mirror of
https://github.com/hackacad/bastille.git
synced 2026-01-04 03:33:41 +01:00
[WIP] shellcheck linting
This commit is contained in:
Juan David Hurtado G
3
.github/workflows/shellcheck.yml
vendored
3
.github/workflows/shellcheck.yml
vendored
@@ -21,7 +21,8 @@ jobs:
|
||||
# Excluding SC2154: Variable is referenced but not assigned. Because we include files in the scripts
|
||||
# Excluding SC3037: In POSIX sh, echo flags are undefined. Ignoring temporarily until we decide to keep it or
|
||||
# use printf instead
|
||||
SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037
|
||||
# Excluding SC2155: Declare and assign separately to avoid masking return values.
|
||||
SHELLCHECK_OPTS: -e SC3043 -e SC2154 -e SC3037 -e SC2155
|
||||
with:
|
||||
severity: warning
|
||||
scandir: "./usr/local/share/bastille"
|
||||
|
||||
@@ -47,7 +47,7 @@ enable_color() {
|
||||
|
||||
# If "NO_COLOR" environment variable is present, or we aren't speaking to a
|
||||
# tty, disable output colors.
|
||||
if [ -z "${NO_COLOR}" -a -t 1 ]; then
|
||||
if [ -z "${NO_COLOR}" ] && [ -t 1 ]; then
|
||||
enable_color
|
||||
fi
|
||||
|
||||
@@ -77,9 +77,9 @@ generate_vnet_jail_netblock() {
|
||||
## determine number of containers + 1
|
||||
## iterate num and grep all jail configs
|
||||
## define uniq_epair
|
||||
local jail_list=$(bastille list jails)
|
||||
local jail_list="$(bastille list jails)"
|
||||
if [ -n "${jail_list}" ]; then
|
||||
local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
|
||||
local list_jails_num="$(echo "${jail_list}" | wc -l | awk '{print $1}')"
|
||||
local num_range=$((list_jails_num + 1))
|
||||
for _num in $(seq 0 "${num_range}"); do
|
||||
if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
|
||||
|
||||
@@ -45,8 +45,10 @@ esac
|
||||
if [ $# -lt 2 ]; then
|
||||
usage
|
||||
elif [ $# -eq 2 ]; then
|
||||
# shellcheck disable=SC2124
|
||||
_fstab="$@ nullfs ro 0 0"
|
||||
else
|
||||
# shellcheck disable=SC2124
|
||||
_fstab="$@"
|
||||
fi
|
||||
|
||||
@@ -67,8 +69,13 @@ if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "
|
||||
exit 1
|
||||
fi
|
||||
|
||||
## if host path doesn't exist, type is not "nullfs" or are using advanced mount type "tmpfs,linprocfs,linsysfs, fdescfs, procfs"
|
||||
if [ "${_hostpath}" == "tmpfs" -a "$_type" == "tmpfs" ] || [ "${_hostpath}" == "linprocfs" -a "${_type}" == "linprocfs" ] || [ "${_hostpath}" == "linsysfs" -a "${_type}" == "linsysfs" ] || [ "${_hostpath}" == "proc" -a "${_type}" == "procfs" ] || [ "${_hostpath}" == "fdesc" -a "${_type}" == "fdescfs" ] ; then
|
||||
# if host path doesn't exist, type is not "nullfs" or are using advanced mount type "tmpfs,linprocfs,linsysfs, fdescfs,
|
||||
# procfs"
|
||||
if [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ] ||
|
||||
[ "${_hostpath}" = "linprocfs" ] && [ "${_type}" = "linprocfs" ] ||
|
||||
[ "${_hostpath}" = "linsysfs" ] && [ "${_type}" = "linsysfs" ] ||
|
||||
[ "${_hostpath}" = "proc" ] && [ "${_type}" = "procfs" ] ||
|
||||
[ "${_hostpath}" = "fdesc" ] && [ "${_type}" = "fdescfs" ]; then
|
||||
warn "Detected advanced mount type ${_hostpath}"
|
||||
elif [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
|
||||
error_notify "Detected invalid host path or incorrect mount type in FSTAB."
|
||||
|
||||
@@ -96,7 +96,7 @@ render() {
|
||||
if [ -d "${_file_path}" ]; then # Recursively render every file in this directory. -- cwells
|
||||
echo "Rendering Directory: ${_file_path}"
|
||||
find "${_file_path}" \( -type d -name .git -prune \) -o -type f
|
||||
find "${_file_path}" \( -type d -name .git -prune \) -o -type f -print0 | $(eval "xargs -0 sed -i '' ${ARG_REPLACEMENTS}")
|
||||
find "${_file_path}" \( -type d -name .git -prune \) -o -type f -print0 | eval "xargs -0 sed -i '' ${ARG_REPLACEMENTS}"
|
||||
elif [ -f "${_file_path}" ]; then
|
||||
echo "Rendering File: ${_file_path}"
|
||||
eval "sed -i '' ${ARG_REPLACEMENTS} '${_file_path}'"
|
||||
@@ -128,9 +128,9 @@ fi
|
||||
# Special case conversion of hook-style template files into a Bastillefile. -- cwells
|
||||
if [ "${TARGET}" = '--convert' ]; then
|
||||
if [ -d "${TEMPLATE}" ]; then # A relative path was provided. -- cwells
|
||||
cd "${TEMPLATE}"
|
||||
cd "${TEMPLATE}" || error_exit "Failed to change to directory: ${TEMPLATE}"
|
||||
elif [ -d "${bastille_template}" ]; then
|
||||
cd "${bastille_template}"
|
||||
cd "${bastille_template}" || error_exit "Failed to change to directory: ${TEMPLATE}"
|
||||
else
|
||||
error_exit "Template not found: ${TEMPLATE}"
|
||||
fi
|
||||
@@ -232,7 +232,7 @@ for _jail in ${JAILS}; do
|
||||
if [ "$(bastille config $TARGET get vnet)" != 'enabled' ]; then
|
||||
_jail_ip=$(/usr/sbin/jls -j "${_jail}" ip4.addr 2>/dev/null)
|
||||
_jail_ip6=$(/usr/sbin/jls -j "${_jail}" ip6.addr 2>/dev/null)
|
||||
if [ -z "${_jail_ip}" -o "${_jail_ip}" = "-" ]; then
|
||||
if [ -z "${_jail_ip}" ] || [ "${_jail_ip}" = "-" ]; then
|
||||
error_notify "Jail IP not found: ${_jail}"
|
||||
_jail_ip='' # In case it was -. -- cwells
|
||||
fi
|
||||
@@ -299,12 +299,12 @@ for _jail in ${JAILS}; do
|
||||
# Escape single-quotes in the command being executed. -- cwells
|
||||
_args=$(echo "${_args}" | sed "s/'/'\\\\''/g")
|
||||
# Allow redirection within the jail. -- cwells
|
||||
_args="sh -c '${_args}'"
|
||||
_args="sh -c ${_args}"
|
||||
;;
|
||||
cp|copy)
|
||||
_cmd='cp'
|
||||
# Convert relative "from" path into absolute path inside the template directory. -- cwells
|
||||
if [ "${_args%${_args#?}}" != '/' ] && [ "${_args%${_args#??}}" != '"/' ]; then
|
||||
if [ "${_args%"${_args#?}"}" != '/' ] && [ "${_args%"${_args#??}"}" != '"/' ]; then
|
||||
_args="${bastille_template}/${_args}"
|
||||
fi
|
||||
;;
|
||||
@@ -368,9 +368,9 @@ for _jail in ${JAILS}; do
|
||||
|
||||
info "[${_jail}]:${_hook} -- START"
|
||||
if [ "${_hook}" = 'CMD' ] || [ "${_hook}" = 'PRE' ]; then
|
||||
bastille cmd "${_jail}" /bin/sh < "${bastille_template}/${_hook}" || exit 1
|
||||
bastille cmd "${_jail}" /bin/sh < "${bastille_template}/${_hook}" || error_exit "Failed to execute command."
|
||||
elif [ "${_hook}" = 'PKG' ]; then
|
||||
bastille pkg "${_jail}" install -y $(cat "${bastille_template}/PKG") || exit 1
|
||||
bastille pkg "${_jail}" install -y "$(cat "${bastille_template}/PKG")" || error_exit "Failed to install packages."
|
||||
bastille pkg "${_jail}" audit -F
|
||||
else
|
||||
while read _line; do
|
||||
@@ -380,7 +380,7 @@ for _jail in ${JAILS}; do
|
||||
# Replace "arg" variables in this line with the provided values. -- cwells
|
||||
_line=$(echo "${_line}" | eval "sed ${ARG_REPLACEMENTS}")
|
||||
eval "_args=\"${_args_template}\""
|
||||
bastille "${_cmd}" "${_jail}" ${_args} || exit 1
|
||||
bastille "${_cmd} ${_jail} ${_args}" || error_exit "Failed to execute command."
|
||||
done < "${bastille_template}/${_hook}"
|
||||
fi
|
||||
info "[${_jail}]:${_hook} -- END"
|
||||
|
||||
@@ -78,7 +78,7 @@ verify_template() {
|
||||
info "Detected ${_hook} hook."
|
||||
|
||||
## line count must match newline count
|
||||
if [ $(wc -l "${_path}" | awk '{print $1}') -ne $(grep -c $'\n' "${_path}") ]; then
|
||||
if [ "$(wc -l "${_path}" | awk '{print $1}')" -ne "$(grep -c printf '\n' "${_path}")" ]; then
|
||||
info "[${_hook}]:"
|
||||
error_notify "${BASTILLE_TEMPLATE}:${_hook} [failed]."
|
||||
error_notify "Line numbers don't match line breaks."
|
||||
|
||||
@@ -38,7 +38,7 @@ usage() {
|
||||
zfs_snapshot() {
|
||||
for _jail in ${JAILS}; do
|
||||
info "[${_jail}]:"
|
||||
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
|
||||
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}@${TAG}"
|
||||
echo
|
||||
done
|
||||
}
|
||||
@@ -46,7 +46,7 @@ done
|
||||
zfs_destroy_snapshot() {
|
||||
for _jail in ${JAILS}; do
|
||||
info "[${_jail}]:"
|
||||
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
|
||||
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}@${TAG}"
|
||||
echo
|
||||
done
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user