Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: enable all optional shellcheck validations

Browse Source 
Make shell a little bit safer with:

- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase

Although there are some stylistic decisions for uniformity:

- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
This commit is contained in:
Ben Grande 2024-07-10 14:36:05 +02:00
parent 011a71a36d
commit 224312ed42
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
55 changed files with 343 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/main.yaml vendored
View File

@ -54,7 +54,7 @@ jobs:
run: | run: |
editorconfig-checker editorconfig-checker
editorconfig-checker salt/dotfiles editorconfig-checker salt/dotfiles
- name: Lint commits - name: Lint commit messages
run: | run: |
if test "${{ github.event_name}}" = "pull_request" if test "${{ github.event_name}}" = "pull_request"
then then

14
.pre-commit-config.yaml
View File

@ -4,7 +4,12 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
--- ---
default_install_hook_types:
- pre-commit
repos: repos:
- repo: local - repo: local
hooks: hooks:
@ -99,12 +104,3 @@ repos:
language: python language: python
pass_filenames: false pass_filenames: false
description: Lint files to comply with the REUSE Specification description: Lint files to comply with the REUSE Specification
- id: commit-lint
name: commit-lint
language: python
entry: gitlint
args: [--staged, --msg-filename]
stages: [commit-msg]
pass_filenames: true
description: Lint Git commits

5
.shellcheckrc Normal file
View File

@ -0,0 +1,5 @@
# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: MIT
enable=all

3
rpm_spec/qusal-browser.spec
View File

@ -115,6 +115,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-dom0.spec
View File

@ -107,6 +107,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - 523bca2 * Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - 523bca2
- fix: conform files to editorconfig specification - fix: conform files to editorconfig specification

3
rpm_spec/qusal-dotfiles.spec
View File

@ -118,6 +118,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - 28c298d * Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - 28c298d
- fix: add Python indentation to editorconfig - fix: add Python indentation to editorconfig

3
rpm_spec/qusal-fedora-minimal.spec
View File

@ -108,6 +108,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-reader.spec
View File

@ -110,6 +110,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-sys-bitcoin.spec
View File

@ -137,6 +137,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

6
rpm_spec/qusal-sys-cacher.spec
View File

@ -130,6 +130,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f * Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f
- doc: spell check - doc: spell check
@ -276,6 +279,3 @@ fi
* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 2b6daac * Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 2b6daac
- fix: shellcheck - fix: shellcheck
* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 38d98ec
- fix: nft shebang and table names

3
rpm_spec/qusal-sys-electrs.spec
View File

@ -123,6 +123,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-sys-git.spec
View File

@ -111,6 +111,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-sys-net.spec
View File

@ -114,6 +114,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-sys-ssh-agent.spec
View File

@ -120,6 +120,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f * Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f
- doc: spell check - doc: spell check

3
rpm_spec/qusal-sys-syncthing.spec
View File

@ -120,6 +120,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840 * Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files - doc: lint markdown files

3
rpm_spec/qusal-sys-wireguard.spec
View File

@ -108,6 +108,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog %changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Fri Jul 05 2024 Ben Grande <ben.grande.b@gmail.com> - 80482bf * Fri Jul 05 2024 Ben Grande <ben.grande.b@gmail.com> - 80482bf
- fix: use systemd-resolved DNS on boot - fix: use systemd-resolved DNS on boot

14
salt/dom0/files/autostart-scripts/kde-activity-changed-notifier
View File

@ -21,19 +21,19 @@ case "${XDG_SESSION_DESKTOP:-}" in
esac esac
service="org.kde.ActivityManager" service="org.kde.ActivityManager"
interface="$service.Activities" interface="${service}.Activities"
path="/ActivityManager/Activities" path="/ActivityManager/Activities"
signal="CurrentActivityChanged" signal="CurrentActivityChanged"
dbus-monitor --profile \ dbus-monitor --profile \
"type=signal,path=$path,interface=$interface,member=$signal" | \ "type=signal,path=${path},interface=${interface},member=${signal}" | \
while read -r _ _ _ _ _ path interface member; do while read -r _ _ _ _ _ path interface member; do
test "$member" = "$signal" || continue test "${member}" = "${signal}" || continue
id="$(qdbus "$service" "$path" "$interface.CurrentActivity")" id="$(qdbus "${service}" "${path}" "${interface}.CurrentActivity")"
name="$(qdbus "$service" "$path" "$interface.ActivityName" "$id")" name="$(qdbus "${service}" "${path}" "${interface}.ActivityName" "${id}")"
if command -v kdialog >/dev/null; then if command -v kdialog >/dev/null; then
kdialog --title "Activity: $name" --passivepopup "Switched Activities" 3 kdialog --title "Activity: ${name}" --passivepopup "Switched Activities" 3
elif command -v notify-send >/dev/null; then elif command -v notify-send >/dev/null; then
notify-send -u normal -t 3000 "Activity: $name" "Switched activities" notify-send -u normal -t 3000 "Activity: ${name}" "Switched activities"
fi fi
done done

41
salt/dom0/files/bin/qubes-kde-win-rules
View File

@ -8,7 +8,7 @@
# shellcheck disable=SC1090,SC2317 # shellcheck disable=SC1090,SC2317
set -eu set -eu
file="${XDG_CONFIG_HOME:=$HOME/.config}/kwinrulesrc" file="${XDG_CONFIG_HOME:=${HOME}/.config}/kwinrulesrc"
usage(){ usage(){
echo "Usage: ${0##*/} <group> <activity> echo "Usage: ${0##*/} <group> <activity>
@ -25,10 +25,10 @@ writeconf(){
key="$2" key="$2"
value="$3" value="$3"
group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 | group_id="$(grep -B1 -- "^Description=${group}$" "${file}" | head -1 |
tr -d "[" | tr -d "]")" tr -d "[" | tr -d "]")"
if test -z "${group_id}"; then if test -z "${group_id}"; then
highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" | highest_id="$(grep -- "\[[0-9]\+\]" "${file}" | tr -d "[" | tr -d "]" |
sort | tail -1)" sort | tail -1)"
if test -n "${highest_id}"; then if test -n "${highest_id}"; then
group_id="$((highest_id+1))" group_id="$((highest_id+1))"
@ -37,38 +37,41 @@ writeconf(){
fi fi
fi fi
kwriteconfig --file "$file" --group "$group_id" --key "$key" "$value" kwriteconfig --file "${file}" --group "${group_id}" --key "${key}" \
"${value}"
} }
writeconf_group(){ writeconf_group(){
chosen_group="$1" chosen_group="$1"
chosen_activity="$2" chosen_activity="$2"
writeconf "$chosen_group" Description "$chosen_group" writeconf "${chosen_group}" Description "${chosen_group}"
if test -n "$chosen_activity"; then if test -n "${chosen_activity}"; then
chosen_activity_id="$(kactivities-cli --list-activities | chosen_activity_id="$(kactivities-cli --list-activities |
awk -v activity="$chosen_activity" '$3 ~ activity {print $2}')" awk -v activity="${chosen_activity}" '$3 ~ activity {print $2}')"
if test -z "$chosen_activity_id"; then if test -z "${chosen_activity_id}"; then
printf '%s\n' "Invalid activity name: $chosen_activity" printf '%s\n' "Invalid activity name: ${chosen_activity}"
exit 1 exit 1
fi fi
writeconf "$chosen_group" activity "$chosen_activity_id" writeconf "${chosen_group}" activity "${chosen_activity_id}"
writeconf "$chosen_group" activityrule 2 writeconf "${chosen_group}" activityrule 2
fi fi
## Regex: https://doc.qt.io/qt-6/qregularexpression.html ## Regex: https://doc.qt.io/qt-6/qregularexpression.html
writeconf "$chosen_group" title \ writeconf "${chosen_group}" title \
"^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*" "^\\[(disp-|dvm-)?${chosen_group}(-\\S+)?\\] .*"
writeconf "$chosen_group" titlematch 3 writeconf "${chosen_group}" titlematch 3
writeconf "$chosen_group" wmclass "$chosen_group" writeconf "${chosen_group}" wmclass "${chosen_group}"
writeconf "$chosen_group" wmclasscomplete false writeconf "${chosen_group}" wmclasscomplete false
writeconf "$chosen_group" wmclassmatch 2 writeconf "${chosen_group}" wmclassmatch 2
} }
case "${1-}" in case "${1-}" in
""|-h|--?help) usage ""|-h|--?help) usage;;
*) ;;
esac esac
case "${2-}" in case "${2-}" in
"") usage "") usage;;
*) ;;
esac esac
writeconf_group "${1}" "${2}" writeconf_group "${1}" "${2}"

1
salt/dom0/files/bin/qvm-mgmt
View File

@ -59,6 +59,7 @@ case "${class}" in
StandaloneVM|TemplateVM) StandaloneVM|TemplateVM)
get_qube_feat "${wanted_qube}" get_qube_feat "${wanted_qube}"
;; ;;
*) echo "Unsupported qube class" >&2; exit 1;;
esac esac
wanted_mgmt="$(qvm-prefs "${wanted_qube}" management_dispvm)" wanted_mgmt="$(qvm-prefs "${wanted_qube}" management_dispvm)"
echo "${wanted_qube} management_dispvm: ${wanted_mgmt}" echo "${wanted_qube} management_dispvm: ${wanted_mgmt}"

3
salt/dom0/files/bin/qvm-pci-regain
View File

@ -34,7 +34,8 @@ case "${2-}" in
*) device="${2}" *) device="${2}"
esac esac
test "$(id -u)" = "0" || exec sudo "${0}" uid="$(id -u)"
test "${uid}" = "0" || exec sudo "${0}"
echo "${device}" | tee /sys/bus/pci/drivers/pciback/unbind echo "${device}" | tee /sys/bus/pci/drivers/pciback/unbind
modalias="$(cat "/sys/bus/pci/devices/${device}/modalias")" modalias="$(cat "/sys/bus/pci/devices/${device}/modalias")"

11
salt/dom0/files/bin/qvm-port-forward
View File

@ -32,6 +32,7 @@ validate_handle(){
echo "error: ${qube}: invalid handle" >&2 echo "error: ${qube}: invalid handle" >&2
exit 1 exit 1
;; ;;
*) ;;
esac esac
} }
@ -43,6 +44,7 @@ validate_ipv4(){
echo "error: ${qube}: invalid IPv4 address" >&2 echo "error: ${qube}: invalid IPv4 address" >&2
exit 1 exit 1
;; ;;
*) ;;
esac esac
} }
@ -54,6 +56,7 @@ validate_ipv6(){
echo "error: ${qube}: invalid IPv6 address" >&2 echo "error: ${qube}: invalid IPv6 address" >&2
exit 1 exit 1
;; ;;
*) ;;
esac esac
} }
@ -65,6 +68,7 @@ validate_dev(){
echo "error: ${qube}: invalid device name" >&2 echo "error: ${qube}: invalid device name" >&2
exit 1 exit 1
;; ;;
*) ;;
esac esac
} }
@ -150,7 +154,8 @@ add rule ip qubes ${forward_chain} ${forward_rule}'"
run_qube "${from_qube}" "${full_rule}" run_qube "${from_qube}" "${full_rule}"
if test "${persistent}" = "1"; then if test "${persistent}" = "1"; then
if test "$(qvm-prefs --get -- "${from_qube}" klass)" = "DispVM"; then class="$(qvm-prefs --get -- "${from_qube}" klass)"
if test "${class}" = "DispVM"; then
from_qube="$(qvm-prefs --get -- "${from_qube}" template)" from_qube="$(qvm-prefs --get -- "${from_qube}" template)"
fi fi
@ -258,6 +263,7 @@ get_lan(){
test_qvm_run(){ test_qvm_run(){
qube="${1}" qube="${1}"
# shellcheck disable=SC2310
if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then
echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2 echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2
exit 1 exit 1
@ -272,12 +278,14 @@ recurse_netvms() {
case "${cmd}" in case "${cmd}" in
show-upstream) test_qvm_run "${rec_qube}";; show-upstream) test_qvm_run "${rec_qube}";;
apply-rules) forward "${rec_netvm}" "${rec_qube}";; apply-rules) forward "${rec_netvm}" "${rec_qube}";;
*) echo "Unsupported command passed to recurse_netvms()" >&2; exit 1;;
esac esac
recurse_netvms "${cmd}" "${rec_netvm}" recurse_netvms "${cmd}" "${rec_netvm}"
fi fi
case "${cmd}" in case "${cmd}" in
show-upstream) get_lan "${rec_qube}";; show-upstream) get_lan "${rec_qube}";;
apply-rules) ;; apply-rules) ;;
*) echo "Unsupported command passed to recurse_netvms()" >&2; exit 1;;
esac esac
} }
@ -358,6 +366,7 @@ while test "${#}" -gt "0"; do
-n|--proto) proto="${2}"; shift;; -n|--proto) proto="${2}"; shift;;
-s|--persistent) persistent=1; shift;; -s|--persistent) persistent=1; shift;;
-h|--help) usage;; -h|--help) usage;;
*) echo "Unsupported option" >&2; exit 1;;
esac esac
shift shift
done done

15
salt/dom0/files/bin/qvm-screenshot
View File

@ -20,26 +20,31 @@ take_screenshot() {
case "${screenshot_type}" in case "${screenshot_type}" in
window) spectacle -a -o "${screenshot_file}";; window) spectacle -a -o "${screenshot_file}";;
fullscreen) spectacle -f -o "${screenshot_file}";; fullscreen) spectacle -f -o "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac esac
;; ;;
xfce4-screenshooter) xfce4-screenshooter)
case "${screenshot_type}" in case "${screenshot_type}" in
window) xfce4-screenshooter -w -s "${screenshot_file}";; window) xfce4-screenshooter -w -s "${screenshot_file}";;
fullscreen) xfce4-screenshooter -f -s "${screenshot_file}";; fullscreen) xfce4-screenshooter -f -s "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac esac
;; ;;
scrot) scrot)
case "${screenshot_type}" in case "${screenshot_type}" in
window) scrot -s -b "${screenshot_file}";; window) scrot -s -b "${screenshot_file}";;
fullscreen) scrot -b "${screenshot_file}";; fullscreen) scrot -b "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac esac
;; ;;
maim) maim)
case "${screenshot_type}" in case "${screenshot_type}" in
window) maim -s -o -u "${screenshot_file}";; window) maim -s -o -u "${screenshot_file}";;
fullscreen) maim -o -u "${screenshot_file}";; fullscreen) maim -o -u "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac esac
;; ;;
*) echo "Unsupported screenshot tool" >&2; exit 1;;
esac esac
} }
@ -157,6 +162,7 @@ if test -n "${screenshot_cmd_wanted}"; then
case "${dialog_cmd}" in case "${dialog_cmd}" in
zenity) zenity --info --text "${msg}";; zenity) zenity --info --text "${msg}";;
kdialog) kdialog --msgbox "${msg}";; kdialog) kdialog --msgbox "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
exit 1 exit 1
fi fi
@ -186,6 +192,7 @@ else
case "${dialog_cmd}" in case "${dialog_cmd}" in
zenity) zenity --info --text "${msg}";; zenity) zenity --info --text "${msg}";;
kdialog) kdialog --msgbox "${msg}";; kdialog) kdialog --msgbox "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
exit 1 exit 1
fi fi
@ -210,6 +217,7 @@ if test -z "${screenshot_type_text}"; then
"Fullscreen" "Fullscreen" off \ "Fullscreen" "Fullscreen" off \
)" )"
;; ;;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
fi fi
@ -225,6 +233,7 @@ if ! test -f "${screenshot_file}"; then
case "${dialog_cmd}" in case "${dialog_cmd}" in
zenity) zenity --warning --text "${msg}";; zenity) zenity --warning --text "${msg}";;
kdialog) kdialog --sorry "${msg}";; kdialog) kdialog --sorry "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
exit 1 exit 1
fi fi
@ -250,6 +259,7 @@ if test "${screenshot_action_supplied}" != "1"; then
"Move file" "Move file" off "Move file" "Move file" off
)" )"
;; ;;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
if test -z "${screenshot_action_text}"; then if test -z "${screenshot_action_text}"; then
@ -293,6 +303,7 @@ if test -z "${qube}"; then
# shellcheck disable=SC2086 # shellcheck disable=SC2086
qube="$(kdialog --radiolist "${dialog_title}" ${qube_list})" qube="$(kdialog --radiolist "${dialog_title}" ${qube_list})"
;; ;;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
if test -z "${qube}"; then if test -z "${qube}"; then
msg="qube was not selected" msg="qube was not selected"
@ -300,6 +311,7 @@ if test -z "${qube}"; then
case "${dialog_cmd}" in case "${dialog_cmd}" in
zenity) zenity --error --text "${msg}";; zenity) zenity --error --text "${msg}";;
kdialog) kdialog --error "${msg}";; kdialog) kdialog --error "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
exit 1 exit 1
fi fi
@ -311,6 +323,7 @@ if ! qvm-check -- "${qube}" >/dev/null 2>&1; then
case "${dialog_cmd}" in case "${dialog_cmd}" in
zenity) zenity --error --text "${msg}";; zenity) zenity --error --text "${msg}";;
kdialog) kdialog --error "${msg}";; kdialog) kdialog --error "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac esac
exit 1 exit 1
fi fi
@ -319,7 +332,7 @@ qvm-run "${qube}" -- "mkdir -p \"${qube_pictures_dir}\""
qvm-run --pass-io "${qube}" -- "cat > \"${qube_screenshot_file}\"" \ qvm-run --pass-io "${qube}" -- "cat > \"${qube_screenshot_file}\"" \
< "${screenshot_file}" < "${screenshot_file}"
if test ${file_move} = "1"; then if test "${file_move}" = "1"; then
rm -f "${screenshot_file}" rm -f "${screenshot_file}"
fi fi

2
salt/dotfiles

@ -1 +1 @@
Subproject commit 024e9c469de634181ec77eb52420f25339f4f01e Subproject commit 69c14a2429aeb80b7bc01c9b875d7114450e4e72

9
salt/mirage-builder/files/client/profile/opam.sh
View File

@ -5,8 +5,9 @@
## SPDX-License-Identifier: AGPL-3.0-or-later ## SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck disable=SC1091 # shellcheck disable=SC1091
if test -n "${ZSH_VERSION-}" && test -r "$HOME/.opam/opam-init/init.zsh"; then if test -n "${ZSH_VERSION-}" && test -r "${HOME}/.opam/opam-init/init.zsh"
. "$HOME/.opam/opam-init/init.zsh" >/dev/null 2>&1 then
elif test -r "$HOME/.opam/opam-init/init.sh"; then . "${HOME}/.opam/opam-init/init.zsh" >/dev/null 2>&1
. "$HOME/.opam/opam-init/init.sh" >/dev/null 2>&1 elif test -r "${HOME}/.opam/opam-init/init.sh"; then
. "${HOME}/.opam/opam-init/init.sh" >/dev/null 2>&1
fi fi

2
salt/qubes-builder/files/client/bin/gpg-qubes-builder
View File

@ -3,4 +3,4 @@
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
set -eu set -eu
env GNUPGHOME="$HOME/.gnupg/qubes-builder" gpg2 "$@" env GNUPGHOME="${HOME}/.gnupg/qubes-builder" gpg2 "${@}"

6
salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper
View File

@ -20,6 +20,7 @@ has(){
check_installed(){ check_installed(){
missing_programs=0 missing_programs=0
for prog in "${@}"; do for prog in "${@}"; do
# shellcheck disable=SC2310
if ! has "${prog}"; then if ! has "${prog}"; then
echo "Missing program: ${prog}" >&2 echo "Missing program: ${prog}" >&2
missing_programs=1 missing_programs=1
@ -43,6 +44,7 @@ validate_dir(){
getblock(){ getblock(){
check_installed bitcoin-cli xxd check_installed bitcoin-cli xxd
# shellcheck disable=SC2312
bitcoin-cli getblock "${block_hash}" 0 \ bitcoin-cli getblock "${block_hash}" 0 \
| tail -c+92167 \ | tail -c+92167 \
| for ((o=0;o<946;++o)); do \ | for ((o=0;o<946;++o)); do \
@ -57,6 +59,7 @@ getblock(){
getrawtransaction(){ getrawtransaction(){
check_installed bitcoin-cli xxd check_installed bitcoin-cli xxd
# shellcheck disable=SC2312
bitcoin-cli getrawtransaction "${txid}" 0 "${block_hash}" \ bitcoin-cli getrawtransaction "${txid}" 0 "${block_hash}" \
| sed 's/0100000000000000/\n/g' \ | sed 's/0100000000000000/\n/g' \
| tail -n +2 \ | tail -n +2 \
@ -69,6 +72,7 @@ getrawtransaction(){
gettxout(){ gettxout(){
check_installed bitcoin-cli jq xxd seq check_installed bitcoin-cli jq xxd seq
# shellcheck disable=SC2312
seq 0 947 \ seq 0 947 \
| (while read -r n; do bitcoin-cli gettxout "${txid}" "${n}" \ | (while read -r n; do bitcoin-cli gettxout "${txid}" "${n}" \
| jq -r '.scriptPubKey.asm' \ | jq -r '.scriptPubKey.asm' \
@ -82,7 +86,7 @@ gettxout(){
usage(){ usage(){
echo "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]" echo "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]"
echo "Note: gettxout works with pruned node" echo "Note: gettxout works with pruned node"
echo "Note: DIR defaults to \$HOME" echo "Note: DIR defaults to \${HOME}"
exit 1 exit 1
} }

1
salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet
View File

@ -11,6 +11,7 @@ set -eu
bitcoin_conf="/home/user/.bitcoin/conf.d/rpcauth.conf" bitcoin_conf="/home/user/.bitcoin/conf.d/rpcauth.conf"
bitcoin_pass="/home/user/.bitcoin/rpcclient.pass" bitcoin_pass="/home/user/.bitcoin/rpcclient.pass"
# shellcheck disable=SC2154
user="${QREXEC_REMOTE_DOMAIN}" user="${QREXEC_REMOTE_DOMAIN}"
if ! systemctl is-active bitcoind >/dev/null 2>&1; then if ! systemctl is-active bitcoind >/dev/null 2>&1; then

16
salt/sys-cacher/files/client/bin/apt-cacher-ng-repo
View File

@ -14,9 +14,9 @@
## beneficial as 'find' fails if file is not existent and sending all 'find' ## beneficial as 'find' fails if file is not existent and sending all 'find'
## output to /dev/stderr is not great. ## output to /dev/stderr is not great.
## ##
## Assigning the repositories files to '$@' avoids having to parse their names ## Assigning the repositories files to '${@}' avoids having to parse their
## in case they contain spaces, newlines and other dangerous characters to the ## names in case they contain spaces, newlines and other dangerous characters
## shell, it is also an easy way to use an array for /bin/sh. ## to the shell, it is also an easy way to use an array for /bin/sh.
set -eu set -eu
@ -183,6 +183,7 @@ EOF
-e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \ -e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \
{} \+ 2>/dev/null || true {} \+ 2>/dev/null || true
;; ;;
*) echo "Unsupported action" >&2; exit 1
esac esac
elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then
@ -235,6 +236,7 @@ EOF
-e "${list_expr}" -e "${sources_expr}" \ -e "${list_expr}" -e "${sources_expr}" \
{} \+ {} \+
;; ;;
*) echo "Unsupported action" >&2; exit 1
esac esac
elif test -e /etc/arch-release; then elif test -e /etc/arch-release; then
@ -246,11 +248,11 @@ EOF
fi fi
cat >/run/qubes/bin/pacman <<EOF cat >/run/qubes/bin/pacman <<EOF
#!/bin/sh #!/bin/sh
exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\$@" exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\${@}"
EOF EOF
chmod +x /run/qubes/bin/pacman chmod +x /run/qubes/bin/pacman
cat >/etc/profile.d/qubes-proxy.sh << EOF cat >/etc/profile.d/qubes-proxy.sh << EOF
export PATH=/run/qubes/bin:\$PATH export PATH=/run/qubes/bin:\${PATH}
EOF EOF
else else
rm -f /run/qubes/bin/pacman /etc/profile.d/qubes-proxy.sh rm -f /run/qubes/bin/pacman /etc/profile.d/qubes-proxy.sh
@ -287,6 +289,7 @@ EOF
-e "${repo_regex}" \ -e "${repo_regex}" \
{} \+ {} \+
;; ;;
*) echo "Unsupported action" >&2; exit 1
esac esac
else else
@ -325,7 +328,8 @@ case "${1-}" in
*) usage;; *) usage;;
esac esac
if test "$(id -u)" != "0"; then uid="$(id -u)"
if test "${uid}" != "0"; then
echo "Error: Permission denied, action requires root privileges." echo "Error: Permission denied, action requires root privileges."
exit 1 exit 1
fi fi

7
salt/sys-git/files/client/git-core/git-init-qrexec
View File

@ -8,6 +8,7 @@ set -eu
case "${GIT_TRACE_HELPER:-}" in case "${GIT_TRACE_HELPER:-}" in
true|1) set -x;; true|1) set -x;;
*) ;;
esac esac
usage(){ usage(){
@ -32,7 +33,11 @@ case "${1-}" in
*) authority="${1}";; *) authority="${1}";;
esac esac
case "${2-}" in case "${2-}" in
"") is_git_repo; repo="$(basename "$(git rev-parse --show-toplevel)")";; "")
is_git_repo
repo="$(git rev-parse --show-toplevel)"
repo="$(basename "${repo}")"
;;
*) repo="${2}";; *) repo="${2}";;
esac esac

5
salt/sys-git/files/client/git-core/git-remote-qrexec
View File

@ -25,7 +25,8 @@ die(){
log(){ log(){
case "${GIT_TRACE_REMOTE_HELPER:-}" in case "${GIT_TRACE_REMOTE_HELPER:-}" in
true|1) echo "${@}" >&2 true|1) echo "${@}" >&2;;
*) ;;
esac esac
} }
@ -164,7 +165,7 @@ capabilities="$(find_capabilities)"
## Communicate with the git-remote-helpers protocol. ## Communicate with the git-remote-helpers protocol.
while read -r cmd arg; do while read -r cmd arg; do
log "<- $cmd $arg" log "<- ${cmd} ${arg}"
case "${cmd}" in case "${cmd}" in
capabilities) capabilities)
for c in ${capabilities}; do log "-> ${c}"; done; log "->" for c in ${capabilities}; do log "-> ${c}"; done; log "->"

3
salt/sys-git/files/client/git-core/git-remote-qrexec-connect
View File

@ -19,7 +19,8 @@ die(){
log(){ log(){
case "${GIT_TRACE_REMOTE_HELPER:-}" in case "${GIT_TRACE_REMOTE_HELPER:-}" in
true|1) echo "${@}" >&2 true|1) echo "${@}" >&2;;
*) ;;
esac esac
} }

3
salt/sys-git/files/server/rpc/qusal.GitInit
View File

@ -16,6 +16,7 @@ if ! command -v git >/dev/null; then
fi fi
## TODO: subdirectory? dir+repo ## TODO: subdirectory? dir+repo
# shellcheck disable=SC2154
untrusted_repo="${QREXEC_SERVICE_ARGUMENT}" untrusted_repo="${QREXEC_SERVICE_ARGUMENT}"
if test -z "${untrusted_repo}"; then if test -z "${untrusted_repo}"; then
@ -35,7 +36,7 @@ if test "${#untrusted_repo}" -gt 128; then
die "Repository name is too long: ${#untrusted_repo}" die "Repository name is too long: ${#untrusted_repo}"
fi fi
base_path="$HOME/src" base_path="${HOME}/src"
repo="${untrusted_repo}" repo="${untrusted_repo}"
case "${repo}" in case "${repo}" in

4
salt/sys-net/files/admin/bin/qusal-report-updatevm-origin
View File

@ -13,8 +13,10 @@ case "${updatevm_class}" in
StandaloneVM) proxy_target="${updatevm}";; StandaloneVM) proxy_target="${updatevm}";;
AppVM) proxy_target="$(qvm-prefs "${updatevm}" template)";; AppVM) proxy_target="$(qvm-prefs "${updatevm}" template)";;
DispVM) DispVM)
proxy_target="$(qvm-prefs "$(qvm-prefs "${updatevm}" template)" template)" proxy_target="$(qvm-prefs "${updatevm}" template)"
proxy_target="$(qvm-prefs "${proxy_target}" template)"
;; ;;
*) echo "Unsupported qube class" >&2; exit 1;;
esac esac
if test -n "${proxy_target}"; then if test -n "${proxy_target}"; then
echo "${proxy_target}" echo "${proxy_target}"

1
salt/sys-net/files/server/rpc/qusal.ConnectTCP
View File

@ -17,6 +17,7 @@
set -eu set -eu
# shellcheck disable=SC2154
arg="${QREXEC_SERVICE_ARGUMENT}" arg="${QREXEC_SERVICE_ARGUMENT}"
host="${arg%%+*}" host="${arg%%+*}"
port="${arg##*+}" port="${arg##*+}"

4
salt/sys-pihole/files/admin/prefs.sh
View File

@ -13,9 +13,9 @@ for qube in $(qvm-ls --raw-data --fields=NAME,NETVM |
do do
## Avoid overwriting netvm to sys-pihole when instead it should use the ## Avoid overwriting netvm to sys-pihole when instead it should use the
## default_netvm, so better to prevent overwriting user choices. ## default_netvm, so better to prevent overwriting user choices.
qvm-prefs "$qube" | grep -q "^netvm[[:space:]]\+D" && continue qvm-prefs "${qube}" | grep -q "^netvm[[:space:]]\+D" && continue
## Set netvm for qubes that were using (disp-)sys-firewall to sys-pihole. ## Set netvm for qubes that were using (disp-)sys-firewall to sys-pihole.
qvm-prefs "$qube" netvm sys-pihole qvm-prefs "${qube}" netvm sys-pihole
done done
exit 0 exit 0

38
salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent
View File

@ -21,24 +21,24 @@ Example:
} }
ls_agent(){ ls_agent(){
socket="/tmp/${service}/$agent.sock" socket="/tmp/${service}/${agent}.sock"
test -S "$socket" || return 1 test -S "${socket}" || return 1
agent="$(echo "$socket" | sed "s|.*${service}/||;s/\.sock//")" agent="$(echo "${socket}" | sed "s|.*${service}/||;s/\.sock//")"
echo "Agent: ($agent) $socket" echo "Agent: (${agent}) ${socket}"
SSH_AUTH_SOCK="$socket" ssh-add -l || true SSH_AUTH_SOCK="${socket}" ssh-add -l || true
} }
add_agent(){ add_agent(){
# shellcheck disable=SC2174 # shellcheck disable=SC2174
mkdir -m 0700 -p "/tmp/${service}" mkdir -m 0700 -p "/tmp/${service}"
dir="$HOME/.ssh/identities.d/${agent}" dir="${HOME}/.ssh/identities.d/${agent}"
if ! test -d "$dir"; then if ! test -d "${dir}"; then
echo "Directory not found: $dir" >&2 echo "Directory not found: ${dir}" >&2
return 1 return 1
fi fi
dir="${dir##*/}" dir="${dir##*/}"
socket="/tmp/${service}/${dir}.sock" socket="/tmp/${service}/${dir}.sock"
if ! test -S "$socket"; then if ! test -S "${socket}"; then
reload_agent=1 reload_agent=1
ssh-agent -a "/tmp/${service}/${agent}.sock" ssh-agent -a "/tmp/${service}/${agent}.sock"
fi fi
@ -46,20 +46,20 @@ add_agent(){
return return
fi fi
keys="$(grep -sl -- "-----BEGIN OPENSSH PRIVATE KEY-----" \ keys="$(grep -sl -- "-----BEGIN OPENSSH PRIVATE KEY-----" \
"$HOME/.ssh/identities.d/$dir"/* || true)" "${HOME}/.ssh/identities.d/${dir}"/* || true)"
if test -z "$keys"; then if test -z "${keys}"; then
echo "Directory has no key: $dir" >&2 echo "Directory has no key: ${dir}" >&2
return 1 return 1
fi fi
SSH_AUTH_SOCK="$socket" ssh-add -D 2>/dev/null || true SSH_AUTH_SOCK="${socket}" ssh-add -D 2>/dev/null || true
for k in $(printf '%s\n' "$keys"); do for k in $(printf '%s\n' "${keys}"); do
test -f "$k" || continue test -f "${k}" || continue
ssh_add_option="" ssh_add_option=""
if test -f "$k.ssh-add-option"; then if test -f "${k}.ssh-add-option"; then
ssh_add_option="$(cat "$k.ssh-add-option")" ssh_add_option="$(cat "${k}.ssh-add-option")"
fi fi
# shellcheck disable=SC2086 # shellcheck disable=SC2086
SSH_AUTH_SOCK="$socket" ssh-add $ssh_add_option "$k" SSH_AUTH_SOCK="${socket}" ssh-add ${ssh_add_option} "${k}"
done done
} }
@ -68,7 +68,7 @@ action="${1-}"
agent="${2-}" agent="${2-}"
reload_agent="" reload_agent=""
case "$action" in case "${action}" in
ls) ls_agent;; ls) ls_agent;;
add) add_agent;; add) add_agent;;
reload) reload_agent="1"; add_agent;; reload) reload_agent="1"; add_agent;;

3
salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent
View File

@ -11,7 +11,8 @@ die(){
exit 1 exit 1
} }
untrusted_agent="$QREXEC_SERVICE_ARGUMENT" # shellcheck disable=SC2154
untrusted_agent="${QREXEC_SERVICE_ARGUMENT}"
if test -z "${untrusted_agent}"; then if test -z "${untrusted_agent}"; then
die "Agent name is empty" die "Agent name is empty"

59
salt/sys-wireguard/files/admin/bin/qvm-wireguard
View File

@ -7,7 +7,8 @@
set -eu set -eu
test "$(id -u)" = "0" || exec sudo "$0" "$@" uid="$(id -u)"
test "${uid}" = "0" || exec sudo "$0" "${@}"
usage(){ usage(){
echo "Usage: ${0##*/} [QUBE]" echo "Usage: ${0##*/} [QUBE]"
@ -21,34 +22,34 @@ case "${1-}" in
*) qube="${1}";; *) qube="${1}";;
esac esac
if ! qvm-check -q -- "$qube" >/dev/null 2>&1; then if ! qvm-check -q -- "${qube}" >/dev/null 2>&1; then
echo "Qube '$qube' doesn't exist" >&2 echo "Qube '${qube}' doesn't exist" >&2
usage 1 usage 1
fi fi
user_conf="/home/user/wireguard.conf" user_conf="/home/user/wireguard.conf"
system_conf="/etc/wireguard/wireguard.conf" system_conf="/etc/wireguard/wireguard.conf"
qvm-run "$qube" -- "test -f ${user_conf}" || { qvm-run "${qube}" -- "test -f ${user_conf}" || {
echo "File '${user_conf}' was not found" >&2 echo "File '${user_conf}' was not found" >&2
if qvm-check -q --running -- "$qube" >/dev/null 2>&1; then if qvm-check -q --running -- "${qube}" >/dev/null 2>&1; then
qvm-pause --verbose -- "$qube" qvm-pause --verbose -- "${qube}"
fi fi
echo "Firewalling $qube to drop all connections" echo "Firewalling ${qube} to drop all connections"
qvm-firewall --verbose -- "$qube" reset qvm-firewall --verbose -- "${qube}" reset
qvm-firewall --verbose -- "$qube" del --rule-no 0 qvm-firewall --verbose -- "${qube}" del --rule-no 0
qvm-firewall --verbose -- "$qube" add drop qvm-firewall --verbose -- "${qube}" add drop
if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then if qvm-check -q --paused -- "${qube}" >/dev/null 2>&1; then
qvm-unpause --verbose -- "$qube" qvm-unpause --verbose -- "${qube}"
fi fi
exit 1 exit 1
} }
qvm-run -u root "$qube" -- "cp ${user_conf} ${system_conf}" qvm-run -u root "${qube}" -- "cp ${user_conf} ${system_conf}"
## TOFU ## TOFU
# shellcheck disable=SC2016 # shellcheck disable=SC2016
endpoint="$(qvm-run -p -u root "$qube" -- awk '/Endpoint/{print $3}' \ endpoint="$(qvm-run -p -u root "${qube}" -- awk '/Endpoint/{print $3}' \
"${system_conf}")" "${system_conf}")"
if echo "${endpoint}" | grep -qF "["; then if echo "${endpoint}" | grep -qF "["; then
ip="${ip##[\[]}" ip="${ip##[\[]}"
@ -59,27 +60,27 @@ else
port="${endpoint##*:}" port="${endpoint##*:}"
fi fi
if test -z "$ip" || test -z "$port";then if test -z "${ip}" || test -z "${port}";then
echo "Endpoint (IP:Port) not found: ${system_conf}" >&2 echo "Endpoint (IP:Port) not found: ${system_conf}" >&2
exit 1 exit 1
fi fi
if qvm-check -q --running -- "$qube" >/dev/null 2>&1; then if qvm-check -q --running -- "${qube}" >/dev/null 2>&1; then
qvm-pause --verbose -- "$qube" qvm-pause --verbose -- "${qube}"
fi fi
echo "Firewalling $qube to reach only '$ip:$port'" echo "Firewalling ${qube} to reach only '${ip}:${port}'"
qvm-firewall --verbose -- "$qube" reset qvm-firewall --verbose -- "${qube}" reset
qvm-firewall --verbose -- "$qube" del --rule-no 0 qvm-firewall --verbose -- "${qube}" del --rule-no 0
qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \ qvm-firewall --verbose -- "${qube}" add accept dsthost="${ip}" \
proto=udp dstports="${port}" proto=udp
qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \ qvm-firewall --verbose -- "${qube}" add accept dsthost="${ip}" \
proto=tcp dstports="${port}" proto=tcp
qvm-firewall --verbose -- "$qube" add drop qvm-firewall --verbose -- "${qube}" add drop
if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then if qvm-check -q --paused -- "${qube}" >/dev/null 2>&1; then
qvm-unpause --verbose -- "$qube" qvm-unpause --verbose -- "${qube}"
fi fi
qvm-run -u root "$qube" -- "systemctl restart wg-quick@wireguard" qvm-run -u root "${qube}" -- "systemctl restart wg-quick@wireguard"
qvm-run -u root "$qube" -- "/rw/config/network-hooks.d/50-sys-wireguard" qvm-run -u root "${qube}" -- "/rw/config/network-hooks.d/50-sys-wireguard"

4
scripts/best-program.sh
View File

@ -8,7 +8,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
for tool in "${@}"; do for tool in "${@}"; do
if ./scripts/requires-program.sh "${tool}" >/dev/null 2>&1; then if ./scripts/requires-program.sh "${tool}" >/dev/null 2>&1; then

22
scripts/markdown-lint.sh
View File

@ -8,7 +8,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh mdl ./scripts/requires-program.sh mdl
extra_files_rules="~MD002,~MD012,~MD022,~MD032,~MD041" extra_files_rules="~MD002,~MD012,~MD022,~MD032,~MD041"
@ -17,24 +19,25 @@ find_tool="$(./scripts/best-program.sh fd fdfind find)"
if test -n "${1-}"; then if test -n "${1-}"; then
files="" files=""
extra_files="" extra_files=""
for f in "$@"; do for f in "${@}"; do
test -f "$f" || continue test -f "${f}" || continue
extension="${f##*.}" extension="${f##*.}"
case "$extension" in case "${extension}" in
md) md)
case "${f}" in case "${f}" in
.github/*) extra_files="$extra_files $f"; continue;; .github/*) extra_files="${extra_files} ${f}"; continue;;
*) ;;
esac esac
files="$files $f";; files="${files} ${f}";;
*) *)
continue continue
;; ;;
esac esac
done done
if test -n "${extra_files}"; then if test -n "${extra_files}"; then
mdl --rules ${extra_files_rules} ${extra_files} mdl --rules "${extra_files_rules}" ${extra_files}
fi fi
test -n "$files" || exit 0 test -n "${files}" || exit 0
exec mdl ${files} exec mdl ${files}
fi fi
@ -47,9 +50,10 @@ case "${find_tool}" in
files="$(find . -not -path './.github/*' -type f -name "*.md")" files="$(find . -not -path './.github/*' -type f -name "*.md")"
extra_files="$(find .github -type f -name "*.md")" extra_files="$(find .github -type f -name "*.md")"
;; ;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac esac
if test -n "${extra_files}"; then if test -n "${extra_files}"; then
mdl --rules ${extra_files_rules} ${extra_files} mdl --rules "${extra_files_rules}" ${extra_files}
fi fi
exec mdl ${files} exec mdl ${files}

15
scripts/python-lint.sh
View File

@ -8,29 +8,32 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh pylint ./scripts/requires-program.sh pylint
find_tool="$(./scripts/best-program.sh fd fdfind find)" find_tool="$(./scripts/best-program.sh fd fdfind find)"
if test -n "${1-}"; then if test -n "${1-}"; then
files="" files=""
for f in "$@"; do for f in "${@}"; do
test -f "$f" || continue test -f "${f}" || continue
extension="${f##*.}" extension="${f##*.}"
case "$extension" in case "${extension}" in
py) files="$files $f";; py) files="${files} ${f}";;
*) continue *) continue
;; ;;
esac esac
done done
test -n "$files" || exit 0 test -n "${files}" || exit 0
exec pylint ${files} exec pylint ${files}
fi fi
case "${find_tool}" in case "${find_tool}" in
fd|fdfind) files="$(${find_tool} . -H -t f -e py)";; fd|fdfind) files="$(${find_tool} . -H -t f -e py)";;
find) files="$(find . -type f -name "*.py")";; find) files="$(find . -type f -name "*.py")";;
*) echo "Unsupported find tool" >&2; exit 1;;
esac esac
exec pylint ${files} exec pylint ${files}

6
scripts/qubesbuilder-gen.sh
View File

@ -7,7 +7,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
template=".qubesbuilder.template" template=".qubesbuilder.template"
target=".qubesbuilder" target=".qubesbuilder"
@ -16,7 +18,7 @@ if test "${1-}" = "test"; then
tmpdir="$(mktemp -d)" tmpdir="$(mktemp -d)"
target="${tmpdir}/.qubesbuilder" target="${tmpdir}/.qubesbuilder"
# shellcheck disable=SC2154 # shellcheck disable=SC2154
trap 'ec="$?"; rm -rf -- "${tmpdir}"; exit "$ec"' EXIT INT HUP QUIT ABRT trap 'ec="$?"; rm -rf -- "${tmpdir}"; exit "${ec}"' EXIT INT HUP QUIT ABRT
fi fi
ignored="$(git ls-files --exclude-standard --others --ignored salt/)" ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
untracked="$(git ls-files --exclude-standard --others salt/)" untracked="$(git ls-files --exclude-standard --others salt/)"

4
scripts/release.sh
View File

@ -7,7 +7,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/qubesbuilder-gen.sh ./scripts/qubesbuilder-gen.sh
./scripts/spec-build.sh ./scripts/spec-build.sh

15
scripts/salt-fix.sh
View File

@ -13,19 +13,24 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
find_tool="$(./scripts/best-program.sh fd fdfind find)" find_tool="$(./scripts/best-program.sh fd fdfind find)"
case "${find_tool}" in case "${find_tool}" in
fd|fdfind) fd|fdfind)
files="$(${find_tool} . minion.d/ --extension=conf) conf_files="$(${find_tool} . minion.d/ -e conf)"
$(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls)" sls_files="$(${find_tool} . salt/ -d 2 -t f -e sls)"
files="${conf_files}\n${sls_files}"
;; ;;
find) find)
files="$(find minion.d/ -type f -name "*.conf") conf_files="$(find minion.d/ -type f -name "*.conf")"
$(find salt/ -maxdepth 2 -type f -name '*.sls')" sls_files="$(find salt/ -maxdepth 2 -type f -name '*.sls')"
files="${conf_files}\n${sls_files}"
;; ;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac esac
## 201 - Fix trailing whitespace: ## 201 - Fix trailing whitespace:

27
scripts/salt-lint.sh
View File

@ -8,7 +8,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh salt-lint ./scripts/requires-program.sh salt-lint
find_tool="$(./scripts/best-program.sh fd fdfind find)" find_tool="$(./scripts/best-program.sh fd fdfind find)"
@ -18,28 +20,31 @@ test -f "${possible_conf}" && conf="-c ${possible_conf}"
if test -n "${1-}"; then if test -n "${1-}"; then
files="" files=""
for f in "$@"; do for f in "${@}"; do
test -f "$f" || continue test -f "${f}" || continue
extension="${f##*.}" extension="${f##*.}"
case "$extension" in case "${extension}" in
top|sls) files="$files $f";; top|sls) files="${files} ${f}";;
*) continue;; *) continue;;
esac esac
done done
test -n "$files" || exit 0 test -n "${files}" || exit 0
exec salt-lint ${conf} ${files} exec salt-lint ${conf} ${files}
fi fi
case "${find_tool}" in case "${find_tool}" in
fd|fdfind) fd|fdfind)
files="$(${find_tool} . minion.d/ --e conf) conf_files="$(${find_tool} . minion.d/ -e conf)"
$(${find_tool} . salt/ -d 2 -t f -e sls -e top | sort -d)" sls_files="$(${find_tool} . salt/ -d 2 -t f -e sls -e top | sort -d)"
files="${conf_files}\n${sls_files}"
;; ;;
find) find)
files="$(find minion.d/ -type f -name "*.conf") conf_files="$(find minion.d/ -type f -name "*.conf")"
$(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) | sls_files="$(find salt/* -maxdepth 2 -type f \
sort -d)" \( -name '*.sls' -o -name '*.top' \) | sort -d)"
files="${conf_files}\n${sls_files}"
;; ;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac esac
exec salt-lint ${conf} ${files} exec salt-lint ${conf} ${files}

7
scripts/setup.sh
View File

@ -6,8 +6,11 @@
set -eu set -eu
test "$(hostname)" = "dom0" || { echo "Must be run from dom0" >&2; exit 1; } # shellcheck disable=3028
test "$(id -u)" = "0" || exec sudo "${0}" hostname="$(hostname)}"
test "${hostname}" = "dom0" || { echo "Must be run from dom0" >&2; exit 1; }
uid="$(id -u)"
test "${uid}" = "0" || exec sudo "${0}"
group="qusal" group="qusal"
file_roots="/srv/salt/${group}" file_roots="/srv/salt/${group}"

50
scripts/shell-lint.sh
View File

@ -10,7 +10,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh shellcheck file ./scripts/requires-program.sh shellcheck file
exit_code=0 exit_code=0
@ -23,6 +25,7 @@ show_long_lines(){
fi fi
awk -v color="${tty_stderr}" ' awk -v color="${tty_stderr}" '
BEGIN { BEGIN {
exit_code=0
MAGENTA="" MAGENTA=""
GREEN="" GREEN=""
RESET="" RESET=""
@ -33,44 +36,37 @@ show_long_lines(){
} }
} }
{ {
nlines++; if (length($0)>78 && !/^\s*#.*(:\/\/|SPDX-)/) {
if (length > 78 && !/^\s*#.*(:\/\/|SPDX-)/) {
exit_code=1
prefix = MAGENTA FILENAME RESET ":" GREEN FNR RESET prefix = MAGENTA FILENAME RESET ":" GREEN FNR RESET
print prefix ": line too long: " length " > 78" >"/dev/stderr" print prefix ": line too long: " length " > 78" >"/dev/stderr"
if (nlines==NR) { if (exit_code==1) { exit 1; }; } exit_code=1
} }
if (nlines==NR) { if (exit_code==1) { exit 1; }; }
} }
' "${@}" >&2 END {
if (exit_code==1) exit 1
}' "${@}"
} }
if test -n "${1-}"; then if test -n "${1-}"; then
files="" files=""
sh_files="" for f in "${@}"; do
for f in "$@"; do test -f "${f}" || continue
test -f "$f" || continue
case "${f}" in case "${f}" in
*/zsh/*) continue;; */zsh/*) continue;;
*.yml|*.yaml|*.vim|*.sls|*.top|*.toml|*.timer|*.service|*.socket| \ *.yml|*.yaml|*.vim|*.sls|*.top|*.toml|*.timer|*.service|*.socket| \
*.spec|*/config|*.txt|*/version|*.sources|*.asc|*.repo) continue;; *.spec|*/config|*.txt|*/version|*.sources|*.asc|*.repo) continue;;
*/rc.local) sh_files="$sh_files $f"; continue;; *) files="${files} ${f}"
*) files="$files $f"
esac esac
done done
files="$(file $files | awk -F ":" '/ shell script,/{ print $1 }')" files="$(file ${files} | awk -F ":" '/ shell script,/{ print $1 }')"
if test -z "$files" && test -z "$sh_files"; then if test -z "${files}"; then
exit 0 exit 0
fi fi
if test -n "${files}" || test -n "${sh_files}"; then
show_long_lines ${files} ${sh_files} || exit_code=1
fi
if test -n "${files}"; then if test -n "${files}"; then
# shellcheck disable=SC2310
show_long_lines ${files} || exit_code=1
shellcheck ${files} || exit_code=1 shellcheck ${files} || exit_code=1
fi fi
if test -n "${sh_files}"; then
shellcheck -s sh ${sh_files} || exit_code=1
fi
exit "${exit_code}" exit "${exit_code}"
fi fi
@ -79,23 +75,17 @@ case "${find_tool}" in
# shellcheck disable=2016,2215 # shellcheck disable=2016,2215
files="$(${find_tool} . scripts/ salt/ -H -E zsh -t f -X file | files="$(${find_tool} . scripts/ salt/ -H -E zsh -t f -X file |
awk -F ":" '/ shell script,/{ print $1 }')" awk -F ":" '/ shell script,/{ print $1 }')"
## No Shebang
sh_files="$(${find_tool} rc.local salt/ --type=f)"
;; ;;
find) find)
files="$(find scripts/ salt/ -not \( -path "*/zsh" -prune \) -type f \ files="$(find scripts/ salt/ -not \( -path "*/zsh" -prune \) -type f \
-exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')" -exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')"
## No Shebang
sh_files="$(find salt/ -type f -name "rc.local")"
;; ;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac esac
files="$(echo "$files" | sort -u)" files="$(echo "${files}" | sort -u)"
sh_files="$(echo "$sh_files" | sort -u)"
show_long_lines ${files} ${sh_files} || exit_code=1 # shellcheck disable=SC2310
show_long_lines ${files} || exit_code=1
shellcheck ${files} || exit_code=1 shellcheck ${files} || exit_code=1
if test -n "$sh_files"; then
shellcheck -s sh ${sh_files} || exit_code=1
fi
exit "${exit_code}" exit "${exit_code}"

9
scripts/spec-build.sh
View File

@ -59,10 +59,13 @@ build_rpm(){
case "${1-}" in case "${1-}" in
-h|--?help) usage;; -h|--?help) usage;;
*) ;;
esac esac
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh dnf rpmlint rpmbuild rpmsign ./scripts/requires-program.sh dnf rpmlint rpmbuild rpmsign
build_dir="${HOME}/rpmbuild" build_dir="${HOME}/rpmbuild"
@ -79,11 +82,11 @@ spec_gen="./scripts/spec-gen.sh"
spec_get="./scripts/spec-get.sh" spec_get="./scripts/spec-get.sh"
if test -z "${1-}"; then if test -z "${1-}"; then
# shellcheck disable=SC2046 # shellcheck disable=SC2046,SC2312
set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \ set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
| sort -d | tr "\n" " ") | sort -d | tr "\n" " ")
fi fi
counter=0 counter=0
for p in "$@"; do for p in "${@}"; do
build_rpm "${p}" build_rpm "${p}"
done done

18
scripts/spec-gen.sh
View File

@ -81,7 +81,8 @@ gen_spec(){
bug_url="$(get_spec bug_url)" bug_url="$(get_spec bug_url)"
requires="$(get_spec requires)" requires="$(get_spec requires)"
summary="$(get_spec summary)" summary="$(get_spec summary)"
description="$(escape_key text "$(get_spec description)")" description="$(get_spec description)"
description="$(escape_key text "${description}")"
file_roots="$(get_spec file_roots)" file_roots="$(get_spec file_roots)"
changelog="$(get_spec changelog)" changelog="$(get_spec changelog)"
@ -132,7 +133,8 @@ gen_spec(){
diff --color=auto "${intended_target}" "${target}" || true diff --color=auto "${intended_target}" "${target}" || true
fail=1 fail=1
else else
if test -n "$(git diff --name-only "${intended_target}")"; then unstaged_target="$(git diff --name-only "${intended_target}")" || true
if test -n "${unstaged_target}"; then
echo "warn: ${intended_target} is up to date but it is not staged" >&2 echo "warn: ${intended_target} is up to date but it is not staged" >&2
fi fi
fi fi
@ -141,13 +143,15 @@ gen_spec(){
case "${1-}" in case "${1-}" in
-h|--?help) usage; exit 1;; -h|--?help) usage; exit 1;;
*) ;;
esac esac
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
spec_get="./scripts/spec-get.sh" spec_get="./scripts/spec-get.sh"
ignored="$(git ls-files --exclude-standard --others --ignored salt/)" ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
untracked="$(git ls-files --exclude-standard --others salt/)" untracked="$(git ls-files --exclude-standard --others salt/)"
unwanted="$(printf %s"${ignored}\n${untracked}\n" \ unwanted="$(printf %s"${ignored}\n${untracked}\n" \
@ -164,14 +168,14 @@ fi
if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" || if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" ||
test -z "${1-}" test -z "${1-}"
then then
# shellcheck disable=SC2046 # shellcheck disable=SC2046,SC2312
set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \ set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
| sort -d | tr "\n" " ") | sort -d | tr "\n" " ")
fi fi
projects_seen="" projects_seen=""
for p in "$@"; do for p in "${@}"; do
gen_spec "${p}" ${gen_mode} gen_spec "${p}" "${gen_mode}"
done done
if test "${fail}" = "1" && test "${gen_mode}" = "test"; then if test "${fail}" = "1" && test "${gen_mode}" = "test"; then

12
scripts/spec-get.sh
View File

@ -10,10 +10,11 @@ set -eu
usage(){ usage(){
names="$(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \ names="$(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
| sort -d | tr "\n" " ")" | sort -d | tr "\n" " ")"
keys_trimmed="$(echo "${keys}" | tr "\n" " ")"
echo "Usage: ${0##*/} <NAME> <KEY>" echo "Usage: ${0##*/} <NAME> <KEY>"
echo "Example: ${0##*/} qubes-builder description" echo "Example: ${0##*/} qubes-builder description"
echo "Names: ${names}" echo "Names: ${names}"
echo "Keys: $(echo "${keys}" | tr "\n" " ")" echo "Keys: ${keys_trimmed}"
} }
block_max_chars(){ block_max_chars(){
@ -59,12 +60,14 @@ case "${1-}" in
*) key="${1}"; shift;; *) key="${1}"; shift;;
esac esac
if test -z "${key##* }"; then if test -z "${key##* }"; then
echo "Key is empty: ${key}" >&2 echo "Key was not given" >&2
exit 1 exit 1
fi fi
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh reuse ./scripts/requires-program.sh reuse
if test "${key}" = "branch"; then if test "${key}" = "branch"; then
@ -163,7 +166,6 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then
fi fi
case "${key}" in case "${key}" in
"") exit 1;;
branch) echo "${branch}";; branch) echo "${branch}";;
changelog) echo "${changelog}";; changelog) echo "${changelog}";;
description) echo "${description}";; description) echo "${description}";;
@ -183,4 +185,6 @@ case "${key}" in
vendor) echo "${vendor}";; vendor) echo "${vendor}";;
packager) echo "${packager}";; packager) echo "${packager}";;
version) echo "${version}";; version) echo "${version}";;
"") exit 1;;
*) echo "Unsupported key" >&2; exit 1;;
esac esac

14
scripts/spell-lint.sh
View File

@ -8,22 +8,24 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh codespell ./scripts/requires-program.sh codespell
if test -n "${1-}"; then if test -n "${1-}"; then
files="" files=""
for f in "$@"; do for f in "${@}"; do
test -f "$f" || continue test -f "${f}" || continue
case "$f" in case "${f}" in
*LICENSES/*|.git/*|*.asc|rpm_spec/*-*.spec|*.muttrc| \ *LICENSES/*|.git/*|*.asc|rpm_spec/*-*.spec|*.muttrc| \
salt/sys-cacher/files/server/conf/*_mirrors_*|\ salt/sys-cacher/files/server/conf/*_mirrors_*|\
salt/dotfiles/files/vim/.config/vim/after/plugin/update-time.vim) salt/dotfiles/files/vim/.config/vim/after/plugin/update-time.vim)
continue;; continue;;
*) files="$files $f";; *) files="${files} ${f}";;
esac esac
done done
test -n "$files" || exit 0 test -n "${files}" || exit 0
exec codespell --check-filenames --check-hidden ${files} exec codespell --check-filenames --check-hidden ${files}
fi fi

13
scripts/toc-gen.sh
View File

@ -14,6 +14,7 @@ usage(){
case "${1-}" in case "${1-}" in
""|-h|--help) usage;; ""|-h|--help) usage;;
*) ;;
esac esac
## vim-markdown-toc deletes lines if they are folded, can't rely on its native ## vim-markdown-toc deletes lines if they are folded, can't rely on its native
@ -25,13 +26,13 @@ then
fi fi
for f in "$@"; do for f in "${@}"; do
if ! test -f "$f"; then if ! test -f "${f}"; then
echo "Error: Not a regular file: $f" >&2 echo "Error: Not a regular file: ${f}" >&2
exit 1 exit 1
fi fi
if ! grep -q "^## Table of Contents$" "$f"; then if ! grep -q "^## Table of Contents$" "${f}"; then
echo "Could not find table of contents in file: $f, skipping" >&2 echo "Could not find table of contents in file: ${f}, skipping" >&2
continue continue
fi fi
## This is fragile, the table of contents should have at least one block ## This is fragile, the table of contents should have at least one block
@ -39,5 +40,5 @@ for f in "$@"; do
## the rest of the file. ## the rest of the file.
vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' \ vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' \
-c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}" -c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}"
echo "Updated TOC in file: $f" echo "Updated TOC in file: ${f}"
done done

5
scripts/unicode-prohibit.sh
View File

@ -9,7 +9,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
files="" files=""
if test -n "${1-}"; then if test -n "${1-}"; then
@ -30,6 +32,7 @@ if test -n "${unicode_match}"; then
line_file="$(echo "${line}" | cut -d ":" -f1)" line_file="$(echo "${line}" | cut -d ":" -f1)"
case "${line_file}" in case "${line_file}" in
git/*|LICENSES/*|.reuse/dep5|*.asc) continue;; git/*|LICENSES/*|.reuse/dep5|*.asc) continue;;
*) ;;
esac esac
line_number="$(echo "${line}" | cut -d ":" -f2)" line_number="$(echo "${line}" | cut -d ":" -f2)"
line_unicode="$(echo "${line}" | cut -d ":" -f3 | od -A n -vt c)" line_unicode="$(echo "${line}" | cut -d ":" -f3 | od -A n -vt c)"

14
scripts/yaml-lint.sh
View File

@ -8,20 +8,22 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh yamllint ./scripts/requires-program.sh yamllint
if test -n "${1-}"; then if test -n "${1-}"; then
files="" files=""
for f in "$@"; do for f in "${@}"; do
test -f "$f" || continue test -f "${f}" || continue
extension="${f##*.}" extension="${f##*.}"
case "$extension" in case "${extension}" in
yaml|yml) files="$files $f";; yaml|yml) files="${files} ${f}";;
*) continue;; *) continue;;
esac esac
done done
test -n "$files" || exit 0 test -n "${files}" || exit 0
exec yamllint ${files} exec yamllint ${files}
fi fi

8
scripts/yumrepo-gen.sh
View File

@ -7,7 +7,9 @@
set -eu set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1 repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh createrepo_c gpg ./scripts/requires-program.sh createrepo_c gpg
key_id="$(git config --get user.signingKey)" || true key_id="$(git config --get user.signingKey)" || true
@ -15,7 +17,7 @@ build_dir="${HOME}/rpmbuild"
qubes_release="r4.2" qubes_release="r4.2"
repo="current" repo="current"
dist="fc37" dist="fc37"
yum_repo_root="$HOME/rpmrepo" yum_repo_root="${HOME}/rpmrepo"
yum_repo="${yum_repo_root}/${qubes_release}/${repo}/host/${dist}" yum_repo="${yum_repo_root}/${qubes_release}/${repo}/host/${dist}"
mkdir -p "${yum_repo}/rpm" mkdir -p "${yum_repo}/rpm"
@ -27,7 +29,7 @@ if test -d "${yum_repo}/repodata"; then
createrepo_args="--update" createrepo_args="--update"
fi fi
# shellcheck disable=SC2086 # shellcheck disable=SC2086
createrepo_c ${createrepo_args} --checksum sha512 "${yum_repo}" createrepo_c "${createrepo_args}" --checksum sha512 "${yum_repo}"
if test -n "${key_id}"; then if test -n "${key_id}"; then
rm -f -- "${yum_repo}/repodata/repomd.xml.asc" rm -f -- "${yum_repo}/repodata/repomd.xml.asc"