Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-08-07 05:32:21 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix: avoid operand evaluation as argument

Browse source 
Explicit end option parsing as the shell can be quite dangerous without
it.
This commit is contained in:
Ben Grande 2024-08-06 17:04:16 +02:00
parent e42950376a
commit 1b2f1ba941
No known key found for this signature in database
GPG key ID: 00C64E14F51F9E56
52 changed files with 196 additions and 189 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/pgp-lint.sh
View file

@ -12,7 +12,7 @@ test -d "${repo_toplevel}" || exit 1
cd "${repo_toplevel}"
unset repo_toplevel
now="$(date +%s)"
now="$(date -- +%s)"
fail="0"
find_tool="$(./scripts/best-program.sh fd fdfind find)"
@ -46,7 +46,7 @@ fi
for key in ${files}; do
data="$(gpg --no-keyring --no-auto-check-trustdb --no-autostart \
--with-colons --show-keys "${key}")"
nr="$(echo "${data}" | grep -Ec '^(p|s)ub:')"
nr="$(echo "${data}" | grep -Ec -e '^(p|s)ub:')"
## Threshold in days.
threshold="${PGP_LINT_THRESHOLD:-30}"
tty_stderr=0

14
scripts/qubesbuilder-gen.sh
View file

@ -23,14 +23,14 @@ if test "${1-}" = "test"; then
fi
ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
untracked="$(git ls-files --exclude-standard --others salt/)"
unwanted="$(printf %s"${ignored}\n${untracked}\n" |
grep "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)"
unwanted="$(printf '%s\n%s\n' "${ignored}" "${untracked}" |
grep -e "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)"
group="$(./scripts/spec-get.sh dom0 group)"
projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d | sort -d |
sed "s|^salt/\(\S\+\)| - rpm_spec/${group}-\1.spec|")"
sed -e "s|^salt/\(\S\+\)| - rpm_spec/${group}-\1.spec|")"
for unwanted_project in ${unwanted}; do
projects="$(echo "${projects}" |
sed "\@rpm_spec/${group}-${unwanted_project}.spec@d")"
sed -e "\@rpm_spec/${group}-${unwanted_project}.spec@d")"
done
if test "${1-}" = "print"; then
@ -38,10 +38,10 @@ if test "${1-}" = "print"; then
exit 0
fi
sed -e "/@SPEC@/d" "${template}" | tee "${target}" >/dev/null
echo "${projects}" | tee -a "${target}" >/dev/null
sed -e "/@SPEC@/d" -- "${template}" | tee -- "${target}" >/dev/null
echo "${projects}" | tee -a -- "${target}" >/dev/null
if test "${1-}" = "test"; then
if ! cmp -s "${target}" "${intended_target}"; then
if ! cmp -s -- "${target}" "${intended_target}"; then
echo "${0##*/}: error: File ${intended_target} is not up to date" >&2
echo "${0##*/}: error: Update the builder file with: ${0##/*}" >&2
exit 1

12
scripts/salt-fix.sh
View file

@ -24,24 +24,24 @@ case "${find_tool}" in
fd|fdfind)
conf_files="$(${find_tool} . minion.d/ -e conf)"
sls_files="$(${find_tool} . salt/ -d 2 -t f -e sls)"
files="${conf_files}\n${sls_files}"
set -- ${conf_files} ${sls_files}
;;
find)
conf_files="$(find minion.d/ -type f -name "*.conf")"
sls_files="$(find salt/ -maxdepth 2 -type f -name '*.sls')"
files="${conf_files}\n${sls_files}"
set -- ${conf_files} ${sls_files}
;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
## 201 - Fix trailing whitespace:
sed -i'' -e's/[[:space:]]*$//' ${files}
sed -i'' -e 's/[[:space:]]*$//' -- "${@}"
## 206 - Fix spacing around {{ var_name }}, eg. {{env}} --> {{ env }}:
sed -i'' -E "s/\{\{\s?([^}]*[^} ])\s?\}\}/\{\{ \1 \}\}/g" ${files}
sed -i'' -E -e "s/\{\{\s?([^}]*[^} ])\s?\}\}/\{\{ \1 \}\}/g" -- "${@}"
## 207 - Add quotes around numeric values that start with a 0:
sed -i'' -E "s/\b(minute|hour): (0[0-7]?)\$/\1: '\2'/" ${files}
sed -i'' -E -e "s/\b(minute|hour): (0[0-7]?)\$/\1: '\2'/" -- "${@}"
## 208 - Make dir_mode, file_mode and mode arguments in the desired syntax:
sed -i'' -E "s/\b(dir_|file_|)mode: 0?([0-7]{3})/\1mode: '0\2'/" ${files}
sed -i'' -E -e "s/\b(dir_|file_|)mode: 0?([0-7]{3})/\1mode: '0\2'/" -- "${@}"

6
scripts/salt-lint.sh
View file

@ -38,16 +38,16 @@ case "${find_tool}" in
conf_files="$(${find_tool} . minion.d/ -e conf)"
sls_files="$(${find_tool} . salt/ -d 2 -t f -e sls -e top -e jinja \
-e j2 -e tmpl -e tst | sort -d)"
files="${conf_files}\n${sls_files}"
set -- ${conf_files} ${sls_files}
;;
find)
conf_files="$(find minion.d/ -type f -name "*.conf")"
sls_files="$(find salt/* -maxdepth 2 -type f \
\( -name '*.sls' -o -name '*.top' -o -name '*.jinja' \
-o -name '*.j2' -o -name '*.tmpl' -o -name '*.tst' \) | sort -d)"
files="${conf_files}\n${sls_files}"
set -- ${conf_files} ${sls_files}
;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
exec salt-lint ${conf} ${files}
exec salt-lint ${conf} "${@}"

8
scripts/setup.sh
View file

@ -17,7 +17,7 @@ file_roots="/srv/salt/${group}"
cd "${0%/*}"/..
## Avoid having extra unwanted files.
rm -rf "${file_roots}"
cp -f minion.d/*.conf /etc/salt/minion.d/
mkdir -p "${file_roots}"
cp -r salt/* "${file_roots}"
rm -rf -- "${file_roots}"
cp -f -- minion.d/*.conf /etc/salt/minion.d/
mkdir -p -- "${file_roots}"
cp -r -- salt/* "${file_roots}"

2
scripts/shell-lint.sh
View file

@ -24,7 +24,7 @@ show_long_lines(){
if test -t 2; then
tty_stderr=1
fi
awk -v color="${tty_stderr}" '
awk -v color="${tty_stderr}" -- '
BEGIN {
exit_code=0
MAGENTA=""

12
scripts/spec-build.sh
View file

@ -25,17 +25,17 @@ build_rpm(){
rpmlint "${spec}"
fi
if grep -q "^BuildRequires: " "${spec}"; then
if grep -q -e "^BuildRequires: " -- "${spec}"; then
sudo dnf build-dep "${spec}"
fi
mkdir -p \
mkdir -p -- \
"${build_dir}/BUILD/${group}-${project}/LICENSES/" \
"${build_dir}/SOURCES/${group}-${project}/LICENSES"
## TODO: generate tarball to sources.
cp -r . "${build_dir}/BUILD/${group}-${project}/"
cp -r . "${build_dir}/SOURCES/${group}-${project}/"
cp -r -- . "${build_dir}/BUILD/${group}-${project}/"
cp -r -- . "${build_dir}/SOURCES/${group}-${project}/"
## TODO: use qubes-builderv2 with mock or qubes executor
rpmbuild -ba --quiet --clean -- "${spec}"
@ -49,7 +49,7 @@ build_rpm(){
dbpath="$(mktemp -d)"
trap 'rm -rf -- "${dbpath}"' EXIT INT HUP QUIT ABRT
tmp_file="${dbpath}/${key_id}.asc"
"${gpg}" --export --armor "${key_id}" | tee "${tmp_file}" >/dev/null
"${gpg}" --export --armor "${key_id}" | tee -- "${tmp_file}" >/dev/null
rpmkeys --dbpath="${dbpath}" --import "${tmp_file}"
## TODO: target only the latest release
rpmkeys --dbpath="${dbpath}" --checksig --verbose \
@ -73,7 +73,7 @@ build_dir="${HOME}/rpmbuild"
if command -v rpmdev-setuptree >/dev/null; then
rpmdev-setuptree
else
mkdir -p \
mkdir -p -- \
"${build_dir}/BUILD" "${build_dir}/BUILDROOT" "${build_dir}/RPMS" \
"${build_dir}/SOURCES" "${build_dir}/SPECS" "${build_dir}/SRPMS"
fi

37
scripts/spec-gen.sh
View file

@ -14,9 +14,9 @@ usage(){
escape_key(){
key_type="${1}"
if test "${key_type}" = "scriptlet"; then
echo "${2}" | sed ':a;N;$!ba;s/\n/\\n /g' | sed 's/\$/\\$/'
echo "${2}" | sed -e ':a;N;$!ba;s/\n/\\n /g' | sed -e 's/\$/\\$/'
elif test "${key_type}" = "text"; then
echo "${2}" | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/\$/\\$/'
echo "${2}" | sed -e ':a;N;$!ba;s/\n/\\n/g' | sed -e 's/\$/\\$/'
else
return 1
fi
@ -29,9 +29,9 @@ get_scriptlet(){
scriptlet="$1"
scriptlet_begin="-- pkg:begin:${scriptlet} --"
scriptlet_end="-- pkg:end:${scriptlet} --"
scriptlet="$(sed -n \
scriptlet="$(sed -n -e \
"/^<\!${scriptlet_begin}>$/,/^<\!${scriptlet_end}>$/p" \
"${readme}" | sed '/^```.*/d;/^\S*$/d;/^<\!-- pkg:/d;s/^sudo //')"
-- "${readme}" | sed -e '/^```.*/d;/^\S*$/d;/^<\!-- pkg:/d;s/^sudo //')"
if test -z "${scriptlet}"; then
echo true
return 0
@ -44,13 +44,13 @@ get_spec(){
}
gen_spec(){
project="$(echo "${1}" | sed "s|salt/||;s|/.*||")"
if echo "${projects_seen}" | grep -qF " ${project} "; then
project="$(echo "${1}" | sed -e "s|salt/||;s|/.*||")"
if echo "${projects_seen}" | grep -qF -e " ${project} "; then
return
fi
projects_seen="${projects_seen} ${project} "
if echo "${unwanted}" | grep -q "^${project}$"; then
if echo "${unwanted}" | grep -q -e "^${project}$"; then
echo "warn: skipping spec generation of untracked formula: ${project}" >&2
return 0
fi
@ -74,7 +74,7 @@ gen_spec(){
version="$(get_spec version)"
license_csv="$(get_spec license_csv)"
## Ideally we would query the license, but it is a heavy call.
license="$(echo "${license_csv}" | sed "s/\,/ AND /g")"
license="$(echo "${license_csv}" | sed -e "s/\,/ AND /g")"
vendor="$(get_spec vendor)"
packager="$(get_spec packager)"
url="$(get_spec url)"
@ -118,22 +118,23 @@ gen_spec(){
-e "s|@URL@|${url}|" \
-e "s|@DESCRIPTION@|${description}|" \
-e "/@CHANGELOG@/d" \
"${template}" | tee "${target}" >/dev/null
-- "${template}" | tee -- "${target}" >/dev/null
requires_key=""
for r in $(printf %s"${requires}" | tr " " "\n" | sort -u); do
for r in $(printf '%s' "${requires}" | tr " " "\n" | sort -u); do
requires_key="${requires_key:-}Requires: ${group}-${r}\n"
done
sed -i "s/@REQUIRES@/${requires_key}/" "${target}" >/dev/null
echo "${changelog}" | tee -a "${target}" >/dev/null
sed -i -e "s/@REQUIRES@/${requires_key}/" -- "${target}" >/dev/null
echo "${changelog}" | tee -a -- "${target}" >/dev/null
if test "${2-}" = "test"; then
if ! cmp -s "${target}" "${intended_target}"; then
if ! cmp -s -- "${target}" "${intended_target}"; then
echo "error: ${intended_target} is not up to date" >&2
diff --color=auto "${intended_target}" "${target}" || true
diff --color=auto -- "${intended_target}" "${target}" || true
fail=1
else
unstaged_target="$(git diff --name-only "${intended_target}")" || true
unstaged_target="$(git diff --name-only -- "${intended_target}")" ||
true
if test -n "${unstaged_target}"; then
echo "warn: ${intended_target} is up to date but it is not staged" >&2
fi
@ -155,8 +156,8 @@ unset repo_toplevel
spec_get="./scripts/spec-get.sh"
ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
untracked="$(git ls-files --exclude-standard --others salt/)"
unwanted="$(printf %s"${ignored}\n${untracked}\n" \
| grep "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)"
unwanted="$(printf '%s\n%s\n' "${ignored}" "${untracked}" \
| grep -e "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)"
fail=""
gen_mode=""
@ -166,7 +167,7 @@ if test "${1-}" = "test"; then
shift
fi
if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" ||
if echo "${@}" | grep -qE -e "(^scripts/| scripts/|/template.spec)" ||
test -z "${1-}"
then
# shellcheck disable=SC2046,SC2312

10
scripts/spec-get.sh
View file

@ -142,10 +142,10 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then
saltfiles="$(find "${project_dir}" -maxdepth 1 -name "*.sls")"
# shellcheck disable=SC2086
if test -n "${saltfiles}"; then
requires="$(sed -n '/^include:$/,/^\s*$/p' -- ${saltfiles} |
sed "/^\s*- \./d;/{/d" | grep "^\s*- " | cut -d "." -f1 | sort -u |
sed "s/- //")"
if grep -qrn "{%-\? from \('\|\"\)utils" ${saltfiles}; then
requires="$(sed -n -e '/^include:$/,/^\s*$/p' -- ${saltfiles} |
sed -e "/^\s*- \./d;/{/d" | grep -e "^\s*- " | cut -d "." -f1 |
sort -u | sed -e "s/- //")"
if grep -qrn -e "{%-\? from \('\|\"\)utils" ${saltfiles}; then
if test -n "${requires}"; then
requires="${requires} utils"
else
@ -156,7 +156,7 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then
requires=""
fi
requires_valid=""
for r in $(printf %s"${requires}" | tr " " "\n"); do
for r in $(printf '%s' "${requires}" | tr " " "\n"); do
if ! test -d "salt/${r}"; then
continue
fi

2
scripts/toc-gen.sh
View file

@ -31,7 +31,7 @@ for f in "${@}"; do
echo "Error: Not a regular file: ${f}" >&2
exit 1
fi
if ! grep -q "^## Table of Contents$" "${f}"; then
if ! grep -q -e "^## Table of Contents$" -- "${f}"; then
echo "Could not find table of contents in file: ${f}, skipping" >&2
continue
fi

4
scripts/yumrepo-gen.sh
View file

@ -21,9 +21,9 @@ dist="fc37"
yum_repo_root="${HOME}/rpmrepo"
yum_repo="${yum_repo_root}/${qubes_release}/${repo}/host/${dist}"
mkdir -p "${yum_repo}/rpm"
mkdir -p -- "${yum_repo}/rpm"
find "${build_dir}/RPMS/" -type f -name "*.rpm" \
-exec cp {} "${yum_repo}/rpm/" \;
-exec cp -- {} "${yum_repo}/rpm/" \;
createrepo_args=""
if test -d "${yum_repo}/repodata"; then