From 7927385458e4fb33c408711fa0ca140dc93ecf19 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sun, 8 Dec 2024 21:34:36 -0500 Subject: [PATCH] [WIP] shellcheck linting --- .github/workflows/shellcheck.yml | 4 +++- usr/local/share/bastille/convert.sh | 4 +++- usr/local/share/bastille/edit.sh | 1 + usr/local/share/bastille/export.sh | 16 +++++++++++----- usr/local/share/bastille/list.sh | 28 ++++++++++++++++------------ usr/local/share/bastille/mount.sh | 2 -- usr/local/share/bastille/rdr.sh | 8 ++++---- usr/local/share/bastille/stop.sh | 2 +- 8 files changed, 39 insertions(+), 26 deletions(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index c183dd37..4851b20f 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -22,7 +22,9 @@ jobs: # Excluding SC3037: In POSIX sh, echo flags are undefined. Ignoring temporarily until we decide to keep it or # use printf instead # Excluding SC2155: Declare and assign separately to avoid masking return values. - SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 + # Excluding SC2124: Assigning an array to a string! Check instead if this is a false positive or if there is + # a better way to do it. + SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155 -e SC2124 with: severity: warning scandir: "./usr/local/share/bastille" diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index f26e9191..0290f355 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -114,7 +114,7 @@ start_convert() { HASPORTS=$(grep -w ${bastille_releasesdir}/${RELEASE}/usr/ports ${bastille_jailsdir}/${TARGET}/fstab) if [ -n "${RELEASE}" ]; then - cd "${bastille_jailsdir}/${TARGET}/root" + cd "${bastille_jailsdir}/${TARGET}/root" || error_exit "Failed to change directory to ${bastille_jailsdir}/${TARGET}/root" # Work with the symlinks convert_symlinks @@ -149,6 +149,8 @@ fi # Be interactive here since this cannot be easily undone while :; do error_notify "Warning: container conversion from thin to thick can't be undone!" + # shellcheck disable=SC2162 + # shellcheck disable=SC3045 read -p "Do you really wish to convert '${TARGET}' into a thick container? [y/N]:" yn case ${yn} in [Yy]) start_convert;; diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 78e678bf..79677e5b 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -51,6 +51,7 @@ fi bastille_root_check if [ -z "${EDITOR}" ]; then + # shellcheck disable=SC2209 EDITOR=vi fi diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 3c14e962..d0d6ea27 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -76,6 +76,7 @@ bastille_root_check zfs_enable_check() { # Temporarily disable ZFS so we can create a standard backup archive if checkyesno bastille_zfs_enable; then + # shellcheck disable=SC2034 bastille_zfs_enable="NO" fi } @@ -135,7 +136,7 @@ if [ -n "${bastille_export_options}" ]; then --verbose) OPT_ZSEND="-Rv" shift;; - -*|--*) error_notify "Unknown Option." + --*|-*) error_notify "Unknown Option." usage;; esac done @@ -185,7 +186,7 @@ else TARGET="${2}" shift ;; - -*|--*) + --*|-*) error_notify "Unknown Option." usage ;; @@ -208,12 +209,16 @@ if [ "${COMP_OPTION}" -gt "1" ]; then error_exit "Error: Only one compression format can be used during export." fi -if [ -n "${TXZ_EXPORT}" -o -n "${TGZ_EXPORT}" ] && [ -n "${SAFE_EXPORT}" ]; then +if [ -n "${TXZ_EXPORT}" ] || [ -n "${TGZ_EXPORT}" ] && [ -n "${SAFE_EXPORT}" ]; then error_exit "Error: Simple archive modes with safe ZFS export can't be used together." fi if ! checkyesno bastille_zfs_enable; then - if [ -n "${XZ_EXPORT}" -o -n "${GZIP_EXPORT}" -o -n "${RAW_EXPORT}" -o -n "${SAFE_EXPORT}" -o "${OPT_ZSEND}" = "-Rv" ]; then + if [ -n "${XZ_EXPORT}" ] || + [ -n "${GZIP_EXPORT}" ] || + [ -n "${RAW_EXPORT}" ] || + [ -n "${SAFE_EXPORT}" ] || + [ "${OPT_ZSEND}" = "-Rv" ]; then error_exit "Options --xz, --gz, --raw, --safe, --verbose are valid for ZFS configured systems only." fi fi @@ -270,7 +275,7 @@ export_check() { EXPORT_AS="Exporting" fi - if [ "${FILE_EXT}" = ".xz" -o "${FILE_EXT}" = ".gz" -o "${FILE_EXT}" = "" ]; then + if [ "${FILE_EXT}" = ".xz" ] || [ "${FILE_EXT}" = ".gz" ] || [ "${FILE_EXT}" = "" ]; then EXPORT_TYPE="image" else EXPORT_TYPE="archive" @@ -360,6 +365,7 @@ jail_export() { fi fi + # shellcheck disable=SC2181 if [ "$?" -ne 0 ]; then error_exit "Failed to export '${TARGET}' container." else diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index ebb28cc4..2732ca4d 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -35,7 +35,7 @@ usage() { error_exit "Usage: bastille list [-j|-a] [release [-p]|template|(jail|container)|log|limit|(import|export|backup)]" } -if [ "${1}" = help -o "${1}" = "-h" -o "${1}" = "--help" ]; then +if [ "${1}" = help ] || [ "${1}" = "-h" ] || [ "${1}" = "--help" ]; then usage fi @@ -45,7 +45,7 @@ if [ $# -eq 0 ]; then /usr/sbin/jls fi -if [ "${1}" == "-j" ]; then +if [ "${1}" = "-j" ]; then /usr/sbin/jls -N --libxo json exit 0 fi @@ -61,7 +61,7 @@ list_all(){ if [ "${MAX_LENGTH_JAIL_NAME}" -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi MAX_LENGTH_JAIL_IP=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - MAX_LENGTH_JAIL_VNET_IP=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}/*/jail.conf" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" "$(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p")" | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ "${MAX_LENGTH_JAIL_VNET_IP}" -gt "${MAX_LENGTH_JAIL_IP}" ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ "${MAX_LENGTH_JAIL_IP}" -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi @@ -72,11 +72,11 @@ list_all(){ MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ "${MAX_LENGTH_JAIL_PORTS}" -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ "${MAX_LENGTH_JAIL_PORTS}" -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/fstab"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}/*/fstab" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" "$(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++')" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} - MAX_LENGTH_THICK_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/root/bin/freebsd-version"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_THICK_JAIL_RELEASE=$(find "${bastille_jailsdir}/*/root/bin/freebsd-version" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7} - MAX_LENGTH_LINUX_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/fstab"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_LINUX_JAIL_RELEASE=$(find "${bastille_jailsdir}/*/fstab" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" "$(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p")" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7} if [ "${MAX_LENGTH_THICK_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi if [ "${MAX_LENGTH_LINUX_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE}; fi @@ -93,7 +93,7 @@ list_all(){ if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then JAIL_NAME=$(grep -h -m 1 -e "^.* {$" "${bastille_jailsdir}/${_JAIL}/jail.conf" 2> /dev/null | awk '{ print $1 }') IS_FREEBSD_JAIL=0 - if [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/bin/freebsd-version" -o -f "${bastille_jailsdir}/${JAIL_NAME}/root/.bastille/bin/freebsd-version" -o "$(grep -c "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_FREEBSD_JAIL=1; fi + if [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/bin/freebsd-version" ] || [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/.bastille/bin/freebsd-version" ] || [ "$(grep -c "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_FREEBSD_JAIL=1; fi IS_FREEBSD_JAIL=${IS_FREEBSD_JAIL:-0} IS_LINUX_JAIL=0 if [ "$(grep -c "^linprocfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_LINUX_JAIL=1; fi @@ -117,7 +117,7 @@ list_all(){ JAIL_RELEASE=$(grep -hE "^NAME=.*$|^VERSION_ID=.*$|^VERSION_CODENAME=.*$" "${JAIL_PATH}/etc/os-release" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | awk -F'=' '{ a[$1] = $2; o++ } o%3 == 0 { print a["VERSION_CODENAME"] " (" a["NAME"] " " a["VERSION_ID"] ")" }') fi else - JAIL_STATE=$(if [ "$(sed -n "/^${JAIL_NAME} {$/,/^}$/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | awk '$0 ~ /^'${JAIL_NAME}' \{|\}/ { printf "%s",$0 }')" == "${JAIL_NAME} {}" ]; then echo "Down"; else echo "n/a"; fi) + JAIL_STATE=$(if [ "$(sed -n "/^${JAIL_NAME} {$/,/^}$/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | awk '$0 ~ /^'${JAIL_NAME}' \{|\}/ { printf "%s",$0 }')" = "${JAIL_NAME} {}" ]; then echo "Down"; else echo "n/a"; fi) if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print $2; else print $1 }') else @@ -131,7 +131,7 @@ list_all(){ if [ -f "${JAIL_PATH}/bin/freebsd-version" ]; then JAIL_RELEASE=$(grep -hE "^USERLAND_VERSION=" "${JAIL_PATH}/bin/freebsd-version" 2> /dev/null | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p") else - JAIL_RELEASE=$(grep -h "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p") + JAIL_RELEASE=$(grep -h "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null | grep -hE "^USERLAND_VERSION=" "$(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++')" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p") fi fi if [ "${IS_LINUX_JAIL}" -eq 1 ]; then @@ -158,12 +158,16 @@ list_all(){ fi } +# TODO: Check the correct usage or arguments here. See SC2120. +# shellcheck disable=SC2120 list_release(){ if [ -d "${bastille_releasesdir}" ]; then - REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g") + # TODO: Check if this can be changed to `find` as SC2012 suggests. + # shellcheck disable=SC2012 + REL_LIST="$(ls "${bastille_releasesdir}" | sed "s/\n//g")" for _REL in ${REL_LIST}; do - if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" -o -d "${bastille_releasesdir}/${_REL}/debootstrap" ]; then - if [ "${2}" == "-p" -a -f "${bastille_releasesdir}/${_REL}/bin/freebsd-version" ]; then + if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" ] || [ -d "${bastille_releasesdir}/${_REL}/debootstrap" ]; then + if [ "${2}" = "-p" ] && [ -f "${bastille_releasesdir}/${_REL}/bin/freebsd-version" ]; then REL_PATCH_LEVEL=$(sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" "${bastille_releasesdir}/${_REL}/bin/freebsd-version" 2> /dev/null) REL_PATCH_LEVEL=${REL_PATCH_LEVEL:-${_REL}} echo "${REL_PATCH_LEVEL}" diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 7ccb3813..b530b039 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -45,10 +45,8 @@ esac if [ $# -lt 2 ]; then usage elif [ $# -eq 2 ]; then - # shellcheck disable=SC2124 _fstab="$@ nullfs ro 0 0" else - # shellcheck disable=SC2124 _fstab="$@" fi diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 6bd7fbcd..74279304 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -70,7 +70,7 @@ check_jail_validity() { # Check if jail ip4 address (ip4.addr) is valid (non-VNET only) if [ "$(bastille config $TARGET get vnet)" != 'enabled' ]; then JAIL_IP=$(/usr/sbin/jls -j "${TARGET}" ip4.addr 2>/dev/null) - if [ -z "${JAIL_IP}" -o "${JAIL_IP}" = "-" ]; then + if [ -z "${JAIL_IP}" ] || [ "${JAIL_IP}" = "-" ]; then error_exit "Jail IP not found: ${TARGET}" fi fi @@ -186,10 +186,10 @@ while [ $# -gt 0 ]; do for last in "$@"; do true done - if [ $2 == "(" ] && [ $last == ")" ] ; then + if [ "$2" = "(" ] && [ "$last" = ")" ] ; then check_jail_validity - persist_rdr_log_rule $proto $host_port $jail_port "$@" - load_rdr_log_rule $proto $host_port $jail_port "$@" + persist_rdr_log_rule "$proto" "$host_port" "$jail_port" "$@" + load_rdr_log_rule "$proto" "$host_port" "$jail_port" "$@" shift $# else usage diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index a3a8dfbe..49cec54d 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -73,7 +73,7 @@ for _jail in ${JAILS}; do jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" ## remove (captured above) ip4.addr from firewall table - if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then + if [ -n "${bastille_network_loopback}" ] && [ ! -z "${_ip}" ]; then if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" fi