From a59c3b4b8a99ee2fe04d233826fbf1e8f4457b8c Mon Sep 17 00:00:00 2001
From: Otto Sabart <seberm@seberm.com>
Date: Tue, 16 Aug 2022 21:00:00 +0200
Subject: [PATCH] shellcheck: fix lint of package helper bash scripts

---
 pkgs/clightning-plugins/get-sha256.sh         |  2 +-
 pkgs/clightning-rest/generate.sh              | 16 +++++-----
 pkgs/joinmarket/get-sha256.sh                 | 14 ++++-----
 pkgs/krops/fetch-release.sh                   |  2 +-
 pkgs/lndinit/get-sha256.sh                    | 14 ++++-----
 .../python-bitcointx/get-sha256.sh            | 12 ++++----
 pkgs/rtl/generate.sh                          | 19 ++++++------
 pkgs/spark-wallet/generate.sh                 | 29 ++++++++++---------
 8 files changed, 55 insertions(+), 53 deletions(-)

diff --git a/pkgs/clightning-plugins/get-sha256.sh b/pkgs/clightning-plugins/get-sha256.sh
index 3def505..886d5f8 100755
--- a/pkgs/clightning-plugins/get-sha256.sh
+++ b/pkgs/clightning-plugins/get-sha256.sh
@@ -11,4 +11,4 @@ archive_hash () {
 echo "Fetching latest lightningd/plugins release"
 latest=$(git ls-remote https://github.com/lightningd/plugins master | cut -f 1)
 echo "rev = \"${latest}\";"
-echo "sha256 = \"$(archive_hash lightningd/plugins $latest)\";"
+echo "sha256 = \"$(archive_hash lightningd/plugins "$latest")\";"
diff --git a/pkgs/clightning-rest/generate.sh b/pkgs/clightning-rest/generate.sh
index 75f75fd..8970391 100755
--- a/pkgs/clightning-rest/generate.sh
+++ b/pkgs/clightning-rest/generate.sh
@@ -8,18 +8,18 @@ repo=https://github.com/Ride-The-Lightning/c-lightning-REST
 scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
 
 updateSrc() {
-    TMPDIR="$(mktemp -d /tmp/clightning-rest.XXX)"
-    trap "rm -rf $TMPDIR" EXIT
+    TMPDIR=$(mktemp -d /tmp/clightning-rest.XXX)
+    trap 'rm -rf $TMPDIR' EXIT
 
     # Fetch and verify source tarball
     export GNUPGHOME=$TMPDIR
     # Fetch saubyk's key
     gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
     file=v${version}.tar.gz
-    wget -P $TMPDIR $repo/archive/refs/tags/$file
-    wget -P $TMPDIR $repo/releases/download/v${version}/$file.asc
-    gpg --verify $TMPDIR/$file.asc $TMPDIR/$file
-    hash=$(nix hash file $TMPDIR/$file)
+    wget -P "$TMPDIR" "${repo}/archive/refs/tags/${file}"
+    wget -P "$TMPDIR" "${repo}/releases/download/v${version}/${file}.asc"
+    gpg --verify "${TMPDIR}/${file}.asc" "${TMPDIR}/${file}"
+    hash=$(nix hash file "${TMPDIR}/${file}")
 
     sed -i "
       s|\bversion = .*;|version = \"$version\";|
@@ -28,7 +28,7 @@ updateSrc() {
 }
 
 updateNodeModulesHash() {
-    $scriptDir/../../helper/update-fixed-output-derivation.sh ./default.nix clightning-rest.nodeModules nodeModules
+    "$scriptDir/../../helper/update-fixed-output-derivation.sh" ./default.nix clightning-rest.nodeModules nodeModules
 }
 
 if [[ $# == 0 ]]; then
@@ -36,5 +36,5 @@ if [[ $# == 0 ]]; then
     updateSrc
     updateNodeModulesHash
 else
-    eval "$@"
+    "$@"
 fi
diff --git a/pkgs/joinmarket/get-sha256.sh b/pkgs/joinmarket/get-sha256.sh
index 6bdb149..111aa68 100755
--- a/pkgs/joinmarket/get-sha256.sh
+++ b/pkgs/joinmarket/get-sha256.sh
@@ -3,23 +3,23 @@
 set -euo pipefail
 
 TMPDIR="$(mktemp -d -p /tmp)"
-trap "rm -rf $TMPDIR" EXIT
-cd $TMPDIR
+trap 'rm -rf $TMPDIR' EXIT
+cd "$TMPDIR"
 
 echo "Fetching latest release"
 git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
 cd joinmarket-clientserver
-latest=$(git describe --tags `git rev-list --tags --max-count=1`)
-echo "Latest release is ${latest}"
+latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
+echo "Latest release is $latest"
 
 # GPG verification
 export GNUPGHOME=$TMPDIR
 echo "Fetching Adam Gibson's key"
 gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
 echo "Verifying latest release"
-git verify-tag ${latest}
+git verify-tag "$latest"
 
-echo "tag: ${latest}"
+echo "tag: $latest"
 # The prefix option is necessary because GitHub prefixes the archive contents in this format
 echo "sha256: $(nix-hash --type sha256 --flat --base32 \
-                <(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ ${latest}))"
+                <(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
diff --git a/pkgs/krops/fetch-release.sh b/pkgs/krops/fetch-release.sh
index cf414c6..8fa5c5a 100755
--- a/pkgs/krops/fetch-release.sh
+++ b/pkgs/krops/fetch-release.sh
@@ -14,4 +14,4 @@ version=$(
     | sed -E 's|refs/tags/||g; s|((v)?(.*))|\1 \3|g' | sort -k 2 -V | tail -1 | cut -f 1 -d' '
 )
 echo "rev: ${version}"
-echo "sha256: $(archive_hash krebs/krops $version)"
+echo "sha256: $(archive_hash krebs/krops "$version")"
diff --git a/pkgs/lndinit/get-sha256.sh b/pkgs/lndinit/get-sha256.sh
index ba65d22..cca5bca 100755
--- a/pkgs/lndinit/get-sha256.sh
+++ b/pkgs/lndinit/get-sha256.sh
@@ -2,15 +2,15 @@
 #! nix-shell -i bash -p git gnupg curl jq
 set -euo pipefail
 
-TMPDIR="$(mktemp -d -p /tmp)"
-trap "rm -rf $TMPDIR" EXIT
-cd $TMPDIR
+TMPDIR=$(mktemp -d -p /tmp)
+trap 'rm -rf $TMPDIR' EXIT
+cd "$TMPDIR"
 
 echo "Fetching latest release"
 repo=lightninglabs/lndinit
-latest=$(curl -fsS https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name)
+latest=$(curl -fsS "https://api.github.com/repos/$repo/releases/latest" | jq -r .tag_name)
 echo "Latest release is $latest"
-git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null
+git clone --depth 1 --branch "$latest" https://github.com/lightninglabs/lndinit 2>/dev/null
 cd lndinit
 
 # GPG verification
@@ -18,9 +18,9 @@ export GNUPGHOME=$TMPDIR
 echo "Fetching Oliver Gugger's key"
 gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720 2> /dev/null
 echo "Verifying latest release"
-git verify-tag $latest
+git verify-tag "$latest"
 
 echo "tag: $latest"
-git checkout -q tags/$latest
+git checkout -q "tags/$latest"
 rm -rf .git
 nix hash path .
diff --git a/pkgs/python-packages/python-bitcointx/get-sha256.sh b/pkgs/python-packages/python-bitcointx/get-sha256.sh
index ad38735..745ffb1 100755
--- a/pkgs/python-packages/python-bitcointx/get-sha256.sh
+++ b/pkgs/python-packages/python-bitcointx/get-sha256.sh
@@ -2,9 +2,9 @@
 #! nix-shell -i bash -p git gnupg
 set -euo pipefail
 
-TMPDIR="$(mktemp -d -p /tmp)"
-trap "rm -rf $TMPDIR" EXIT
-cd $TMPDIR
+TMPDIR=$(mktemp -d -p /tmp)
+trap 'rm -rf $TMPDIR' EXIT
+cd "$TMPDIR"
 
 echo "Fetching latest release"
 git clone https://github.com/simplexum/python-bitcointx 2> /dev/null
@@ -17,8 +17,8 @@ export GNUPGHOME=$TMPDIR
 echo "Fetching Dimitry Pethukov's Key"
 gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B17A35BBA187395784E2A6B32301D26BDC15160D 2> /dev/null
 echo "Verifying latest release"
-git verify-commit ${latest}
+git verify-commit "$latest"
 
-echo "tag: ${latest}"
+echo "tag: $latest"
 # The prefix option is necessary because GitHub prefixes the archive contents in this format
-echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"${latest}"/ ${latest} | sha256sum | cut -d\  -f1)"
+echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"$latest"/ "$latest" | sha256sum | cut -d\  -f1)"
diff --git a/pkgs/rtl/generate.sh b/pkgs/rtl/generate.sh
index baae4ee..fabe9ab 100755
--- a/pkgs/rtl/generate.sh
+++ b/pkgs/rtl/generate.sh
@@ -8,18 +8,19 @@ repo=https://github.com/Ride-The-Lightning/RTL
 scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
 
 updateSrc() {
-    TMPDIR="$(mktemp -d /tmp/rtl.XXX)"
-    trap "rm -rf $TMPDIR" EXIT
+    TMPDIR=$(mktemp -d /tmp/rtl.XXX)
+    trap 'rm -rf $TMPDIR' EXIT
 
     # Fetch and verify source tarball
     export GNUPGHOME=$TMPDIR
+
     # Fetch saubyk's key
     gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
-    file=v${version}.tar.gz
-    wget -P $TMPDIR $repo/archive/refs/tags/$file
-    wget -P $TMPDIR $repo/releases/download/v${version}/$file.asc
-    gpg --verify $TMPDIR/$file.asc $TMPDIR/$file
-    hash=$(nix hash file $TMPDIR/$file)
+    file=v$version.tar.gz
+    wget -P "$TMPDIR" "$repo/archive/refs/tags/$file"
+    wget -P "$TMPDIR" "$repo/releases/download/v$version/$file.asc"
+    gpg --verify "$TMPDIR/$file.asc" "$TMPDIR/$file"
+    hash=$(nix hash file "$TMPDIR/$file")
 
     sed -i "
       s|\bversion = .*;|version = \"$version\";|
@@ -28,7 +29,7 @@ updateSrc() {
 }
 
 updateNodeModulesHash() {
-    $scriptDir/../../helper/update-fixed-output-derivation.sh ./default.nix rtl.nodeModules nodeModules
+    "$scriptDir/../../helper/update-fixed-output-derivation.sh" ./default.nix rtl.nodeModules nodeModules
 }
 
 if [[ $# == 0 ]]; then
@@ -36,5 +37,5 @@ if [[ $# == 0 ]]; then
     updateSrc
     updateNodeModulesHash
 else
-    eval "$@"
+    "$@"
 fi
diff --git a/pkgs/spark-wallet/generate.sh b/pkgs/spark-wallet/generate.sh
index 0fa672e..50c3a83 100755
--- a/pkgs/spark-wallet/generate.sh
+++ b/pkgs/spark-wallet/generate.sh
@@ -2,44 +2,45 @@
 #! nix-shell -i bash -p nodePackages.node2nix gnupg wget jq moreutils gnused
 set -euo pipefail
 
-TMPDIR="$(mktemp -d -p /tmp)"
-trap "rm -rf $TMPDIR" EXIT
+TMPDIR=$(mktemp -d -p /tmp)
+trap 'rm -rf $TMPDIR' EXIT
 
 version="0.3.1"
 repo=https://github.com/shesek/spark-wallet
 
 # Fetch and verify source tarball
 file=spark-wallet-${version}-npm.tgz
-url=$repo/releases/download/v$version/$file
+url=$repo/releases/download/v${version}/$file
 export GNUPGHOME=$TMPDIR
 gpg --keyserver hkps://keyserver.ubuntu.com --recv-key FCF19B67866562F08A43AAD681F6104CD0F150FC
-wget -P $TMPDIR $url
-wget -P $TMPDIR $repo/releases/download/v$version/SHA256SUMS.asc
-gpg --verify $TMPDIR/SHA256SUMS.asc
-(cd $TMPDIR; sha256sum --check --ignore-missing SHA256SUMS.asc)
-hash=$(nix hash file $TMPDIR/$file)
+wget -P "$TMPDIR" "$url"
+wget -P "$TMPDIR" "$repo/releases/download/v${version}/SHA256SUMS.asc"
+gpg --verify "$TMPDIR/SHA256SUMS.asc"
+(cd "$TMPDIR"; sha256sum --check --ignore-missing SHA256SUMS.asc)
+hash=$(nix hash file "$TMPDIR/$file")
 
 # Extract source
 src=$TMPDIR/src
-mkdir $src
-tar xvf $TMPDIR/$file -C $src --strip-components 1 >/dev/null
+mkdir "$src"
+tar xvf "$TMPDIR/$file" -C "$src" --strip-components 1 >/dev/null
 
 # Make qrcode-terminal a strict dependency so that node2nix includes it in the package derivation.
-jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' $src/package.json | sponge $src/package.json
+jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' "$src/package.json" | sponge "$src/package.json"
 
 node2nix \
   --nodejs-14 \
-  --input $src/package.json \
-  --lock $src/npm-shrinkwrap.json \
+  --input "$src/package.json" \
+  --lock "$src/npm-shrinkwrap.json" \
   --composition composition.nix \
   --no-copy-node-env
 
 # Use node-env.nix from nixpkgs
+# shellcheck disable=SC2016
 nodeEnvImport='import "${toString pkgs.path}/pkgs/development/node-packages/node-env.nix"'
 sed -i "s|import ./node-env.nix|$nodeEnvImport|" composition.nix
 
 # Use the verified package src
-read -d '' fetchurl <<EOF || :
+read -rd '' fetchurl <<EOF || :
 fetchurl {
       url = "$url";
       hash = "$hash";