From 011a71a36d6d7c45f568ad11d5cc897214f12c73 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Tue, 9 Jul 2024 17:42:07 +0200 Subject: [PATCH] style: limit line length per file extension Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability. --- .editorconfig | 22 +++++- .github/workflows/reject-pr.yaml | 6 +- .pre-commit-config.yaml | 14 +++- salt/browser/create.sls | 4 + salt/dom0/files/bin/qubes-kde-win-rules | 11 ++- salt/dom0/files/bin/qvm-backup-find-last | 4 +- salt/dom0/files/bin/qvm-pci-regain | 3 +- salt/dom0/files/bin/qvm-port-forward | 45 +++++++---- salt/dom0/files/bin/qvm-screenshot | 15 ++-- salt/dom0/files/bin/qvm-terminal | 4 +- salt/dotfiles | 2 +- .../files/admin/bin/salt-patch.sh | 5 +- salt/reader/create.sls | 2 + .../server/bin/bitcoin-rpcwhitelist-cookie | 3 +- .../files/server/bin/bitcoin-whitepaper | 15 ++-- .../files/server/rpc/qusal.BitcoinAuthGet | 3 +- salt/sys-cacher/files/admin/tag.py | 5 +- .../files/browser/rc.local.d/50-sys-cacher.rc | 3 +- .../files/client/bin/apt-cacher-ng-repo | 75 ++++++++++++++----- salt/sys-electrs/clone.sls | 2 + .../files/client/git-core/git-init-qrexec | 11 ++- .../files/client/git-core/git-remote-qrexec | 4 +- .../client/git-core/git-remote-qrexec-connect | 5 +- salt/sys-git/files/server/rpc/qusal.GitInit | 10 ++- .../sys-net/files/server/rpc/qusal.ConnectTCP | 6 +- .../files/server/rpc/qusal.SshAgent | 15 +++- .../browser/rc.local.d/50-sys-syncthing.rc | 3 +- .../files/admin/bin/qvm-wireguard | 9 ++- .../qubes-firewall.d/50-sys-wireguard-var | 4 +- scripts/markdown-lint.sh | 4 +- scripts/qubesbuilder-gen.sh | 11 +-- scripts/salt-fix.sh | 10 ++- scripts/salt-lint.sh | 11 ++- scripts/shell-lint.sh | 63 +++++++++++++--- scripts/spec-gen.sh | 8 +- scripts/spec-get.sh | 33 ++++++-- scripts/toc-gen.sh | 3 +- 37 files changed, 330 insertions(+), 123 deletions(-) diff --git a/.editorconfig b/.editorconfig index 844d08d..f972658 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. # # SPDX-License-Identifier: GPL-3.0-or-later @@ -16,8 +16,24 @@ end_of_line = lf indent_style = tab indent_size = 8 -[*.{md,sh,yaml,yml,toml,json}] +[*.{md,toml,json}] indent_size = 2 -[*.{py}] +[*.{yaml,yml}] +indent_size = 2 +max_line_length = 120 + +[*.{sls,top,jinja}] +max_line_length = 160 + +[*.py] indent_size = 4 +max_line_length = 79 + +[{*.{sh,bash,ksh,zsh,lessfilter,xinitrc,Xinitrc,xsession,Xsession,xsessionrc,Xsessionrc,xprofile,Xprofile},**/.config/{sh,bash,ksh,zsh}/**,**/git/shell/**,**/qubes-bind-dirs.d/**,**/lib-qubes-bind-dirs.d/**,**/rc.local.d/**,**/dom0/files/autostartart-scripts/**,**/git/template/hooks/**,**/git/files/client/git-core/**}] +indent_size = 2 +## Impossible to be sure via file extension if it is a shell file. +# /bin/.* +# /rpc/.* +# /network-hooks\.d/.* +# /qubes-firewall\.d/.* diff --git a/.github/workflows/reject-pr.yaml b/.github/workflows/reject-pr.yaml index cb06e64..042c8bb 100644 --- a/.github/workflows/reject-pr.yaml +++ b/.github/workflows/reject-pr.yaml @@ -52,5 +52,9 @@ jobs: uses: peter-evans/close-pull@v3 with: # yamllint disable-line rule:line-length - comment: 'Automatically closing this PR due to submitter not reading the contribution guidelines and using GitHub WebUI to commit. Please fix the issues and open a new PR after you have read the contribution guidelines.' + comment: > + Automatically closing this PR due to submitter not reading the + contribution guidelines and using GitHub WebUI to commit. Please + fix the issues and open a new PR after you have read the + contribution guidelines. delete-branch: false diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 250928c..755ca64 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -28,9 +28,15 @@ repos: language: script pass_filenames: true # yamllint disable rule:line-length - files: (\.sh|/rc\.local\.d/.*\.rc|/bin/.*|/rpc/.*|/network-hooks\.d/.*|/qubes-firewall\.d/.*|/(lib-)?qubes-bind-dirs\.d/.*|/\.config/(sh|bash|zsh|less|x11|git/shell|git/template/hooks)/.*|/autostart-scripts/.*|/qvm-copy-dotfiles|/git-core/.*) + files: >- + (\.sh|/rc\.local\.d/.*\.rc|/bin/.*|/rpc/.*|/network-hooks\.d/.*| + /qubes-firewall\.d/.*|/(lib-)?qubes-bind-dirs\.d/.*| + /\.config/(sh|bash|zsh|less|x11|git/shell|git/template/hooks)/.*| + /autostart-scripts/.*|/qvm-copy-dotfiles|/git-core/.*) # yamllint disable rule:line-length - exclude: \.(policy|asc|txt|top|sls|jinja|toml|vim|py|muttrc|nft|md|spec|list|sources|repo|socket|timer|service|y(a)?ml)$ + exclude: >- + \.(policy|asc|txt|top|sls|jinja|toml|vim|py|muttrc|nft|md|spec| + list|sources|repo|socket|timer|service|y(a)?ml)$ description: Lint Shellscripts - id: markdown-lint @@ -81,7 +87,9 @@ repos: args: [test] pass_filenames: true # yamllint disable rule:line-length - files: ^(rpm_spec/template/template.spec|salt/.*|scripts/spec-(get|gen)\.sh)$ + files: >- + ^(rpm_spec/template/template.spec|salt/.*| + scripts/spec-(get|gen)\.sh)$ description: Check if RPM SPEC files are up to date - id: license-lint diff --git a/salt/browser/create.sls b/salt/browser/create.sls index ae26f74..c74b15d 100644 --- a/salt/browser/create.sls +++ b/salt/browser/create.sls @@ -20,8 +20,10 @@ prefs: - maxmem: 2000 features: - set: + # editorconfig-checker-disable - default-menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204 - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204 + # editorconfig-checker-enable - disable: - service.tracker - service.evolution-data-server @@ -52,6 +54,8 @@ features: - service.tracker - service.evolution-data-server - set: + # editorconfig-checker-disable - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204 + # editorconfig-checker-enable {%- endload %} {{ load(defaults) }} diff --git a/salt/dom0/files/bin/qubes-kde-win-rules b/salt/dom0/files/bin/qubes-kde-win-rules index ea09dd7..f3d6f63 100755 --- a/salt/dom0/files/bin/qubes-kde-win-rules +++ b/salt/dom0/files/bin/qubes-kde-win-rules @@ -1,6 +1,6 @@ #!/bin/sh -# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -25,9 +25,11 @@ writeconf(){ key="$2" value="$3" - group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 | tr -d "[" | tr -d "]")" + group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 | + tr -d "[" | tr -d "]")" if test -z "${group_id}"; then - highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" | sort | tail -1)" + highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" | + sort | tail -1)" if test -n "${highest_id}"; then group_id="$((highest_id+1))" else @@ -54,7 +56,8 @@ writeconf_group(){ fi ## Regex: https://doc.qt.io/qt-6/qregularexpression.html - writeconf "$chosen_group" title "^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*" + writeconf "$chosen_group" title \ + "^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*" writeconf "$chosen_group" titlematch 3 writeconf "$chosen_group" wmclass "$chosen_group" writeconf "$chosen_group" wmclasscomplete false diff --git a/salt/dom0/files/bin/qvm-backup-find-last b/salt/dom0/files/bin/qvm-backup-find-last index c5daf55..f5401e0 100755 --- a/salt/dom0/files/bin/qvm-backup-find-last +++ b/salt/dom0/files/bin/qvm-backup-find-last @@ -9,7 +9,8 @@ set -eu list_backups(){ ## Hide stderr to hide remote login connection messages (banners etc). # shellcheck disable=SC2086 - ${qrun_cmd} "${qube}" -- "${cmd} ${find_cmd} 2>/dev/null" + qvm-run --filter-escape-chars --no-color-output --no-color-stderr \ + --pass-io "${qube}" -- "${cmd} ${find_cmd} 2>/dev/null" } list_last_backup(){ @@ -35,7 +36,6 @@ cmd="${3-}" find_pattern="qubes-backup-*" find_cmd="find \"${path}\" -maxdepth 1 -type f -name \"${find_pattern}\"" -qrun_cmd="qvm-run --filter-escape-chars --no-color-output --no-color-stderr --pass-io" last_backup="$(list_last_backup)" if test -z "${last_backup}"; then diff --git a/salt/dom0/files/bin/qvm-pci-regain b/salt/dom0/files/bin/qvm-pci-regain index 826e854..820e695 100755 --- a/salt/dom0/files/bin/qvm-pci-regain +++ b/salt/dom0/files/bin/qvm-pci-regain @@ -20,7 +20,8 @@ set -eu usage(){ echo "Usage: ${0##*/} --i-like-danger " echo "Example: ${0##*/} --i-like-danger 0000:00:1b.0" - echo "Warning: It is strongly discouraged to reattach PCI devices to dom0, especially if they don't support resetting!" + echo "Warning: Strongly discouraged to reattach PCI devices to dom0" + echo "Warning: especially if it doesn't support resetting!" exit 1 } diff --git a/salt/dom0/files/bin/qvm-port-forward b/salt/dom0/files/bin/qvm-port-forward index 4b4d5f3..caed8fb 100755 --- a/salt/dom0/files/bin/qvm-port-forward +++ b/salt/dom0/files/bin/qvm-port-forward @@ -72,7 +72,10 @@ get_rule_handle(){ qube="${1}" chain="${2}" rule="${3}" - run_qube "${qube}" "nft --handle --stateless list chain ip qubes ${chain} | tr -d '\"' | grep '^\s\+${rule} # handle ' | awk '{print \$NF}' | tr '\n' ' '" 2>/dev/null + run_qube "${qube}" -- \ + "nft --handle --stateless list chain ip qubes ${chain} | + tr -d '\"' | grep '^\s\+${rule} # handle ' | awk '{print \$NF}' | + tr '\n' ' '" 2>/dev/null } delete_rule_handle(){ @@ -124,10 +127,15 @@ forward() { fi dnat_chain="custom-pf-${to_ip_escaped}" - dnat_rule="iifname ${dev} ip saddr ${lan_ip} ${proto} dport ${port} ct state established,related,new counter dnat to ${to_ip}" + dnat_rule="iifname ${dev} ip saddr ${lan_ip} ${proto} dport ${port} ct" + dnat_rule="${dnat_rule} state established,related,new counter dnat to" + dnat_rule="${dnat_rule} ${to_ip}" forward_chain="custom-forward" - forward_rule="iifname ${dev} ip saddr ${lan_ip} ip daddr ${to_ip} ${proto} dport ${port} ct state established,related,new counter accept" - full_rule="nft 'add chain ip qubes ${dnat_chain} { type nat hook prerouting priority filter +1; policy accept; } + forward_rule="iifname ${dev} ip saddr ${lan_ip} ip daddr ${to_ip} ${proto}" + forward_rule="${forward_rule} dport ${port} ct state" + forward_rule="${forward_rule} established,related,new counter accept" + dnat_policy="type nat hook prerouting priority filter +1; policy accept;" + full_rule="nft 'add chain ip qubes ${dnat_chain} { ${dnat_policy} add rule ip qubes ${dnat_chain} ${dnat_rule} add rule ip qubes ${forward_chain} ${forward_rule}'" @@ -137,7 +145,8 @@ add rule ip qubes ${forward_chain} ${forward_rule}'" echo "info: ${from_qube}: deleting rules" >&2 run_qube "${from_qube}" "rm -f ${hook}" else - echo "info: ${from_qube}: adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}" >&2 + msg="adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}" + echo "info: ${from_qube}: ${msg}" >&2 run_qube "${from_qube}" "${full_rule}" if test "${persistent}" = "1"; then @@ -149,7 +158,9 @@ add rule ip qubes ${forward_chain} ${forward_rule}'" get_handle(){ chain=\\\${1} rule=\\\${2} - nft --handle --stateless list chain ip qubes \\\${chain} | tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\" + nft --handle --stateless list chain ip qubes \\\${chain} | \\\ + tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | \\\ + awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\" } forward_handle=\\\$(get_handle ${forward_chain} \\\"${forward_rule}\\\") @@ -169,7 +180,8 @@ fi ${full_rule}" create_net_dir "${from_qube}" - run_qube "${from_qube}" "echo \"${full_rule}\" | tee \"${hook}\" >/dev/null" + run_qube "${from_qube}" \ + "echo \"${full_rule}\" | tee \"${hook}\" >/dev/null" run_qube "${from_qube}" "chmod +x ${hook}" fi fi @@ -181,7 +193,8 @@ input() { hook="${hook_prefix}${to_ip}-${proto}-${port}.sh" create_net_dir "${qube}" - custom_input_rule="${proto} dport ${port} ip daddr ${to_ip} ct state new counter accept" + custom_input_rule="${proto} dport ${port} ip daddr ${to_ip} ct state new" + custom_input_rule="${custom_input_rule} counter accept" input_rule="nft add rule ip qubes custom-input ${custom_input_rule}" delete_rule "${qube}" "custom-input" "${custom_input_rule}" @@ -196,7 +209,9 @@ input() { get_handle(){ chain=\\\${1} rule=\\\${2} - nft --handle --stateless list chain ip qubes \\\${chain} | tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\" + nft --handle --stateless list chain ip qubes \\\${chain} | \\\ + tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | \\\ + awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\" } input_handle=\\\$(get_handle custom-input \\\"${custom_input_rule}\\\") @@ -244,7 +259,7 @@ get_lan(){ test_qvm_run(){ qube="${1}" if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then - echo "error: ${qube}: service qubes.VMShell failed, use a different qube" >&2 + echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2 exit 1 fi } @@ -267,7 +282,9 @@ recurse_netvms() { } usage() { - echo "Usage: ${0##*/} --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent] + echo "Usage: ${0##*/} OPTIONS +Option syntax: + --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent] Options: -a, --action ACTION add or delete a rule (add, del) -q, --qube QUBE qube name which holds the service to be exposed @@ -280,7 +297,7 @@ Example: ${0##*/} --action del --qube work --port 22 --proto tcp ${0##*/} --action del --qube work --port 444 --proto udp Note: Defaults to temporary rules -Warn: Use of '--persistent' with disposable netvm saves the rule in the disposable template" >&2 +Warn: Persistent rules of disposable netvm are saved to its template" >&2 exit 1 } @@ -322,7 +339,9 @@ hook_dir="/rw/config/network-hooks.d" hook_prefix="${hook_dir}/90-port-forward-" persistent="" -if ! OPTS=$(getopt -o h,a:q:p:n:s --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}"); then +if ! OPTS=$(getopt -o h,a:q:p:n:s \ + --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}") +then echo "An error occurred while parsing options." >&2 exit 1 fi diff --git a/salt/dom0/files/bin/qvm-screenshot b/salt/dom0/files/bin/qvm-screenshot index 894fd0e..be0dd56 100755 --- a/salt/dom0/files/bin/qvm-screenshot +++ b/salt/dom0/files/bin/qvm-screenshot @@ -69,7 +69,8 @@ mkdir -p "${guivm_pictures_dir}" || exit 1 current_date="$(date +"%Y-%m-%d-%H%M%S")" screenshot_basename="${current_date}.png" -screenshot_file="${guivm_pictures_dir}/${screenshot_basename}" +screenshot_file="${guivm_pictures_dir%*/}/${screenshot_basename}" +qube_screenshot_file="${qube_pictures_dir}/${screenshot_basename}" screenshot_type_text="" screenshot_action_text="" screenshot_action_supplied="" @@ -179,7 +180,8 @@ else screenshot_cmd="xfce4-screenshooter" fi if test -z "${screenshot_cmd}"; then - msg="screenshot programs not found: spectacle xfce4-screenshooter scrot maim" + msg="screenshot programs not found" + msg="${msg}: spectacle xfce4-screenshooter scrot maim" echo "[ERROR] ${msg}" case "${dialog_cmd}" in zenity) zenity --info --text "${msg}";; @@ -217,7 +219,7 @@ case "${screenshot_type_text}" in *) echo "[ERROR] mode not selected"; exit 1;; esac -if ! test -f "${guivm_pictures_dir}/${screenshot_basename}"; then +if ! test -f "${screenshot_file}"; then msg="Screenshot was not saved in GuiVM" echo "[ERROR] ${msg}" case "${dialog_cmd}" in @@ -228,7 +230,7 @@ if ! test -f "${guivm_pictures_dir}/${screenshot_basename}"; then fi if test "${screenshot_action_supplied}" != "1"; then - dialog_title="Saved to ${screenshot_basename}. What do you want to do with the screenshot?" + dialog_title="Saved to ${screenshot_file}. What do you want to do with it?" case "${dialog_cmd}" in zenity) screenshot_action_text="$(zenity --list --width=280 --height=210 \ @@ -314,10 +316,11 @@ if ! qvm-check -- "${qube}" >/dev/null 2>&1; then fi qvm-run "${qube}" -- "mkdir -p \"${qube_pictures_dir}\"" -qvm-run --pass-io "${qube}" -- "cat > \"${qube_pictures_dir}/${screenshot_basename}\"" < "${guivm_pictures_dir}/${screenshot_basename}" +qvm-run --pass-io "${qube}" -- "cat > \"${qube_screenshot_file}\"" \ + < "${screenshot_file}" if test ${file_move} = "1"; then - rm -f "${guivm_pictures_dir}/${screenshot_basename}" + rm -f "${screenshot_file}" fi if test "${file_manager}" = "1"; then diff --git a/salt/dom0/files/bin/qvm-terminal b/salt/dom0/files/bin/qvm-terminal index 21ead77..2dad943 100755 --- a/salt/dom0/files/bin/qvm-terminal +++ b/salt/dom0/files/bin/qvm-terminal @@ -35,13 +35,13 @@ case "${1-}" in ## Try to run on focused window, if Dom0 is focused, it will prompt you to ## select a qube window. id="$(xdotool getwindowfocus)" - qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')" + qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')" if test -n "${qube}"; then exec qvm-run --service -- "${qube}" "qubes.StartApp+${service}" fi echo "Select a qube window ..." id="$(xdotool selectwindow)" - qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')" + qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')" if test -n "${qube}"; then qvm-run --service -- "${qube}" "qubes.StartApp+${service}" fi diff --git a/salt/dotfiles b/salt/dotfiles index a8129e0..024e9c4 160000 --- a/salt/dotfiles +++ b/salt/dotfiles @@ -1 +1 @@ -Subproject commit a8129e053a38dc4c69b2010e5202c1632e67a69d +Subproject commit 024e9c469de634181ec77eb52420f25339f4f01e diff --git a/salt/fedora-minimal/files/admin/bin/salt-patch.sh b/salt/fedora-minimal/files/admin/bin/salt-patch.sh index 6612411..f14d591 100755 --- a/salt/fedora-minimal/files/admin/bin/salt-patch.sh +++ b/salt/fedora-minimal/files/admin/bin/salt-patch.sh @@ -11,6 +11,7 @@ set -eu qube="${1}" +dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False" + qvm-run --user=root --pass-io --filter-escape-chars --no-color-output \ - --no-color-stderr "${qube}" -- \ - "dnf --quiet install --refresh --assumeyes --setopt=install_weak_deps=False python3-urllib3" + --no-color-stderr "${qube}" -- "${dnf_min_install} python3-urllib3" diff --git a/salt/reader/create.sls b/salt/reader/create.sls index d3c3397..95af0d9 100644 --- a/salt/reader/create.sls +++ b/salt/reader/create.sls @@ -48,8 +48,10 @@ features: - enable: - appmenus-dispvm - set: + # editorconfig-checker-disable - default-menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204 - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204 + # editorconfig-checker-enable {%- endload %} {{ load(defaults) }} diff --git a/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie b/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie index e39dd14..9ea5c6e 100755 --- a/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie +++ b/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie @@ -8,7 +8,8 @@ set -eu conf="${HOME}/.bitcoin/conf.d/cookie.conf" if ! systemctl is-active bitcoind >/dev/null 2>&1; then - echo "systemd service 'bitcoind' is not active, remote RPC cannot add crendtials" >&2 + echo "systemd service 'bitcoind' is inactive" >&2 + echo "remote RPC can't add crendetials" >&2 exit 1 fi diff --git a/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper b/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper index 9402fe2..6fee719 100755 --- a/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper +++ b/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper @@ -25,7 +25,7 @@ check_installed(){ missing_programs=1 fi done - if test "${missing_programs}"; then + if test "${missing_programs}" = "1"; then exit 1 fi } @@ -45,7 +45,10 @@ getblock(){ check_installed bitcoin-cli xxd bitcoin-cli getblock "${block_hash}" 0 \ | tail -c+92167 \ - | for ((o=0;o<946;++o)); do read -rN420 x; echo -n "${x::130}${x:132:130}${x:264:130}" ; done \ + | for ((o=0;o<946;++o)); do \ + read -rN420 x; \ + echo -n "${x::130}${x:132:130}${x:264:130}"; \ + done \ | xxd -r -p \ | tail -c+9 \ | head -c184292 \ @@ -77,15 +80,15 @@ gettxout(){ } usage(){ - echo "Usage: ${0##*/} getblock|getrawtransaction|gettxtout [DIR]" - echo "Note: gettxtout works with pruned node" + echo "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]" + echo "Note: gettxout works with pruned node" echo "Note: DIR defaults to \$HOME" exit 1 } case "${1:-}" in - "getblock"|"getrawtransaction"|"gettxtout") - test -z "${2}" || dir="${2}" + "getblock"|"getrawtransaction"|"gettxout") + test -z "${2-}" || dir="${2}" validate_dir "${dir}" output_file="${dir}/${file}" "${1}" diff --git a/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet b/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet index 1ad0f33..78a061e 100755 --- a/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet +++ b/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet @@ -14,7 +14,8 @@ bitcoin_pass="/home/user/.bitcoin/rpcclient.pass" user="${QREXEC_REMOTE_DOMAIN}" if ! systemctl is-active bitcoind >/dev/null 2>&1; then - echo "systemd service 'bitcoind' is not active, cannot add credentials with remote RPC" >&2 + echo "systemd service 'bitcoind' is not active" >&2 + echo "cannot add credentials with remote RPC" >&2 exit 1 fi diff --git a/salt/sys-cacher/files/admin/tag.py b/salt/sys-cacher/files/admin/tag.py index 22fb59f..ec3eaa9 100755 --- a/salt/sys-cacher/files/admin/tag.py +++ b/salt/sys-cacher/files/admin/tag.py @@ -10,7 +10,7 @@ import argparse import qubesadmin # pylint: disable=import-error import qubesadmin.vm # pylint: disable=import-error -def get_cacher_tagged_qubes(qubes, wanted_dist, extraneous=False): +def get_clients(qubes, wanted_dist, extraneous=False): """Get qubes tagged for ACNG""" domains = [] for qube in qubes.domains: # pylint: disable=invalid-name @@ -51,8 +51,7 @@ def main(): # pylint: disable=missing-function-docstring wanted_dist = ["debian", "fedora", "arch", "ubuntu", "kicksecure"] qubes = qubesadmin.Qubes() - domains = get_cacher_tagged_qubes(qubes, wanted_dist, - extraneous=args.extraneous) + domains = get_clients(qubes, wanted_dist, extraneous=args.extraneous) print("\n".join(domains)) diff --git a/salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc b/salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc index 695d644..a671612 100755 --- a/salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc +++ b/salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc @@ -4,6 +4,7 @@ # # SPDX-License-Identifier: AGPL-3.0-or-later -cp -r /rw/config/systemd/qusal-acng-browser-forwarder* /usr/lib/systemd/system/ +cp -r /rw/config/systemd/qusal-acng-browser-forwarder* \ + /usr/lib/systemd/system/ systemctl daemon-reload systemctl --no-block restart qusal-acng-browser-forwarder.socket diff --git a/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo b/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo index 4792a13..cbe7419 100755 --- a/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo +++ b/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo @@ -30,23 +30,27 @@ set_proxy_marker(){ if ! grep -q "^${marker_begin}$" "${proxy_file}"; then if grep -q "^${marker_end}$" "${proxy_file}"; then - echo "Error: found marker ${marker_end_text} but not ${marker_begin_text} in ${proxy_file}" >&2 - echo "Fix the file by either removing both markers or adding missing ones and retry" >&2 + msg="found marker ${marker_end_text} but not ${marker_begin_text}" + msg="${msg} in ${proxy_file}." + msg="${msg} fix it by removing markers or adding missing ones and retry" + echo "Error: ${msg}" >&2 exit 1 fi cp "${proxy_file}" "${proxy_file}.qubes-orig" echo "${marker_begin}" | tee -a "${proxy_file}" >/dev/null echo "${marker_end}" | tee -a "${proxy_file}" >/dev/null elif ! grep -q "^${marker_end}$" "${proxy_file}"; then - echo "Error: found marker ${marker_begin_text} but not ${marker_end_text} in ${proxy_file}" >&2 - echo "Fix the file by either removing both markers or adding missing ones and retry" >&2 + msg="found marker ${marker_begin_text} but not ${marker_end_text}" + msg="${msg} in ${proxy_file}." + msg="${msg} fix it by removing markers or adding missing ones and retry" + echo "error: ${msg}" >&2 exit 1 fi proxy_tmp_file="$(mktemp)" cat >"${proxy_tmp_file}" <&2 + echo "Error: service netvm-cacher enabled but netvm IP not found" >&2 return 1 fi fi @@ -120,9 +124,14 @@ EOF case "${action}" in install) + baseurl_search="baseurl\s*=\s*https://" + baseurl_repl="baseurl=http://HTTPS///" + meta_search="metalink\s*=\s*https://" + meta_repl="metalink=http://HTTPS///" + baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}" + meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|baseurl\s*=\s*https://|baseurl=http://HTTPS///|w ${changes_file}" \ - -e "s|metalink\s*=\s*https://|metalink=http://HTTPS///|w ${changes_file}" \ + -e "${baseurl_expr}" -e "${meta_expr}" \ {} \+ set -- @@ -136,16 +145,26 @@ EOF done test -n "${*}" || return 0 + baseurl_search="^\s*#.*baseurl" + baseurl_repl="baseurl" + meta_search="^\s*metalink\s*=\s*" + meta_expr="#metalink=" + baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}" + meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|^\s*#.*baseurl|baseurl|w ${changes_file}" \ - -e "s|^\s*metalink\s*=\s*|#metalink=|w ${changes_file}" \ + -e "${baseurl_expr}" -e "${meta_expr}" \ {} \+ ;; uninstall) + baseurl_search="baseurl\s*=\s*http://HTTPS///" + baseurl_repl="baseurl=https://" + meta_search="metalink\s*=\s*http://HTTPS///" + meta_repl="metalink=https://" + baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}" + meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|baseurl\s*=\s*http://HTTPS///|baseurl=https://|w ${changes_file}" \ - -e "s|metalink\s*=\s*http://HTTPS///|metalink=https://|w ${changes_file}" \ + -e "${baseurl_expr}" -e "${meta_expr}" \ {} \+ set -- @@ -194,16 +213,26 @@ EOF case "${action}" in install) + sources_search="URIs:\s*https://" + sources_repl="URIs: http://HTTPS///" + list_search="^\s*\(#*\)\s*deb\(.*\)https://" + list_repl="\1deb\2http://HTTPS///" + sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}" + list_expr="s|${list_search}|${list_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|URIs:\s*https://|URIs: http://HTTPS///|w ${changes_file}" \ - -e "s|^\s*\(#*\)\s*deb\(.*\)https://|\1deb\2http://HTTPS///|w ${changes_file}" \ + -e "${list_expr}" -e "${sources_expr}" \ {} \+ ;; uninstall) + sources_search="URIs:\s*http://HTTPS///" + sources_repl="URIs: https://" + list_search="^\s*\(#*\)\s*deb\(.*\)http://HTTPS///" + list_repl="\1deb\2https://" + sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}" + list_expr="s|${list_search}|${list_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|URIs:\s*http://HTTPS///|URIs: https://|w ${changes_file}" \ - -e "s|^\s*\(#*\)\s*deb\(.*\)http://HTTPS///|\1deb\2https://|w ${changes_file}" \ + -e "${list_expr}" -e "${sources_expr}" \ {} \+ ;; esac @@ -242,21 +271,27 @@ EOF case "${action}" in install) + repo_search="Server\s*=\s*https://" \ + repo_repl="Server = http://HTTPS///" + repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|Server\s*=\s*https://|Server = http://HTTPS///|w ${changes_file}" \ + -e "${repo_regex}" \ {} \+ ;; uninstall) + repo_search="Server\s*=\s*http://HTTPS///" + repo_repl="Server = https://" + repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}" find "${@}" -type f -exec sed -i \ - -e "s|Server\s*=\s*http://HTTPS///|Server = https://|w ${changes_file}" \ + -e "${repo_regex}" \ {} \+ ;; esac else ## Gentoo: upstream does not have a good solution: - ## https://wiki.gentoo.org/wiki/Local_distfiles_cache#Configuring_for_Gentoo + ## https://wiki.gentoo.org/wiki/Local_distfiles_cache#Configuring_for_Gentoo reject_os fi } diff --git a/salt/sys-electrs/clone.sls b/salt/sys-electrs/clone.sls index ab97e07..61be9dc 100644 --- a/salt/sys-electrs/clone.sls +++ b/salt/sys-electrs/clone.sls @@ -9,6 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later {{ clone_template('debian-minimal', 'electrs-builder', include_create=False) }} {# +# editorconfig-checker-disable TODO: Recheck: Cargo index fetch isis too big to be fetched over tor. Impossible to fetch Cargo index over tor as of Bookworm Cargo 1.65. Cargo >=1.68 does support "sparse" registry protocol, @@ -36,4 +37,5 @@ Caused by: {# {{ clone_template(['debian-minimal', 'whonix-workstation'], sls_path) }} {{ clone_template('whonix-workstation', 'electrs-builder', include_create=False) }} +# editorconfig-checker-enable #} diff --git a/salt/sys-git/files/client/git-core/git-init-qrexec b/salt/sys-git/files/client/git-core/git-init-qrexec index bf02c71..c2574d8 100755 --- a/salt/sys-git/files/client/git-core/git-init-qrexec +++ b/salt/sys-git/files/client/git-core/git-init-qrexec @@ -11,14 +11,16 @@ case "${GIT_TRACE_HELPER:-}" in esac usage(){ - echo "Usage: ${helper} [] []" - echo "Note: qube defaults to '@default' and repository to the current repository" + echo "Usage: ${helper} [] []" >&2 + echo "Note: qube defaults to @default" >&2 + echo "Note: repository defaults to current working repository" >&2 exit 1 } is_git_repo(){ if ! git rev-parse --show-toplevel >/dev/null 2>&1; then - echo "Error: Either run from inside a git repository or provide it as an argument" >&2 + echo "Error: Current working directory is not in a git repository" >&2 + echo "Error: Run from a repository or pass the name as an argument" >&2 usage fi } @@ -49,7 +51,8 @@ elif command -v qrexec-client >/dev/null; then die "Qube doesn't exist: '${authority}'" fi qvm-start --skip-if-running -- "${authority}" - exec qrexec-client -tT -d "${authority}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0" + rpc_cmd="DEFAULT:QUBESRPC ${rpc_cmd} dom0" + exec qrexec-client -tT -d "${authority}" -- "${rpc_cmd}" fi die "Qrexec programs not found: qrexec-client-vm, qrexec-client" diff --git a/salt/sys-git/files/client/git-core/git-remote-qrexec b/salt/sys-git/files/client/git-core/git-remote-qrexec index a56d00b..5492833 100755 --- a/salt/sys-git/files/client/git-core/git-remote-qrexec +++ b/salt/sys-git/files/client/git-core/git-remote-qrexec @@ -12,7 +12,9 @@ set -eu usage(){ - echo "Usage: ${helper} [${scheme}:///[?query=value][&other_query=value]]" >&2 + url_format="${scheme}:///" + url_format="${url_format}[?query=value][&other_query=value]" + echo "Usage: ${helper} [${url_format}]" >&2 } die(){ diff --git a/salt/sys-git/files/client/git-core/git-remote-qrexec-connect b/salt/sys-git/files/client/git-core/git-remote-qrexec-connect index e1bd110..f99cec9 100755 --- a/salt/sys-git/files/client/git-core/git-remote-qrexec-connect +++ b/salt/sys-git/files/client/git-core/git-remote-qrexec-connect @@ -76,8 +76,9 @@ elif command -v qrexec-client >/dev/null; then die "Qube doesn't exist: '${authority}'" fi qvm-start --skip-if-running -- "${authority}" - log "->" qrexec-client -T -d "${authority}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0" - exec qrexec-client -T -d "${authority}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0" + rpc_cmd="DEFAULT:QUBESRPC ${rpc_cmd} dom0" + log "->" qrexec-client -T -d "${authority}" -- "${rpc_cmd}" + exec qrexec-client -T -d "${authority}" -- "${rpc_cmd}" fi die "Qrexec programs not found: qrexec-client-vm, qrexec-client" diff --git a/salt/sys-git/files/server/rpc/qusal.GitInit b/salt/sys-git/files/server/rpc/qusal.GitInit index 2321b32..6ce1413 100644 --- a/salt/sys-git/files/server/rpc/qusal.GitInit +++ b/salt/sys-git/files/server/rpc/qusal.GitInit @@ -1,6 +1,6 @@ #!/bin/sh -# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -24,7 +24,10 @@ fi if ! (echo "${untrusted_repo}" | grep -q "^[A-Za-z0-9][A-Za-z0-9_.-]\+$") then - die "Forbidden characters in repository name. Allowed chars: letters, numbers, hyphen, underscore and dot. It cannot begin with hyphen, underscore or dot" + msg="Forbidden characters in agent name." + msg="${msg} Allowed chars: letters, numbers, hyphen, underscore and dot." + msg="${msg} Name cannot begin with hyphen, underscore or dot" + die "${msg}" fi ## Length arbitrarily set. @@ -52,7 +55,8 @@ esac if test "${action}" != "Init"; then test -d "${path}" || die "Directory doesn't exist: ${repo}" - git -C "${path}" rev-parse >/dev/null 2>&1 || die "Not a git repository: ${repo}" + git -C "${path}" rev-parse >/dev/null 2>&1 || + die "Not a git repository: ${repo}" is_bare="$(git -C "${path}" rev-parse --is-bare-repository)" test "${is_bare}" = "true" || die "Not a bare repository: ${repo}" fi diff --git a/salt/sys-net/files/server/rpc/qusal.ConnectTCP b/salt/sys-net/files/server/rpc/qusal.ConnectTCP index 835055c..ffaef99 100755 --- a/salt/sys-net/files/server/rpc/qusal.ConnectTCP +++ b/salt/sys-net/files/server/rpc/qusal.ConnectTCP @@ -6,11 +6,11 @@ ## How to use with SSH? ## On Dom0 Qrexec policy: -## qusal.ConnectTCP +domain.tld+22 sshclient @default ask default_target=sshproxy +## qusal.ConnectTCP +domain.tld+22 client @default ask default_target=proxy ## On Dom0, enable the "qusal-proxy-client" service for the client qube: -## qvm-features sshclient service.qusal-proxy-client 1 +## qvm-features client service.qusal-proxy-client 1 ## On the SSH Proxy server (netvm of your liking), install this RPC service. -## qubesctl --skip-dom0 --targets=sshproxy state.apply sys-net.install-proxy +## qubesctl --skip-dom0 --targets=proxy state.apply sys-net.install-proxy ## On the client ssh configuration: ## Match Exec "test -f /var/run/qubes-service/qusal-proxy-client" ## ProxyCommand qrexec-client-vm @default qusal.ConnectTCP+%h+%p diff --git a/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent b/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent index a9a1218..4c0922b 100644 --- a/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent +++ b/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent @@ -1,21 +1,28 @@ #!/bin/sh -# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. # # SPDX-License-Identifier: AGPL-3.0-or-later set -eu +die(){ + echo "error: ${1}" >&2 + exit 1 +} + untrusted_agent="$QREXEC_SERVICE_ARGUMENT" if test -z "${untrusted_agent}"; then - echo "Agent name is empty" >&2 - exit 1 + die "Agent name is empty" fi if ! (echo "${untrusted_agent}" | grep -q "^[A-Za-z0-9][A-Za-z0-9_.-]\+$") then - die "Forbidden characters in agent name. Allowed chars: letters, numbers, hyphen, underscore and dot. It cannot begin with hyphen, underscore or dot" + msg="Forbidden characters in agent name." + msg="${msg} Allowed chars: letters, numbers, hyphen, underscore and dot." + msg="${msg} Name cannot begin with hyphen, underscore or dot" + die "${msg}" fi ## Length arbitrarily set. diff --git a/salt/sys-syncthing/files/browser/rc.local.d/50-sys-syncthing.rc b/salt/sys-syncthing/files/browser/rc.local.d/50-sys-syncthing.rc index 471791f..83b4c8a 100755 --- a/salt/sys-syncthing/files/browser/rc.local.d/50-sys-syncthing.rc +++ b/salt/sys-syncthing/files/browser/rc.local.d/50-sys-syncthing.rc @@ -4,6 +4,7 @@ # # SPDX-License-Identifier: AGPL-3.0-or-later -cp -r /rw/config/systemd/qusal-syncthing-browser-forwarder* /usr/lib/systemd/system/ +cp -r /rw/config/systemd/qusal-syncthing-browser-forwarder* \ + /usr/lib/systemd/system/ systemctl daemon-reload systemctl --no-block restart qusal-syncthing-browser-forwarder.socket diff --git a/salt/sys-wireguard/files/admin/bin/qvm-wireguard b/salt/sys-wireguard/files/admin/bin/qvm-wireguard index dc83f1a..1b3b024 100755 --- a/salt/sys-wireguard/files/admin/bin/qvm-wireguard +++ b/salt/sys-wireguard/files/admin/bin/qvm-wireguard @@ -48,7 +48,8 @@ qvm-run -u root "$qube" -- "cp ${user_conf} ${system_conf}" ## TOFU # shellcheck disable=SC2016 -endpoint="$(qvm-run -p -u root "$qube" -- awk '/Endpoint/{print $3}' "${system_conf}")" +endpoint="$(qvm-run -p -u root "$qube" -- awk '/Endpoint/{print $3}' \ + "${system_conf}")" if echo "${endpoint}" | grep -qF "["; then ip="${ip##[\[]}" ip="${ip%%\]*}" @@ -70,8 +71,10 @@ fi echo "Firewalling $qube to reach only '$ip:$port'" qvm-firewall --verbose -- "$qube" reset qvm-firewall --verbose -- "$qube" del --rule-no 0 -qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" proto=udp -qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" proto=tcp +qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \ + proto=udp +qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \ + proto=tcp qvm-firewall --verbose -- "$qube" add drop if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then diff --git a/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var b/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var index 56ac6b0..5f90c2f 100755 --- a/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var +++ b/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var @@ -21,7 +21,9 @@ set_nft_dnat(){ ipv="${1}" # empty(4), 6 proto="${2}" # tcp, udp dns_host="${3}" - set_nft "insert rule ip${ipv} qubes custom-dnat iifgroup 2 ${proto} dport 53 dnat to ${dns_host}" + rule_prefix="insert rule ip${ipv} qubes custom-dnat iifgroup 2 ${proto}" + rule_suffix="dport 53 dnat to ${dns_host}" + set_nft "${rule_prefix} ${rule_suffix}" } dns="$(grep -s "^\s*DNS\s*=\s*\S\+" "${wg_conf}" | sed "s/.*=//;s/ //g")" diff --git a/scripts/markdown-lint.sh b/scripts/markdown-lint.sh index 92aae3e..b1dba6e 100755 --- a/scripts/markdown-lint.sh +++ b/scripts/markdown-lint.sh @@ -40,8 +40,8 @@ fi case "${find_tool}" in fd|fdfind) - files="$(${find_tool} . --hidden --exclude .github --type=f --extension=md)" - extra_files="$(${find_tool} . --hidden --type=f --extension=md .github)" + files="$(${find_tool} . -H -E .github -t f -e md)" + extra_files="$(${find_tool} . -H -t f -e md .github)" ;; find) files="$(find . -not -path './.github/*' -type f -name "*.md")" diff --git a/scripts/qubesbuilder-gen.sh b/scripts/qubesbuilder-gen.sh index ae99554..32dfbec 100755 --- a/scripts/qubesbuilder-gen.sh +++ b/scripts/qubesbuilder-gen.sh @@ -20,13 +20,14 @@ if test "${1-}" = "test"; then fi ignored="$(git ls-files --exclude-standard --others --ignored salt/)" untracked="$(git ls-files --exclude-standard --others salt/)" -unwanted="$(printf %s"${ignored}\n${untracked}\n" | grep "^salt/\S\+/README.md" \ - | cut -d "/" -f2 | sort -u)" +unwanted="$(printf %s"${ignored}\n${untracked}\n" | + grep "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)" group="$(./scripts/spec-get.sh dom0 group)" -projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d \ - | sort -d | sed "s|^salt/\(\S\+\)| - rpm_spec/${group}-\1.spec|")" +projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d | sort -d | + sed "s|^salt/\(\S\+\)| - rpm_spec/${group}-\1.spec|")" for unwanted_project in ${unwanted}; do - projects="$(echo "${projects}" | sed "\@rpm_spec/${group}-${unwanted_project}.spec@d")" + projects="$(echo "${projects}" | + sed "\@rpm_spec/${group}-${unwanted_project}.spec@d")" done if test "${1-}" = "print"; then diff --git a/scripts/salt-fix.sh b/scripts/salt-fix.sh index 11e9ad1..7f4eba1 100755 --- a/scripts/salt-fix.sh +++ b/scripts/salt-fix.sh @@ -18,8 +18,14 @@ cd "$(git rev-parse --show-toplevel)" || exit 1 find_tool="$(./scripts/best-program.sh fd fdfind find)" case "${find_tool}" in - fd|fdfind) files="$(${find_tool} . minion.d/ --extension=conf) $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls)";; - find) files="$(find minion.d/ -type f -name "*.conf") $(find salt/ -maxdepth 2 -type f -name '*.sls')";; + fd|fdfind) + files="$(${find_tool} . minion.d/ --extension=conf) + $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls)" + ;; + find) + files="$(find minion.d/ -type f -name "*.conf") + $(find salt/ -maxdepth 2 -type f -name '*.sls')" + ;; esac ## 201 - Fix trailing whitespace: diff --git a/scripts/salt-lint.sh b/scripts/salt-lint.sh index 7c749b4..8fb259a 100755 --- a/scripts/salt-lint.sh +++ b/scripts/salt-lint.sh @@ -31,8 +31,15 @@ if test -n "${1-}"; then fi case "${find_tool}" in - fd|fdfind) files="$(${find_tool} . minion.d/ --extension=conf) $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls --extension=top | sort -d)";; - find) files="$(find minion.d/ -type f -name "*.conf") $(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) | sort -d)";; + fd|fdfind) + files="$(${find_tool} . minion.d/ --e conf) + $(${find_tool} . salt/ -d 2 -t f -e sls -e top | sort -d)" + ;; + find) + files="$(find minion.d/ -type f -name "*.conf") + $(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) | + sort -d)" + ;; esac exec salt-lint ${conf} ${files} diff --git a/scripts/shell-lint.sh b/scripts/shell-lint.sh index f9b85ec..410eada 100755 --- a/scripts/shell-lint.sh +++ b/scripts/shell-lint.sh @@ -13,8 +13,38 @@ command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } cd "$(git rev-parse --show-toplevel)" || exit 1 ./scripts/requires-program.sh shellcheck file +exit_code=0 find_tool="$(./scripts/best-program.sh fd fdfind find)" +show_long_lines(){ + tty_stderr=0 + if test -t 2; then + tty_stderr=1 + fi + awk -v color="${tty_stderr}" ' + BEGIN { + MAGENTA="" + GREEN="" + RESET="" + if (color == 1) { + MAGENTA="\033[1;35m" + GREEN="\033[1;32m" + RESET="\033[0m" + } + } + { + nlines++; + if (length > 78 && !/^\s*#.*(:\/\/|SPDX-)/) { + exit_code=1 + prefix = MAGENTA FILENAME RESET ":" GREEN FNR RESET + print prefix ": line too long: " length " > 78" >"/dev/stderr" + if (nlines==NR) { if (exit_code==1) { exit 1; }; } + } + if (nlines==NR) { if (exit_code==1) { exit 1; }; } + } + ' "${@}" >&2 +} + if test -n "${1-}"; then files="" sh_files="" @@ -32,31 +62,40 @@ if test -n "${1-}"; then if test -z "$files" && test -z "$sh_files"; then exit 0 fi - test -z "$files" || shellcheck ${files} - test -z "$sh_files" || shellcheck -s sh ${sh_files} - exit + if test -n "${files}" || test -n "${sh_files}"; then + show_long_lines ${files} ${sh_files} || exit_code=1 + fi + if test -n "${files}"; then + shellcheck ${files} || exit_code=1 + fi + if test -n "${sh_files}"; then + shellcheck -s sh ${sh_files} || exit_code=1 + fi + exit "${exit_code}" fi case "${find_tool}" in fd|fdfind) # shellcheck disable=2016,2215 - files="$(${find_tool} . scripts/ salt/ --hidden --exclude=zsh --type=f \ - --exec-batch file | awk -F ":" '/ shell script,/{ print $1 }')" + files="$(${find_tool} . scripts/ salt/ -H -E zsh -t f -X file | + awk -F ":" '/ shell script,/{ print $1 }')" ## No Shebang sh_files="$(${find_tool} rc.local salt/ --type=f)" ;; find) files="$(find scripts/ salt/ -not \( -path "*/zsh" -prune \) -type f \ - -exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')" + -exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')" ## No Shebang sh_files="$(find salt/ -type f -name "rc.local")" ;; esac -echo "${files}" | sort -u | tr " " "\n" -exit +files="$(echo "$files" | sort -u)" +sh_files="$(echo "$sh_files" | sort -u)" -#files="$(echo "$files" | sort -u)" -#sh_files="$(echo "$sh_files" | sort -u)" -#test -z "${files}" || shellcheck ${files} -#test -z "${sh_files}" || shellcheck -s sh ${sh_files} +show_long_lines ${files} ${sh_files} || exit_code=1 +shellcheck ${files} || exit_code=1 +if test -n "$sh_files"; then + shellcheck -s sh ${sh_files} || exit_code=1 +fi +exit "${exit_code}" diff --git a/scripts/spec-gen.sh b/scripts/spec-gen.sh index e9f5eca..817f8e0 100755 --- a/scripts/spec-gen.sh +++ b/scripts/spec-gen.sh @@ -27,8 +27,10 @@ escape_key(){ ## Get scriptlet command, else fail safe. get_scriptlet(){ scriptlet="$1" + scriptlet_begin="-- pkg:begin:${scriptlet} --" + scriptlet_end="-- pkg:end:${scriptlet} --" scriptlet="$(sed -n \ - "/^<\!-- pkg:begin:${scriptlet} -->$/,/^<\!-- pkg:end:${scriptlet} -->$/p" \ + "/^<\!${scriptlet_begin}>$/,/^<\!${scriptlet_end}>$/p" \ "${readme}" | sed '/^```.*/d;/^\S*$/d;/^<\!-- pkg:/d;s/^sudo //')" if test -z "${scriptlet}"; then echo true @@ -159,7 +161,9 @@ if test "${1-}" = "test"; then shift fi -if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" || test -z "${1-}"; then +if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" || + test -z "${1-}" +then # shellcheck disable=SC2046 set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \ | sort -d | tr "\n" " ") diff --git a/scripts/spec-get.sh b/scripts/spec-get.sh index ba50758..5e7ccfd 100755 --- a/scripts/spec-get.sh +++ b/scripts/spec-get.sh @@ -13,7 +13,7 @@ usage(){ echo "Usage: ${0##*/} " echo "Example: ${0##*/} qubes-builder description" echo "Names: ${names}" - echo "Keys: ${keys}" + echo "Keys: $(echo "${keys}" | tr "\n" " ")" } block_max_chars(){ @@ -21,13 +21,31 @@ block_max_chars(){ char_value="${2}" less_than="${3}" if test "${#char_value}" -ge "${less_than}"; then - echo "Error: ${char_key} is too long. Must be less than ${less_than} chars." >&2 + echo "Error: ${char_key} is too long. Must be <${less_than} chars." >&2 echo "Key contents: ${char_value}" >&2 exit 1 fi } -keys="name branch group file_roots requires packager vendor url bug_url version project project_dir changelog readme license_csv license description summary saltfiles" +keys="name +branch +group +file_roots +requires +packager +vendor +url +bug_url +version +project +project_dir +changelog +readme +license_csv +license +description +summary +saltfiles" name="" key="" @@ -97,7 +115,10 @@ fi ## project per directory. The disadvantage of the changelog below is it # #doesn't differentiate commits per version and release, but per commit id. if test "${key}" = "changelog"; then - changelog="$(TZ=UTC0 git log -n 50 --format=format:"* %cd %an <%ae> - %h%n- %s%n" --date=format:"%a %b %d %Y" -- "${project_dir}" | sed -re "s/^- +- */- /")" + changelog="$(TZ=UTC0 git log -n 50 \ + --format=format:"* %cd %an <%ae> - %h%n- %s%n" \ + --date=format:"%a %b %d %Y" -- "${project_dir}" | \ + sed -re "s/^- +- */- /")" fi if test "${key}" = "description"; then @@ -117,7 +138,9 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then saltfiles="$(find "${project_dir}" -maxdepth 1 -name "*.sls")" # shellcheck disable=SC2086 if test -n "${saltfiles}"; then - requires="$(sed -n '/^include:$/,/^\s*$/p' -- ${saltfiles} | sed "/^\s*- \./d;/{/d" | grep "^\s*- " | cut -d "." -f1 | sort -u | sed "s/- //")" + requires="$(sed -n '/^include:$/,/^\s*$/p' -- ${saltfiles} | + sed "/^\s*- \./d;/{/d" | grep "^\s*- " | cut -d "." -f1 | sort -u | + sed "s/- //")" if grep -qrn "{%-\? from \('\|\"\)utils" ${saltfiles}; then if test -n "${requires}"; then requires="${requires} utils" diff --git a/scripts/toc-gen.sh b/scripts/toc-gen.sh index 5d5c986..a68d338 100755 --- a/scripts/toc-gen.sh +++ b/scripts/toc-gen.sh @@ -37,6 +37,7 @@ for f in "$@"; do ## This is fragile, the table of contents should have at least one block ## separated by an empty line before the nest heading, else it will delete ## the rest of the file. - vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' -c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}" + vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' \ + -c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}" echo "Updated TOC in file: $f" done