From ff398f6447b057df3ec13ebabc57f2f09d209c84 Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 15 Apr 2017 17:46:17 +0100 Subject: [PATCH 1/6] SC2068: Double quote array expansions to avoid re-splitting elements. --- nixos-infect | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nixos-infect b/nixos-infect index 62779fd..1fa4201 100755 --- a/nixos-infect +++ b/nixos-infect @@ -21,7 +21,7 @@ makeConf() { networking.hostName = "$(hostname)"; networking.firewall.allowPing = true; services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [$(for key in ${keys[@]}; do echo -n " + users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n " \"$key\""; done) ]; } @@ -52,10 +52,10 @@ EOF gateway6=($(ip -6 route show dev $eth1_name | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true)) interfaces1=<< EOF $eth1_name = { - ip4 = [$(for a in ${eth1_ip4s[@]}; do echo -n " + ip4 = [$(for a in "${eth1_ip4s[@]}"; do echo -n " $a"; done) ]; - ip6 = [$(for a in ${eth1_ip6s[@]}; do echo -n " + ip6 = [$(for a in "${eth1_ip6s[@]}"; do echo -n " $a"; done) ]; EOF @@ -72,17 +72,17 @@ EOF # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [$(for a in ${nameservers[@]}; do echo -n " + nameservers = [$(for a in "${nameservers[@]}"; do echo -n " \"$a\""; done) ]; defaultGateway = "${gateway}"; defaultGateway6 = "${gateway6}"; interfaces = { $eth0_name = { - ip4 = [$(for a in ${eth0_ip4s[@]}; do echo -n " + ip4 = [$(for a in "${eth0_ip4s[@]}"; do echo -n " $a"; done) ]; - ip6 = [$(for a in ${eth0_ip6s[@]}; do echo -n " + ip6 = [$(for a in "${eth0_ip6s[@]}"; do echo -n " $a"; done) ]; }; From 3bd6fe9352d68b4f385813219d078410681a1d92 Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 15 Apr 2017 17:50:01 +0100 Subject: [PATCH 2/6] SC2086: Double quote to prevent globbing and word splitting --- nixos-infect | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/nixos-infect b/nixos-infect index 1fa4201..622ec9f 100755 --- a/nixos-infect +++ b/nixos-infect @@ -39,17 +39,17 @@ EOF # XXX It'd be better if we used procfs for all this... local IFS=$'\n' eth0_name=$(ip address show | grep '^2:' | awk -F': ' '{print $2}') - eth0_ip4s=($(ip address show dev $eth0_name | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')) - eth0_ip6s=($(ip address show dev $eth0_name | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')) - gateway=($(ip route show dev $eth0_name | grep default | sed -r 's|default via ([0-9.]+).*|\1|')) - ether0=($(ip address show dev $eth0_name | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')) + eth0_ip4s=($(ip address show dev "$eth0_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')) + eth0_ip6s=($(ip address show dev "$eth0_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')) + gateway=($(ip route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9.]+).*|\1|')) + ether0=($(ip address show dev "$eth0_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')) eth1_name=$(ip address show | grep '^3:' | awk -F': ' '{print $2}')||true if [ -n "$eth1_name" ];then - eth1_ip4s=($(ip address show dev $eth1_name | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')) - eth1_ip6s=($(ip address show dev $eth1_name | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')) - ether1=($(ip address show dev $eth1_name | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')) - gateway6=($(ip -6 route show dev $eth1_name | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true)) + eth1_ip4s=($(ip address show dev "$eth1_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')) + eth1_ip6s=($(ip address show dev "$eth1_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')) + ether1=($(ip address show dev "$eth1_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')) + gateway6=($(ip -6 route show dev "$eth1_name" | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true)) interfaces1=<< EOF $eth1_name = { ip4 = [$(for a in "${eth1_ip4s[@]}"; do echo -n " @@ -113,17 +113,17 @@ EOF makeSwap() { # TODO check currently available swapspace first swapFile=`mktemp /tmp/nixos-infect.XXXXX.swp` - dd if=/dev/zero of=$swapFile bs=1M count=$((1*1024)) - chmod 0600 $swapFile - mkswap $swapFile - swapon -v $swapFile + dd if=/dev/zero "of=$swapFile" bs=1M count=$((1*1024)) + chmod 0600 "$swapFile" + mkswap "$swapFile" + swapon -v "$swapFile" } removeSwap() { for swapFile in /tmp/nixos-infect.*.swp do - swapoff -v $swapFile - rm -vf $swapFile + swapoff -v "$swapFile" + rm -vf "$swapFile" done } From 9c0a833bda9bfd53a4991c3cf5210e392386ecac Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 15 Apr 2017 17:52:39 +0100 Subject: [PATCH 3/6] SC2006: Use $(STATEMENT) instead of legacy `STATEMENT` --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 622ec9f..55818fb 100755 --- a/nixos-infect +++ b/nixos-infect @@ -112,7 +112,7 @@ EOF makeSwap() { # TODO check currently available swapspace first - swapFile=`mktemp /tmp/nixos-infect.XXXXX.swp` + swapFile=$(mktemp /tmp/nixos-infect.XXXXX.swp) dd if=/dev/zero "of=$swapFile" bs=1M count=$((1*1024)) chmod 0600 "$swapFile" mkswap "$swapFile" From e745ee3aa284eca5554ef0ecaf629a137ad142c9 Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 15 Apr 2017 17:55:08 +0100 Subject: [PATCH 4/6] don't use bash arrays for values --- nixos-infect | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos-infect b/nixos-infect index 55818fb..d2249c0 100755 --- a/nixos-infect +++ b/nixos-infect @@ -39,17 +39,17 @@ EOF # XXX It'd be better if we used procfs for all this... local IFS=$'\n' eth0_name=$(ip address show | grep '^2:' | awk -F': ' '{print $2}') - eth0_ip4s=($(ip address show dev "$eth0_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')) - eth0_ip6s=($(ip address show dev "$eth0_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')) - gateway=($(ip route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9.]+).*|\1|')) - ether0=($(ip address show dev "$eth0_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')) + eth0_ip4s=$(ip address show dev "$eth0_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|') + eth0_ip6s=$(ip address show dev "$eth0_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '') + gateway=$(ip route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9.]+).*|\1|') + ether0=$(ip address show dev "$eth0_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|') eth1_name=$(ip address show | grep '^3:' | awk -F': ' '{print $2}')||true if [ -n "$eth1_name" ];then - eth1_ip4s=($(ip address show dev "$eth1_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')) - eth1_ip6s=($(ip address show dev "$eth1_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')) - ether1=($(ip address show dev "$eth1_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')) - gateway6=($(ip -6 route show dev "$eth1_name" | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true)) + eth1_ip4s=$(ip address show dev "$eth1_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|') + eth1_ip6s=$(ip address show dev "$eth1_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '') + ether1=$(ip address show dev "$eth1_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|') + gateway6=$(ip -6 route show dev "$eth1_name" | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true) interfaces1=<< EOF $eth1_name = { ip4 = [$(for a in "${eth1_ip4s[@]}"; do echo -n " From 8f31ebc55d0a5b26b5e174efd324b7aaace2f6f3 Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 15 Apr 2017 17:56:26 +0100 Subject: [PATCH 5/6] SC2046: Quote this to prevent word splitting --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index d2249c0..0be26dd 100755 --- a/nixos-infect +++ b/nixos-infect @@ -192,7 +192,7 @@ infect() { # Add nix build users # FIXME run only if necessary, rather than defaulting true groupadd nixbld -g 30000 || true - for i in {1..10}; do useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s $(which nologin) nixbld$i || true; done + for i in {1..10}; do useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$i || true; done # TODO use addgroup and adduser as fallbacks #addgroup nixbld -g 30000 || true #for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done From 89c2c6b7f40f391d4bd45fce76ad6f48e6129dbf Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 15 Apr 2017 17:57:55 +0100 Subject: [PATCH 6/6] disable invalid shellcheck warnings --- nixos-infect | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos-infect b/nixos-infect index 0be26dd..09244f2 100755 --- a/nixos-infect +++ b/nixos-infect @@ -163,6 +163,7 @@ prepareEnv() { # Nix installer tries to use sudo regardless of whether we're already uid 0 #which sudo || { sudo() { eval "$@"; }; export -f sudo; } + # shellcheck disable=SC2174 mkdir -p -m 0755 /nix } @@ -199,6 +200,7 @@ infect() { curl https://nixos.org/nix/install | $SHELL + # shellcheck disable=SC1090 source ~/.nix-profile/etc/profile.d/nix.sh [[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-17.03"