shellcheck: prevent globbing and word splitting in unit shell scripts

This commit is contained in:
Otto Sabart 2022-07-31 23:32:12 +02:00
parent 4e63301ac3
commit ee15837244
No known key found for this signature in database
GPG Key ID: 823BAE99F8BE1E3C
3 changed files with 23 additions and 21 deletions

View File

@ -264,16 +264,16 @@ let
# The jm scripts create a 'logs' dir in the working dir, # The jm scripts create a 'logs' dir in the working dir,
# so run them inside dataDir. # so run them inside dataDir.
cli = pkgs.runCommand "joinmarket-cli" {} '' cli = pkgs.runCommand "joinmarket-cli" {} ''
mkdir -p $out/bin mkdir -p "$out/bin"
jm=${nbPkgs.joinmarket}/bin jm=${nbPkgs.joinmarket}/bin
cd $jm cd "$jm"
for bin in jm-*; do for bin in jm-*; do
{ {
echo "#!${pkgs.bash}/bin/bash"; echo "#!${pkgs.bash}/bin/bash";
echo "cd '${cfg.dataDir}' && ${cfg.cliExec} ${runAsUser} ${cfg.user} $jm/$bin --datadir='${cfg.dataDir}' \"\$@\""; echo "cd '${cfg.dataDir}' && ${cfg.cliExec} ${runAsUser} ${cfg.user} "$jm/$bin" --datadir='${cfg.dataDir}' \"\$@\"";
} > $out/bin/$bin } > "$out/bin/$bin"
done done
chmod -R +x $out/bin chmod -R +x "$out/bin"
''; '';
in { in {
inherit options; inherit options;
@ -314,7 +314,7 @@ in {
''; '';
postStart = '' postStart = ''
walletname=wallet.jmdat walletname=wallet.jmdat
wallet=${cfg.dataDir}/wallets/$walletname wallet="${cfg.dataDir}/wallets/$walletname"
if [[ ! -f $wallet ]]; then if [[ ! -f $wallet ]]; then
${optionalString (cfg.rpcWalletFile != null) '' ${optionalString (cfg.rpcWalletFile != null) ''
echo "Create watch-only wallet ${cfg.rpcWalletFile}" echo "Create watch-only wallet ${cfg.rpcWalletFile}"
@ -330,17 +330,19 @@ in {
fi fi
fi fi
''} ''}
# Restore wallet from seed if available # Restore wallet from seed if available
seed= seed=()
if [[ -e jm-wallet-seed ]]; then if [[ -e jm-wallet-seed ]]; then
seed="--recovery-seed-file jm-wallet-seed" seed=(--recovery-seed-file jm-wallet-seed)
fi fi
cd ${cfg.dataDir} cd "${cfg.dataDir}"
# Strip trailing newline from password file # Strip trailing newline from password file
if ! tr -d "\n" <"${secretsDir}/jm-wallet-password" \ if ! tr -d '\n' < '${secretsDir}/jm-wallet-password' \
| ${nbPkgs.joinmarket}/bin/jm-genwallet \ | ${nbPkgs.joinmarket}/bin/jm-genwallet \
--datadir=${cfg.dataDir} --wallet-password-stdin $seed $walletname \ --datadir="${cfg.dataDir}" --wallet-password-stdin "''${seed[@]}" "$walletname" \
| (if [[ ! $seed ]]; then | (if ((! ''${#seed[@]})); then
umask u=r,go= umask u=r,go=
grep -ohP '(?<=recovery_seed:).*' > jm-wallet-seed grep -ohP '(?<=recovery_seed:).*' > jm-wallet-seed
else else

View File

@ -74,7 +74,7 @@ in {
waitForFile /var/lib/tor/state waitForFile /var/lib/tor/state
cd ${cfg.dataDir} cd ${cfg.dataDir}
rm -rf * rm -rf ./*
${concatMapStrings ${concatMapStrings
(user: '' (user: ''
@ -82,10 +82,10 @@ in {
chown ${user} ${user} chown ${user} ${user}
${concatMapStrings ${concatMapStrings
(service: '' (service: ''
onionFile=/var/lib/tor/onion/${service}/hostname onionFile='/var/lib/tor/onion/${service}/hostname'
waitForFile $onionFile waitForFile "$onionFile"
cp $onionFile ${user}/${service} cp "$onionFile" '${user}/${service}'
chown ${user} ${user}/${service} chown '${user}' '${user}/${service}'
'') '')
cfg.access.${user} cfg.access.${user}
} }
@ -95,8 +95,8 @@ in {
${concatMapStrings (service: '' ${concatMapStrings (service: ''
onionFile=/var/lib/tor/onion/${service}/hostname onionFile=/var/lib/tor/onion/${service}/hostname
waitForFile $onionFile waitForFile "$onionFile"
install -D -o ${config.systemd.services.${service}.serviceConfig.User} -m 400 $onionFile services/${service} install -D -o ${config.systemd.services.${service}.serviceConfig.User} -m 400 "$onionFile" services/${service}
'') cfg.services} '') cfg.services}
''; '';
}; };

View File

@ -281,9 +281,9 @@ let
systemd.services.bitcoind.postStart = mkAfter '' systemd.services.bitcoind.postStart = mkAfter ''
cli=${config.services.bitcoind.cli}/bin/bitcoin-cli cli=${config.services.bitcoind.cli}/bin/bitcoin-cli
if ! $cli listwallets | ${pkgs.jq}/bin/jq -e 'index("test")'; then if ! $cli listwallets | ${pkgs.jq}/bin/jq -e 'index("test")'; then
$cli -named createwallet wallet_name=test load_on_startup=true "$cli" -named createwallet wallet_name=test load_on_startup=true
address=$($cli -rpcwallet=test getnewaddress) address=$($cli -rpcwallet=test getnewaddress)
$cli generatetoaddress ${toString config.test.data.num_blocks} $address "$cli" generatetoaddress ${toString config.test.data.num_blocks} "$address"
fi fi
''; '';