From bdd4c789c1f14a3eb7329b278b3147df1cafd551 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Tue, 6 Aug 2024 18:15:24 +0200 Subject: [PATCH] fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced. --- salt/dom0/files/bin/qubes-kde-win-rules | 2 +- salt/dom0/files/bin/qvm-backup-find-last | 2 +- salt/dom0/files/bin/qvm-copy-to-dom0 | 2 +- salt/dom0/files/bin/qvm-mgmt | 38 +++++----- salt/dom0/files/bin/qvm-pci-regain | 12 ++-- salt/dom0/files/bin/qvm-port-forward | 66 +++++++++++------- salt/dom0/files/bin/qvm-screenshot | 58 ++++++++-------- salt/dom0/files/bin/qvm-terminal | 2 +- salt/dotfiles | 2 +- .../files/client/xprofile.d/electrum.sh | 2 +- salt/mail/files/fetcher/bin/qusal-send-inbox | 4 +- salt/mail/files/reader/bin/qusal-send-mail | 6 +- .../files/client/bin/bitcoin-rpcauth-save | 4 +- .../files/client/bin/bitcoin-tx-notify | 2 +- .../files/server/bin/bitcoin-dbcache | 2 +- .../server/bin/bitcoin-rpcwhitelist-cookie | 7 +- .../files/server/bin/bitcoin-whitepaper | 12 ++-- .../files/server/rpc/qusal.BitcoinAuthGet | 19 ++--- salt/sys-cacher/README.md | 2 +- .../files/client/bin/apt-cacher-ng-repo | 32 +++++---- .../files/server/bin/electrumx-cookie-save | 6 +- .../files/client/git-core/git-init-qrexec | 10 +-- .../files/client/git-core/git-remote-qrexec | 23 ++++--- .../client/git-core/git-remote-qrexec-connect | 10 +-- salt/sys-git/files/server/rpc/qusal.GitInit | 5 +- .../admin/bin/qusal-report-updatevm-origin | 4 +- .../sys-net/files/server/rpc/qusal.ConnectTCP | 6 +- .../server/network-hooks.d/50-sys-pihole.sh | 2 +- salt/sys-ssh-agent/README.md | 2 +- .../files/server/bin/qvm-ssh-agent | 10 +-- .../files/server/rpc/qusal.SshAgent | 5 +- .../files/admin/bin/qvm-wireguard | 14 ++-- .../qubes-firewall.d/50-sys-wireguard-var | 12 ++-- scripts/best-program.sh | 5 +- scripts/markdown-lint.sh | 5 +- scripts/pgp-lint.sh | 9 +-- scripts/python-lint.sh | 5 +- scripts/qubesbuilder-gen.sh | 15 ++-- scripts/release.sh | 3 +- scripts/requires-program.sh | 2 +- scripts/salt-fix.sh | 5 +- scripts/salt-lint.sh | 5 +- scripts/setup.sh | 3 +- scripts/shell-lint.sh | 7 +- scripts/spec-build.sh | 5 +- scripts/spec-gen.sh | 32 +++++---- scripts/spec-get.sh | 69 ++++++++++--------- scripts/spell-lint.sh | 3 +- scripts/toc-gen.sh | 11 +-- scripts/unicode-lint.sh | 13 ++-- scripts/yaml-lint.sh | 3 +- scripts/yumrepo-gen.sh | 3 +- 52 files changed, 318 insertions(+), 270 deletions(-) diff --git a/salt/dom0/files/bin/qubes-kde-win-rules b/salt/dom0/files/bin/qubes-kde-win-rules index 89bc4c3..a351b02 100755 --- a/salt/dom0/files/bin/qubes-kde-win-rules +++ b/salt/dom0/files/bin/qubes-kde-win-rules @@ -11,7 +11,7 @@ set -eu file="${XDG_CONFIG_HOME:=${HOME}/.config}/kwinrulesrc" usage(){ - echo "Usage: ${0##*/} + printf '%s\n' "Usage: ${0##*/} Example: ${0##*/} personal personal Example: ${0##*/} fun personal Example: ${0##*/} work work diff --git a/salt/dom0/files/bin/qvm-backup-find-last b/salt/dom0/files/bin/qvm-backup-find-last index f5401e0..ffb4dff 100755 --- a/salt/dom0/files/bin/qvm-backup-find-last +++ b/salt/dom0/files/bin/qvm-backup-find-last @@ -42,4 +42,4 @@ if test -z "${last_backup}"; then exit 1 fi -echo "${last_backup}" +printf '%s\n' "${last_backup}" diff --git a/salt/dom0/files/bin/qvm-copy-to-dom0 b/salt/dom0/files/bin/qvm-copy-to-dom0 index e8dc433..cb2c57c 100755 --- a/salt/dom0/files/bin/qvm-copy-to-dom0 +++ b/salt/dom0/files/bin/qvm-copy-to-dom0 @@ -8,7 +8,7 @@ set -eu usage(){ - echo "usage: ${0##*/} + printf '%s\n' "usage: ${0##*/} note: disk quota is capped and can be controlled via environment variables: note: UPDATES_MAX_BYTES (default: 4GiB) note: UPDATES_MAX_FILES (default: 2048)" >&2 diff --git a/salt/dom0/files/bin/qvm-mgmt b/salt/dom0/files/bin/qvm-mgmt index ee6c0dc..7f355ff 100755 --- a/salt/dom0/files/bin/qvm-mgmt +++ b/salt/dom0/files/bin/qvm-mgmt @@ -6,7 +6,7 @@ set -eu usage(){ - echo "Usage: ${0##*/} QUBE" >&2 + printf '%s\n' "Usage: ${0##*/} QUBE" >&2 exit "${1:-1}" } @@ -24,49 +24,49 @@ case "${1-}" in esac mgmt="$(qubes-prefs management_dispvm)" -echo "GLOBAL" -echo "management_dispvm: ${mgmt}" +printf '%s\n' "GLOBAL" +printf '%s\n' "management_dispvm: ${mgmt}" tpl_mgmt="$(qvm-prefs "${mgmt}" template)" -echo "management_dispvm template: ${tpl_mgmt}" -echo "management_dispvm template features:" +printf '%s\n' "management_dispvm template: ${tpl_mgmt}" +printf '%s\n' "management_dispvm template features:" get_qube_feat "${tpl_mgmt}" if ! qvm-check -q -- "${wanted_qube}"; then - echo "error: qube '${wanted_qube}' does not exist" >&2 + printf '%s\n' "error: qube '${wanted_qube}' does not exist" >&2 exit 1 fi -echo "" -echo "WANTED" -echo "qube: ${wanted_qube}" +printf '%s\n' "" +printf '%s\n' "WANTED" +printf '%s\n' "qube: ${wanted_qube}" class="$(qvm-prefs "${wanted_qube}" klass)" -echo "class: ${class}" +printf '%s\n' "class: ${class}" case "${class}" in AppVM) tpl_wanted_qube="$(qvm-prefs "${wanted_qube}" template)" - echo "template: ${tpl_wanted_qube}" - echo "template features:" + printf '%s\n' "template: ${tpl_wanted_qube}" + printf '%s\n' "template features:" get_qube_feat "${tpl_wanted_qube}" ;; DispVM) dvm_wanted_qube="$(qvm-prefs "${wanted_qube}" template)" - echo "disposable template: ${dvm_wanted_qube}" + printf '%s\n' "disposable template: ${dvm_wanted_qube}" tpl_wanted_qube="$(qvm-prefs "${dvm_wanted_qube}" template)" - echo "template: ${tpl_wanted_qube}" - echo "template features:" + printf '%s\n' "template: ${tpl_wanted_qube}" + printf '%s\n' "template features:" get_qube_feat "${tpl_wanted_qube}" ;; AdminVM) ;; StandaloneVM|TemplateVM) get_qube_feat "${wanted_qube}" ;; - *) echo "Unsupported qube class" >&2; exit 1;; + *) printf '%s\n' "Unsupported qube class" >&2; exit 1;; esac wanted_mgmt="$(qvm-prefs "${wanted_qube}" management_dispvm)" -echo "${wanted_qube} management_dispvm: ${wanted_mgmt}" +printf '%s\n' "${wanted_qube} management_dispvm: ${wanted_mgmt}" if test "${wanted_mgmt}" = "${mgmt}"; then exit fi wanted_tpl_mgmt="$(qvm-prefs "${wanted_mgmt}" template)" -echo "${wanted_qube} management_dispvm template: ${wanted_tpl_mgmt}" -echo "${wanted_qube} management_dispvm template features:" +printf '%s\n' "${wanted_qube} management_dispvm template: ${wanted_tpl_mgmt}" +printf '%s\n' "${wanted_qube} management_dispvm template features:" get_qube_feat "${wanted_tpl_mgmt}" diff --git a/salt/dom0/files/bin/qvm-pci-regain b/salt/dom0/files/bin/qvm-pci-regain index d8aa9f4..95e3e68 100755 --- a/salt/dom0/files/bin/qvm-pci-regain +++ b/salt/dom0/files/bin/qvm-pci-regain @@ -18,10 +18,10 @@ set -eu usage(){ - echo "Usage: ${0##*/} --i-like-danger " - echo "Example: ${0##*/} --i-like-danger 0000:00:1b.0" - echo "Warning: Strongly discouraged to reattach PCI devices to dom0" - echo "Warning: especially if it doesn't support resetting!" + printf '%s\n' "Usage: ${0##*/} --i-like-danger " + printf '%s\n' "Example: ${0##*/} --i-like-danger 0000:00:1b.0" + printf '%s\n' "Warning: Strongly discouraged to reattach PCI devices to" + printf '%s\n' "Warning: dom0, especially if it doesn't support resetting!" exit 1 } @@ -37,7 +37,7 @@ esac uid="$(id -u)" test "${uid}" = "0" || exec sudo "${0}" -echo "${device}" | tee -- /sys/bus/pci/drivers/pciback/unbind +printf '%s\n' "${device}" | tee -- /sys/bus/pci/drivers/pciback/unbind modalias="$(cat -- "/sys/bus/pci/devices/${device}/modalias")" module="$(modprobe -R "${modalias}" | head -n 1)" -echo "${device}" | tee -- "/sys/bus/pci/drivers/${module}/bind" +printf '%s\n' "${device}" | tee -- "/sys/bus/pci/drivers/${module}/bind" diff --git a/salt/dom0/files/bin/qvm-port-forward b/salt/dom0/files/bin/qvm-port-forward index 03fea46..35baf07 100755 --- a/salt/dom0/files/bin/qvm-port-forward +++ b/salt/dom0/files/bin/qvm-port-forward @@ -29,7 +29,7 @@ validate_handle(){ untrusted_handle="${2}" case "${untrusted_handle}" in ""|*[!0-9]*) - echo "error: ${qube}: invalid handle" >&2 + printf '%s\n' "error: ${qube}: invalid handle" >&2 exit 1 ;; *) ;; @@ -41,7 +41,7 @@ validate_ipv4(){ untrusted_ip="${2}" case "${untrusted_ip}" in ""|*[!0-9./]*) - echo "error: ${qube}: invalid IPv4 address" >&2 + printf '%s\n' "error: ${qube}: invalid IPv4 address" >&2 exit 1 ;; *) ;; @@ -53,7 +53,7 @@ validate_ipv6(){ untrusted_ip="${2}" case "${untrusted_ip}" in ""|*[!0-9a-f:/]*) - echo "error: ${qube}: invalid IPv6 address" >&2 + printf '%s\n' "error: ${qube}: invalid IPv6 address" >&2 exit 1 ;; *) ;; @@ -65,7 +65,7 @@ validate_dev(){ untrusted_dev="${2}" case "${untrusted_dev}" in ""|*[!0-9A-Za-z]*) - echo "error: ${qube}: invalid device name" >&2 + printf '%s\n' "error: ${qube}: invalid device name" >&2 exit 1 ;; *) ;; @@ -123,7 +123,7 @@ forward() { from_ip="${untrusted_from_ip}" to_ip="$(qvm-prefs --get -- "${to_qube}" ip)" - to_ip_escaped="$(echo "${to_ip}" | tr "." "-")" + to_ip_escaped="$(printf '%s\n' "${to_ip}" | tr "." "-")" hook="${hook_prefix}${to_ip}-${proto}-${port}.sh" if test "${from_ip}" = "None"; then @@ -147,11 +147,11 @@ add rule ip qubes ${forward_chain} ${forward_rule}'" delete_rule "${from_qube}" "${forward_chain}" "${forward_rule}" delete_rule "${from_qube}" "${dnat_chain}" "${dnat_rule}" if test "${action}" = "del"; then - echo "info: ${from_qube}: deleting rules" >&2 + printf '%s\n' "info: ${from_qube}: deleting rules" >&2 run_qube "${from_qube}" "rm -f ${hook}" else msg="adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}" - echo "info: ${from_qube}: ${msg}" >&2 + printf '%s\n' "info: ${from_qube}: ${msg}" >&2 run_qube "${from_qube}" "${full_rule}" if test "${persistent}" = "1"; then @@ -187,7 +187,7 @@ ${full_rule}" create_net_dir "${from_qube}" run_qube "${from_qube}" \ - "echo \"${full_rule}\" | tee -- \"${hook}\" >/dev/null" + "printf '%s\n' \"${full_rule}\" | tee -- \"${hook}\" >/dev/null" run_qube "${from_qube}" "chmod -- +x ${hook}" fi fi @@ -205,10 +205,10 @@ input() { delete_rule "${qube}" "custom-input" "${custom_input_rule}" if test "${action}" = "del"; then - echo "info: ${qube}: deleting rules" >&2 + printf '%s\n' "info: ${qube}: deleting rules" >&2 run_qube "${qube}" "rm -f ${hook}" else - echo "info: ${qube}: adding input rule daddr ${to_ip}" >&2 + printf '%s\n' "info: ${qube}: adding input rule daddr ${to_ip}" >&2 run_qube "${qube}" "${input_rule}" if test "${persistent}" = "1"; then input_rule="#!/bin/sh @@ -230,7 +230,7 @@ fi ${input_rule}" run_qube "${qube}" \ - "echo \"${input_rule}\" | tee -- \"${hook}\" >/dev/null" + "printf '%s\n' \"${input_rule}\" | tee -- \"${hook}\" >/dev/null" run_qube "${qube}" "chmod -- +x ${hook}" fi fi @@ -247,7 +247,7 @@ get_lan(){ dev="${untrusted_dev}" if test -z "${dev}"; then - echo "error: ${qube}: could not find any device that is up" >&2 + printf '%s\n' "error: ${qube}: could not find any device that is up" >&2 exit 1 fi @@ -258,7 +258,7 @@ get_lan(){ lan_ip="${untrusted_lan_ip}" if test -z "${lan_ip}"; then - echo "error: ${qube}: could not find LAN from device ${dev}" >&2 + printf '%s\n' "error: ${qube}: could not find LAN from device ${dev}" >&2 exit 1 fi } @@ -266,8 +266,9 @@ get_lan(){ test_qvm_run(){ qube="${1}" # shellcheck disable=SC2310 - if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then - echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2 + if ! run_qube "${qube}" printf '%s\n' "Test QUBESRPC" >/dev/null 2>&1; then + err_msg="error: ${qube}: RPC qubes.VMShell failed, use a different qube" + printf '%s\n' "${err_msg}" >&2 exit 1 fi } @@ -280,19 +281,23 @@ recurse_netvms() { case "${cmd}" in show-upstream) test_qvm_run "${rec_qube}";; apply-rules) forward "${rec_netvm}" "${rec_qube}";; - *) echo "Unsupported command passed to recurse_netvms()" >&2; exit 1;; + *) printf '%s\n' "Unsupported command passed to recurse_netvms()" >&2 + exit 1 + ;; esac recurse_netvms "${cmd}" "${rec_netvm}" fi case "${cmd}" in show-upstream) get_lan "${rec_qube}";; apply-rules) ;; - *) echo "Unsupported command passed to recurse_netvms()" >&2; exit 1;; + *) printf '%s\n' "Unsupported command passed to recurse_netvms()" >&2 + exit 1 + ;; esac } usage() { - echo "Usage: ${0##*/} OPTIONS + printf '%s\n' "Usage: ${0##*/} OPTIONS Option syntax: --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent] Options: @@ -314,33 +319,42 @@ Warn: Persistent rules of disposable netvm are saved to its template" >&2 check_opt(){ case "${action:-}" in add|del);; - *) echo "error: action must be either 'add' or 'del'" >&2; exit 1;; + *) + printf '%s\n' "error: action must be either 'add' or 'del'" >&2 + exit 1 + ;; esac case "${proto:-}" in tcp|udp);; - *) echo "error: protocol must be only 'tcp' or 'udp'" >&2; exit 1;; + *) + printf '%s\n' "error: protocol must be only 'tcp' or 'udp'" >&2 + exit 1 + ;; esac case "${port:-}" in - ""|*[!0-9]*) echo "error: port must be only numbers" >&2; exit 1;; + ""|*[!0-9]*) + printf '%s\n' "error: port must be only numbers" >&2 + exit 1 + ;; *) esac if test "${port}" -ge 1 && test "${port}" -le 65535; then true else - echo "error: port must be in range 1-65535" >&2 + printf '%s\n' "error: port must be in range 1-65535" >&2 exit 1 fi if test -z "${target_qube:-}"; then - echo "error: qube name not provided" >&2 + printf '%s\n' "error: qube name not provided" >&2 exit 1 fi if ! qvm-check -- "${target_qube}" >/dev/null 2>&1; then - echo "error: qube '${target_qube}' not found." >&2 + printf '%s\n' "error: qube '${target_qube}' not found." >&2 exit 1 fi } @@ -352,7 +366,7 @@ persistent="" if ! OPTS=$(getopt -o h,a:q:p:n:s \ --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}") then - echo "An error occurred while parsing options." >&2 + printf '%s\n' "An error occurred while parsing options." >&2 exit 1 fi @@ -369,7 +383,7 @@ while test "${#}" -gt "0"; do -s|--persistent) persistent=1; shift;; -h|--help) usage;; --) break;; - *) echo "Unsupported option" >&2; exit 1;; + *) printf '%s\n' "Unsupported option" >&2; exit 1;; esac shift done diff --git a/salt/dom0/files/bin/qvm-screenshot b/salt/dom0/files/bin/qvm-screenshot index ef641e4..775d02a 100755 --- a/salt/dom0/files/bin/qvm-screenshot +++ b/salt/dom0/files/bin/qvm-screenshot @@ -20,37 +20,37 @@ take_screenshot() { case "${screenshot_type}" in window) spectacle -a -o "${screenshot_file}";; fullscreen) spectacle -f -o "${screenshot_file}";; - *) echo "Unsupported screenshot type" >&2; exit 1;; + *) printf '%s\n' "Unsupported screenshot type" >&2; exit 1;; esac ;; xfce4-screenshooter) case "${screenshot_type}" in window) xfce4-screenshooter -w -s "${screenshot_file}";; fullscreen) xfce4-screenshooter -f -s "${screenshot_file}";; - *) echo "Unsupported screenshot type" >&2; exit 1;; + *) printf '%s\n' "Unsupported screenshot type" >&2; exit 1;; esac ;; scrot) case "${screenshot_type}" in window) scrot -s -b "${screenshot_file}";; fullscreen) scrot -b "${screenshot_file}";; - *) echo "Unsupported screenshot type" >&2; exit 1;; + *) printf '%s\n' "Unsupported screenshot type" >&2; exit 1;; esac ;; maim) case "${screenshot_type}" in window) maim -s -o -u "${screenshot_file}";; fullscreen) maim -o -u "${screenshot_file}";; - *) echo "Unsupported screenshot type" >&2; exit 1;; + *) printf '%s\n' "Unsupported screenshot type" >&2; exit 1;; esac ;; - *) echo "Unsupported screenshot tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported screenshot tool" >&2; exit 1;; esac } print_help(){ # editorconfig-checker-disable - echo "Usage: ${0##*/} [OPTIONS] + printf '%s\n' "Usage: ${0##*/} [OPTIONS] -h, --help print this help message and exit Capture mode: -r, --region select only a region of the screen @@ -121,7 +121,7 @@ while test "$#" -gt 0; do dialog_cmd_wanted="${1}" ;; *) - echo "Unknown option: ${key}" + printf '%s\n' "Unknown option: ${key}" exit 1 ;; esac @@ -131,14 +131,14 @@ done if test -n "${dialog_cmd_wanted}"; then if ! command -v "${dialog_cmd_wanted}" >/dev/null; then msg="wanted dialog program not found: ${dialog_cmd_wanted}" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" exit 1 fi case "${dialog_cmd_wanted}" in kdialog|zenity);; *) msg="wanted dialog program unsupported: ${dialog_cmd_wanted}" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" exit 1 ;; esac @@ -150,7 +150,7 @@ else dialog_cmd="zenity" fi if test -z "${dialog_cmd}"; then - echo "[ERROR] dialog programs not found: zenity kdialog" + printf '%s\n' "[ERROR] dialog programs not found: zenity kdialog" exit 1 fi fi @@ -158,11 +158,11 @@ fi if test -n "${screenshot_cmd_wanted}"; then if ! command -v "${screenshot_cmd_wanted}" >/dev/null; then msg="wanted screenshot program not found: ${screenshot_cmd_wanted}" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" case "${dialog_cmd}" in zenity) zenity --info --text "${msg}";; kdialog) kdialog --msgbox "${msg}";; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac exit 1 fi @@ -170,7 +170,7 @@ if test -n "${screenshot_cmd_wanted}"; then maim|scrot|spectacle|xfce4-screenshooter);; *) msg="wanted screenshot program unsupported: ${screenshot_cmd_wanted}" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" exit 1 ;; esac @@ -188,11 +188,11 @@ else if test -z "${screenshot_cmd}"; then msg="screenshot programs not found" msg="${msg}: spectacle xfce4-screenshooter scrot maim" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" case "${dialog_cmd}" in zenity) zenity --info --text "${msg}";; kdialog) kdialog --msgbox "${msg}";; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac exit 1 fi @@ -217,23 +217,23 @@ if test -z "${screenshot_type_text}"; then "Fullscreen" "Fullscreen" off \ )" ;; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac fi case "${screenshot_type_text}" in "Region or Window") take_screenshot window;; "Fullscreen") take_screenshot fullscreen;; - *) echo "[ERROR] mode not selected"; exit 1;; + *) printf '%s\n' "[ERROR] mode not selected"; exit 1;; esac if ! test -f "${screenshot_file}"; then msg="Screenshot was not saved in GuiVM" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" case "${dialog_cmd}" in zenity) zenity --warning --text "${msg}";; kdialog) kdialog --sorry "${msg}";; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac exit 1 fi @@ -259,7 +259,7 @@ if test "${screenshot_action_supplied}" != "1"; then "Move file" "Move file" off )" ;; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac if test -z "${screenshot_action_text}"; then @@ -268,7 +268,8 @@ if test "${screenshot_action_supplied}" != "1"; then IFSOLD="${IFS}" IFS="|" - screenshot_action_text="$(echo "${screenshot_action_text}" | tr "\n" "|")" + screenshot_action_text="$(printf '%s\n' "${screenshot_action_text}" | \ + tr "\n" "|")" for val in ${screenshot_action_text}; do case "${val}" in "Exit") exit_required=1;; @@ -292,26 +293,27 @@ if test -z "${qube}"; then dialog_title="Select destination qube (Unix based):" case "${dialog_cmd}" in zenity) - qube_list="$(echo "${qube_list}" | sed -e "s/^/FALSE /")" + qube_list="$(printf '%s\n' "${qube_list}" | sed -e "s/^/FALSE /")" # shellcheck disable=SC2086 qube="$(zenity --list --width=200 --height=390 \ --text "${dialog_title}" \ --radiolist --column "Pick" --column "qube" ${qube_list})" ;; kdialog) - qube_list="$(echo "${qube_list}" | sed -e "s/\(.*\)/\1 \1 off/")" + qube_list="$(printf '%s\n' "${qube_list}" | \ + sed -e "s/\(.*\)/\1 \1 off/")" # shellcheck disable=SC2086 qube="$(kdialog --radiolist "${dialog_title}" ${qube_list})" ;; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac if test -z "${qube}"; then msg="qube was not selected" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" case "${dialog_cmd}" in zenity) zenity --error --text "${msg}";; kdialog) kdialog --error "${msg}";; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac exit 1 fi @@ -319,11 +321,11 @@ fi if ! qvm-check -- "${qube}" >/dev/null 2>&1; then msg="qube doesn't exist: ${qube}" - echo "[ERROR] ${msg}" + printf '%s\n' "[ERROR] ${msg}" case "${dialog_cmd}" in zenity) zenity --error --text "${msg}";; kdialog) kdialog --error "${msg}";; - *) echo "Unsupported dialog command" >&2; exit 1;; + *) printf '%s\n' "Unsupported dialog command" >&2; exit 1;; esac exit 1 fi diff --git a/salt/dom0/files/bin/qvm-terminal b/salt/dom0/files/bin/qvm-terminal index 2dad943..ff4ae85 100755 --- a/salt/dom0/files/bin/qvm-terminal +++ b/salt/dom0/files/bin/qvm-terminal @@ -39,7 +39,7 @@ case "${1-}" in if test -n "${qube}"; then exec qvm-run --service -- "${qube}" "qubes.StartApp+${service}" fi - echo "Select a qube window ..." + printf '%s\n' "Select a qube window ..." id="$(xdotool selectwindow)" qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')" if test -n "${qube}"; then diff --git a/salt/dotfiles b/salt/dotfiles index b38834d..d13a21a 160000 --- a/salt/dotfiles +++ b/salt/dotfiles @@ -1 +1 @@ -Subproject commit b38834d66b8d7c7cf2d29726f5f7e608bd0b2e78 +Subproject commit d13a21a734b23236f03f67bc1951aba9975ce361 diff --git a/salt/electrum/files/client/xprofile.d/electrum.sh b/salt/electrum/files/client/xprofile.d/electrum.sh index e85f91b..e8c8771 100755 --- a/salt/electrum/files/client/xprofile.d/electrum.sh +++ b/salt/electrum/files/client/xprofile.d/electrum.sh @@ -8,5 +8,5 @@ wanted_dpi="144" if test -z "${current_dpi}" || test "${current_dpi}" -lt "${wanted_dpi}" then - echo "Xft.dpi: ${wanted_dpi}" | xrdb -override - + printf '%s\n' "Xft.dpi: ${wanted_dpi}" | xrdb -override - fi diff --git a/salt/mail/files/fetcher/bin/qusal-send-inbox b/salt/mail/files/fetcher/bin/qusal-send-inbox index e6e6fc6..e63464a 100755 --- a/salt/mail/files/fetcher/bin/qusal-send-inbox +++ b/salt/mail/files/fetcher/bin/qusal-send-inbox @@ -8,14 +8,14 @@ set -eu inbox_dir="${HOME}/mail/INBOX" if test ! -d "${inbox_dir}"; then - echo "Inbox '${inbox_dir}' does not exist" >&2 + printf '%s\n' "Inbox '${inbox_dir}' does not exist" >&2 exit 1 fi cd "${inbox_dir}" || exit 1 files_to_send="$(find "${inbox_dir}" -type f)" if test -z "${files_to_send}"; then - echo "Inbox '${inbox_dir}' is empty" >&2 + printf '%s\n' "Inbox '${inbox_dir}' is empty" >&2 exit 1 fi diff --git a/salt/mail/files/reader/bin/qusal-send-mail b/salt/mail/files/reader/bin/qusal-send-mail index 88f7720..2ec19bf 100755 --- a/salt/mail/files/reader/bin/qusal-send-mail +++ b/salt/mail/files/reader/bin/qusal-send-mail @@ -10,7 +10,7 @@ set -eu MSMTP_Q="${MSMTP_Q:-"${Q:-"${HOME}/.msmtp.queue"}"}" if test -z "${MSMTP_Q}" || test ! -d "${MSMTP_Q}"; then - echo "Queue dir '${MSMTP_Q}' not found" >&2 + printf '%s\n' "Queue dir '${MSMTP_Q}' not found" >&2 exit 1 fi @@ -18,11 +18,11 @@ cd "${MSMTP_Q}" || exit 1 for mail in *; do if ! test -e "${mail}"; then - echo "Mail queue '${MSMTP_Q}' is empty" >&2 + printf '%s\n' "Mail queue '${MSMTP_Q}' is empty" >&2 exit 1 fi if ! test -f "${mail}"; then - echo "Mail '${mail}' is not a regular file" >&2 + printf '%s\n' "Mail '${mail}' is not a regular file" >&2 exit 1 fi done diff --git a/salt/sys-bitcoin/files/client/bin/bitcoin-rpcauth-save b/salt/sys-bitcoin/files/client/bin/bitcoin-rpcauth-save index 6d3c1dd..4eafe6f 100755 --- a/salt/sys-bitcoin/files/client/bin/bitcoin-rpcauth-save +++ b/salt/sys-bitcoin/files/client/bin/bitcoin-rpcauth-save @@ -12,8 +12,8 @@ auth="$(qrexec-client-vm -tT -- @default qusal.BitcoinAuthGet)" if test -n "${auth}"; then mkdir -p -- ~/.bitcoin/.cookie - echo "${auth}" | tee -- ~/.bitcoin/.cookie >/dev/null + printf '%s\n' "${auth}" | tee -- ~/.bitcoin/.cookie >/dev/null else - echo "failed to get Bitcoin Authentication" >&2 + printf '%s\n' "failed to get Bitcoin Authentication" >&2 exit 1 fi diff --git a/salt/sys-bitcoin/files/client/bin/bitcoin-tx-notify b/salt/sys-bitcoin/files/client/bin/bitcoin-tx-notify index 14bdeca..73c5642 100755 --- a/salt/sys-bitcoin/files/client/bin/bitcoin-tx-notify +++ b/salt/sys-bitcoin/files/client/bin/bitcoin-tx-notify @@ -18,7 +18,7 @@ else body="TXID ${txid} is in block ${block_height} ${block_hash}" fi -echo "${date} ${title}: ${body}" | tee -- ~/.bitcoin/walletnotify.log +printf '%s\n' "${date} ${title}: ${body}" | tee -- ~/.bitcoin/walletnotify.log if command -v notify-send >/dev/null; then notify-send -t 10000 "${title}" "${body}" fi diff --git a/salt/sys-bitcoin/files/server/bin/bitcoin-dbcache b/salt/sys-bitcoin/files/server/bin/bitcoin-dbcache index 44a74f6..00aa7c0 100755 --- a/salt/sys-bitcoin/files/server/bin/bitcoin-dbcache +++ b/salt/sys-bitcoin/files/server/bin/bitcoin-dbcache @@ -8,4 +8,4 @@ set -eu conf="${HOME}/.bitcoin/conf.d/dbcache.conf" cache_Mi="$(awk -- '/^MemTotal:/{printf "%.0f", $2/1024}' /proc/meminfo)" cache="$((cache_Mi*75/100))" -echo "dbcache=${cache}" | tee -- "${conf}" >/dev/null +printf '%s\n' "dbcache=${cache}" | tee -- "${conf}" >/dev/null diff --git a/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie b/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie index b558dc8..70cd00f 100755 --- a/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie +++ b/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie @@ -8,11 +8,12 @@ set -eu conf="${HOME}/.bitcoin/conf.d/cookie.conf" if ! systemctl is-active bitcoind >/dev/null 2>&1; then - echo "systemd service 'bitcoind' is inactive" >&2 - echo "remote RPC can't add crendetials" >&2 + printf '%s\n' "systemd service 'bitcoind' is inactive" >&2 + printf '%s\n' "remote RPC can't add crendetials" >&2 exit 1 fi rpc_list="$(bitcoin-cli help | awk '/^[a-z]/{print $1}' | tr "\n" ",")" -echo "rpcwhitelist=__cookie__:${rpc_list}" | tee -- "${conf}" >/dev/null +printf '%s\n' "rpcwhitelist=__cookie__:${rpc_list}" | \ + tee -- "${conf}" >/dev/null diff --git a/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper b/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper index 00a980d..9816ae8 100755 --- a/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper +++ b/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper @@ -22,7 +22,7 @@ check_installed(){ for prog in "${@}"; do # shellcheck disable=SC2310 if ! has "${prog}"; then - echo "Missing program: ${prog}" >&2 + printf '%s\n' "Missing program: ${prog}" >&2 missing_programs=1 fi done @@ -33,11 +33,11 @@ check_installed(){ validate_dir(){ if ! test -d "${dir}"; then - echo "Directory '${dir}' does not exist" >&2 + printf '%s\n' "Directory '${dir}' does not exist" >&2 exit 1 fi if ! test -w "${dir}"; then - echo "Directory '${dir}' is not writable" >&2 + printf '%s\n' "Directory '${dir}' is not writable" >&2 exit 1 fi } @@ -84,9 +84,9 @@ gettxout(){ } usage(){ - echo "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]" - echo "Note: gettxout works with pruned node" - echo "Note: DIR defaults to \${HOME}" + printf '%s\n' "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]" + printf '%s\n' "Note: gettxout works with pruned node" + printf '%s\n' "Note: DIR defaults to \${HOME}" exit 1 } diff --git a/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet b/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet index 3585171..2ce5020 100755 --- a/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet +++ b/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet @@ -15,8 +15,8 @@ bitcoin_pass="/home/user/.bitcoin/rpcclient.pass" user="${QREXEC_REMOTE_DOMAIN}" if ! systemctl is-active bitcoind >/dev/null 2>&1; then - echo "systemd service 'bitcoind' is not active" >&2 - echo "cannot add credentials with remote RPC" >&2 + printf '%s\n' "systemd service 'bitcoind' is not active" >&2 + printf '%s\n' "cannot add credentials with remote RPC" >&2 exit 1 fi @@ -28,19 +28,20 @@ if test -r "${bitcoin_conf}"; then fi if ! command -v bitcoin-rpcauth >/dev/null; then - echo "command not found: bitcoin-rpcauth" >&2 + printf '%s\n' "command not found: bitcoin-rpcauth" >&2 exit 127 fi full_auth="$(bitcoin-rpcauth "${user}" | sed -n -e '2p;4p')" -rpcauth="$(echo "${full_auth}" | head -1)" -user="$(echo "${rpcauth}" | cut -d "=" -f2 | cut -d ":" -f1)" -password="$(echo "${full_auth}" | tail -1)" +rpcauth="$(printf '%s\n' "${full_auth}" | head -1)" +user="$(printf '%s\n' "${rpcauth}" | cut -d "=" -f2 | cut -d ":" -f1)" +password="$(printf '%s\n' "${full_auth}" | tail -1)" -echo "${rpcauth}" | sudo -u user -- tee -a -- "${bitcoin_conf}" >/dev/null -echo "${user}:${password}" | \ +printf '%s\n' "${rpcauth}" | \ + sudo -u user -- tee -a -- "${bitcoin_conf}" >/dev/null +printf '%s\n' "${user}:${password}" | \ sudo -u user -- tee -a -- "${bitcoin_pass}" >/dev/null -echo "${user}:${password}" +printf '%s\n' "${user}:${password}" ## Restart bitcoind to apply the configuration changes. Currently, there is no ## prevention of DDoS besides when the client already has an authentication diff --git a/salt/sys-cacher/README.md b/salt/sys-cacher/README.md index 2c59cb9..8779d4b 100644 --- a/salt/sys-cacher/README.md +++ b/salt/sys-cacher/README.md @@ -102,7 +102,7 @@ administrative access to the cacher qube. You should add the following to the end of `sys-cacher` rc.local: ```sh -echo "AdminAuth: username:password" | tee -- /etc/qusal-apt-cacher-ng/zzz_security.conf +printf '%s\n' "AdminAuth: username:password" | tee -- /etc/qusal-apt-cacher-ng/zzz_security.conf ``` Where username and password are HTTP Auth strings. diff --git a/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo b/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo index 4365c53..13e39ae 100755 --- a/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo +++ b/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo @@ -33,17 +33,17 @@ set_proxy_marker(){ msg="found marker ${marker_end_text} but not ${marker_begin_text}" msg="${msg} in ${proxy_file}." msg="${msg} fix it by removing markers or adding missing ones and retry" - echo "Error: ${msg}" >&2 + printf '%s\n' "Error: ${msg}" >&2 exit 1 fi cp -- "${proxy_file}" "${proxy_file}.qubes-orig" - echo "${marker_begin}" | tee -a -- "${proxy_file}" >/dev/null - echo "${marker_end}" | tee -a -- "${proxy_file}" >/dev/null + printf '%s\n' "${marker_begin}" | tee -a -- "${proxy_file}" >/dev/null + printf '%s\n' "${marker_end}" | tee -a -- "${proxy_file}" >/dev/null elif ! grep -q -e "^${marker_end}$" -- "${proxy_file}"; then msg="found marker ${marker_begin_text} but not ${marker_end_text}" msg="${msg} in ${proxy_file}." msg="${msg} fix it by removing markers or adding missing ones and retry" - echo "error: ${msg}" >&2 + printf '%s\n' "error: ${msg}" >&2 exit 1 fi @@ -80,7 +80,8 @@ check_netvm_cacher(){ if test -f /var/run/qubes-service/netvm-cacher; then proxy_host="$(qubesdb-read /qubes-gateway)" if test -z "${proxy_host}"; then - echo "Error: service netvm-cacher enabled but netvm IP not found" >&2 + printf '%s\n' \ + "Error: service netvm-cacher enabled but netvm IP not found" >&2 return 1 fi fi @@ -90,7 +91,8 @@ check_netvm_cacher(){ } reject_os(){ - echo "${0##*/} does not support your Operating System distribution." >&2 + msg_unsupported="${0##*/} does not support your OS distribution." + printf '%s\n' "${msg_unsupported}" >&2 exit 1 } @@ -183,7 +185,7 @@ EOF -e "s|^\s*#.*metalink\s*=|metalink=|w ${changes_file}" \ -- {} \+ 2>/dev/null || true ;; - *) echo "Unsupported action" >&2; exit 1 + *) printf '%s\n' "Unsupported action" >&2; exit 1 esac elif test -e /etc/debian_version && test ! -e /usr/share/whonix/marker; then @@ -236,7 +238,7 @@ EOF -e "${list_expr}" -e "${sources_expr}" \ -- {} \+ ;; - *) echo "Unsupported action" >&2; exit 1 + *) printf '%s\n' "Unsupported action" >&2; exit 1 esac elif test -e /etc/arch-release; then @@ -289,7 +291,7 @@ EOF -e "${repo_regex}" \ -- {} \+ ;; - *) echo "Unsupported action" >&2; exit 1 + *) printf '%s\n' "Unsupported action" >&2; exit 1 esac else @@ -306,8 +308,8 @@ set_proxy_unspecific_os(){ } usage(){ - echo "Usage: ${0##*/} [install|uninstall]" - echo "Note: autodetection occurs if not argument is specified" + printf '%s\n' "Usage: ${0##*/} [install|uninstall]" + printf '%s\n' "Note: autodetection occurs if not argument is specified" exit 1 } @@ -330,7 +332,7 @@ esac uid="$(id -u)" if test "${uid}" != "0"; then - echo "Error: Permission denied, action requires root privileges." + printf '%s\n' "Error: Permission denied, action requires root privileges." exit 1 fi @@ -339,10 +341,10 @@ set_proxy_os set_proxy_unspecific_os ## Stateful Salt cmd Module. -echo +printf '\n' if test -s "${changes_file}"; then - echo "changed=yes comment='configuration was modified'" + printf '%s\n' "changed=yes comment='configuration was modified'" else - echo "changed=no comment='configuration remained untouched'" + printf '%s\n' "changed=no comment='configuration remained untouched'" fi exit diff --git a/salt/sys-electrumx/files/server/bin/electrumx-cookie-save b/salt/sys-electrumx/files/server/bin/electrumx-cookie-save index f2ecd90..eba4df9 100755 --- a/salt/sys-electrumx/files/server/bin/electrumx-cookie-save +++ b/salt/sys-electrumx/files/server/bin/electrumx-cookie-save @@ -9,16 +9,16 @@ electrumx_conf="${HOME}/.electrumx/conf.d/cookie.conf" cookie="${HOME}/.bitcoin/.cookie" if ! test -f "${cookie}"; then - echo "cookie not found" >&2 + printf '%s\n' "cookie not found" >&2 exit 1 fi if ! test -r "${cookie}"; then - echo "cannot read from cookie" >&2 + printf '%s\n' "cannot read from cookie" >&2 exit 1 fi auth="$(cat -- "${cookie}")" -echo "DAEMON_URL=${auth}@127.0.0.1:8332" | \ +printf '%s\n' "DAEMON_URL=${auth}@127.0.0.1:8332" | \ tee -- "${electrumx_conf}" >/dev/null diff --git a/salt/sys-git/files/client/git-core/git-init-qrexec b/salt/sys-git/files/client/git-core/git-init-qrexec index 6ef642c..f4624c5 100755 --- a/salt/sys-git/files/client/git-core/git-init-qrexec +++ b/salt/sys-git/files/client/git-core/git-init-qrexec @@ -12,16 +12,16 @@ case "${GIT_TRACE_HELPER:-}" in esac usage(){ - echo "Usage: ${helper} [] []" >&2 - echo "Note: qube defaults to @default" >&2 - echo "Note: repository defaults to current working repository" >&2 + printf '%s\n' "Usage: ${helper} [] []" >&2 + printf '%s\n' "Note: qube defaults to @default" >&2 + printf '%s\n' "Note: repository defaults to current working repository" >&2 exit 1 } is_git_repo(){ if ! git rev-parse --show-toplevel >/dev/null 2>&1; then - echo "Error: Current working directory is not in a git repository" >&2 - echo "Error: Run from a repository or pass the name as an argument" >&2 + printf '%s\n' "Error: CWD is not a git repository" >&2 + printf '%s\n' "Error: Run from a repository or provide its name" >&2 usage fi } diff --git a/salt/sys-git/files/client/git-core/git-remote-qrexec b/salt/sys-git/files/client/git-core/git-remote-qrexec index 5d3c274..df926f9 100755 --- a/salt/sys-git/files/client/git-core/git-remote-qrexec +++ b/salt/sys-git/files/client/git-core/git-remote-qrexec @@ -14,18 +14,18 @@ set -eu usage(){ url_format="${scheme}:///" url_format="${url_format}[?query=value][&other_query=value]" - echo "Usage: ${helper} [${url_format}]" >&2 + printf '%s\n' "Usage: ${helper} [${url_format}]" >&2 } die(){ usage - echo "Error: ${1}" >&2 + printf '%s\n' "Error: ${1}" >&2 exit 1 } log(){ case "${GIT_TRACE_REMOTE_HELPER:-}" in - true|1) echo "${@}" >&2;; + true|1) printf '%s\n' "${@}" >&2;; *) ;; esac } @@ -34,7 +34,7 @@ log(){ validate_url(){ url_valid="" url_check="${1?}" - scheme_user_url="$(echo "${url_check}" | sed -e "s|://.*||")" + scheme_user_url="$(printf '%s\n' "${url_check}" | sed -e "s|://.*||")" ## Scheme must be the same as the one in the name of this script. ## Checks if Authority and Path exist, but not if they are valid, this is @@ -48,24 +48,25 @@ validate_url(){ esac urn_pattern="[0-9A-Za-z@:_.-]+/[0-9A-Za-z_.-]+(\?[0-9A-Za-z=&_-]*)?" - if ! (echo "${url_valid}" | grep -qE -e "^${scheme}://${urn_pattern}$") + if ! (printf '%s\n' "${url_valid}" | \ + grep -qE -e "^${scheme}://${urn_pattern}$") then die "URL contains forbidden characters" fi - echo "${url_valid}" + printf '%s\n' "${url_valid}" } get_urn(){ - echo "${1#*://}" + printf '%s\n' "${1#*://}" } get_authority(){ - echo "${1%%/*}" + printf '%s\n' "${1%%/*}" } get_path(){ - echo "${1##*/}" | cut -d "?" -f1 + printf '%s\n' "${1##*/}" | cut -d "?" -f1 } get_query(){ @@ -74,7 +75,7 @@ get_query(){ if test "${1}" != "${1##*\?}"; then query="${1##*\?}" fi - echo "${query}" + printf '%s\n' "${query}" } ## Find remote--. @@ -99,7 +100,7 @@ send_cap(){ cap="${1}" shift - if ! (echo "${capabilities}" | grep -q -e "^${cap}$"); then + if ! (printf '%s\n' "${capabilities}" | grep -q -e "^${cap}$"); then die "Unsupported capability: '${cap}'" fi diff --git a/salt/sys-git/files/client/git-core/git-remote-qrexec-connect b/salt/sys-git/files/client/git-core/git-remote-qrexec-connect index 6bfbf48..50e42cb 100755 --- a/salt/sys-git/files/client/git-core/git-remote-qrexec-connect +++ b/salt/sys-git/files/client/git-core/git-remote-qrexec-connect @@ -7,19 +7,19 @@ set -eu usage(){ - echo "Usage: ${helper} (git-upload-pack|git-receive-pack)" - echo "Note: ${helper} is supposed to be called by ${parent_helper}" + printf '%s\n' "Usage: ${helper} (git-upload-pack|git-receive-pack)" + printf '%s\n' "Note: ${helper} is supposed to be called by ${parent_helper}" exit 1 } die(){ - echo "Error: ${1}" >&2 + printf '%s\n' "Error: ${1}" >&2 exit 1 } log(){ case "${GIT_TRACE_REMOTE_HELPER:-}" in - true|1) echo "${@}" >&2;; + true|1) printf '%s\n' "${@}" >&2;; *) ;; esac } @@ -61,7 +61,7 @@ vendor="qusal" default_qube="sys-git" rpc_cmd="${vendor}.${rpc}+${path}" -if echo "${query}" | \ +if printf '%s\n' "${query}" | \ grep -qE -e "(^|&)verify_signatures=(1|[tT]rue|yes|on)($|&)" then die "Remote helper does not support signature verification yet" diff --git a/salt/sys-git/files/server/rpc/qusal.GitInit b/salt/sys-git/files/server/rpc/qusal.GitInit index 652b47b..313917c 100644 --- a/salt/sys-git/files/server/rpc/qusal.GitInit +++ b/salt/sys-git/files/server/rpc/qusal.GitInit @@ -7,7 +7,7 @@ set -eu die(){ - echo "error: ${1}" >&2 + printf '%s\n' "error: ${1}" >&2 exit 1 } @@ -23,7 +23,8 @@ if test -z "${untrusted_repo}"; then die "Repository name is empty" fi -if ! (echo "${untrusted_repo}" | grep -q -e "^[A-Za-z0-9][A-Za-z0-9_.-]\+$") +if ! (printf '%s\n' "${untrusted_repo}" | \ + grep -q -e "^[A-Za-z0-9][A-Za-z0-9_.-]\+$") then msg="Forbidden characters in agent name." msg="${msg} Allowed chars: letters, numbers, hyphen, underscore and dot." diff --git a/salt/sys-net/files/admin/bin/qusal-report-updatevm-origin b/salt/sys-net/files/admin/bin/qusal-report-updatevm-origin index 6ff9aee..252915e 100755 --- a/salt/sys-net/files/admin/bin/qusal-report-updatevm-origin +++ b/salt/sys-net/files/admin/bin/qusal-report-updatevm-origin @@ -16,8 +16,8 @@ case "${updatevm_class}" in proxy_target="$(qvm-prefs "${updatevm}" template)" proxy_target="$(qvm-prefs "${proxy_target}" template)" ;; - *) echo "Unsupported qube class" >&2; exit 1;; + *) printf '%s\n' "Unsupported qube class" >&2; exit 1;; esac if test -n "${proxy_target}"; then - echo "${proxy_target}" + printf '%s\n' "${proxy_target}" fi diff --git a/salt/sys-net/files/server/rpc/qusal.ConnectTCP b/salt/sys-net/files/server/rpc/qusal.ConnectTCP index e7ac74c..d3cccc6 100755 --- a/salt/sys-net/files/server/rpc/qusal.ConnectTCP +++ b/salt/sys-net/files/server/rpc/qusal.ConnectTCP @@ -23,15 +23,15 @@ host="${arg%%+*}" port="${arg##*+}" if test -z "${port}" || test -z "${host}" || test "${port}" = "${host}"; then - echo "Missing either host, port or both" >&2 + printf '%s\n' "Missing either host, port or both" >&2 exit 1 fi if test "${#host}" -gt 256; then - echo "Host size exceeds limit" >&2 + printf '%s\n' "Host size exceeds limit" >&2 exit 1 fi if test "${#port}" -gt 5 || test "${port}" -gt 65535; then - echo "Invalid port number, it must be between 1 and 65535" >&2 + printf '%s\n' "Invalid port number, it must be between 1 and 65535" >&2 exit 1 fi diff --git a/salt/sys-pihole/files/server/network-hooks.d/50-sys-pihole.sh b/salt/sys-pihole/files/server/network-hooks.d/50-sys-pihole.sh index 0241a0d..0347092 100644 --- a/salt/sys-pihole/files/server/network-hooks.d/50-sys-pihole.sh +++ b/salt/sys-pihole/files/server/network-hooks.d/50-sys-pihole.sh @@ -15,5 +15,5 @@ for vif in /proc/sys/net/ipv4/conf/vif*/route_localnet; do done if test -f /var/run/qubes-service/local-dns-server; then - echo "nameserver 127.0.0.1" | tee -- /etc/resolv.conf >/dev/null + printf '%s\n' "nameserver 127.0.0.1" | tee -- /etc/resolv.conf >/dev/null fi diff --git a/salt/sys-ssh-agent/README.md b/salt/sys-ssh-agent/README.md index 753449e..e32e57b 100644 --- a/salt/sys-ssh-agent/README.md +++ b/salt/sys-ssh-agent/README.md @@ -216,7 +216,7 @@ variables to point to the `work` agent so every connection will use the same agent: ```sh -echo 'export SSH_AUTH_SOCK=/tmp/qusal-ssh-agent-forwarder/work.sock; +printf '%s\n' 'export SSH_AUTH_SOCK=/tmp/qusal-ssh-agent-forwarder/work.sock; SSH_AGENT_PID="$(pgrep -f "/tmp/qusal-ssh-agent-forwarder/work.sock")"; ' | tee -a -- ~/.profile ``` diff --git a/salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent b/salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent index af10baa..919931d 100755 --- a/salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent +++ b/salt/sys-ssh-agent/files/server/bin/qvm-ssh-agent @@ -9,7 +9,7 @@ set -eu service="qusal-ssh-agent" usage(){ - echo "Usage: ${0##*/} [ls|add] + printf '%s\n' "Usage: ${0##*/} [ls|add] ls: list agent(s) add: add keys to agent(s) reload: reload/re-add keys from agent(s) @@ -23,8 +23,8 @@ Example: ls_agent(){ socket="/tmp/${service}/${agent}.sock" test -S "${socket}" || return 1 - agent="$(echo "${socket}" | sed -e "s|.*${service}/||;s/\.sock//")" - echo "Agent: (${agent}) ${socket}" + agent="$(printf '%s\n' "${socket}" | sed -e "s|.*${service}/||;s/\.sock//")" + printf '%s\n' "Agent: (${agent}) ${socket}" SSH_AUTH_SOCK="${socket}" ssh-add -l || true } @@ -33,7 +33,7 @@ add_agent(){ mkdir -m 0700 -p -- "/tmp/${service}" dir="${HOME}/.ssh/identities.d/${agent}" if ! test -d "${dir}"; then - echo "Directory not found: ${dir}" >&2 + printf '%s\n' "Directory not found: ${dir}" >&2 return 1 fi dir="${dir##*/}" @@ -48,7 +48,7 @@ add_agent(){ keys="$(grep -sl -e "-----BEGIN OPENSSH PRIVATE KEY-----" \ -- "${HOME}/.ssh/identities.d/${dir}"/* || true)" if test -z "${keys}"; then - echo "Directory has no key: ${dir}" >&2 + printf '%s\n' "Directory has no key: ${dir}" >&2 return 1 fi SSH_AUTH_SOCK="${socket}" ssh-add -D 2>/dev/null || true diff --git a/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent b/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent index d5f61d3..8e1eac4 100644 --- a/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent +++ b/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent @@ -7,7 +7,7 @@ set -eu die(){ - echo "error: ${1}" >&2 + printf '%s\n' "error: ${1}" >&2 exit 1 } @@ -18,7 +18,8 @@ if test -z "${untrusted_agent}"; then die "Agent name is empty" fi -if ! (echo "${untrusted_agent}" | grep -q -e "^[A-Za-z0-9][A-Za-z0-9_.-]\+$") +if ! (printf '%s\n' "${untrusted_agent}" | \ + grep -q -e "^[A-Za-z0-9][A-Za-z0-9_.-]\+$") then msg="Forbidden characters in agent name." msg="${msg} Allowed chars: letters, numbers, hyphen, underscore and dot." diff --git a/salt/sys-wireguard/files/admin/bin/qvm-wireguard b/salt/sys-wireguard/files/admin/bin/qvm-wireguard index 11a7739..65787e5 100755 --- a/salt/sys-wireguard/files/admin/bin/qvm-wireguard +++ b/salt/sys-wireguard/files/admin/bin/qvm-wireguard @@ -11,7 +11,7 @@ uid="$(id -u)" test "${uid}" = "0" || exec sudo "$0" "${@}" usage(){ - echo "Usage: ${0##*/} [QUBE]" + printf '%s\n' "Usage: ${0##*/} [QUBE]" exit "${1:-1}" } @@ -23,7 +23,7 @@ case "${1-}" in esac if ! qvm-check -q -- "${qube}" >/dev/null 2>&1; then - echo "Qube '${qube}' doesn't exist" >&2 + printf '%s\n' "Qube '${qube}' doesn't exist" >&2 usage 1 fi @@ -31,11 +31,11 @@ user_conf="/home/user/wireguard.conf" system_conf="/etc/wireguard/wireguard.conf" qvm-run "${qube}" -- "test -f ${user_conf}" || { - echo "File '${user_conf}' was not found" >&2 + printf '%s\n' "File '${user_conf}' was not found" >&2 if qvm-check -q --running -- "${qube}" >/dev/null 2>&1; then qvm-pause --verbose -- "${qube}" fi - echo "Firewalling ${qube} to drop all connections" + printf '%s\n' "Firewalling ${qube} to drop all connections" qvm-firewall --verbose -- "${qube}" reset qvm-firewall --verbose -- "${qube}" del --rule-no 0 qvm-firewall --verbose -- "${qube}" add drop @@ -51,7 +51,7 @@ qvm-run -u root "${qube}" -- "cp -- \"${user_conf}\" \"${system_conf}\"" # shellcheck disable=SC2016 endpoint="$(qvm-run -p -u root "${qube}" -- awk '/Endpoint/{print $3}' \ "${system_conf}")" -if echo "${endpoint}" | grep -qF -e "["; then +if printf '%s\n' "${endpoint}" | grep -qF -e "["; then ip="${ip##[\[]}" ip="${ip%%\]*}" port="${endpoint##*:}" @@ -61,7 +61,7 @@ else fi if test -z "${ip}" || test -z "${port}";then - echo "Endpoint (IP:Port) not found: ${system_conf}" >&2 + printf '%s\n' "Endpoint (IP:Port) not found: ${system_conf}" >&2 exit 1 fi @@ -69,7 +69,7 @@ if qvm-check -q --running -- "${qube}" >/dev/null 2>&1; then qvm-pause --verbose -- "${qube}" fi -echo "Firewalling ${qube} to reach only '${ip}:${port}'" +printf '%s\n' "Firewalling ${qube} to reach only '${ip}:${port}'" qvm-firewall --verbose -- "${qube}" reset qvm-firewall --verbose -- "${qube}" del --rule-no 0 qvm-firewall --verbose -- "${qube}" add accept dsthost="${ip}" \ diff --git a/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var b/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var index 275fe3c..4a75649 100755 --- a/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var +++ b/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var @@ -14,7 +14,7 @@ rm -f -- "${nft_conf}" touch -- "${nft_conf}" set_nft(){ - echo "${*}" | tee -a -- "${nft_conf}" >/dev/null + printf '%s\n' "${*}" | tee -a -- "${nft_conf}" >/dev/null } set_nft_dnat(){ @@ -35,23 +35,23 @@ if test -z "${dns}"; then exit fi -dns_primary="$(echo "${dns}" | cut -d "," -f 1)" -dns_secondary="$(echo "${dns}" | cut -d "," -f 2)" +dns_primary="$(printf '%s\n' "${dns}" | cut -d "," -f 1)" +dns_secondary="$(printf '%s\n' "${dns}" | cut -d "," -f 2)" dns_primary_ipv="" -if echo "${dns_primary}" | grep -qF -e ":"; then +if printf '%s\n' "${dns_primary}" | grep -qF -e ":"; then dns_primary_ipv=6 fi dns_secondary_ipv="" -if echo "${dns_secondary}" | grep -qF -e ":"; then +if printf '%s\n' "${dns_secondary}" | grep -qF -e ":"; then dns_secondary_ipv=6 fi if test -n "${dns}"; then set_nft_dnat "${dns_primary_ipv}" udp "${dns_primary}" set_nft_dnat "${dns_primary_ipv}" tcp "${dns_primary}" - if echo "${dns}" | grep -qF -e ","; then + if printf '%s\n' "${dns}" | grep -qF -e ","; then set_nft_dnat "${dns_secondary_ipv}" udp "${dns_secondary}" set_nft_dnat "${dns_secondary_ipv}" tcp "${dns_secondary}" fi diff --git a/scripts/best-program.sh b/scripts/best-program.sh index ea49f07..1e89936 100755 --- a/scripts/best-program.sh +++ b/scripts/best-program.sh @@ -7,7 +7,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -15,7 +16,7 @@ unset repo_toplevel for tool in "${@}"; do if ./scripts/requires-program.sh "${tool}" >/dev/null 2>&1; then - echo "${tool}" + printf '%s\n' "${tool}" break fi done diff --git a/scripts/markdown-lint.sh b/scripts/markdown-lint.sh index 9c23a54..a900b53 100755 --- a/scripts/markdown-lint.sh +++ b/scripts/markdown-lint.sh @@ -7,7 +7,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -51,7 +52,7 @@ case "${find_tool}" in files="$(find . -not -path './.github/*' -type f -name "*.md")" extra_files="$(find .github -type f -name "*.md")" ;; - *) echo "Unsupported find tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported find tool" >&2; exit 1;; esac if test -n "${extra_files}"; then diff --git a/scripts/pgp-lint.sh b/scripts/pgp-lint.sh index 82ec54c..2168ae5 100755 --- a/scripts/pgp-lint.sh +++ b/scripts/pgp-lint.sh @@ -6,7 +6,8 @@ set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -35,7 +36,7 @@ else find) files="$(find . -type f \( -name '*.asc' -o -name '*.gpg' \) | sort -d)" ;; - *) echo "Unsupported find tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported find tool" >&2; exit 1;; esac fi @@ -46,14 +47,14 @@ fi for key in ${files}; do data="$(gpg --no-keyring --no-auto-check-trustdb --no-autostart \ --with-colons --show-keys "${key}")" - nr="$(echo "${data}" | grep -Ec -e '^(p|s)ub:')" + nr="$(printf '%s\n' "${data}" | grep -Ec -e '^(p|s)ub:')" ## Threshold in days. threshold="${PGP_LINT_THRESHOLD:-30}" tty_stderr=0 if test -t 2; then tty_stderr=1 fi - echo "${data}" | awk -v fail="0" -v key="${key}" -v nr="${nr}" \ + printf '%s\n' "${data}" | awk -v fail="0" -v key="${key}" -v nr="${nr}" \ -v threshold="${threshold}" -v now="${now}" -v color="${tty_stderr}" \ -F ':' ' BEGIN { diff --git a/scripts/python-lint.sh b/scripts/python-lint.sh index acdf448..26882aa 100755 --- a/scripts/python-lint.sh +++ b/scripts/python-lint.sh @@ -7,7 +7,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -34,7 +35,7 @@ fi case "${find_tool}" in fd|fdfind) files="$(${find_tool} . -H -t f -e py)";; find) files="$(find . -type f -name "*.py")";; - *) echo "Unsupported find tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported find tool" >&2; exit 1;; esac exec pylint ${files} diff --git a/scripts/qubesbuilder-gen.sh b/scripts/qubesbuilder-gen.sh index 08ff37b..e398bf3 100755 --- a/scripts/qubesbuilder-gen.sh +++ b/scripts/qubesbuilder-gen.sh @@ -6,7 +6,8 @@ set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -29,21 +30,23 @@ group="$(./scripts/spec-get.sh dom0 group)" projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d | sort -d | sed -e "s|^salt/\(\S\+\)| - rpm_spec/${group}-\1.spec|")" for unwanted_project in ${unwanted}; do - projects="$(echo "${projects}" | + projects="$(printf '%s\n' "${projects}" | sed -e "\@rpm_spec/${group}-${unwanted_project}.spec@d")" done if test "${1-}" = "print"; then - echo "${projects}" + printf '%s\n' "${projects}" exit 0 fi sed -e "/@SPEC@/d" -- "${template}" | tee -- "${target}" >/dev/null -echo "${projects}" | tee -a -- "${target}" >/dev/null +printf '%s\n' "${projects}" | tee -a -- "${target}" >/dev/null if test "${1-}" = "test"; then if ! cmp -s -- "${target}" "${intended_target}"; then - echo "${0##*/}: error: File ${intended_target} is not up to date" >&2 - echo "${0##*/}: error: Update the builder file with: ${0##/*}" >&2 + err_msg="${0##*/}: error: File ${intended_target} is not up to date" + printf '%s\n' "${err_msg}" >&2 + err_msg="${0##*/}: error: Update the builder file with: ${0##/*}" + printf '%s\n' "${err_msg}" >&2 exit 1 fi fi diff --git a/scripts/release.sh b/scripts/release.sh index 989f3e1..cbcbd47 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -6,7 +6,8 @@ set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" diff --git a/scripts/requires-program.sh b/scripts/requires-program.sh index f60ad38..0f7fa56 100755 --- a/scripts/requires-program.sh +++ b/scripts/requires-program.sh @@ -14,6 +14,6 @@ for pkg in "${@}"; do done if test -n "${requires_program}"; then - echo "Missing program(s): ${requires_program}" >&2 + printf '%s\n' "Missing program(s): ${requires_program}" >&2 exit 1 fi diff --git a/scripts/salt-fix.sh b/scripts/salt-fix.sh index dfd7b1f..888e27d 100755 --- a/scripts/salt-fix.sh +++ b/scripts/salt-fix.sh @@ -12,7 +12,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -31,7 +32,7 @@ case "${find_tool}" in sls_files="$(find salt/ -maxdepth 2 -type f -name '*.sls')" set -- ${conf_files} ${sls_files} ;; - *) echo "Unsupported find tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported find tool" >&2; exit 1;; esac ## 201 - Fix trailing whitespace: diff --git a/scripts/salt-lint.sh b/scripts/salt-lint.sh index ed31b0a..8e52d7b 100755 --- a/scripts/salt-lint.sh +++ b/scripts/salt-lint.sh @@ -7,7 +7,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -47,7 +48,7 @@ case "${find_tool}" in -o -name '*.j2' -o -name '*.tmpl' -o -name '*.tst' \) | sort -d)" set -- ${conf_files} ${sls_files} ;; - *) echo "Unsupported find tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported find tool" >&2; exit 1;; esac exec salt-lint ${conf} "${@}" diff --git a/scripts/setup.sh b/scripts/setup.sh index 5262be8..fdb5f9c 100755 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -8,7 +8,8 @@ set -eu # shellcheck disable=3028 hostname="$(hostname)" -test "${hostname}" = "dom0" || { echo "Must be run from dom0" >&2; exit 1; } +test "${hostname}" = "dom0" || + { printf '%s\n' "Must be run from dom0" >&2; exit 1; } uid="$(id -u)" test "${uid}" = "0" || exec sudo "${0}" diff --git a/scripts/shell-lint.sh b/scripts/shell-lint.sh index 7e552c2..b168b33 100755 --- a/scripts/shell-lint.sh +++ b/scripts/shell-lint.sh @@ -9,7 +9,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -81,10 +82,10 @@ case "${find_tool}" in files="$(find scripts/ salt/ -not \( -path "*/zsh" -prune \) -type f \ -exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')" ;; - *) echo "Unsupported find tool" >&2; exit 1;; + *) printf '%s\n' "Unsupported find tool" >&2; exit 1;; esac -files="$(echo "${files}" | sort -u)" +files="$(printf '%s\n' "${files}" | sort -u)" # shellcheck disable=SC2310 show_long_lines ${files} || exit_code=1 diff --git a/scripts/spec-build.sh b/scripts/spec-build.sh index 74cc627..fe4ffb8 100755 --- a/scripts/spec-build.sh +++ b/scripts/spec-build.sh @@ -7,7 +7,7 @@ set -eu usage(){ - echo "Usage: ${0##*/} PROJECT [PROJECT ...]" >&2 + printf '%s\n' "Usage: ${0##*/} PROJECT [PROJECT ...]" >&2 exit 1 } @@ -62,7 +62,8 @@ case "${1-}" in *) ;; esac -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" diff --git a/scripts/spec-gen.sh b/scripts/spec-gen.sh index 43a531e..611bea7 100755 --- a/scripts/spec-gen.sh +++ b/scripts/spec-gen.sh @@ -7,16 +7,17 @@ set -eu usage(){ - echo "Usage: ${0##*/} PROJECT [PROJECT ...]" + printf '%s\n' "Usage: ${0##*/} PROJECT [PROJECT ...]" } ## Escape multiline strings for sed. escape_key(){ key_type="${1}" if test "${key_type}" = "scriptlet"; then - echo "${2}" | sed -e ':a;N;$!ba;s/\n/\\n /g' | sed -e 's/\$/\\$/' + printf '%s\n' "${2}" | sed -e ':a;N;$!ba;s/\n/\\n /g' | \ + sed -e 's/\$/\\$/' elif test "${key_type}" = "text"; then - echo "${2}" | sed -e ':a;N;$!ba;s/\n/\\n/g' | sed -e 's/\$/\\$/' + printf '%s\n' "${2}" | sed -e ':a;N;$!ba;s/\n/\\n/g' | sed -e 's/\$/\\$/' else return 1 fi @@ -33,7 +34,7 @@ get_scriptlet(){ "/^<\!${scriptlet_begin}>$/,/^<\!${scriptlet_end}>$/p" \ -- "${readme}" | sed -e '/^```.*/d;/^\S*$/d;/^<\!-- pkg:/d;s/^sudo //')" if test -z "${scriptlet}"; then - echo true + printf '%s\n' "true" return 0 fi escape_key scriptlet "${scriptlet}" @@ -44,14 +45,14 @@ get_spec(){ } gen_spec(){ - project="$(echo "${1}" | sed -e "s|salt/||;s|/.*||")" - if echo "${projects_seen}" | grep -qF -e " ${project} "; then + project="$(printf '%s\n' "${1}" | sed -e "s|salt/||;s|/.*||")" + if printf '%s\n' "${projects_seen}" | grep -qF -e " ${project} "; then return fi projects_seen="${projects_seen} ${project} " - if echo "${unwanted}" | grep -q -e "^${project}$"; then - echo "warn: skipping spec generation of untracked formula: ${project}" >&2 + if printf '%s\n' "${unwanted}" | grep -q -e "^${project}$"; then + printf '%s\n' "warn: skipping spec of untracked formula: ${project}" >&2 return 0 fi @@ -74,7 +75,7 @@ gen_spec(){ version="$(get_spec version)" license_csv="$(get_spec license_csv)" ## Ideally we would query the license, but it is a heavy call. - license="$(echo "${license_csv}" | sed -e "s/\,/ AND /g")" + license="$(printf '%s\n' "${license_csv}" | sed -e "s/\,/ AND /g")" vendor="$(get_spec vendor)" packager="$(get_spec packager)" url="$(get_spec url)" @@ -125,18 +126,19 @@ gen_spec(){ requires_key="${requires_key:-}Requires: ${group}-${r}\n" done sed -i -e "s/@REQUIRES@/${requires_key}/" -- "${target}" >/dev/null - echo "${changelog}" | tee -a -- "${target}" >/dev/null + printf '%s\n' "${changelog}" | tee -a -- "${target}" >/dev/null if test "${2-}" = "test"; then if ! cmp -s -- "${target}" "${intended_target}"; then - echo "error: ${intended_target} is not up to date" >&2 + printf '%s\n' "error: ${intended_target} is not up to date" >&2 diff --color=auto -- "${intended_target}" "${target}" || true fail=1 else unstaged_target="$(git diff --name-only -- "${intended_target}")" || true if test -n "${unstaged_target}"; then - echo "warn: ${intended_target} is up to date but it is not staged" >&2 + err_msg="warn: ${intended_target} is up to date but it is not staged" + printf '%s\n' "${err_msg}" >&2 fi fi fi @@ -147,7 +149,8 @@ case "${1-}" in *) ;; esac -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -167,7 +170,8 @@ if test "${1-}" = "test"; then shift fi -if echo "${@}" | grep -qE -e "(^scripts/| scripts/|/template.spec)" || +if printf '%s\n' "${@}" | \ + grep -qE -e "(^scripts/| scripts/|/template.spec)" || test -z "${1-}" then # shellcheck disable=SC2046,SC2312 diff --git a/scripts/spec-get.sh b/scripts/spec-get.sh index 02be8e8..d392ea4 100755 --- a/scripts/spec-get.sh +++ b/scripts/spec-get.sh @@ -10,11 +10,11 @@ set -eu usage(){ names="$(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \ | sort -d | tr "\n" " ")" - keys_trimmed="$(echo "${keys}" | tr "\n" " ")" - echo "Usage: ${0##*/} " - echo "Example: ${0##*/} qubes-builder description" - echo "Names: ${names}" - echo "Keys: ${keys_trimmed}" + keys_trimmed="$(printf '%s\n' "${keys}" | tr "\n" " ")" + printf '%s\n' "Usage: ${0##*/} " + printf '%s\n' "Example: ${0##*/} qubes-builder description" + printf '%s\n' "Names: ${names}" + printf '%s\n' "Keys: ${keys_trimmed}" } block_max_chars(){ @@ -22,8 +22,9 @@ block_max_chars(){ char_value="${2}" less_than="${3}" if test "${#char_value}" -ge "${less_than}"; then - echo "Error: ${char_key} is too long. Must be <${less_than} chars." >&2 - echo "Key contents: ${char_value}" >&2 + err_msg="Error: ${char_key} is too long. Must be <${less_than} chars." + printf '%s\n' "${err_msg}" >&2 + printf '%s\n' "Key contents: ${char_value}" >&2 exit 1 fi } @@ -60,11 +61,12 @@ case "${1-}" in *) key="${1}"; shift;; esac if test -z "${key##* }"; then - echo "Key was not given" >&2 + printf '%s\n' "Key was not given" >&2 exit 1 fi -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -87,7 +89,8 @@ bug_url="${SPEC_BUGURL:-"${url}/issues"}" if test -z "${group}" || test -z "${vendor}" || test -z "${packager}" \ || test -z "${url}" || test -z "${bug_url}" then - echo "At least one empty var: group, vendor, packager, url, bug_url" >&2 + err_msg="At least one empty var: group, vendor, packager, url, bug_url" + printf '%s\n' "${err_msg}" >&2 exit 1 fi @@ -96,7 +99,7 @@ project="${group}-${name}" project_dir="salt/${name}" if ! test -d "${project_dir}"; then - echo "Project doesn't exist: ${project_dir}" >&2 + printf '%s\n' "Project doesn't exist: ${project_dir}" >&2 exit 1 fi @@ -104,7 +107,7 @@ fi read -r version <"${project_dir}/version" readme="${project_dir}/README.md" if ! test -f "${readme}"; then - echo "Project ${name} does not have README.md" >&2 + printf '%s\n' "Project ${name} does not have README.md" >&2 exit 1 fi @@ -112,7 +115,7 @@ if test "${key}" = "license" || test "${key}" = "license_csv"; then license_csv="$(reuse --root "${project_dir}" lint | awk -F ':' '/^\* Used licenses:/{print $2}' | tr " " "\n" | tr -d "," | sort -d | tr -s "\n" "," | sed "s/^\,//;s/\,$//")" - license="$(echo "${license_csv}" | sed "s/\,/ AND /g")" + license="$(printf '%s\n' "${license_csv}" | sed "s/\,/ AND /g")" fi ## The macro %autochangelog prints logs of all projects and we separate a @@ -167,25 +170,25 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then fi case "${key}" in - branch) echo "${branch}";; - changelog) echo "${changelog}";; - description) echo "${description}";; - file_roots) echo "${file_roots}";; - group) echo "${group}";; - license_csv) echo "${license_csv}";; - license) echo "${license}";; - name) echo "${name}";; - project) echo "${project}";; - project_dir) echo "${project_dir}";; - readme) echo "${readme}";; - requires) echo "${requires}";; - saltfiles) echo "${saltfiles}";; - summary) echo "${summary}";; - url) echo "${url}";; - bug_url) echo "${bug_url}";; - vendor) echo "${vendor}";; - packager) echo "${packager}";; - version) echo "${version}";; + branch) printf '%s\n' "${branch}";; + changelog) printf '%s\n' "${changelog}";; + description) printf '%s\n' "${description}";; + file_roots) printf '%s\n' "${file_roots}";; + group) printf '%s\n' "${group}";; + license_csv) printf '%s\n' "${license_csv}";; + license) printf '%s\n' "${license}";; + name) printf '%s\n' "${name}";; + project) printf '%s\n' "${project}";; + project_dir) printf '%s\n' "${project_dir}";; + readme) printf '%s\n' "${readme}";; + requires) printf '%s\n' "${requires}";; + saltfiles) printf '%s\n' "${saltfiles}";; + summary) printf '%s\n' "${summary}";; + url) printf '%s\n' "${url}";; + bug_url) printf '%s\n' "${bug_url}";; + vendor) printf '%s\n' "${vendor}";; + packager) printf '%s\n' "${packager}";; + version) printf '%s\n' "${version}";; "") exit 1;; - *) echo "Unsupported key" >&2; exit 1;; + *) printf '%s\n' "Unsupported key" >&2; exit 1;; esac diff --git a/scripts/spell-lint.sh b/scripts/spell-lint.sh index 0e1ca87..d609252 100755 --- a/scripts/spell-lint.sh +++ b/scripts/spell-lint.sh @@ -7,7 +7,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" diff --git a/scripts/toc-gen.sh b/scripts/toc-gen.sh index ffbcebe..bc6badd 100755 --- a/scripts/toc-gen.sh +++ b/scripts/toc-gen.sh @@ -8,7 +8,7 @@ set -eu usage(){ - echo "Usage: ${0##*/} [file ...]" + printf '%s\n' "Usage: ${0##*/} [file ...]" exit 1 } @@ -21,18 +21,19 @@ esac ## update on save. if ! vim -e -c 'setf markdown' -c 'if !exists(":GenTocGFM") | cq | endif' -c q then - echo "Error: Vim Plugin mzlogin/vim-markdown-toc is not installed." >&2 + err_msg="Error: Vim Plugin mzlogin/vim-markdown-toc isn't installed." + printf '%s\n' "${err_msg}" >&2 exit 1 fi for f in "${@}"; do if ! test -f "${f}"; then - echo "Error: Not a regular file: ${f}" >&2 + printf '%s\n' "Error: Not a regular file: ${f}" >&2 exit 1 fi if ! grep -q -e "^## Table of Contents$" -- "${f}"; then - echo "Could not find table of contents in file: ${f}, skipping" >&2 + printf '%s\n' "Could not find TOC in file: ${f}, skipping" >&2 continue fi ## This is fragile, the table of contents should have at least one block @@ -40,5 +41,5 @@ for f in "${@}"; do ## the rest of the file. vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' \ -c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}" - echo "Updated TOC in file: ${f}" + printf '%s\n' "Updated TOC in file: ${f}" done diff --git a/scripts/unicode-lint.sh b/scripts/unicode-lint.sh index 1390bff..e6c44c5 100755 --- a/scripts/unicode-lint.sh +++ b/scripts/unicode-lint.sh @@ -8,7 +8,8 @@ set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" @@ -22,7 +23,7 @@ if test -n "${1-}"; then fi fi -files="$(echo "${files}" | sort -u)" +files="$(printf '%s\n' "${files}" | sort -u)" # shellcheck disable=SC2086 unicode_match="$(grep -oPrHn --exclude-dir=.git --exclude-dir=LICENSES \ -e "[^\x00-\x7F]" -- ${files} || true)" @@ -30,14 +31,14 @@ unicode_match="$(grep -oPrHn --exclude-dir=.git --exclude-dir=LICENSES \ match_found="" if test -n "${unicode_match}"; then for line in ${unicode_match}; do - line_file="$(echo "${line}" | cut -d ":" -f1)" + line_file="$(printf '%s\n' "${line}" | cut -d ":" -f1)" case "${line_file}" in git/*|LICENSES/*|.reuse/dep5|*.asc) continue;; *) ;; esac - line_number="$(echo "${line}" | cut -d ":" -f2)" - line_unicode="$(echo "${line}" | cut -d ":" -f3 | od -A n -vt c)" - echo "${line_file}:${line_number}:${line_unicode}" + line_number="$(printf '%s\n' "${line}" | cut -d ":" -f2)" + line_unicode="$(printf '%s\n' "${line}" | cut -d ":" -f3 | od -A n -vt c)" + printf '%s\n' "${line_file}:${line_number}:${line_unicode}" match_found="1" done if test "${match_found}" = 1; then diff --git a/scripts/yaml-lint.sh b/scripts/yaml-lint.sh index 19b72d9..dd28940 100755 --- a/scripts/yaml-lint.sh +++ b/scripts/yaml-lint.sh @@ -7,7 +7,8 @@ # shellcheck disable=SC2086 set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}" diff --git a/scripts/yumrepo-gen.sh b/scripts/yumrepo-gen.sh index 5aaee2c..be80c7e 100755 --- a/scripts/yumrepo-gen.sh +++ b/scripts/yumrepo-gen.sh @@ -6,7 +6,8 @@ set -eu -command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } +command -v git >/dev/null || + { printf '%s\n' "Missing program: git" >&2; exit 1; } repo_toplevel="$(git rev-parse --show-toplevel)" test -d "${repo_toplevel}" || exit 1 cd "${repo_toplevel}"