Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

init: fix issues found by shellcheck in init scripts

Browse Source 
Most of them are missing quotes, `` -> $(), and -o/-a usage in
conditions. Also add few directives disabling checks where were too
verbose.
This commit is contained in:
Marek Marczykowski-Górecki 2017-09-30 04:49:21 +02:00
parent 9c839d789f
commit 8bb152f76e
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
14 changed files with 48 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
init/functions
View File

@ -27,7 +27,7 @@ under_systemd() {
systemd_version_changed() { systemd_version_changed() {
under_systemd || return under_systemd || return
systemd_pkg_version=`systemctl --version|head -n 1` systemd_pkg_version=$(systemctl --version|head -n 1)
if dmesg | grep -q "$systemd_pkg_version running in system mode."; then if dmesg | grep -q "$systemd_pkg_version running in system mode."; then
return 1 return 1
fi fi
@ -38,7 +38,7 @@ possibly_run_save_script() {
ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script) ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script)
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
tmpfile=$(mktemp /tmp/qubes-save-script.XXXXXXXXX) tmpfile=$(mktemp /tmp/qubes-save-script.XXXXXXXXX)
echo $ENCODED_SCRIPT|base64 -d >"$tmpfile" echo "$ENCODED_SCRIPT"|base64 -d >"$tmpfile"
chmod 755 "$tmpfile" chmod 755 "$tmpfile"
DISPLAY=:0 su - user -c "$tmpfile" DISPLAY=:0 su - user -c "$tmpfile"
ret=$? ret=$?
@ -94,7 +94,6 @@ is_updateable() {
reload_random_seed() { reload_random_seed() {
local seed local seed
local decoded
seed=$(qubesdb-read /qubes-random-seed) seed=$(qubesdb-read /qubes-random-seed)
echo "$seed" | base64 -d > /dev/urandom echo "$seed" | base64 -d > /dev/urandom
qubesdb-rm /qubes-random-seed qubesdb-rm /qubes-random-seed
@ -122,7 +121,7 @@ umount_retry() {
initialize_home() { initialize_home() {
local home_root local home_root
local mode local mode
local user #local user
local uid local uid
local gid local gid
local homedir local homedir
@ -141,7 +140,7 @@ initialize_home() {
return 64 return 64
fi fi
if [ "$mode" != "unconditionally" -a "$mode" != "ifneeded" ] ; then if [ "$mode" != "unconditionally" ] && [ "$mode" != "ifneeded" ] ; then
echo "initialize_home() second parameter must be 'unconditionally' or 'ifneeded'" >&2 echo "initialize_home() second parameter must be 'unconditionally' or 'ifneeded'" >&2
return 64 return 64
fi fi
@ -153,13 +152,13 @@ initialize_home() {
# Chown home if users' UIDs have changed - can be the case on template switch. # Chown home if users' UIDs have changed - can be the case on template switch.
for pair in $(getent passwd | awk -F : '/\/home/ { print $1":"$3":"$4":"$6 } ') ; do for pair in $(getent passwd | awk -F : '/\/home/ { print $1":"$3":"$4":"$6 } ') ; do
user=$(echo "$pair" | awk -F : ' { print $1 } ') #user=$(echo "$pair" | awk -F : ' { print $1 } ')
uid=$(echo "$pair" | awk -F : ' { print $2 } ') uid=$(echo "$pair" | awk -F : ' { print $2 } ')
gid=$(echo "$pair" | awk -F : ' { print $3 } ') gid=$(echo "$pair" | awk -F : ' { print $3 } ')
homedir=$(echo "$pair" | awk -F : ' { print $4 } ') homedir=$(echo "$pair" | awk -F : ' { print $4 } ')
homedirwithouthome=$(echo "$homedir" | sed 's|^/home/||') homedirwithouthome=${homedir#/home/}
if ! test -d "$home_root/$homedirwithouthome" || [ "$mode" = "unconditionally" ] ; then if ! test -d "$home_root/$homedirwithouthome" || [ "$mode" = "unconditionally" ] ; then
if [ "$homedir" == "/home/user" -a -d "/home.orig/$homedirwithouthome" ] ; then if [ "$homedir" == "/home/user" ] && [ -d "/home.orig/$homedirwithouthome" ] ; then
echo "initialize_home: populating $mode $home_root/$homedirwithouthome from /home.orig/$homedirwithouthome" >&2 echo "initialize_home: populating $mode $home_root/$homedirwithouthome from /home.orig/$homedirwithouthome" >&2
mkdir -p "$home_root/$homedirwithouthome" mkdir -p "$home_root/$homedirwithouthome"
cp -af -T "/home.orig/$homedirwithouthome" "$home_root/$homedirwithouthome" cp -af -T "/home.orig/$homedirwithouthome" "$home_root/$homedirwithouthome"
@ -178,8 +177,8 @@ initialize_home() {
for waitpid in $waitpids ; do wait "$waitpid" ; done ; waitpids= for waitpid in $waitpids ; do wait "$waitpid" ; done ; waitpids=
fi fi
waitpids= waitpids=
homedir_uid=$(ls -dn "$home_root/$homedirwithouthome" | awk '{print $3}') homedir_uid=$(stat --format=%u "$home_root/$homedirwithouthome")
homedir_gid=$(ls -dn "$home_root/$homedirwithouthome" | awk '{print $4}') homedir_gid=$(stat --format=%g "$home_root/$homedirwithouthome")
if [ "$uid" -ne "$homedir_uid" ]; then if [ "$uid" -ne "$homedir_uid" ]; then
echo "initialize_home: adjusting ownership on $home_root/$homedirwithouthome to $uid" >&2 echo "initialize_home: adjusting ownership on $home_root/$homedirwithouthome to $uid" >&2
find "$home_root/$homedirwithouthome" -uid "$homedir_uid" -print0 | xargs -0 chown "$uid" & find "$home_root/$homedirwithouthome" -uid "$homedir_uid" -print0 | xargs -0 chown "$uid" &

2
init/setup-rwdev.sh
View File

@ -8,7 +8,7 @@ if [ -e "$dev" ] ; then
# The private /dev/xvdb device is present. # The private /dev/xvdb device is present.
# check if private.img (xvdb) is empty - all zeros # check if private.img (xvdb) is empty - all zeros
private_size_512=`blockdev --getsz "$dev"` private_size_512=$(blockdev --getsz "$dev")
if dd if=/dev/zero bs=512 count="$private_size_512" 2>/dev/null | diff "$dev" - >/dev/null; then if dd if=/dev/zero bs=512 count="$private_size_512" 2>/dev/null | diff "$dev" - >/dev/null; then
# the device is empty, create filesystem # the device is empty, create filesystem
echo "Virgin boot of the VM: creating private.img filesystem on $dev" >&2 echo "Virgin boot of the VM: creating private.img filesystem on $dev" >&2

2
vm-init.d/qubes-core
View File

@ -35,6 +35,7 @@ start()
fi fi
echo -n $"Executing Qubes misc post scripts:" echo -n $"Executing Qubes misc post scripts:"
# shellcheck disable=SC2015
/usr/lib/qubes/init/misc-post.sh && success || failure /usr/lib/qubes/init/misc-post.sh && success || failure
echo echo
} }
@ -59,4 +60,5 @@ case "$1" in
;; ;;
esac esac
# shellcheck disable=SC2086
exit $RETVAL exit $RETVAL

3
vm-init.d/qubes-core-early
View File

@ -14,10 +14,12 @@ start()
have_qubesdb || return have_qubesdb || return
echo -n $"Setting up Qubes persistent file systems:" echo -n $"Setting up Qubes persistent file systems:"
# shellcheck disable=SC2015
/usr/lib/qubes/init/mount-dirs.sh && success || failure /usr/lib/qubes/init/mount-dirs.sh && success || failure
echo echo
echo -n $"Executing Qubes random seed scripts:" echo -n $"Executing Qubes random seed scripts:"
# shellcheck disable=SC2015
/usr/lib/qubes/init/qubes-random-seed.sh && success || failure /usr/lib/qubes/init/qubes-random-seed.sh && success || failure
echo echo
@ -41,4 +43,5 @@ case "$1" in
;; ;;
esac esac
# shellcheck disable=SC2086
exit $RETVAL exit $RETVAL

2
vm-init.d/qubes-core-netvm
View File

@ -19,6 +19,7 @@ start()
fi fi
echo -n $"Executing Qubes Core scripts NetVM:" echo -n $"Executing Qubes Core scripts NetVM:"
# shellcheck disable=SC2015
/usr/lib/qubes/init/network-proxy-setup && success || failure /usr/lib/qubes/init/network-proxy-setup && success || failure
echo echo
} }
@ -41,4 +42,5 @@ case "$1" in
;; ;;
esac esac
# shellcheck disable=SC2086
exit $RETVAL exit $RETVAL

4
vm-init.d/qubes-firewall
View File

@ -28,7 +28,8 @@ stop()
{ {
if [ -r $PIDFILE ]; then if [ -r $PIDFILE ]; then
echo -n "Stopping Qubes Firewall monitor:" echo -n "Stopping Qubes Firewall monitor:"
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure # shellcheck disable=SC2015
kill -9 "$(cat "$PIDFILE")" 2>/dev/null && success || failure
echo "" echo ""
fi fi
return 0 return 0
@ -47,4 +48,5 @@ case "$1" in
;; ;;
esac esac
# shellcheck disable=SC2086
exit $RETVAL exit $RETVAL

1
vm-init.d/qubes-qrexec-agent
View File

@ -38,4 +38,5 @@ case "$1" in
;; ;;
esac esac
# shellcheck disable=SC2086
exit $RETVAL exit $RETVAL

2
vm-init.d/qubes-sysinit
View File

@ -10,6 +10,7 @@
start() start()
{ {
echo -n $"Executing Qubes system initialization scripts:" echo -n $"Executing Qubes system initialization scripts:"
# shellcheck disable=SC2015
/usr/lib/qubes/init/qubes-sysinit.sh && success || failure ; echo /usr/lib/qubes/init/qubes-sysinit.sh && success || failure ; echo
} }
@ -31,4 +32,5 @@ case "$1" in
;; ;;
esac esac
# shellcheck disable=SC2086
exit $RETVAL exit $RETVAL

8
vm-init.d/qubes-updates-proxy
View File

@ -58,12 +58,12 @@ start() {
stop() { stop() {
echo -n $"Stopping $prog: " echo -n $"Stopping $prog: "
killproc -p $pidfile $prog killproc -p $pidfile "$prog"
retval=$? retval=$?
echo echo
/sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT /sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
/sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT /sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
[ $retval -eq 0 ] && rm -f $lockfile [ $retval -eq 0 ] && rm -f "$lockfile"
return $retval return $retval
} }
@ -74,7 +74,7 @@ restart() {
reload() { reload() {
echo -n $"Reloading $prog: " echo -n $"Reloading $prog: "
killproc -p $pidfile $prog -HUP killproc -p $pidfile "$prog" -HUP
echo echo
} }
@ -83,7 +83,7 @@ force_reload() {
} }
rh_status() { rh_status() {
status $prog status "$prog"
} }
rh_status_q() { rh_status_q() {

5
vm-init.d/qubes-updates-proxy-forwarder
View File

@ -45,6 +45,7 @@ start() {
[ -x $exec ] || exit 5 [ -x $exec ] || exit 5
echo -n $"Starting $prog (as Qubes updates proxy forwarder): " echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
# shellcheck disable=SC2016
start-stop-daemon \ start-stop-daemon \
--exec $exec \ --exec $exec \
--pidfile "$pidfile" \ --pidfile "$pidfile" \
@ -61,7 +62,7 @@ start() {
stop() { stop() {
echo -n $"Stopping $prog: " echo -n $"Stopping $prog: "
killproc -p $pidfile $prog killproc -p $pidfile "$prog"
retval=$? retval=$?
echo echo
[ $retval -eq 0 ] && rm -f $lockfile [ $retval -eq 0 ] && rm -f $lockfile
@ -78,7 +79,7 @@ force_reload() {
} }
rh_status() { rh_status() {
status $prog status "$prog"
} }
rh_status_q() { rh_status_q() {

4
vm-systemd/misc-post.sh
View File

@ -5,8 +5,8 @@
/usr/lib/qubes/update-proxy-configs /usr/lib/qubes/update-proxy-configs
if [ -n "`ls -A /usr/local/lib 2>/dev/null`" -o \ if [ -n "$(ls -A /usr/local/lib 2>/dev/null)" ] || \
-n "`ls -A /usr/local/lib64 2>/dev/null`" ]; then [ -n "$(ls -A /usr/local/lib64 2>/dev/null)" ]; then
ldconfig ldconfig
fi fi

4
vm-systemd/network-proxy-setup.sh
View File

@ -11,8 +11,8 @@ if [ "x$network" != "x" ]; then
fi fi
gateway=$(qubesdb-read /qubes-netvm-gateway) gateway=$(qubesdb-read /qubes-netvm-gateway)
netmask=$(qubesdb-read /qubes-netvm-netmask) #netmask=$(qubesdb-read /qubes-netvm-netmask)
primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo $gateway) primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo "$gateway")
secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns) secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns)
modprobe netbk 2> /dev/null || modprobe xen-netback || "${modprobe_fail_cmd}" modprobe netbk 2> /dev/null || modprobe xen-netback || "${modprobe_fail_cmd}"
echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns

7
vm-systemd/qubes-early-vm-config.sh
View File

@ -5,13 +5,14 @@
# but before sysinit.target is reached. # but before sysinit.target is reached.
# Source Qubes library. # Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions . /usr/lib/qubes/init/functions
# Set the hostname # Set the hostname
if ! is_protected_file /etc/hostname ; then if ! is_protected_file /etc/hostname ; then
name=`qubesdb-read /name` name=$(qubesdb-read /name)
if [ -n "$name" ]; then if [ -n "$name" ]; then
hostname $name hostname "$name"
if [ -e /etc/debian_version ]; then if [ -e /etc/debian_version ]; then
ipv4_localhost_re="127\.0\.1\.1" ipv4_localhost_re="127\.0\.1\.1"
else else
@ -24,7 +25,7 @@ fi
# Set the timezone # Set the timezone
if ! is_protected_file /etc/timezone ; then if ! is_protected_file /etc/timezone ; then
timezone=`qubesdb-read /qubes-timezone 2> /dev/null` timezone=$(qubesdb-read /qubes-timezone 2> /dev/null)
if [ -n "$timezone" ]; then if [ -n "$timezone" ]; then
ln -sf ../usr/share/zoneinfo/"$timezone" /etc/localtime ln -sf ../usr/share/zoneinfo/"$timezone" /etc/localtime
if [ -e /etc/debian_version ]; then if [ -e /etc/debian_version ]; then

20
vm-systemd/qubes-sysinit.sh
View File

@ -26,8 +26,8 @@ qemu_devices="0x8086
0x0001 0x0001
0x00b8 0x00b8
" "
if [ -z "$(ls /sys/bus/pci/devices/)" -o \ if [ -z "$(ls /sys/bus/pci/devices/)" ] || \
"$(cat /sys/bus/pci/devices/*/{vendor,device})" != "$qemu_devices" ]; then [ "$(cat /sys/bus/pci/devices/*/{vendor,device})" != "$qemu_devices" ]; then
# do not enable meminfo-writer (so qmemman for this domain) when any real PCI # do not enable meminfo-writer (so qmemman for this domain) when any real PCI
# device is present # device is present
DEFAULT_ENABLED="$DEFAULT_ENABLED meminfo-writer" DEFAULT_ENABLED="$DEFAULT_ENABLED meminfo-writer"
@ -43,7 +43,7 @@ if systemd_version_changed ; then
fi fi
# Wait for xenbus initialization # Wait for xenbus initialization
while [ ! -e /dev/xen/xenbus -a ! -e /proc/xen/xenbus ]; do while [ ! -e /dev/xen/xenbus ] && [ -e /proc/xen/xenbus ]; do
sleep 0.1 sleep 0.1
done done
@ -74,24 +74,24 @@ is_templatevm && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM && touch /var/run/q
# Enable default services # Enable default services
for srv in $DEFAULT_ENABLED; do for srv in $DEFAULT_ENABLED; do
touch /var/run/qubes-service/$srv touch "/var/run/qubes-service/$srv"
done done
# Enable services # Enable services
for srv in `qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 1'|cut -f 1 -d ' '`; do for srv in $(qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 1'|cut -f 1 -d ' '); do
touch /var/run/qubes-service/$srv touch "/var/run/qubes-service/$srv"
done done
# Disable services # Disable services
for srv in `qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '`; do for srv in $(qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '); do
rm -f /var/run/qubes-service/$srv rm -f "/var/run/qubes-service/$srv"
done done
# Prepare environment for other services # Prepare environment for other services
echo > /var/run/qubes-service-environment echo > /var/run/qubes-service-environment
debug_mode=`qubesdb-read /qubes-debug-mode 2> /dev/null` debug_mode=$(qubesdb-read /qubes-debug-mode 2> /dev/null)
if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment
fi fi