Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: enable all optional shellcheck validations

Browse Source 
Make shell a little bit safer with:

- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase

Although there are some stylistic decisions for uniformity:

- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
This commit is contained in:
Ben Grande 2024-07-10 14:36:05 +02:00
parent 011a71a36d
commit 224312ed42
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
55 changed files with 343 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/main.yaml vendored
View File

@ -54,7 +54,7 @@ jobs:
run: |
editorconfig-checker
editorconfig-checker salt/dotfiles
- name: Lint commits
- name: Lint commit messages
run: |
if test "${{ github.event_name}}" = "pull_request"
then

14
.pre-commit-config.yaml
View File

@ -4,7 +4,12 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
---
default_install_hook_types:
- pre-commit
repos:
- repo: local
hooks:
@ -99,12 +104,3 @@ repos:
language: python
pass_filenames: false
description: Lint files to comply with the REUSE Specification
- id: commit-lint
name: commit-lint
language: python
entry: gitlint
args: [--staged, --msg-filename]
stages: [commit-msg]
pass_filenames: true
description: Lint Git commits

5
.shellcheckrc Normal file
View File

@ -0,0 +1,5 @@
# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: MIT
enable=all

3
rpm_spec/qusal-browser.spec
View File

@ -115,6 +115,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-dom0.spec
View File

@ -107,6 +107,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - 523bca2
- fix: conform files to editorconfig specification

3
rpm_spec/qusal-dotfiles.spec
View File

@ -118,6 +118,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - 28c298d
- fix: add Python indentation to editorconfig

3
rpm_spec/qusal-fedora-minimal.spec
View File

@ -108,6 +108,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-reader.spec
View File

@ -110,6 +110,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-sys-bitcoin.spec
View File

@ -137,6 +137,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

6
rpm_spec/qusal-sys-cacher.spec
View File

@ -130,6 +130,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f
- doc: spell check
@ -276,6 +279,3 @@ fi
* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 2b6daac
- fix: shellcheck
* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 38d98ec
- fix: nft shebang and table names

3
rpm_spec/qusal-sys-electrs.spec
View File

@ -123,6 +123,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-sys-git.spec
View File

@ -111,6 +111,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-sys-net.spec
View File

@ -114,6 +114,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-sys-ssh-agent.spec
View File

@ -120,6 +120,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f
- doc: spell check

3
rpm_spec/qusal-sys-syncthing.spec
View File

@ -120,6 +120,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files

3
rpm_spec/qusal-sys-wireguard.spec
View File

@ -108,6 +108,9 @@ fi
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Fri Jul 05 2024 Ben Grande <ben.grande.b@gmail.com> - 80482bf
- fix: use systemd-resolved DNS on boot

14
salt/dom0/files/autostart-scripts/kde-activity-changed-notifier
View File

@ -21,19 +21,19 @@ case "${XDG_SESSION_DESKTOP:-}" in
esac
service="org.kde.ActivityManager"
interface="$service.Activities"
interface="${service}.Activities"
path="/ActivityManager/Activities"
signal="CurrentActivityChanged"
dbus-monitor --profile \
"type=signal,path=$path,interface=$interface,member=$signal" | \
"type=signal,path=${path},interface=${interface},member=${signal}" | \
while read -r _ _ _ _ _ path interface member; do
test "$member" = "$signal" || continue
id="$(qdbus "$service" "$path" "$interface.CurrentActivity")"
name="$(qdbus "$service" "$path" "$interface.ActivityName" "$id")"
test "${member}" = "${signal}" || continue
id="$(qdbus "${service}" "${path}" "${interface}.CurrentActivity")"
name="$(qdbus "${service}" "${path}" "${interface}.ActivityName" "${id}")"
if command -v kdialog >/dev/null; then
kdialog --title "Activity: $name" --passivepopup "Switched Activities" 3
kdialog --title "Activity: ${name}" --passivepopup "Switched Activities" 3
elif command -v notify-send >/dev/null; then
notify-send -u normal -t 3000 "Activity: $name" "Switched activities"
notify-send -u normal -t 3000 "Activity: ${name}" "Switched activities"
fi
done

41
salt/dom0/files/bin/qubes-kde-win-rules
View File

@ -8,7 +8,7 @@
# shellcheck disable=SC1090,SC2317
set -eu
file="${XDG_CONFIG_HOME:=$HOME/.config}/kwinrulesrc"
file="${XDG_CONFIG_HOME:=${HOME}/.config}/kwinrulesrc"
usage(){
echo "Usage: ${0##*/} <group> <activity>
@ -25,10 +25,10 @@ writeconf(){
key="$2"
value="$3"
group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 |
group_id="$(grep -B1 -- "^Description=${group}$" "${file}" | head -1 |
tr -d "[" | tr -d "]")"
if test -z "${group_id}"; then
highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" |
highest_id="$(grep -- "\[[0-9]\+\]" "${file}" | tr -d "[" | tr -d "]" |
sort | tail -1)"
if test -n "${highest_id}"; then
group_id="$((highest_id+1))"
@ -37,38 +37,41 @@ writeconf(){
fi
fi
kwriteconfig --file "$file" --group "$group_id" --key "$key" "$value"
kwriteconfig --file "${file}" --group "${group_id}" --key "${key}" \
"${value}"
}
writeconf_group(){
chosen_group="$1"
chosen_activity="$2"
writeconf "$chosen_group" Description "$chosen_group"
if test -n "$chosen_activity"; then
writeconf "${chosen_group}" Description "${chosen_group}"
if test -n "${chosen_activity}"; then
chosen_activity_id="$(kactivities-cli --list-activities |
awk -v activity="$chosen_activity" '$3 ~ activity {print $2}')"
if test -z "$chosen_activity_id"; then
printf '%s\n' "Invalid activity name: $chosen_activity"
awk -v activity="${chosen_activity}" '$3 ~ activity {print $2}')"
if test -z "${chosen_activity_id}"; then
printf '%s\n' "Invalid activity name: ${chosen_activity}"
exit 1
fi
writeconf "$chosen_group" activity "$chosen_activity_id"
writeconf "$chosen_group" activityrule 2
writeconf "${chosen_group}" activity "${chosen_activity_id}"
writeconf "${chosen_group}" activityrule 2
fi
## Regex: https://doc.qt.io/qt-6/qregularexpression.html
writeconf "$chosen_group" title \
"^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*"
writeconf "$chosen_group" titlematch 3
writeconf "$chosen_group" wmclass "$chosen_group"
writeconf "$chosen_group" wmclasscomplete false
writeconf "$chosen_group" wmclassmatch 2
writeconf "${chosen_group}" title \
"^\\[(disp-|dvm-)?${chosen_group}(-\\S+)?\\] .*"
writeconf "${chosen_group}" titlematch 3
writeconf "${chosen_group}" wmclass "${chosen_group}"
writeconf "${chosen_group}" wmclasscomplete false
writeconf "${chosen_group}" wmclassmatch 2
}
case "${1-}" in
""|-h|--?help) usage
""|-h|--?help) usage;;
*) ;;
esac
case "${2-}" in
"") usage
"") usage;;
*) ;;
esac
writeconf_group "${1}" "${2}"

1
salt/dom0/files/bin/qvm-mgmt
View File

@ -59,6 +59,7 @@ case "${class}" in
StandaloneVM|TemplateVM)
get_qube_feat "${wanted_qube}"
;;
*) echo "Unsupported qube class" >&2; exit 1;;
esac
wanted_mgmt="$(qvm-prefs "${wanted_qube}" management_dispvm)"
echo "${wanted_qube} management_dispvm: ${wanted_mgmt}"

3
salt/dom0/files/bin/qvm-pci-regain
View File

@ -34,7 +34,8 @@ case "${2-}" in
*) device="${2}"
esac
test "$(id -u)" = "0" || exec sudo "${0}"
uid="$(id -u)"
test "${uid}" = "0" || exec sudo "${0}"
echo "${device}" | tee /sys/bus/pci/drivers/pciback/unbind
modalias="$(cat "/sys/bus/pci/devices/${device}/modalias")"

11
salt/dom0/files/bin/qvm-port-forward
View File

@ -32,6 +32,7 @@ validate_handle(){
echo "error: ${qube}: invalid handle" >&2
exit 1
;;
*) ;;
esac
}
@ -43,6 +44,7 @@ validate_ipv4(){
echo "error: ${qube}: invalid IPv4 address" >&2
exit 1
;;
*) ;;
esac
}
@ -54,6 +56,7 @@ validate_ipv6(){
echo "error: ${qube}: invalid IPv6 address" >&2
exit 1
;;
*) ;;
esac
}
@ -65,6 +68,7 @@ validate_dev(){
echo "error: ${qube}: invalid device name" >&2
exit 1
;;
*) ;;
esac
}
@ -150,7 +154,8 @@ add rule ip qubes ${forward_chain} ${forward_rule}'"
run_qube "${from_qube}" "${full_rule}"
if test "${persistent}" = "1"; then
if test "$(qvm-prefs --get -- "${from_qube}" klass)" = "DispVM"; then
class="$(qvm-prefs --get -- "${from_qube}" klass)"
if test "${class}" = "DispVM"; then
from_qube="$(qvm-prefs --get -- "${from_qube}" template)"
fi
@ -258,6 +263,7 @@ get_lan(){
test_qvm_run(){
qube="${1}"
# shellcheck disable=SC2310
if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then
echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2
exit 1
@ -272,12 +278,14 @@ recurse_netvms() {
case "${cmd}" in
show-upstream) test_qvm_run "${rec_qube}";;
apply-rules) forward "${rec_netvm}" "${rec_qube}";;
*) echo "Unsupported command passed to recurse_netvms()" >&2; exit 1;;
esac
recurse_netvms "${cmd}" "${rec_netvm}"
fi
case "${cmd}" in
show-upstream) get_lan "${rec_qube}";;
apply-rules) ;;
*) echo "Unsupported command passed to recurse_netvms()" >&2; exit 1;;
esac
}
@ -358,6 +366,7 @@ while test "${#}" -gt "0"; do
-n|--proto) proto="${2}"; shift;;
-s|--persistent) persistent=1; shift;;
-h|--help) usage;;
*) echo "Unsupported option" >&2; exit 1;;
esac
shift
done

15
salt/dom0/files/bin/qvm-screenshot
View File

@ -20,26 +20,31 @@ take_screenshot() {
case "${screenshot_type}" in
window) spectacle -a -o "${screenshot_file}";;
fullscreen) spectacle -f -o "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac
;;
xfce4-screenshooter)
case "${screenshot_type}" in
window) xfce4-screenshooter -w -s "${screenshot_file}";;
fullscreen) xfce4-screenshooter -f -s "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac
;;
scrot)
case "${screenshot_type}" in
window) scrot -s -b "${screenshot_file}";;
fullscreen) scrot -b "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac
;;
maim)
case "${screenshot_type}" in
window) maim -s -o -u "${screenshot_file}";;
fullscreen) maim -o -u "${screenshot_file}";;
*) echo "Unsupported screenshot type" >&2; exit 1;;
esac
;;
*) echo "Unsupported screenshot tool" >&2; exit 1;;
esac
}
@ -157,6 +162,7 @@ if test -n "${screenshot_cmd_wanted}"; then
case "${dialog_cmd}" in
zenity) zenity --info --text "${msg}";;
kdialog) kdialog --msgbox "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
exit 1
fi
@ -186,6 +192,7 @@ else
case "${dialog_cmd}" in
zenity) zenity --info --text "${msg}";;
kdialog) kdialog --msgbox "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
exit 1
fi
@ -210,6 +217,7 @@ if test -z "${screenshot_type_text}"; then
"Fullscreen" "Fullscreen" off \
)"
;;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
fi
@ -225,6 +233,7 @@ if ! test -f "${screenshot_file}"; then
case "${dialog_cmd}" in
zenity) zenity --warning --text "${msg}";;
kdialog) kdialog --sorry "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
exit 1
fi
@ -250,6 +259,7 @@ if test "${screenshot_action_supplied}" != "1"; then
"Move file" "Move file" off
)"
;;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
if test -z "${screenshot_action_text}"; then
@ -293,6 +303,7 @@ if test -z "${qube}"; then
# shellcheck disable=SC2086
qube="$(kdialog --radiolist "${dialog_title}" ${qube_list})"
;;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
if test -z "${qube}"; then
msg="qube was not selected"
@ -300,6 +311,7 @@ if test -z "${qube}"; then
case "${dialog_cmd}" in
zenity) zenity --error --text "${msg}";;
kdialog) kdialog --error "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
exit 1
fi
@ -311,6 +323,7 @@ if ! qvm-check -- "${qube}" >/dev/null 2>&1; then
case "${dialog_cmd}" in
zenity) zenity --error --text "${msg}";;
kdialog) kdialog --error "${msg}";;
*) echo "Unsupported dialog command" >&2; exit 1;;
esac
exit 1
fi
@ -319,7 +332,7 @@ qvm-run "${qube}" -- "mkdir -p \"${qube_pictures_dir}\""
qvm-run --pass-io "${qube}" -- "cat > \"${qube_screenshot_file}\"" \
< "${screenshot_file}"
if test ${file_move} = "1"; then
if test "${file_move}" = "1"; then
rm -f "${screenshot_file}"
fi

2
salt/dotfiles

@ -1 +1 @@
Subproject commit 024e9c469de634181ec77eb52420f25339f4f01e
Subproject commit 69c14a2429aeb80b7bc01c9b875d7114450e4e72

9
salt/mirage-builder/files/client/profile/opam.sh
View File

@ -5,8 +5,9 @@
## SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck disable=SC1091
if test -n "${ZSH_VERSION-}" && test -r "$HOME/.opam/opam-init/init.zsh"; then
. "$HOME/.opam/opam-init/init.zsh" >/dev/null 2>&1
elif test -r "$HOME/.opam/opam-init/init.sh"; then
. "$HOME/.opam/opam-init/init.sh" >/dev/null 2>&1
if test -n "${ZSH_VERSION-}" && test -r "${HOME}/.opam/opam-init/init.zsh"
then
. "${HOME}/.opam/opam-init/init.zsh" >/dev/null 2>&1
elif test -r "${HOME}/.opam/opam-init/init.sh"; then
. "${HOME}/.opam/opam-init/init.sh" >/dev/null 2>&1
fi

2
salt/qubes-builder/files/client/bin/gpg-qubes-builder
View File

@ -3,4 +3,4 @@
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -eu
env GNUPGHOME="$HOME/.gnupg/qubes-builder" gpg2 "$@"
env GNUPGHOME="${HOME}/.gnupg/qubes-builder" gpg2 "${@}"

6
salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper
View File

@ -20,6 +20,7 @@ has(){
check_installed(){
missing_programs=0
for prog in "${@}"; do
# shellcheck disable=SC2310
if ! has "${prog}"; then
echo "Missing program: ${prog}" >&2
missing_programs=1
@ -43,6 +44,7 @@ validate_dir(){
getblock(){
check_installed bitcoin-cli xxd
# shellcheck disable=SC2312
bitcoin-cli getblock "${block_hash}" 0 \
| tail -c+92167 \
| for ((o=0;o<946;++o)); do \
@ -57,6 +59,7 @@ getblock(){
getrawtransaction(){
check_installed bitcoin-cli xxd
# shellcheck disable=SC2312
bitcoin-cli getrawtransaction "${txid}" 0 "${block_hash}" \
| sed 's/0100000000000000/\n/g' \
| tail -n +2 \
@ -69,6 +72,7 @@ getrawtransaction(){
gettxout(){
check_installed bitcoin-cli jq xxd seq
# shellcheck disable=SC2312
seq 0 947 \
| (while read -r n; do bitcoin-cli gettxout "${txid}" "${n}" \
| jq -r '.scriptPubKey.asm' \
@ -82,7 +86,7 @@ gettxout(){
usage(){
echo "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]"
echo "Note: gettxout works with pruned node"
echo "Note: DIR defaults to \$HOME"
echo "Note: DIR defaults to \${HOME}"
exit 1
}

1
salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet
View File

@ -11,6 +11,7 @@ set -eu
bitcoin_conf="/home/user/.bitcoin/conf.d/rpcauth.conf"
bitcoin_pass="/home/user/.bitcoin/rpcclient.pass"
# shellcheck disable=SC2154
user="${QREXEC_REMOTE_DOMAIN}"
if ! systemctl is-active bitcoind >/dev/null 2>&1; then

16
salt/sys-cacher/files/client/bin/apt-cacher-ng-repo
View File

@ -14,9 +14,9 @@
## beneficial as 'find' fails if file is not existent and sending all 'find'
## output to /dev/stderr is not great.
##
## Assigning the repositories files to '$@' avoids having to parse their names
## in case they contain spaces, newlines and other dangerous characters to the
## shell, it is also an easy way to use an array for /bin/sh.
## Assigning the repositories files to '${@}' avoids having to parse their
## names in case they contain spaces, newlines and other dangerous characters
## to the shell, it is also an easy way to use an array for /bin/sh.
set -eu
@ -183,6 +183,7 @@ EOF
-e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \
{} \+ 2>/dev/null || true
;;
*) echo "Unsupported action" >&2; exit 1
esac
elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then
@ -235,6 +236,7 @@ EOF
-e "${list_expr}" -e "${sources_expr}" \
{} \+
;;
*) echo "Unsupported action" >&2; exit 1
esac
elif test -e /etc/arch-release; then
@ -246,11 +248,11 @@ EOF
fi
cat >/run/qubes/bin/pacman <<EOF
#!/bin/sh
exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\$@"
exec env ALL_PROXY="${proxy_url}" /usr/bin/pacman "\${@}"
EOF
chmod +x /run/qubes/bin/pacman
cat >/etc/profile.d/qubes-proxy.sh << EOF
export PATH=/run/qubes/bin:\$PATH
export PATH=/run/qubes/bin:\${PATH}
EOF
else
rm -f /run/qubes/bin/pacman /etc/profile.d/qubes-proxy.sh
@ -287,6 +289,7 @@ EOF
-e "${repo_regex}" \
{} \+
;;
*) echo "Unsupported action" >&2; exit 1
esac
else
@ -325,7 +328,8 @@ case "${1-}" in
*) usage;;
esac
if test "$(id -u)" != "0"; then
uid="$(id -u)"
if test "${uid}" != "0"; then
echo "Error: Permission denied, action requires root privileges."
exit 1
fi

7
salt/sys-git/files/client/git-core/git-init-qrexec
View File

@ -8,6 +8,7 @@ set -eu
case "${GIT_TRACE_HELPER:-}" in
true|1) set -x;;
*) ;;
esac
usage(){
@ -32,7 +33,11 @@ case "${1-}" in
*) authority="${1}";;
esac
case "${2-}" in
"") is_git_repo; repo="$(basename "$(git rev-parse --show-toplevel)")";;
"")
is_git_repo
repo="$(git rev-parse --show-toplevel)"
repo="$(basename "${repo}")"
;;
*) repo="${2}";;
esac

5
salt/sys-git/files/client/git-core/git-remote-qrexec
View File

@ -25,7 +25,8 @@ die(){
log(){
case "${GIT_TRACE_REMOTE_HELPER:-}" in
true|1) echo "${@}" >&2
true|1) echo "${@}" >&2;;
*) ;;
esac
}
@ -164,7 +165,7 @@ capabilities="$(find_capabilities)"
## Communicate with the git-remote-helpers protocol.
while read -r cmd arg; do
log "<- $cmd $arg"
log "<- ${cmd} ${arg}"
case "${cmd}" in
capabilities)
for c in ${capabilities}; do log "-> ${c}"; done; log "->"

3
salt/sys-git/files/client/git-core/git-remote-qrexec-connect
View File

@ -19,7 +19,8 @@ die(){
log(){
case "${GIT_TRACE_REMOTE_HELPER:-}" in
true|1) echo "${@}" >&2
true|1) echo "${@}" >&2;;
*) ;;
esac
}

3
salt/sys-git/files/server/rpc/qusal.GitInit
View File

@ -16,6 +16,7 @@ if ! command -v git >/dev/null; then
fi
## TODO: subdirectory? dir+repo
# shellcheck disable=SC2154
untrusted_repo="${QREXEC_SERVICE_ARGUMENT}"
if test -z "${untrusted_repo}"; then
@ -35,7 +36,7 @@ if test "${#untrusted_repo}" -gt 128; then
die "Repository name is too long: ${#untrusted_repo}"
fi
base_path="$HOME/src"
base_path="${HOME}/src"
repo="${untrusted_repo}"
case "${repo}" in

4
salt/sys-net/files/admin/bin/qusal-report-updatevm-origin
View File

@ -13,8 +13,10 @@ case "${updatevm_class}" in
StandaloneVM) proxy_target="${updatevm}";;
AppVM) proxy_target="$(qvm-prefs "${updatevm}" template)";;
DispVM)
proxy_target="$(qvm-prefs "$(qvm-prefs "${updatevm}" template)" template)"
proxy_target="$(qvm-prefs "${updatevm}" template)"
proxy_target="$(qvm-prefs "${proxy_target}" template)"
;;
*) echo "Unsupported qube class" >&2; exit 1;;
esac
if test -n "${proxy_target}"; then
echo "${proxy_target}"

1
salt/sys-net/files/server/rpc/qusal.ConnectTCP
View File

@ -17,6 +17,7 @@
set -eu
# shellcheck disable=SC2154
arg="${QREXEC_SERVICE_ARGUMENT}"
host="${arg%%+*}"
port="${arg##*+}"

4
salt/sys-pihole/files/admin/prefs.sh
View File

@ -13,9 +13,9 @@ for qube in $(qvm-ls --raw-data --fields=NAME,NETVM |
do
## Avoid overwriting netvm to sys-pihole when instead it should use the
## default_netvm, so better to prevent overwriting user choices.
qvm-prefs "$qube" | grep -q "^netvm[[:space:]]\+D" && continue
qvm-prefs "${qube}" | grep -q "^netvm[[:space:]]\+D" && continue
## Set netvm for qubes that were using (disp-)sys-firewall to sys-pihole.
qvm-prefs "$qube" netvm sys-pihole
qvm-prefs "${qube}" netvm sys-pihole
done
exit 0

38
salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent
View File

@ -21,24 +21,24 @@ Example:
}
ls_agent(){
socket="/tmp/${service}/$agent.sock"
test -S "$socket" || return 1
agent="$(echo "$socket" | sed "s|.*${service}/||;s/\.sock//")"
echo "Agent: ($agent) $socket"
SSH_AUTH_SOCK="$socket" ssh-add -l || true
socket="/tmp/${service}/${agent}.sock"
test -S "${socket}" || return 1
agent="$(echo "${socket}" | sed "s|.*${service}/||;s/\.sock//")"
echo "Agent: (${agent}) ${socket}"
SSH_AUTH_SOCK="${socket}" ssh-add -l || true
}
add_agent(){
# shellcheck disable=SC2174
mkdir -m 0700 -p "/tmp/${service}"
dir="$HOME/.ssh/identities.d/${agent}"
if ! test -d "$dir"; then
echo "Directory not found: $dir" >&2
dir="${HOME}/.ssh/identities.d/${agent}"
if ! test -d "${dir}"; then
echo "Directory not found: ${dir}" >&2
return 1
fi
dir="${dir##*/}"
socket="/tmp/${service}/${dir}.sock"
if ! test -S "$socket"; then
if ! test -S "${socket}"; then
reload_agent=1
ssh-agent -a "/tmp/${service}/${agent}.sock"
fi
@ -46,20 +46,20 @@ add_agent(){
return
fi
keys="$(grep -sl -- "-----BEGIN OPENSSH PRIVATE KEY-----" \
"$HOME/.ssh/identities.d/$dir"/* || true)"
if test -z "$keys"; then
echo "Directory has no key: $dir" >&2
"${HOME}/.ssh/identities.d/${dir}"/* || true)"
if test -z "${keys}"; then
echo "Directory has no key: ${dir}" >&2
return 1
fi
SSH_AUTH_SOCK="$socket" ssh-add -D 2>/dev/null || true
for k in $(printf '%s\n' "$keys"); do
test -f "$k" || continue
SSH_AUTH_SOCK="${socket}" ssh-add -D 2>/dev/null || true
for k in $(printf '%s\n' "${keys}"); do
test -f "${k}" || continue
ssh_add_option=""
if test -f "$k.ssh-add-option"; then
ssh_add_option="$(cat "$k.ssh-add-option")"
if test -f "${k}.ssh-add-option"; then
ssh_add_option="$(cat "${k}.ssh-add-option")"
fi
# shellcheck disable=SC2086
SSH_AUTH_SOCK="$socket" ssh-add $ssh_add_option "$k"
SSH_AUTH_SOCK="${socket}" ssh-add ${ssh_add_option} "${k}"
done
}
@ -68,7 +68,7 @@ action="${1-}"
agent="${2-}"
reload_agent=""
case "$action" in
case "${action}" in
ls) ls_agent;;
add) add_agent;;
reload) reload_agent="1"; add_agent;;

3
salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent
View File

@ -11,7 +11,8 @@ die(){
exit 1
}
untrusted_agent="$QREXEC_SERVICE_ARGUMENT"
# shellcheck disable=SC2154
untrusted_agent="${QREXEC_SERVICE_ARGUMENT}"
if test -z "${untrusted_agent}"; then
die "Agent name is empty"

59
salt/sys-wireguard/files/admin/bin/qvm-wireguard
View File

@ -7,7 +7,8 @@
set -eu
test "$(id -u)" = "0" || exec sudo "$0" "$@"
uid="$(id -u)"
test "${uid}" = "0" || exec sudo "$0" "${@}"
usage(){
echo "Usage: ${0##*/} [QUBE]"
@ -21,34 +22,34 @@ case "${1-}" in
*) qube="${1}";;
esac
if ! qvm-check -q -- "$qube" >/dev/null 2>&1; then
echo "Qube '$qube' doesn't exist" >&2
if ! qvm-check -q -- "${qube}" >/dev/null 2>&1; then
echo "Qube '${qube}' doesn't exist" >&2
usage 1
fi
user_conf="/home/user/wireguard.conf"
system_conf="/etc/wireguard/wireguard.conf"
qvm-run "$qube" -- "test -f ${user_conf}" || {
qvm-run "${qube}" -- "test -f ${user_conf}" || {
echo "File '${user_conf}' was not found" >&2
if qvm-check -q --running -- "$qube" >/dev/null 2>&1; then
qvm-pause --verbose -- "$qube"
if qvm-check -q --running -- "${qube}" >/dev/null 2>&1; then
qvm-pause --verbose -- "${qube}"
fi
echo "Firewalling $qube to drop all connections"
qvm-firewall --verbose -- "$qube" reset
qvm-firewall --verbose -- "$qube" del --rule-no 0
qvm-firewall --verbose -- "$qube" add drop
if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then
qvm-unpause --verbose -- "$qube"
echo "Firewalling ${qube} to drop all connections"
qvm-firewall --verbose -- "${qube}" reset
qvm-firewall --verbose -- "${qube}" del --rule-no 0
qvm-firewall --verbose -- "${qube}" add drop
if qvm-check -q --paused -- "${qube}" >/dev/null 2>&1; then
qvm-unpause --verbose -- "${qube}"
fi
exit 1
}
qvm-run -u root "$qube" -- "cp ${user_conf} ${system_conf}"
qvm-run -u root "${qube}" -- "cp ${user_conf} ${system_conf}"
## TOFU
# shellcheck disable=SC2016
endpoint="$(qvm-run -p -u root "$qube" -- awk '/Endpoint/{print $3}' \
endpoint="$(qvm-run -p -u root "${qube}" -- awk '/Endpoint/{print $3}' \
"${system_conf}")"
if echo "${endpoint}" | grep -qF "["; then
ip="${ip##[\[]}"
@ -59,27 +60,27 @@ else
port="${endpoint##*:}"
fi
if test -z "$ip" || test -z "$port";then
if test -z "${ip}" || test -z "${port}";then
echo "Endpoint (IP:Port) not found: ${system_conf}" >&2
exit 1
fi
if qvm-check -q --running -- "$qube" >/dev/null 2>&1; then
qvm-pause --verbose -- "$qube"
if qvm-check -q --running -- "${qube}" >/dev/null 2>&1; then
qvm-pause --verbose -- "${qube}"
fi
echo "Firewalling $qube to reach only '$ip:$port'"
qvm-firewall --verbose -- "$qube" reset
qvm-firewall --verbose -- "$qube" del --rule-no 0
qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \
proto=udp
qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \
proto=tcp
qvm-firewall --verbose -- "$qube" add drop
echo "Firewalling ${qube} to reach only '${ip}:${port}'"
qvm-firewall --verbose -- "${qube}" reset
qvm-firewall --verbose -- "${qube}" del --rule-no 0
qvm-firewall --verbose -- "${qube}" add accept dsthost="${ip}" \
dstports="${port}" proto=udp
qvm-firewall --verbose -- "${qube}" add accept dsthost="${ip}" \
dstports="${port}" proto=tcp
qvm-firewall --verbose -- "${qube}" add drop
if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then
qvm-unpause --verbose -- "$qube"
if qvm-check -q --paused -- "${qube}" >/dev/null 2>&1; then
qvm-unpause --verbose -- "${qube}"
fi
qvm-run -u root "$qube" -- "systemctl restart wg-quick@wireguard"
qvm-run -u root "$qube" -- "/rw/config/network-hooks.d/50-sys-wireguard"
qvm-run -u root "${qube}" -- "systemctl restart wg-quick@wireguard"
qvm-run -u root "${qube}" -- "/rw/config/network-hooks.d/50-sys-wireguard"

4
scripts/best-program.sh
View File

@ -8,7 +8,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
for tool in "${@}"; do
if ./scripts/requires-program.sh "${tool}" >/dev/null 2>&1; then

22
scripts/markdown-lint.sh
View File

@ -8,7 +8,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh mdl
extra_files_rules="~MD002,~MD012,~MD022,~MD032,~MD041"
@ -17,24 +19,25 @@ find_tool="$(./scripts/best-program.sh fd fdfind find)"
if test -n "${1-}"; then
files=""
extra_files=""
for f in "$@"; do
test -f "$f" || continue
for f in "${@}"; do
test -f "${f}" || continue
extension="${f##*.}"
case "$extension" in
case "${extension}" in
md)
case "${f}" in
.github/*) extra_files="$extra_files $f"; continue;;
.github/*) extra_files="${extra_files} ${f}"; continue;;
*) ;;
esac
files="$files $f";;
files="${files} ${f}";;
*)
continue
;;
esac
done
if test -n "${extra_files}"; then
mdl --rules ${extra_files_rules} ${extra_files}
mdl --rules "${extra_files_rules}" ${extra_files}
fi
test -n "$files" || exit 0
test -n "${files}" || exit 0
exec mdl ${files}
fi
@ -47,9 +50,10 @@ case "${find_tool}" in
files="$(find . -not -path './.github/*' -type f -name "*.md")"
extra_files="$(find .github -type f -name "*.md")"
;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
if test -n "${extra_files}"; then
mdl --rules ${extra_files_rules} ${extra_files}
mdl --rules "${extra_files_rules}" ${extra_files}
fi
exec mdl ${files}

15
scripts/python-lint.sh
View File

@ -8,29 +8,32 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh pylint
find_tool="$(./scripts/best-program.sh fd fdfind find)"
if test -n "${1-}"; then
files=""
for f in "$@"; do
test -f "$f" || continue
for f in "${@}"; do
test -f "${f}" || continue
extension="${f##*.}"
case "$extension" in
py) files="$files $f";;
case "${extension}" in
py) files="${files} ${f}";;
*) continue
;;
esac
done
test -n "$files" || exit 0
test -n "${files}" || exit 0
exec pylint ${files}
fi
case "${find_tool}" in
fd|fdfind) files="$(${find_tool} . -H -t f -e py)";;
find) files="$(find . -type f -name "*.py")";;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
exec pylint ${files}

6
scripts/qubesbuilder-gen.sh
View File

@ -7,7 +7,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
template=".qubesbuilder.template"
target=".qubesbuilder"
@ -16,7 +18,7 @@ if test "${1-}" = "test"; then
tmpdir="$(mktemp -d)"
target="${tmpdir}/.qubesbuilder"
# shellcheck disable=SC2154
trap 'ec="$?"; rm -rf -- "${tmpdir}"; exit "$ec"' EXIT INT HUP QUIT ABRT
trap 'ec="$?"; rm -rf -- "${tmpdir}"; exit "${ec}"' EXIT INT HUP QUIT ABRT
fi
ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
untracked="$(git ls-files --exclude-standard --others salt/)"

4
scripts/release.sh
View File

@ -7,7 +7,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/qubesbuilder-gen.sh
./scripts/spec-build.sh

15
scripts/salt-fix.sh
View File

@ -13,19 +13,24 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
find_tool="$(./scripts/best-program.sh fd fdfind find)"
case "${find_tool}" in
fd|fdfind)
files="$(${find_tool} . minion.d/ --extension=conf)
$(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls)"
conf_files="$(${find_tool} . minion.d/ -e conf)"
sls_files="$(${find_tool} . salt/ -d 2 -t f -e sls)"
files="${conf_files}\n${sls_files}"
;;
find)
files="$(find minion.d/ -type f -name "*.conf")
$(find salt/ -maxdepth 2 -type f -name '*.sls')"
conf_files="$(find minion.d/ -type f -name "*.conf")"
sls_files="$(find salt/ -maxdepth 2 -type f -name '*.sls')"
files="${conf_files}\n${sls_files}"
;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
## 201 - Fix trailing whitespace:

27
scripts/salt-lint.sh
View File

@ -8,7 +8,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh salt-lint
find_tool="$(./scripts/best-program.sh fd fdfind find)"
@ -18,28 +20,31 @@ test -f "${possible_conf}" && conf="-c ${possible_conf}"
if test -n "${1-}"; then
files=""
for f in "$@"; do
test -f "$f" || continue
for f in "${@}"; do
test -f "${f}" || continue
extension="${f##*.}"
case "$extension" in
top|sls) files="$files $f";;
case "${extension}" in
top|sls) files="${files} ${f}";;
*) continue;;
esac
done
test -n "$files" || exit 0
test -n "${files}" || exit 0
exec salt-lint ${conf} ${files}
fi
case "${find_tool}" in
fd|fdfind)
files="$(${find_tool} . minion.d/ --e conf)
$(${find_tool} . salt/ -d 2 -t f -e sls -e top | sort -d)"
conf_files="$(${find_tool} . minion.d/ -e conf)"
sls_files="$(${find_tool} . salt/ -d 2 -t f -e sls -e top | sort -d)"
files="${conf_files}\n${sls_files}"
;;
find)
files="$(find minion.d/ -type f -name "*.conf")
$(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) |
sort -d)"
conf_files="$(find minion.d/ -type f -name "*.conf")"
sls_files="$(find salt/* -maxdepth 2 -type f \
\( -name '*.sls' -o -name '*.top' \) | sort -d)"
files="${conf_files}\n${sls_files}"
;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
exec salt-lint ${conf} ${files}

7
scripts/setup.sh
View File

@ -6,8 +6,11 @@
set -eu
test "$(hostname)" = "dom0" || { echo "Must be run from dom0" >&2; exit 1; }
test "$(id -u)" = "0" || exec sudo "${0}"
# shellcheck disable=3028
hostname="$(hostname)}"
test "${hostname}" = "dom0" || { echo "Must be run from dom0" >&2; exit 1; }
uid="$(id -u)"
test "${uid}" = "0" || exec sudo "${0}"
group="qusal"
file_roots="/srv/salt/${group}"

50
scripts/shell-lint.sh
View File

@ -10,7 +10,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh shellcheck file
exit_code=0
@ -23,6 +25,7 @@ show_long_lines(){
fi
awk -v color="${tty_stderr}" '
BEGIN {
exit_code=0
MAGENTA=""
GREEN=""
RESET=""
@ -33,44 +36,37 @@ show_long_lines(){
}
}
{
nlines++;
if (length > 78 && !/^\s*#.*(:\/\/|SPDX-)/) {
exit_code=1
if (length($0)>78 && !/^\s*#.*(:\/\/|SPDX-)/) {
prefix = MAGENTA FILENAME RESET ":" GREEN FNR RESET
print prefix ": line too long: " length " > 78" >"/dev/stderr"
if (nlines==NR) { if (exit_code==1) { exit 1; }; }
exit_code=1
}
if (nlines==NR) { if (exit_code==1) { exit 1; }; }
}
' "${@}" >&2
END {
if (exit_code==1) exit 1
}' "${@}"
}
if test -n "${1-}"; then
files=""
sh_files=""
for f in "$@"; do
test -f "$f" || continue
for f in "${@}"; do
test -f "${f}" || continue
case "${f}" in
*/zsh/*) continue;;
*.yml|*.yaml|*.vim|*.sls|*.top|*.toml|*.timer|*.service|*.socket| \
*.spec|*/config|*.txt|*/version|*.sources|*.asc|*.repo) continue;;
*/rc.local) sh_files="$sh_files $f"; continue;;
*) files="$files $f"
*) files="${files} ${f}"
esac
done
files="$(file $files | awk -F ":" '/ shell script,/{ print $1 }')"
if test -z "$files" && test -z "$sh_files"; then
files="$(file ${files} | awk -F ":" '/ shell script,/{ print $1 }')"
if test -z "${files}"; then
exit 0
fi
if test -n "${files}" || test -n "${sh_files}"; then
show_long_lines ${files} ${sh_files} || exit_code=1
fi
if test -n "${files}"; then
# shellcheck disable=SC2310
show_long_lines ${files} || exit_code=1
shellcheck ${files} || exit_code=1
fi
if test -n "${sh_files}"; then
shellcheck -s sh ${sh_files} || exit_code=1
fi
exit "${exit_code}"
fi
@ -79,23 +75,17 @@ case "${find_tool}" in
# shellcheck disable=2016,2215
files="$(${find_tool} . scripts/ salt/ -H -E zsh -t f -X file |
awk -F ":" '/ shell script,/{ print $1 }')"
## No Shebang
sh_files="$(${find_tool} rc.local salt/ --type=f)"
;;
find)
files="$(find scripts/ salt/ -not \( -path "*/zsh" -prune \) -type f \
-exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')"
## No Shebang
sh_files="$(find salt/ -type f -name "rc.local")"
;;
*) echo "Unsupported find tool" >&2; exit 1;;
esac
files="$(echo "$files" | sort -u)"
sh_files="$(echo "$sh_files" | sort -u)"
files="$(echo "${files}" | sort -u)"
show_long_lines ${files} ${sh_files} || exit_code=1
# shellcheck disable=SC2310
show_long_lines ${files} || exit_code=1
shellcheck ${files} || exit_code=1
if test -n "$sh_files"; then
shellcheck -s sh ${sh_files} || exit_code=1
fi
exit "${exit_code}"

9
scripts/spec-build.sh
View File

@ -59,10 +59,13 @@ build_rpm(){
case "${1-}" in
-h|--?help) usage;;
*) ;;
esac
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh dnf rpmlint rpmbuild rpmsign
build_dir="${HOME}/rpmbuild"
@ -79,11 +82,11 @@ spec_gen="./scripts/spec-gen.sh"
spec_get="./scripts/spec-get.sh"
if test -z "${1-}"; then
# shellcheck disable=SC2046
# shellcheck disable=SC2046,SC2312
set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
| sort -d | tr "\n" " ")
fi
counter=0
for p in "$@"; do
for p in "${@}"; do
build_rpm "${p}"
done

18
scripts/spec-gen.sh
View File

@ -81,7 +81,8 @@ gen_spec(){
bug_url="$(get_spec bug_url)"
requires="$(get_spec requires)"
summary="$(get_spec summary)"
description="$(escape_key text "$(get_spec description)")"
description="$(get_spec description)"
description="$(escape_key text "${description}")"
file_roots="$(get_spec file_roots)"
changelog="$(get_spec changelog)"
@ -132,7 +133,8 @@ gen_spec(){
diff --color=auto "${intended_target}" "${target}" || true
fail=1
else
if test -n "$(git diff --name-only "${intended_target}")"; then
unstaged_target="$(git diff --name-only "${intended_target}")" || true
if test -n "${unstaged_target}"; then
echo "warn: ${intended_target} is up to date but it is not staged" >&2
fi
fi
@ -141,13 +143,15 @@ gen_spec(){
case "${1-}" in
-h|--?help) usage; exit 1;;
*) ;;
esac
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)"
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
spec_get="./scripts/spec-get.sh"
ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
untracked="$(git ls-files --exclude-standard --others salt/)"
unwanted="$(printf %s"${ignored}\n${untracked}\n" \
@ -164,14 +168,14 @@ fi
if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" ||
test -z "${1-}"
then
# shellcheck disable=SC2046
# shellcheck disable=SC2046,SC2312
set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
| sort -d | tr "\n" " ")
fi
projects_seen=""
for p in "$@"; do
gen_spec "${p}" ${gen_mode}
for p in "${@}"; do
gen_spec "${p}" "${gen_mode}"
done
if test "${fail}" = "1" && test "${gen_mode}" = "test"; then

12
scripts/spec-get.sh
View File

@ -10,10 +10,11 @@ set -eu
usage(){
names="$(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
| sort -d | tr "\n" " ")"
keys_trimmed="$(echo "${keys}" | tr "\n" " ")"
echo "Usage: ${0##*/} <NAME> <KEY>"
echo "Example: ${0##*/} qubes-builder description"
echo "Names: ${names}"
echo "Keys: $(echo "${keys}" | tr "\n" " ")"
echo "Keys: ${keys_trimmed}"
}
block_max_chars(){
@ -59,12 +60,14 @@ case "${1-}" in
*) key="${1}"; shift;;
esac
if test -z "${key##* }"; then
echo "Key is empty: ${key}" >&2
echo "Key was not given" >&2
exit 1
fi
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh reuse
if test "${key}" = "branch"; then
@ -163,7 +166,6 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then
fi
case "${key}" in
"") exit 1;;
branch) echo "${branch}";;
changelog) echo "${changelog}";;
description) echo "${description}";;
@ -183,4 +185,6 @@ case "${key}" in
vendor) echo "${vendor}";;
packager) echo "${packager}";;
version) echo "${version}";;
"") exit 1;;
*) echo "Unsupported key" >&2; exit 1;;
esac

14
scripts/spell-lint.sh
View File

@ -8,22 +8,24 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh codespell
if test -n "${1-}"; then
files=""
for f in "$@"; do
test -f "$f" || continue
case "$f" in
for f in "${@}"; do
test -f "${f}" || continue
case "${f}" in
*LICENSES/*|.git/*|*.asc|rpm_spec/*-*.spec|*.muttrc| \
salt/sys-cacher/files/server/conf/*_mirrors_*|\
salt/dotfiles/files/vim/.config/vim/after/plugin/update-time.vim)
continue;;
*) files="$files $f";;
*) files="${files} ${f}";;
esac
done
test -n "$files" || exit 0
test -n "${files}" || exit 0
exec codespell --check-filenames --check-hidden ${files}
fi

13
scripts/toc-gen.sh
View File

@ -14,6 +14,7 @@ usage(){
case "${1-}" in
""|-h|--help) usage;;
*) ;;
esac
## vim-markdown-toc deletes lines if they are folded, can't rely on its native
@ -25,13 +26,13 @@ then
fi
for f in "$@"; do
if ! test -f "$f"; then
echo "Error: Not a regular file: $f" >&2
for f in "${@}"; do
if ! test -f "${f}"; then
echo "Error: Not a regular file: ${f}" >&2
exit 1
fi
if ! grep -q "^## Table of Contents$" "$f"; then
echo "Could not find table of contents in file: $f, skipping" >&2
if ! grep -q "^## Table of Contents$" "${f}"; then
echo "Could not find table of contents in file: ${f}, skipping" >&2
continue
fi
## This is fragile, the table of contents should have at least one block
@ -39,5 +40,5 @@ for f in "$@"; do
## the rest of the file.
vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' \
-c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}"
echo "Updated TOC in file: $f"
echo "Updated TOC in file: ${f}"
done

5
scripts/unicode-prohibit.sh
View File

@ -9,7 +9,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
files=""
if test -n "${1-}"; then
@ -30,6 +32,7 @@ if test -n "${unicode_match}"; then
line_file="$(echo "${line}" | cut -d ":" -f1)"
case "${line_file}" in
git/*|LICENSES/*|.reuse/dep5|*.asc) continue;;
*) ;;
esac
line_number="$(echo "${line}" | cut -d ":" -f2)"
line_unicode="$(echo "${line}" | cut -d ":" -f3 | od -A n -vt c)"

14
scripts/yaml-lint.sh
View File

@ -8,20 +8,22 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh yamllint
if test -n "${1-}"; then
files=""
for f in "$@"; do
test -f "$f" || continue
for f in "${@}"; do
test -f "${f}" || continue
extension="${f##*.}"
case "$extension" in
yaml|yml) files="$files $f";;
case "${extension}" in
yaml|yml) files="${files} ${f}";;
*) continue;;
esac
done
test -n "$files" || exit 0
test -n "${files}" || exit 0
exec yamllint ${files}
fi

8
scripts/yumrepo-gen.sh
View File

@ -7,7 +7,9 @@
set -eu
command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
cd "$(git rev-parse --show-toplevel)" || exit 1
repo_toplevel="$(git rev-parse --show-toplevel)"
test -d "${repo_toplevel}" || exit 1
unset repo_toplevel
./scripts/requires-program.sh createrepo_c gpg
key_id="$(git config --get user.signingKey)" || true
@ -15,7 +17,7 @@ build_dir="${HOME}/rpmbuild"
qubes_release="r4.2"
repo="current"
dist="fc37"
yum_repo_root="$HOME/rpmrepo"
yum_repo_root="${HOME}/rpmrepo"
yum_repo="${yum_repo_root}/${qubes_release}/${repo}/host/${dist}"
mkdir -p "${yum_repo}/rpm"
@ -27,7 +29,7 @@ if test -d "${yum_repo}/repodata"; then
createrepo_args="--update"
fi
# shellcheck disable=SC2086
createrepo_c ${createrepo_args} --checksum sha512 "${yum_repo}"
createrepo_c "${createrepo_args}" --checksum sha512 "${yum_repo}"
if test -n "${key_id}"; then
rm -f -- "${yum_repo}/repodata/repomd.xml.asc"