From c58e12a4b9b321346159d54f0aea63a7430add43 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 7 Oct 2018 20:27:57 +0200 Subject: [PATCH 1/8] shellcheck on /files/ scripts. --- .../__consul_agent/files/consul.sysv-debian | 2 ++ .../__consul_agent/files/consul.sysv-redhat | 18 +++++----- .../files/consul-template.sysv | 18 +++++----- .../type/__daemontools/files/init.d-svscan | 34 +++++++++---------- .../type/__install_config/files/remote/copy | 4 +-- .../type/__install_config/files/remote/exec | 4 +-- .../files/lib.sh | 34 ++++++++++--------- .../type/__iptables_apply/files/init-script | 4 +-- .../type/__key_value/files/remote_script.sh | 14 ++++---- .../conf/type/__yum_repo/files/repo.template | 2 +- 10 files changed, 72 insertions(+), 62 deletions(-) diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv-debian b/cdist/conf/type/__consul_agent/files/consul.sysv-debian index d364d6c4..4f43c000 100644 --- a/cdist/conf/type/__consul_agent/files/consul.sysv-debian +++ b/cdist/conf/type/__consul_agent/files/consul.sysv-debian @@ -31,9 +31,11 @@ ### END INIT INFO if [ -f "/etc/default/consul" ]; then + # shellcheck disable=SC1091 . /etc/default/consul fi +# shellcheck disable=SC1091 . /lib/lsb/init-functions NAME=consul diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat index 13dafd2e..e9c869e5 100644 --- a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat +++ b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat @@ -11,6 +11,7 @@ # pidfile: /var/run/consul/pidfile # Source function library. +# shellcheck disable=SC1091 . /etc/init.d/functions NAME=consul CONSUL=/usr/local/bin/consul @@ -18,6 +19,7 @@ CONFIG=/etc/$NAME/conf.d PID_FILE=/var/run/$NAME/pidfile LOG_FILE=/var/log/$NAME +# shellcheck disable=SC1090 [ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME export GOMAXPROCS=${GOMAXPROCS:-2} @@ -27,7 +29,7 @@ chmod 2770 /var/run/$NAME start() { - echo -n "Starting $NAME: " + printf "Starting %s" "$NAME: " daemon --user=consul \ --pidfile="$PID_FILE" \ "$CONSUL" agent -pid-file="$PID_FILE" -config-dir "$CONFIG" >> "$LOG_FILE" & @@ -37,7 +39,7 @@ start() { } stop() { - echo -n "Shutting down $NAME: " + printf "Shutting down %s" "$NAME: " killproc -p "$PID_FILE" $NAME retcode=$? rm -f /var/lock/subsys/$NAME @@ -46,14 +48,14 @@ stop() { case "$1" in start) - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then echo "$NAME already running" else start fi ;; stop) - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then stop else echo "$NAME not running" @@ -67,21 +69,21 @@ case "$1" in exit $? ;; restart) - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then stop fi start ;; reload) - if $(status -p "$PID_FILE" $NAME >/dev/null); then - kill -HUP `cat $PID_FILE` + if status -p "$PID_FILE" $NAME >/dev/null; then + kill -HUP "$(cat "$PID_FILE")" else echo "$NAME not running" fi ;; condrestart) if [ -f /var/lock/subsys/$NAME ]; then - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then stop fi start diff --git a/cdist/conf/type/__consul_template/files/consul-template.sysv b/cdist/conf/type/__consul_template/files/consul-template.sysv index 0a463020..2375f8cf 100644 --- a/cdist/conf/type/__consul_template/files/consul-template.sysv +++ b/cdist/conf/type/__consul_template/files/consul-template.sysv @@ -10,6 +10,7 @@ # pidfile: /var/run/consul-template/pidfile # Source function library. +# shellcheck disable=SC1091 . /etc/init.d/functions NAME=consul-template CONSUL_TEMPLATE=/usr/local/bin/consul-template @@ -17,6 +18,7 @@ CONFIG=/etc/$NAME/conf.d PID_FILE=/var/run/$NAME/pidfile LOG_FILE=/var/log/$NAME +# shellcheck disable=SC1090 [ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME export CONSUL_TEMPLATE_LOG=${CONSUL_TEMPLATE_LOG:-info} export GOMAXPROCS=${GOMAXPROCS:-2} @@ -24,7 +26,7 @@ export GOMAXPROCS=${GOMAXPROCS:-2} mkdir -p /var/run/$NAME start() { - echo -n "Starting $NAME: " + printf "Starting %s" "$NAME: " daemon --pidfile="$PID_FILE" \ "$CONSUL_TEMPLATE" -config "$CONFIG" >> "$LOG_FILE" 2>&1 & echo $! > "$PID_FILE" @@ -34,7 +36,7 @@ start() { } stop() { - echo -n "Shutting down $NAME: " + printf "Shutting down %s" "$NAME: " killproc -p $PID_FILE $CONSUL_TEMPLATE retcode=$? rm -f /var/lock/subsys/$NAME @@ -43,14 +45,14 @@ stop() { case "$1" in start) - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then echo "$NAME already running" else start fi ;; stop) - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then stop else echo "$NAME not running" @@ -61,21 +63,21 @@ case "$1" in exit $? ;; restart) - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then stop fi start ;; reload) - if $(status -p "$PID_FILE" $NAME >/dev/null); then - kill -HUP `cat $PID_FILE` + if status -p "$PID_FILE" $NAME >/dev/null; then + kill -HUP "$(cat "$PID_FILE")" else echo "$NAME not running" fi ;; condrestart) if [ -f /var/lock/subsys/$NAME ]; then - if $(status -p "$PID_FILE" $NAME >/dev/null); then + if status -p "$PID_FILE" $NAME >/dev/null; then stop fi start diff --git a/cdist/conf/type/__daemontools/files/init.d-svscan b/cdist/conf/type/__daemontools/files/init.d-svscan index 127dfdb3..6b4dba1d 100644 --- a/cdist/conf/type/__daemontools/files/init.d-svscan +++ b/cdist/conf/type/__daemontools/files/init.d-svscan @@ -23,9 +23,9 @@ fi case "$1" in start) - echo -n "Starting daemontools: " - if [ ! `pidof svscan` ]; then - echo -n "svscan " + printf "Starting daemontools: " + if [ ! "$(pidof svscan)" ]; then + printf "svscan " env - PATH="$PATH" svscan /service 2>&1 | setuidgid daemon multilog t /var/log/svscan & echo "." else @@ -33,23 +33,23 @@ case "$1" in fi ;; stop) - echo -n "Stopping daemontools: " - if [ `pidof svscan` ]; then - echo -n "svscan" - while [ `pidof svscan` ]; do - kill `pidof svscan` - echo -n "." + printf "Stopping daemontools: " + if [ "$(pidof svscan)" ]; then + printf "svscan" + while [ "$(pidof svscan)" ]; do + kill "$(pidof svscan)" + printf "." done fi - echo -n " services" - for i in `ls -d /service/*`; do - svc -dx $i - echo -n "." + printf " services" + for i in /service/*; do + svc -dx "$i" + printf "." done - echo -n " logging " - for i in `ls -d /service/*/log`; do - svc -dx $i - echo -n "." + printf " logging " + for i in /service/*/log; do + svc -dx "$i" + printf "." done echo "" ;; diff --git a/cdist/conf/type/__install_config/files/remote/copy b/cdist/conf/type/__install_config/files/remote/copy index 15c901f9..78af31b9 100755 --- a/cdist/conf/type/__install_config/files/remote/copy +++ b/cdist/conf/type/__install_config/files/remote/copy @@ -37,10 +37,10 @@ code="$(echo "$@" | sed "s|$target_host:|$target_host:$chroot|g")" log "target_host: $target_host" log "chroot: $chroot" -log "@: $@" +log "@: $*" log "code: $code" # copy files into chroot -$__default_remote_copy $code +"$__default_remote_copy" "$code" log "-----" diff --git a/cdist/conf/type/__install_config/files/remote/exec b/cdist/conf/type/__install_config/files/remote/exec index 5b25e41e..ea7396e0 100755 --- a/cdist/conf/type/__install_config/files/remote/exec +++ b/cdist/conf/type/__install_config/files/remote/exec @@ -40,10 +40,10 @@ code="chroot $chroot sh -e -c '$code'" log "target_host: $target_host" log "chroot: $chroot" -log "@: $@" +log "@: $*" log "code: $code" # Run the code -$__default_remote_exec $target_host $code +"$__default_remote_exec" "$target_host" "$code" log "-----" diff --git a/cdist/conf/type/__install_partition_msdos_apply/files/lib.sh b/cdist/conf/type/__install_partition_msdos_apply/files/lib.sh index 13ead401..2db9a441 100644 --- a/cdist/conf/type/__install_partition_msdos_apply/files/lib.sh +++ b/cdist/conf/type/__install_partition_msdos_apply/files/lib.sh @@ -1,9 +1,11 @@ +#!/bin/sh + die() { - echo "[__install_partition_msdos_apply] $@" >&2 + echo "[__install_partition_msdos_apply] $*" >&2 exit 1 } debug() { - #echo "[__install_partition_msdos_apply] $@" >&2 + #echo "[__install_partition_msdos_apply] $*" >&2 : } @@ -12,7 +14,7 @@ fdisk_command() { cmd="$2" debug fdisk_command "running fdisk command '${cmd}' on device ${device}" - printf "${cmd}\nw\n" | fdisk -c -u "$device" + printf '%s\nw\n' "${cmd}" | fdisk -c -u "$device" ret=$? # give disk some time sleep 1 @@ -23,14 +25,14 @@ create_disklabel() { device=$1 debug create_disklabel "creating new msdos disklabel" - fdisk_command ${device} "o" + fdisk_command "${device}" "o" return $? } toggle_bootable() { device="$1" minor="$2" - fdisk_command ${device} "a\n${minor}\n" + fdisk_command "${device}" "a\\n${minor}\\n" return $? } @@ -41,28 +43,28 @@ create_partition() { type="$4" primary_count="$5" - if [ "$type" = "extended" -o "$type" = "5" ]; then + if [ "$type" = "extended" ] || [ "$type" = "5" ]; then # Extended partition - primary_extended="e\n" - first_minor="${minor}\n" + primary_extended='e\n' + first_minor="${minor}\\n" [ "${minor}" = "4" ] && first_minor="" - type_minor="${minor}\n" + type_minor="${minor}\\n" [ "${minor}" = "1" ] && type_minor="" type="5" elif [ "${minor}" -lt "5" ]; then - primary_extended="p\n" - first_minor="${minor}\n" + primary_extended='p\n' + first_minor="${minor}\\n" [ "${minor}" = "4" ] && first_minor="" - type_minor="${minor}\n" + type_minor="${minor}\\n" [ "${minor}" = "1" ] && type_minor="" else # Logical partitions - first_minor="${minor}\n" - type_minor="${minor}\n" - primary_extended="l\n" + first_minor="${minor}\\n" + type_minor="${minor}\\n" + primary_extended='l\n' [ "$primary_count" -gt "3" ] && primary_extended="" fi [ -n "${size}" ] && size="+${size}M" - fdisk_command ${device} "n\n${primary_extended}${first_minor}\n${size}\nt\n${type_minor}${type}\n" + fdisk_command "${device}" "n\\n${primary_extended}${first_minor}\\n${size}\\nt\\n${type_minor}${type}\\n" return $? } diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index 2247dcf5..7c08ce08 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -24,14 +24,14 @@ case $1 in iptables-save > "$status" # Apply our ruleset - cd "$basedir" + cd "$basedir" || exit count="$(ls -1 | wc -l)" # Only do something if there are rules if [ "$count" -ge 1 ]; then for rule in *; do echo "Applying iptables rule $rule ..." - iptables $(cat "$rule") + iptables "$(cat "$rule")" done fi ;; diff --git a/cdist/conf/type/__key_value/files/remote_script.sh b/cdist/conf/type/__key_value/files/remote_script.sh index 52b3f2de..f7a1add5 100644 --- a/cdist/conf/type/__key_value/files/remote_script.sh +++ b/cdist/conf/type/__key_value/files/remote_script.sh @@ -1,19 +1,21 @@ #!/bin/sh -export key="$(cat "$__object/parameter/key" 2>/dev/null \ +key="$(cat "$__object/parameter/key" 2>/dev/null \ || echo "$__object_id")" -export state="$(cat "$__object/parameter/state")" +state="$(cat "$__object/parameter/state")" file="$(cat "$__object/parameter/file")" -export delimiter="$(cat "$__object/parameter/delimiter")" -export value="$(cat "$__object/parameter/value" 2>/dev/null \ +delimiter="$(cat "$__object/parameter/delimiter")" +value="$(cat "$__object/parameter/value" 2>/dev/null \ || echo "__CDIST_NOTSET__")" +export key state delimiter value if [ -f "$__object/parameter/exact_delimiter" ]; then - export exact_delimiter=1 + exact_delimiter=1 else - export exact_delimiter=0 + exact_delimiter=0 fi +export exact_delimiter tmpfile=$(mktemp "${file}.cdist.XXXXXXXXXX") # preserve ownership and permissions by copying existing file over tmpfile diff --git a/cdist/conf/type/__yum_repo/files/repo.template b/cdist/conf/type/__yum_repo/files/repo.template index 3e14c8b6..18ea9d2b 100755 --- a/cdist/conf/type/__yum_repo/files/repo.template +++ b/cdist/conf/type/__yum_repo/files/repo.template @@ -43,7 +43,7 @@ for key in baseurl gpgkey; do if [ -f "$__object/parameter/$key" ]; then printf '%s=' "$key" prefix='' - while read line; do + while read -r line; do printf '%s%s\n' "$prefix" "$line" prefix=' ' done < "$__object/parameter/$key" From 0f31a550cc2a6a4e5468c40b854d3f5bd08e83e2 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 7 Oct 2018 22:26:18 +0200 Subject: [PATCH 2/8] Fix SC2012. --- cdist/conf/type/__iptables_apply/files/init-script | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index 7c08ce08..aee40cbb 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -25,7 +25,7 @@ case $1 in # Apply our ruleset cd "$basedir" || exit - count="$(ls -1 | wc -l)" + count="$(find . ! -name . -prune | wc -l)" # Only do something if there are rules if [ "$count" -ge 1 ]; then From dcb4395909124e5680686cb314df6bda6b30fdcf Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 8 Oct 2018 17:13:13 +0200 Subject: [PATCH 3/8] Resolve custom remote copy/exec shellcheck (non-)issues. --- cdist/conf/type/__install_config/files/remote/copy | 4 +++- cdist/conf/type/__install_config/files/remote/exec | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__install_config/files/remote/copy b/cdist/conf/type/__install_config/files/remote/copy index 78af31b9..0f68b1ea 100755 --- a/cdist/conf/type/__install_config/files/remote/copy +++ b/cdist/conf/type/__install_config/files/remote/copy @@ -41,6 +41,8 @@ log "@: $*" log "code: $code" # copy files into chroot -"$__default_remote_copy" "$code" +# code should be split on spaces +# shellcheck disable=SC2086 +"$__default_remote_copy" $code log "-----" diff --git a/cdist/conf/type/__install_config/files/remote/exec b/cdist/conf/type/__install_config/files/remote/exec index ea7396e0..3a48c58f 100755 --- a/cdist/conf/type/__install_config/files/remote/exec +++ b/cdist/conf/type/__install_config/files/remote/exec @@ -36,6 +36,7 @@ shift # escape ' with '"'"' code="$(echo "$@" | sed -e "s/'/'\"'\"'/g")" +# shellcheck disable=SC2089 code="chroot $chroot sh -e -c '$code'" log "target_host: $target_host" @@ -44,6 +45,8 @@ log "@: $*" log "code: $code" # Run the code -"$__default_remote_exec" "$target_host" "$code" +# code should be split on spaces +# shellcheck disable=SC2086,SC2090 +"$__default_remote_exec" "$target_host" $code log "-----" From 53300b1004adf33405e6637117ae97e279716772 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 9 Oct 2018 18:25:03 +0200 Subject: [PATCH 4/8] Fix after shellcheck. --- cdist/conf/type/__install_config/files/remote/copy | 4 ++-- cdist/conf/type/__install_config/files/remote/exec | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__install_config/files/remote/copy b/cdist/conf/type/__install_config/files/remote/copy index 0f68b1ea..fa7fa9b7 100755 --- a/cdist/conf/type/__install_config/files/remote/copy +++ b/cdist/conf/type/__install_config/files/remote/copy @@ -41,8 +41,8 @@ log "@: $*" log "code: $code" # copy files into chroot -# code should be split on spaces +# __default_remote_copy and code should be split # shellcheck disable=SC2086 -"$__default_remote_copy" $code +$__default_remote_copy $code log "-----" diff --git a/cdist/conf/type/__install_config/files/remote/exec b/cdist/conf/type/__install_config/files/remote/exec index 3a48c58f..c2057ebf 100755 --- a/cdist/conf/type/__install_config/files/remote/exec +++ b/cdist/conf/type/__install_config/files/remote/exec @@ -45,8 +45,8 @@ log "@: $*" log "code: $code" # Run the code -# code should be split on spaces +# __default_remote_exec and code should be split # shellcheck disable=SC2086,SC2090 -"$__default_remote_exec" "$target_host" $code +$__default_remote_exec "$target_host" $code log "-----" From 8669ccb9c17616a20c4fe7f7074e2aaade5aeca0 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 9 Oct 2018 18:25:35 +0200 Subject: [PATCH 5/8] Improve shell code. --- cdist/conf/type/__daemontools/files/init.d-svscan | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/cdist/conf/type/__daemontools/files/init.d-svscan b/cdist/conf/type/__daemontools/files/init.d-svscan index 6b4dba1d..996eb4e8 100644 --- a/cdist/conf/type/__daemontools/files/init.d-svscan +++ b/cdist/conf/type/__daemontools/files/init.d-svscan @@ -24,7 +24,7 @@ fi case "$1" in start) printf "Starting daemontools: " - if [ ! "$(pidof svscan)" ]; then + if ! pidof svscan > /dev/null 2>&1; then printf "svscan " env - PATH="$PATH" svscan /service 2>&1 | setuidgid daemon multilog t /var/log/svscan & echo "." @@ -34,11 +34,16 @@ case "$1" in ;; stop) printf "Stopping daemontools: " - if [ "$(pidof svscan)" ]; then + pids="$(pidof svscan)" + if [ -n "${pids}" ] + then printf "svscan" - while [ "$(pidof svscan)" ]; do - kill "$(pidof svscan)" - printf "." + while [ -n "${pids}" ] + do + # shellcheck disable=SC2086 + kill ${pids} + printf "." + pids="$(pidof svscan)" done fi printf " services" From 610deba4543ed1f52a4831fcd61f1a375a4135bf Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 10 Oct 2018 12:52:50 +0200 Subject: [PATCH 6/8] Improve quoting. --- .../files/consul-template.sysv | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/cdist/conf/type/__consul_template/files/consul-template.sysv b/cdist/conf/type/__consul_template/files/consul-template.sysv index 2375f8cf..b263915a 100644 --- a/cdist/conf/type/__consul_template/files/consul-template.sysv +++ b/cdist/conf/type/__consul_template/files/consul-template.sysv @@ -10,74 +10,75 @@ # pidfile: /var/run/consul-template/pidfile # Source function library. + # shellcheck disable=SC1091 . /etc/init.d/functions NAME=consul-template CONSUL_TEMPLATE=/usr/local/bin/consul-template -CONFIG=/etc/$NAME/conf.d -PID_FILE=/var/run/$NAME/pidfile -LOG_FILE=/var/log/$NAME +CONFIG="/etc/$NAME/conf.d" +PID_FILE="/var/run/$NAME/pidfile" +LOG_FILE="/var/log/$NAME" # shellcheck disable=SC1090 -[ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME -export CONSUL_TEMPLATE_LOG=${CONSUL_TEMPLATE_LOG:-info} -export GOMAXPROCS=${GOMAXPROCS:-2} +[ -e "/etc/sysconfig/$NAME" ] && . "/etc/sysconfig/$NAME" +export CONSUL_TEMPLATE_LOG="${CONSUL_TEMPLATE_LOG:-info}" +export GOMAXPROCS="${GOMAXPROCS:-2}" -mkdir -p /var/run/$NAME +mkdir -p "/var/run/$NAME" start() { - printf "Starting %s" "$NAME: " + printf "Starting %s: " "$NAME" daemon --pidfile="$PID_FILE" \ "$CONSUL_TEMPLATE" -config "$CONFIG" >> "$LOG_FILE" 2>&1 & - echo $! > "$PID_FILE" + echo "$!" > "$PID_FILE" retcode=$? - touch /var/lock/subsys/$NAME - return $retcode + touch "/var/lock/subsys/$NAME" + return "$retcode" } stop() { - printf "Shutting down %s" "$NAME: " - killproc -p $PID_FILE $CONSUL_TEMPLATE + printf "Shutting down %s: " "$NAME" + killproc -p "$PID_FILE" "$CONSUL_TEMPLATE" retcode=$? - rm -f /var/lock/subsys/$NAME - return $retcode + rm -f "/var/lock/subsys/$NAME" + return "$retcode" } case "$1" in start) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then echo "$NAME already running" else start fi ;; stop) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then stop else echo "$NAME not running" fi ;; status) - status -p "$PID_FILE" $NAME + status -p "$PID_FILE" "$NAME" exit $? ;; restart) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start ;; reload) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then kill -HUP "$(cat "$PID_FILE")" else echo "$NAME not running" fi ;; condrestart) - if [ -f /var/lock/subsys/$NAME ]; then - if status -p "$PID_FILE" $NAME >/dev/null; then + if [ -f "/var/lock/subsys/$NAME" ]; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start From 7a9dea975439fc4894107f9c124d5874cc416c84 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 10 Oct 2018 12:56:48 +0200 Subject: [PATCH 7/8] Improve quoting. --- .../__consul_agent/files/consul.sysv-redhat | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat index e9c869e5..58fc9bd9 100644 --- a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat +++ b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat @@ -11,51 +11,52 @@ # pidfile: /var/run/consul/pidfile # Source function library. + # shellcheck disable=SC1091 . /etc/init.d/functions NAME=consul CONSUL=/usr/local/bin/consul -CONFIG=/etc/$NAME/conf.d -PID_FILE=/var/run/$NAME/pidfile -LOG_FILE=/var/log/$NAME +CONFIG="/etc/$NAME/conf.d" +PID_FILE="/var/run/$NAME/pidfile" +LOG_FILE="/var/log/$NAME" # shellcheck disable=SC1090 -[ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME -export GOMAXPROCS=${GOMAXPROCS:-2} +[ -e "/etc/sysconfig/$NAME" ] && . "/etc/sysconfig/$NAME" +export GOMAXPROCS="${GOMAXPROCS:-2}" -mkdir -p /var/run/$NAME -chown consul:consul /var/run/$NAME -chmod 2770 /var/run/$NAME +mkdir -p "/var/run/$NAME" +chown consul:consul "/var/run/$NAME" +chmod 2770 "/var/run/$NAME" start() { - printf "Starting %s" "$NAME: " + printf "Starting %s: " "$NAME" daemon --user=consul \ --pidfile="$PID_FILE" \ "$CONSUL" agent -pid-file="$PID_FILE" -config-dir "$CONFIG" >> "$LOG_FILE" & retcode=$? - touch /var/lock/subsys/$NAME - return $retcode + touch "/var/lock/subsys/$NAME" + return "$retcode" } stop() { - printf "Shutting down %s" "$NAME: " - killproc -p "$PID_FILE" $NAME + printf "Shutting down %s: " "$NAME" + killproc -p "$PID_FILE" "$NAME" retcode=$? - rm -f /var/lock/subsys/$NAME - return $retcode + rm -f "/var/lock/subsys/$NAME" + return "$retcode" } case "$1" in start) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then echo "$NAME already running" else start fi ;; stop) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then stop else echo "$NAME not running" @@ -65,25 +66,25 @@ case "$1" in "$CONSUL" info ;; status) - status -p "$PID_FILE" $NAME + status -p "$PID_FILE" "$NAME" exit $? ;; restart) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start ;; reload) - if status -p "$PID_FILE" $NAME >/dev/null; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then kill -HUP "$(cat "$PID_FILE")" else echo "$NAME not running" fi ;; condrestart) - if [ -f /var/lock/subsys/$NAME ]; then - if status -p "$PID_FILE" $NAME >/dev/null; then + if [ -f "/var/lock/subsys/$NAME" ]; then + if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start From faed292a4e667005e4c4f906d6268743d2917568 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 10 Oct 2018 15:01:03 +0200 Subject: [PATCH 8/8] Rule should be split. --- cdist/conf/type/__iptables_apply/files/init-script | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index aee40cbb..d9c79ef7 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -31,7 +31,9 @@ case $1 in if [ "$count" -ge 1 ]; then for rule in *; do echo "Applying iptables rule $rule ..." - iptables "$(cat "$rule")" + # Rule should be split. + # shellcheck disable=SC2046 + iptables $(cat "$rule") done fi ;;