the Developer folder into the # MacOSX.platform folder if test -d "$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"; then - SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs" + SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs" else - SDK_PATH="$DEVELOPER_PATH/SDKs" + SDK_PATH="$DEVELOPER_PATH/SDKs" fi -OLD_SDK=`ls $SDK_PATH|head -1` -NEW_SDK=`ls -r $SDK_PATH|head -1` - -if test "0"$USE_OLD -gt 0 -then - SDK32=$OLD_SDK +# FIXME +# shellcheck disable=SC2012 +OLD_SDK=$(ls "$SDK_PATH" | head -1) +# FIXME +# shellcheck disable=SC2012 +NEW_SDK=$(ls -r "$SDK_PATH" | head -1) + +if test "0$USE_OLD" -gt 0; then + SDK32=$OLD_SDK else - SDK32=$NEW_SDK + SDK32=$NEW_SDK fi -MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//` - SDK32_DIR=$SDK_PATH/$SDK32 -MINVER32='-mmacosx-version-min='$MACVER -if test $PPC_NEEDED -gt 0; then - ARCHES32='-arch i386 -arch ppc' +if test "$PPC_NEEDED" -gt 0; then + ARCHES32='-arch i386 -arch ppc' else - ARCHES32='-arch i386' + ARCHES32='-arch i386' fi -if test $PPC64_NEEDED -gt 0 -then +if test "$PPC64_NEEDED" -gt 0; then SDK64=10.5 ARCHES64='-arch x86_64 -arch ppc64' - SDK64=`ls $SDK_PATH | grep "10\.5" | head -1` + # FIXME + # shellcheck disable=SC2010 + SDK64=$(ls "$SDK_PATH" | grep "10\.5" | head -1) else - ARCHES64='-arch x86_64' - #We "know" that 10.4 and earlier do not support 64bit - OLD_SDK64=`ls $SDK_PATH | grep -v "10\.[0-4]" | head -1` - NEW_SDK64=`ls -r $SDK_PATH | grep -v "10\.[0-4][^0-9]" | head -1` - if test $USE_OLD -gt 0 - then - SDK64=$OLD_SDK64 + ARCHES64='-arch x86_64' + # We "know" that 10.4 and earlier do not support 64-bit + # FIXME + # shellcheck disable=SC2010 + OLD_SDK64=$(ls "$SDK_PATH" | grep -v "10\.[0-4]" | head -1) + # FIXME + # shellcheck disable=SC2010 + NEW_SDK64=$(ls -r "$SDK_PATH" | grep -v "10\.[0-4][^0-9]" | head -1) + if test "$USE_OLD" -gt 0; then + SDK64=$OLD_SDK64 else - SDK64=$NEW_SDK64 + SDK64=$NEW_SDK64 fi fi SDK64_DIR=$SDK_PATH/$SDK64 -MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//` - -MINVER64='-mmacosx-version-min='$MACVER64 -if test ! -z $SDK32; then - echo "----Configuring libcurl for 32 bit universal framework..." +if test ! -z "$SDK32"; then + echo "----Configuring libcurl for 32-bit universal framework..." make clean ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \ LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \ - CC=$CC + CC="$CC" - echo "----Building 32 bit libcurl..." - make -j `sysctl -n hw.logicalcpu_max` + echo "----Building 32-bit libcurl..." + make -j "$(sysctl -n hw.logicalcpu_max)" - echo "----Creating 32 bit framework..." + echo "----Creating 32-bit framework..." rm -r libcurl.framework - mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources - cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl - cp lib/libcurl.plist libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist - mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl - cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl + mkdir -p "libcurl.framework/${FRAMEWORK_VERSION}/Resources" + cp lib/.libs/libcurl.dylib "libcurl.framework/${FRAMEWORK_VERSION}/libcurl" + install_name_tool -id "@rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl" "libcurl.framework/${FRAMEWORK_VERSION}/libcurl" + cp lib/libcurl.plist "libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist" + mkdir -p "libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl" + cp include/curl/*.h "libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl" pushd libcurl.framework - ln -fs ${FRAMEWORK_VERSION}/libcurl libcurl - ln -fs ${FRAMEWORK_VERSION}/Resources Resources - ln -fs ${FRAMEWORK_VERSION}/Headers Headers + ln -fs "${FRAMEWORK_VERSION}/libcurl" libcurl + ln -fs "${FRAMEWORK_VERSION}/Resources" Resources + ln -fs "${FRAMEWORK_VERSION}/Headers" Headers cd Versions - ln -fs $(basename "${FRAMEWORK_VERSION}") Current + ln -fs "$(basename "${FRAMEWORK_VERSION}")" Current + popd echo Testing for SDK64 - if test -d $SDK64_DIR; then - echo entering... - popd + if test -d "$SDK64_DIR"; then + echo entering... make clean - echo "----Configuring libcurl for 64 bit universal framework..." + echo "----Configuring libcurl for 64-bit universal framework..." ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \ LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \ - CC=$CC + CC="$CC" - echo "----Building 64 bit libcurl..." - make -j `sysctl -n hw.logicalcpu_max` + echo "----Building 64-bit libcurl..." + make -j "$(sysctl -n hw.logicalcpu_max)" - echo "----Appending 64 bit framework to 32 bit framework..." - cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 + echo "----Appending 64-bit framework to 32-bit framework..." + cp lib/.libs/libcurl.dylib "libcurl.framework/${FRAMEWORK_VERSION}/libcurl64" + install_name_tool -id "@rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl" "libcurl.framework/${FRAMEWORK_VERSION}/libcurl64" + cp "libcurl.framework/${FRAMEWORK_VERSION}/libcurl" "libcurl.framework/${FRAMEWORK_VERSION}/libcurl32" pwd - lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl - rm libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 + lipo "libcurl.framework/${FRAMEWORK_VERSION}/libcurl32" "libcurl.framework/${FRAMEWORK_VERSION}/libcurl64" -create -output "libcurl.framework/${FRAMEWORK_VERSION}/libcurl" + rm "libcurl.framework/${FRAMEWORK_VERSION}/libcurl32" "libcurl.framework/${FRAMEWORK_VERSION}/libcurl64" fi pwd - lipo -info libcurl.framework/${FRAMEWORK_VERSION}/libcurl + lipo -info "libcurl.framework/${FRAMEWORK_VERSION}/libcurl" echo "libcurl.framework is built and can now be included in other projects." echo "Copy libcurl.framework to your bundle's Contents/Frameworks folder, ~/Library/Frameworks or /Library/Frameworks." else - echo "Building libcurl.framework requires Mac OS X 10.4 or later with the MacOSX10.4/5/6 SDK installed." + echo "Building libcurl.framework requires Mac OS X 10.4 or later with Mac OS X 10.4/5/6 SDK installed." fi diff --git a/curl-config.in b/curl-config.in index 54f92d9313..085bb1ef56 100644 --- a/curl-config.in +++ b/curl-config.in @@ -1,4 +1,4 @@ -#! /bin/sh +#!/bin/sh #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -24,173 +24,170 @@ ########################################################################### prefix="@prefix@" +# Used in @libdir@ +# shellcheck disable=SC2034 exec_prefix=@exec_prefix@ +# shellcheck disable=SC2034 includedir=@includedir@ cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@ usage() { - cat <&2 - exit 1 - fi - ;; - - --configure) - echo @CONFIGURE_OPTIONS@ - ;; - - *) - echo "unknown option: $1" - usage 1 - ;; - esac - shift + fi + fi + + echo "requested version $checkfor is newer than existing @CURLVERSION@" + exit 1 + ;; + + --vernum) + echo '@VERSIONNUM@' + exit 0 + ;; + + --help) + usage 0 + ;; + + --cflags) + if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then + CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB " + else + CPPFLAG_CURL_STATICLIB="" + fi + if test "X@includedir@" = "X/usr/include"; then + echo "${CPPFLAG_CURL_STATICLIB}" + else + echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@" + fi + ;; + + --libs) + if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then + CURLLIBDIR="-L@libdir@ " + else + CURLLIBDIR="" + fi + if test "X@ENABLE_SHARED@" = "Xno"; then + echo "${CURLLIBDIR}-lcurl @LIBCURL_LIBS@" + else + echo "${CURLLIBDIR}-lcurl" + fi + ;; + + --ssl-backends) + echo '@SSL_BACKENDS@' + ;; + + --static-libs) + if test "X@ENABLE_STATIC@" != "Xno" ; then + echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ + else + echo 'curl was built with static libraries disabled' >&2 + exit 1 + fi + ;; + + --configure) + echo @CONFIGURE_OPTIONS@ + ;; + + *) + echo "unknown option: $1" + usage 1 + ;; + esac + shift done exit 0 diff --git a/scripts/contributors.sh b/scripts/contributors.sh index 90ea5c94d7..ad6f0b5662 100755 --- a/scripts/contributors.sh +++ b/scripts/contributors.sh @@ -29,21 +29,21 @@ # RELEASE-NOTES. # -start=$1 +set -eu + +start="${1:-}" if test "$start" = "-h"; then - echo "Usage: $0 [--releasenotes]" - exit + echo "Usage: $0 [--releasenotes]" + exit fi if test -z "$start"; then - start=`git tag --sort=taggerdate | grep "^curl-" | tail -1`; - echo "Since $start:" + start=$(git tag --sort=taggerdate | grep "^curl-" | tail -1) + echo "Since $start:" fi # We also include curl-www if possible. Override by setting CURLWWW -if [ -z "$CURLWWW" ] ; then - CURLWWW=../curl-www -fi +CURLWWW="${CURLWWW:-../curl-www}" # filter out Author:, Commit: and *by: lines # cut off the email parts @@ -55,31 +55,30 @@ fi # sort all unique names # awk them into RELEASE-NOTES format -( - ( - git log --pretty=full --use-mailmap $start..HEAD - if [ -d "$CURLWWW" ] - then - git -C "$CURLWWW" log --pretty=full --use-mailmap $start..HEAD - fi - ) | \ -grep -Eai '(^Author|^Commit|by):' | \ -cut -d: -f2- | \ -cut '-d(' -f1 | \ -cut '-d<' -f1 | \ -tr , '\012' | \ -sed 's/ at github/ on github/' | \ -sed 's/ and /\n/' | \ -sed -e 's/^ *//' -e 's/ $//g' -e 's/@users.noreply.github.com$/ on github/' - -grep -a "^ [^ \(]" RELEASE-NOTES| \ -sed 's/, */\n/g'| \ -sed 's/^ *//' +{ + { + git log --pretty=full --use-mailmap "$start..HEAD" + if [ -d "$CURLWWW" ]; then + git -C "$CURLWWW" log --pretty=full --use-mailmap "$start..HEAD" + fi + } | \ + grep -Eai '(^Author|^Commit|by):' | \ + cut -d: -f2- | \ + cut '-d(' -f1 | \ + cut '-d<' -f1 | \ + tr , '\012' | \ + sed 's/ at github/ on github/' | \ + sed 's/ and /\n/' | \ + sed -e 's/^ *//' -e 's/ $//g' -e 's/@users.noreply.github.com$/ on github/' -)| \ + grep -a "^ [^ \(]" RELEASE-NOTES| \ + sed 's/, */\n/g'| \ + sed 's/^ *//' +} | \ sed -f ./docs/THANKS-filter | \ sort -fu | \ -awk '{ +awk ' +{ if(length($0)) { num++; n = sprintf("%s%s%s,", n, length(n)?" ":"", $0); @@ -92,10 +91,9 @@ awk '{ } } - END { - pp=substr(p,1,length(p)-1); - printf(" %s\n", pp); - printf(" (%d contributors)\n", num); - } - +END { + pp=substr(p,1,length(p)-1); + printf(" %s\n", pp); + printf(" (%d contributors)\n", num); +} ' diff --git a/scripts/contrithanks.sh b/scripts/contrithanks.sh index b188422881..49f4ddcb52 100755 --- a/scripts/contrithanks.sh +++ b/scripts/contrithanks.sh @@ -28,50 +28,46 @@ # puts them at the end of the THANKS document on stdout # -start=$1 +set -eu + +start="${1:-}" if test "$start" = "-h"; then echo "Usage: $0 " exit fi if test -z "$start"; then - start=`git tag --sort=taggerdate | grep "^curl-" | tail -1`; + start=$(git tag --sort=taggerdate | grep "^curl-" | tail -1) fi - # We also include curl-www if possible. Override by setting CURLWWW -if [ -z "$CURLWWW" ] ; then - CURLWWW=../curl-www -fi +CURLWWW="${CURLWWW:-../curl-www}" cat ./docs/THANKS -( - ( - git log --use-mailmap $start..HEAD - if [ -d "$CURLWWW" ] - then - git -C ../curl-www log --use-mailmap $start..HEAD - fi - ) | \ - -grep -Eai '(^Author|^Commit|by):' | \ -cut -d: -f2- | \ -cut '-d(' -f1 | \ -cut '-d<' -f1 | \ -tr , '\012' | \ -sed 's/ at github/ on github/' | \ -sed 's/ and /\n/' | \ -sed -e 's/^ //' -e 's/ $//g' -e 's/@users.noreply.github.com$/ on github/' - -# grep out the list of names from RELEASE-NOTES -# split on ", " -# remove leading whitespace -grep -a "^ [^ (]" RELEASE-NOTES| \ -sed 's/, */\n/g'| \ -sed 's/^ *//' +{ + { + git log --use-mailmap "$start..HEAD" + if [ -d "$CURLWWW" ]; then + git -C ../curl-www log --use-mailmap "$start..HEAD" + fi + } | \ + grep -Eai '(^Author|^Commit|by):' | \ + cut -d: -f2- | \ + cut '-d(' -f1 | \ + cut '-d<' -f1 | \ + tr , '\012' | \ + sed 's/ at github/ on github/' | \ + sed 's/ and /\n/' | \ + sed -e 's/^ //' -e 's/ $//g' -e 's/@users.noreply.github.com$/ on github/' -)| \ + # grep out the list of names from RELEASE-NOTES + # split on ", " + # remove leading whitespace + grep -a "^ [^ (]" RELEASE-NOTES| \ + sed 's/, */\n/g'| \ + sed 's/^ *//' +} | \ sed -f ./docs/THANKS-filter | \ sort -fu | \ grep -aixvf ./docs/THANKS diff --git a/scripts/coverage.sh b/scripts/coverage.sh index 0a7c7824ae..b5540568ff 100755 --- a/scripts/coverage.sh +++ b/scripts/coverage.sh @@ -23,6 +23,8 @@ # ########################################################################### +set -eu + autoreconf -fi mkdir -p cvr cd cvr diff --git a/scripts/firefox-db2pem.sh b/scripts/firefox-db2pem.sh index f78f415232..a45a881db8 100755 --- a/scripts/firefox-db2pem.sh +++ b/scripts/firefox-db2pem.sh @@ -26,8 +26,11 @@ # It extracts all ca certs it finds in the local Firefox database and converts # them all into PEM format. # -db=$(ls -1d $HOME/.mozilla/firefox/*default*) -out=$1 + +set -eu + +db=$(ls -1d "$HOME"/.mozilla/firefox/*default*) +out="${1:-}" if test -z "$out"; then out="ca-bundle.crt" # use a sensible default @@ -35,7 +38,7 @@ fi currentdate=$(date) -cat >$out < "$out" <> $out +done >> "$out" diff --git a/scripts/installcheck.sh b/scripts/installcheck.sh index 433420e03d..b13db2aa39 100755 --- a/scripts/installcheck.sh +++ b/scripts/installcheck.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -23,28 +23,30 @@ # ########################################################################### -PREFIX=$1 +set -eu + +PREFIX="${1:-}" # Run this script in the root of the git clone. Point out the install prefix # where 'make install' has already installed curl. -if test -z "$1"; then - echo "scripts/installcheck.sh [PREFIX]" - exit +if test -z "$PREFIX"; then + echo "scripts/installcheck.sh [PREFIX]" + exit fi -diff -u <(find docs/libcurl/ -name "*.3" -printf "%f\n" | grep -v template| sort) <(find $PREFIX/share/man/ -name "*.3" -printf "%f\n" | sort) +diff -u <(find docs/libcurl/ -name "*.3" -printf "%f\n" | grep -v template | sort) <(find "$PREFIX/share/man/" -name "*.3" -printf "%f\n" | sort) if test "$?" -ne "0"; then - echo "ERROR: installed libcurl docs mismatch" - exit 2 + echo "ERROR: installed libcurl docs mismatch" + exit 2 fi -diff -u <(find include/ -name "*.h" -printf "%f\n" | sort) <(find $PREFIX/include/ -name "*.h" -printf "%f\n" | sort) +diff -u <(find include/ -name "*.h" -printf "%f\n" | sort) <(find "$PREFIX/include/" -name "*.h" -printf "%f\n" | sort) if test "$?" -ne "0"; then - echo "ERROR: installed include files mismatch" - exit 1 + echo "ERROR: installed include files mismatch" + exit 1 fi echo "installcheck: installed libcurl docs and include files look good" diff --git a/scripts/release-tools.sh b/scripts/release-tools.sh index 92134bea91..57c8c2fb01 100755 --- a/scripts/release-tools.sh +++ b/scripts/release-tools.sh @@ -23,6 +23,8 @@ # ########################################################################### +set -eu + cat </dev/null) if test ! -e "$exists"; then - echo "(unknown, could not find dpkg)" - exit + echo "(unknown, could not find dpkg)" + exit fi debian() { - echo - $1: `dpkg -l $1 | grep ^ii | awk '{print $3}'` + echo "- $1: $(dpkg -l "$1" | grep ^ii | awk '{print $3}')" } debian autoconf debian automake diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh index 17fd30887c..5cf009055f 100755 --- a/tests/certs/scripts/genroot.sh +++ b/tests/certs/scripts/genroot.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -23,67 +23,58 @@ # ########################################################################### +# exit on first fail +set -eu + OPENSSL=openssl -if [ -f /usr/local/ssl/bin/openssl ] ; then -OPENSSL=/usr/local/ssl/bin/openssl +if [ -f /usr/local/ssl/bin/openssl ]; then + OPENSSL=/usr/local/ssl/bin/openssl fi -USAGE="echo Usage is genroot.sh \" +USAGE='echo Usage is genroot.sh ' -HOME=`pwd` -cd $HOME +HOME=$(pwd) +cd "$HOME" KEYSIZE=2048 DURATION=6000 # The -sha256 option was introduced in OpenSSL 1.0.1 DIGESTALGO=-sha256 -PREFIX=$1 -if [ ".$PREFIX" = . ] ; then - echo No configuration prefix - NOTOK=1 +NOTOK= + +PREFIX="${1:-}" +if [ -z "$PREFIX" ]; then + echo 'No configuration prefix' + NOTOK=1 else - if [ ! -f $PREFIX-ca.prm ] ; then - echo No configuration file $PREFIX-ca.prm - NOTOK=1 - fi + if [ ! -f "$PREFIX-ca.prm" ]; then + echo "No configuration file $PREFIX-ca.prm" + NOTOK=1 + fi fi -if [ ".$NOTOK" != . ] ; then - echo "Sorry, I can't do that for you." - $USAGE - exit +if [ -n "$NOTOK" ]; then + echo 'Sorry, I cannot do that for you.' + $USAGE + exit fi -GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" -SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` - -# exit on first fail -set -e - -echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE - -echo "openssl genrsa -out $PREFIX-ca.key -passout XXX $KEYSIZE" -openssl genrsa -out $PREFIX-ca.key -passout pass:secret $KEYSIZE - -echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr" -$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret - -echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert $DIGESTALGO " - -$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert $DIGESTALGO - -echo "openssl x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert " -$OPENSSL x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert - -echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der " -$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der - -echo "openssl x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt " +SERIAL="$(date +'%s')${RANDOM:(-4)}" -$OPENSSL x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt +echo "SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE" -echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline" -$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline +set -x -#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout +"$OPENSSL" genrsa -out "$PREFIX-ca.key" -passout fd:0 "$KEYSIZE" < "$PREFIX-ca.cacert" +"$OPENSSL" x509 -in "$PREFIX-ca.cacert" -outform der -out "$PREFIX-ca.der" +"$OPENSSL" x509 -in "$PREFIX-ca.cacert" -text -nameopt multiline > "$PREFIX-ca.crt" +"$OPENSSL" x509 -noout -text -in "$PREFIX-ca.cacert" -nameopt multiline +# "$OPENSSL" rsa -in "../keys/$PREFIX-ca.key" -text -noout -pubout diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh index 7e0b4429cb..ce184e937d 100755 --- a/tests/certs/scripts/genserv.sh +++ b/tests/certs/scripts/genserv.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -23,18 +23,18 @@ # ########################################################################### +# exit on first fail +set -eu + OPENSSL=openssl -if [ -f /usr/local/ssl/bin/openssl ] ; then - OPENSSL=/usr/local/ssl/bin/openssl +if [ -f /usr/local/ssl/bin/openssl ]; then + OPENSSL=/usr/local/ssl/bin/openssl fi -USAGE="echo Usage is genserv.sh " - -# exit on first fail -set -e +USAGE='echo Usage is genserv.sh ' -HOME=`pwd` -cd $HOME +HOME=$(pwd) +cd "$HOME" KEYSIZE=2048 DURATION=3000 @@ -45,99 +45,90 @@ REQ=YES P12=NO DHP=NO -PREFIX=$1 -if [ ".$PREFIX" = . ] ; then - echo No configuration prefix - NOTOK=1 +NOTOK= + +PREFIX="${1:-}" +if [ -z "$PREFIX" ]; then + echo 'No configuration prefix' + NOTOK=1 else - if [ ! -f $PREFIX-sv.prm ] ; then - echo No configuration file $PREFIX-sv.prm - NOTOK=1 - fi + if [ ! -f "$PREFIX-sv.prm" ]; then + echo "No configuration file $PREFIX-sv.prm" + NOTOK=1 + fi fi -CAPREFIX=$2 -if [ ".$CAPREFIX" = . ] ; then - echo No CA prefix - NOTOK=1 +CAPREFIX="${2:-}" +if [ -z "$CAPREFIX" ]; then + echo No CA prefix + NOTOK=1 else - if [ ! -f $CAPREFIX-ca.cacert ] ; then - echo No CA certificate file $CAPREFIX-ca.caert - NOTOK=1 - fi - if [ ! -f $CAPREFIX-ca.key ] ; then - echo No $CAPREFIX key - NOTOK=1 - fi + if [ ! -f "$CAPREFIX-ca.cacert" ]; then + echo "No CA certificate file $CAPREFIX-ca.caert" + NOTOK=1 + fi + if [ ! -f "$CAPREFIX-ca.key" ]; then + echo "No $CAPREFIX key" + NOTOK=1 + fi fi -if [ ".$NOTOK" != . ] ; then - echo "Sorry, I can't do that for you." - $USAGE - exit +if [ -n "$NOTOK" ]; then + echo 'Sorry, I cannot do that for you.' + $USAGE + exit fi -if [ ".$SERIAL" = . ] ; then - GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" - SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` +if [ -z "${SERIAL:-}" ]; then + SERIAL="$(date +'%s')${RANDOM:(-4)}" fi -echo SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE +echo "SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE" -if [ "$DHP." = YES. ] ; then - echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE" - $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE -fi +set -x -if [ "$REQ." = YES. ] ; then - echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX" - $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret +if [ "$DHP" = YES ]; then + "$OPENSSL" dhparam -2 -out "$PREFIX-sv.dhp" "$KEYSIZE" +fi +if [ "$REQ" = YES ]; then + "$OPENSSL" req -config "$PREFIX-sv.prm" -newkey "rsa:$KEYSIZE" -keyout "$PREFIX-sv.key" -out "$PREFIX-sv.csr" -passout fd:0 < $PREFIX-sv.crt " - -$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt +"$OPENSSL" rsa -in "$PREFIX-sv.key" -out "$PREFIX-sv.key" -passin fd:0 < "$PREFIX-sv.crt" - $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt +if [ "$P12" = YES ]; then + "$OPENSSL" pkcs12 -export -des3 -out "$PREFIX-sv.p12" -caname "$CAPREFIX" -name "$PREFIX" -inkey "$PREFIX-sv.key" -in "$PREFIX-sv.crt" -certfile "$CAPREFIX-ca.crt" fi -echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline" -$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline +"$OPENSSL" x509 -noout -text -hash -in "$PREFIX-sv.crt" -nameopt multiline # revoke server cert -touch $CAPREFIX-ca.db -echo 01 > $CAPREFIX-ca.cnt -echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt" -$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt +touch "$CAPREFIX-ca.db" +echo 01 > "$CAPREFIX-ca.cnt" +"$OPENSSL" ca -config "$CAPREFIX-ca.cnf" -revoke "$PREFIX-sv.crt" # issue CRL -echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl" -$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl +"$OPENSSL" ca -config "$CAPREFIX-ca.cnf" -gencrl -out "$PREFIX-sv.crl" -echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der " -$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der +"$OPENSSL" x509 -in "$PREFIX-sv.crt" -outform der -out "$PREFIX-sv.der" # all together now -touch $PREFIX-sv.dhp -cat $PREFIX-sv.prm $PREFIX-sv.key $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem -chmod o-r $PREFIX-sv.prm +touch "$PREFIX-sv.dhp" +cat "$PREFIX-sv.prm" "$PREFIX-sv.key" "$PREFIX-sv.crt" "$PREFIX-sv.dhp" > "$PREFIX-sv.pem" +chmod o-r "$PREFIX-sv.prm" -$OPENSSL x509 -in $PREFIX-sv.pem -pubkey -noout | \ -$OPENSSL pkey -pubin -outform der | $OPENSSL dgst -sha256 -binary | \ -$OPENSSL enc -base64 >$PREFIX-sv.pubkey-pinned +"$OPENSSL" x509 -in "$PREFIX-sv.pem" -pubkey -noout | \ +"$OPENSSL" pkey -pubin -outform der | "$OPENSSL" dgst -sha256 -binary | \ +"$OPENSSL" enc -base64 > "$PREFIX-sv.pubkey-pinned" echo "$PREFIX-sv.pem done"