From 8bb152f76eda732ed54edf48b51a2e3fdd10f3b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 30 Sep 2017 04:49:21 +0200 Subject: [PATCH] init: fix issues found by shellcheck in init scripts Most of them are missing quotes, `` -> $(), and -o/-a usage in conditions. Also add few directives disabling checks where were too verbose. --- init/functions | 19 +++++++++---------- init/setup-rwdev.sh | 2 +- vm-init.d/qubes-core | 2 ++ vm-init.d/qubes-core-early | 3 +++ vm-init.d/qubes-core-netvm | 2 ++ vm-init.d/qubes-firewall | 4 +++- vm-init.d/qubes-qrexec-agent | 1 + vm-init.d/qubes-sysinit | 2 ++ vm-init.d/qubes-updates-proxy | 8 ++++---- vm-init.d/qubes-updates-proxy-forwarder | 5 +++-- vm-systemd/misc-post.sh | 4 ++-- vm-systemd/network-proxy-setup.sh | 4 ++-- vm-systemd/qubes-early-vm-config.sh | 7 ++++--- vm-systemd/qubes-sysinit.sh | 20 ++++++++++---------- 14 files changed, 48 insertions(+), 35 deletions(-) diff --git a/init/functions b/init/functions index 599982a..38aee57 100644 --- a/init/functions +++ b/init/functions @@ -27,7 +27,7 @@ under_systemd() { systemd_version_changed() { under_systemd || return - systemd_pkg_version=`systemctl --version|head -n 1` + systemd_pkg_version=$(systemctl --version|head -n 1) if dmesg | grep -q "$systemd_pkg_version running in system mode."; then return 1 fi @@ -38,7 +38,7 @@ possibly_run_save_script() { ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script) if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi tmpfile=$(mktemp /tmp/qubes-save-script.XXXXXXXXX) - echo $ENCODED_SCRIPT|base64 -d >"$tmpfile" + echo "$ENCODED_SCRIPT"|base64 -d >"$tmpfile" chmod 755 "$tmpfile" DISPLAY=:0 su - user -c "$tmpfile" ret=$? @@ -94,7 +94,6 @@ is_updateable() { reload_random_seed() { local seed - local decoded seed=$(qubesdb-read /qubes-random-seed) echo "$seed" | base64 -d > /dev/urandom qubesdb-rm /qubes-random-seed @@ -122,7 +121,7 @@ umount_retry() { initialize_home() { local home_root local mode - local user + #local user local uid local gid local homedir @@ -141,7 +140,7 @@ initialize_home() { return 64 fi - if [ "$mode" != "unconditionally" -a "$mode" != "ifneeded" ] ; then + if [ "$mode" != "unconditionally" ] && [ "$mode" != "ifneeded" ] ; then echo "initialize_home() second parameter must be 'unconditionally' or 'ifneeded'" >&2 return 64 fi @@ -153,13 +152,13 @@ initialize_home() { # Chown home if users' UIDs have changed - can be the case on template switch. for pair in $(getent passwd | awk -F : '/\/home/ { print $1":"$3":"$4":"$6 } ') ; do - user=$(echo "$pair" | awk -F : ' { print $1 } ') + #user=$(echo "$pair" | awk -F : ' { print $1 } ') uid=$(echo "$pair" | awk -F : ' { print $2 } ') gid=$(echo "$pair" | awk -F : ' { print $3 } ') homedir=$(echo "$pair" | awk -F : ' { print $4 } ') - homedirwithouthome=$(echo "$homedir" | sed 's|^/home/||') + homedirwithouthome=${homedir#/home/} if ! test -d "$home_root/$homedirwithouthome" || [ "$mode" = "unconditionally" ] ; then - if [ "$homedir" == "/home/user" -a -d "/home.orig/$homedirwithouthome" ] ; then + if [ "$homedir" == "/home/user" ] && [ -d "/home.orig/$homedirwithouthome" ] ; then echo "initialize_home: populating $mode $home_root/$homedirwithouthome from /home.orig/$homedirwithouthome" >&2 mkdir -p "$home_root/$homedirwithouthome" cp -af -T "/home.orig/$homedirwithouthome" "$home_root/$homedirwithouthome" @@ -178,8 +177,8 @@ initialize_home() { for waitpid in $waitpids ; do wait "$waitpid" ; done ; waitpids= fi waitpids= - homedir_uid=$(ls -dn "$home_root/$homedirwithouthome" | awk '{print $3}') - homedir_gid=$(ls -dn "$home_root/$homedirwithouthome" | awk '{print $4}') + homedir_uid=$(stat --format=%u "$home_root/$homedirwithouthome") + homedir_gid=$(stat --format=%g "$home_root/$homedirwithouthome") if [ "$uid" -ne "$homedir_uid" ]; then echo "initialize_home: adjusting ownership on $home_root/$homedirwithouthome to $uid" >&2 find "$home_root/$homedirwithouthome" -uid "$homedir_uid" -print0 | xargs -0 chown "$uid" & diff --git a/init/setup-rwdev.sh b/init/setup-rwdev.sh index 4c51caf..21dc839 100755 --- a/init/setup-rwdev.sh +++ b/init/setup-rwdev.sh @@ -8,7 +8,7 @@ if [ -e "$dev" ] ; then # The private /dev/xvdb device is present. # check if private.img (xvdb) is empty - all zeros - private_size_512=`blockdev --getsz "$dev"` + private_size_512=$(blockdev --getsz "$dev") if dd if=/dev/zero bs=512 count="$private_size_512" 2>/dev/null | diff "$dev" - >/dev/null; then # the device is empty, create filesystem echo "Virgin boot of the VM: creating private.img filesystem on $dev" >&2 diff --git a/vm-init.d/qubes-core b/vm-init.d/qubes-core index 437bff9..4797619 100755 --- a/vm-init.d/qubes-core +++ b/vm-init.d/qubes-core @@ -35,6 +35,7 @@ start() fi echo -n $"Executing Qubes misc post scripts:" + # shellcheck disable=SC2015 /usr/lib/qubes/init/misc-post.sh && success || failure echo } @@ -59,4 +60,5 @@ case "$1" in ;; esac +# shellcheck disable=SC2086 exit $RETVAL diff --git a/vm-init.d/qubes-core-early b/vm-init.d/qubes-core-early index 12ad472..7c1d22d 100755 --- a/vm-init.d/qubes-core-early +++ b/vm-init.d/qubes-core-early @@ -14,10 +14,12 @@ start() have_qubesdb || return echo -n $"Setting up Qubes persistent file systems:" + # shellcheck disable=SC2015 /usr/lib/qubes/init/mount-dirs.sh && success || failure echo echo -n $"Executing Qubes random seed scripts:" + # shellcheck disable=SC2015 /usr/lib/qubes/init/qubes-random-seed.sh && success || failure echo @@ -41,4 +43,5 @@ case "$1" in ;; esac +# shellcheck disable=SC2086 exit $RETVAL diff --git a/vm-init.d/qubes-core-netvm b/vm-init.d/qubes-core-netvm index d96db37..c4ca815 100755 --- a/vm-init.d/qubes-core-netvm +++ b/vm-init.d/qubes-core-netvm @@ -19,6 +19,7 @@ start() fi echo -n $"Executing Qubes Core scripts NetVM:" + # shellcheck disable=SC2015 /usr/lib/qubes/init/network-proxy-setup && success || failure echo } @@ -41,4 +42,5 @@ case "$1" in ;; esac +# shellcheck disable=SC2086 exit $RETVAL diff --git a/vm-init.d/qubes-firewall b/vm-init.d/qubes-firewall index 30a74a2..795f482 100755 --- a/vm-init.d/qubes-firewall +++ b/vm-init.d/qubes-firewall @@ -28,7 +28,8 @@ stop() { if [ -r $PIDFILE ]; then echo -n "Stopping Qubes Firewall monitor:" - kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure + # shellcheck disable=SC2015 + kill -9 "$(cat "$PIDFILE")" 2>/dev/null && success || failure echo "" fi return 0 @@ -47,4 +48,5 @@ case "$1" in ;; esac +# shellcheck disable=SC2086 exit $RETVAL diff --git a/vm-init.d/qubes-qrexec-agent b/vm-init.d/qubes-qrexec-agent index 47ea0a1..f04a4ef 100755 --- a/vm-init.d/qubes-qrexec-agent +++ b/vm-init.d/qubes-qrexec-agent @@ -38,4 +38,5 @@ case "$1" in ;; esac +# shellcheck disable=SC2086 exit $RETVAL diff --git a/vm-init.d/qubes-sysinit b/vm-init.d/qubes-sysinit index d8636aa..49853af 100755 --- a/vm-init.d/qubes-sysinit +++ b/vm-init.d/qubes-sysinit @@ -10,6 +10,7 @@ start() { echo -n $"Executing Qubes system initialization scripts:" + # shellcheck disable=SC2015 /usr/lib/qubes/init/qubes-sysinit.sh && success || failure ; echo } @@ -31,4 +32,5 @@ case "$1" in ;; esac +# shellcheck disable=SC2086 exit $RETVAL diff --git a/vm-init.d/qubes-updates-proxy b/vm-init.d/qubes-updates-proxy index 8bf4c01..c96a0b7 100755 --- a/vm-init.d/qubes-updates-proxy +++ b/vm-init.d/qubes-updates-proxy @@ -58,12 +58,12 @@ start() { stop() { echo -n $"Stopping $prog: " - killproc -p $pidfile $prog + killproc -p $pidfile "$prog" retval=$? echo /sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT /sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT - [ $retval -eq 0 ] && rm -f $lockfile + [ $retval -eq 0 ] && rm -f "$lockfile" return $retval } @@ -74,7 +74,7 @@ restart() { reload() { echo -n $"Reloading $prog: " - killproc -p $pidfile $prog -HUP + killproc -p $pidfile "$prog" -HUP echo } @@ -83,7 +83,7 @@ force_reload() { } rh_status() { - status $prog + status "$prog" } rh_status_q() { diff --git a/vm-init.d/qubes-updates-proxy-forwarder b/vm-init.d/qubes-updates-proxy-forwarder index 0c397ab..0c07f3e 100755 --- a/vm-init.d/qubes-updates-proxy-forwarder +++ b/vm-init.d/qubes-updates-proxy-forwarder @@ -45,6 +45,7 @@ start() { [ -x $exec ] || exit 5 echo -n $"Starting $prog (as Qubes updates proxy forwarder): " + # shellcheck disable=SC2016 start-stop-daemon \ --exec $exec \ --pidfile "$pidfile" \ @@ -61,7 +62,7 @@ start() { stop() { echo -n $"Stopping $prog: " - killproc -p $pidfile $prog + killproc -p $pidfile "$prog" retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile @@ -78,7 +79,7 @@ force_reload() { } rh_status() { - status $prog + status "$prog" } rh_status_q() { diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh index cd550e3..3ae3cf4 100755 --- a/vm-systemd/misc-post.sh +++ b/vm-systemd/misc-post.sh @@ -5,8 +5,8 @@ /usr/lib/qubes/update-proxy-configs -if [ -n "`ls -A /usr/local/lib 2>/dev/null`" -o \ - -n "`ls -A /usr/local/lib64 2>/dev/null`" ]; then +if [ -n "$(ls -A /usr/local/lib 2>/dev/null)" ] || \ + [ -n "$(ls -A /usr/local/lib64 2>/dev/null)" ]; then ldconfig fi diff --git a/vm-systemd/network-proxy-setup.sh b/vm-systemd/network-proxy-setup.sh index cacda85..9ba8d68 100755 --- a/vm-systemd/network-proxy-setup.sh +++ b/vm-systemd/network-proxy-setup.sh @@ -11,8 +11,8 @@ if [ "x$network" != "x" ]; then fi gateway=$(qubesdb-read /qubes-netvm-gateway) - netmask=$(qubesdb-read /qubes-netvm-netmask) - primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo $gateway) + #netmask=$(qubesdb-read /qubes-netvm-netmask) + primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo "$gateway") secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns) modprobe netbk 2> /dev/null || modprobe xen-netback || "${modprobe_fail_cmd}" echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns diff --git a/vm-systemd/qubes-early-vm-config.sh b/vm-systemd/qubes-early-vm-config.sh index 999bb90..332ae1f 100755 --- a/vm-systemd/qubes-early-vm-config.sh +++ b/vm-systemd/qubes-early-vm-config.sh @@ -5,13 +5,14 @@ # but before sysinit.target is reached. # Source Qubes library. +# shellcheck source=init/functions . /usr/lib/qubes/init/functions # Set the hostname if ! is_protected_file /etc/hostname ; then - name=`qubesdb-read /name` + name=$(qubesdb-read /name) if [ -n "$name" ]; then - hostname $name + hostname "$name" if [ -e /etc/debian_version ]; then ipv4_localhost_re="127\.0\.1\.1" else @@ -24,7 +25,7 @@ fi # Set the timezone if ! is_protected_file /etc/timezone ; then - timezone=`qubesdb-read /qubes-timezone 2> /dev/null` + timezone=$(qubesdb-read /qubes-timezone 2> /dev/null) if [ -n "$timezone" ]; then ln -sf ../usr/share/zoneinfo/"$timezone" /etc/localtime if [ -e /etc/debian_version ]; then diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index d9b8aa4..6ba8cf6 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -26,8 +26,8 @@ qemu_devices="0x8086 0x0001 0x00b8 " -if [ -z "$(ls /sys/bus/pci/devices/)" -o \ - "$(cat /sys/bus/pci/devices/*/{vendor,device})" != "$qemu_devices" ]; then +if [ -z "$(ls /sys/bus/pci/devices/)" ] || \ + [ "$(cat /sys/bus/pci/devices/*/{vendor,device})" != "$qemu_devices" ]; then # do not enable meminfo-writer (so qmemman for this domain) when any real PCI # device is present DEFAULT_ENABLED="$DEFAULT_ENABLED meminfo-writer" @@ -43,7 +43,7 @@ if systemd_version_changed ; then fi # Wait for xenbus initialization -while [ ! -e /dev/xen/xenbus -a ! -e /proc/xen/xenbus ]; do +while [ ! -e /dev/xen/xenbus ] && [ -e /proc/xen/xenbus ]; do sleep 0.1 done @@ -74,24 +74,24 @@ is_templatevm && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM && touch /var/run/q # Enable default services for srv in $DEFAULT_ENABLED; do - touch /var/run/qubes-service/$srv + touch "/var/run/qubes-service/$srv" done # Enable services -for srv in `qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 1'|cut -f 1 -d ' '`; do - touch /var/run/qubes-service/$srv +for srv in $(qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 1'|cut -f 1 -d ' '); do + touch "/var/run/qubes-service/$srv" done # Disable services -for srv in `qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '`; do - rm -f /var/run/qubes-service/$srv +for srv in $(qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '); do + rm -f "/var/run/qubes-service/$srv" done # Prepare environment for other services echo > /var/run/qubes-service-environment -debug_mode=`qubesdb-read /qubes-debug-mode 2> /dev/null` -if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then +debug_mode=$(qubesdb-read /qubes-debug-mode 2> /dev/null) +if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment fi