From acd341426a9b296ed7ceb2be9923a38c27b29ae8 Mon Sep 17 00:00:00 2001
From: Otto Sabart <seberm@seberm.com>
Date: Thu, 25 Aug 2022 21:00:00 +0200
Subject: [PATCH] shellcheck: prevent globbing and word splitting in package
 shell scripts

---
 pkgs/clightning-plugins/default.nix            | 10 +++++-----
 pkgs/clightning-rest/default.nix               |  4 ++--
 pkgs/joinmarket/default.nix                    | 18 +++++++++---------
 pkgs/netns-exec/default.nix                    |  2 +-
 pkgs/nixops/default.nix                        |  4 ++--
 .../specific-versions/autobahn.nix             |  2 +-
 pkgs/rtl/default.nix                           |  4 ++--
 7 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/pkgs/clightning-plugins/default.nix b/pkgs/clightning-plugins/default.nix
index 46d8022..73447f5 100644
--- a/pkgs/clightning-plugins/default.nix
+++ b/pkgs/clightning-plugins/default.nix
@@ -60,18 +60,18 @@ let
       buildInputs = [ python ];
 
       buildCommand = ''
-        cp --no-preserve=mode -r ${src}/${name} $out
-        cd $out
+        cp --no-preserve=mode -r '${src}/${name}' "$out"
+        cd "$out"
         ${lib.optionalString (plugin ? patchRequirements) ''
           substituteInPlace requirements.txt ${plugin.patchRequirements}
         ''}
 
         # Check that requirements are met
-        PYTHONPATH=${toString python}/${python.sitePackages} \
+        PYTHONPATH='${toString python}/${python.sitePackages}' \
           ${pkgs.python3Packages.pip}/bin/pip install -r requirements.txt --no-cache --no-index
 
-        chmod +x ${script}
-        patchShebangs ${script}
+        chmod +x '${script}'
+        patchShebangs '${script}'
       '';
 
       passthru.path = "${drv}/${script}";
diff --git a/pkgs/clightning-rest/default.nix b/pkgs/clightning-rest/default.nix
index 256cabe..954d1ee 100644
--- a/pkgs/clightning-rest/default.nix
+++ b/pkgs/clightning-rest/default.nix
@@ -39,8 +39,8 @@ let self = stdenvNoCC.mkDerivation {
       --exclude=/{screenshots,'*.Dockerfile'} \
       $dest
 
-    makeWrapper ${self.nodejsRuntime}/bin/node $out/bin/cl-rest \
-      --add-flags $dest/cl-rest.js
+    makeWrapper ${self.nodejsRuntime}/bin/node "$out/bin/cl-rest" \
+      --add-flags "$dest/cl-rest.js"
 
     runHook postInstall
   '';
diff --git a/pkgs/joinmarket/default.nix b/pkgs/joinmarket/default.nix
index 457916a..1f40128 100644
--- a/pkgs/joinmarket/default.nix
+++ b/pkgs/joinmarket/default.nix
@@ -34,14 +34,14 @@ stdenv.mkDerivation {
   buildInputs = [ pythonEnv ];
 
   installPhase = ''
-    mkdir -p $out/bin
+    mkdir -p "$out/bin"
 
     # add-utxo.py -> bin/jm-add-utxo
     cpBin() {
-      cp scripts/$1 $out/bin/jm-''${1%.py}
+      cp "scripts/$1" "$out/bin/jm-''${1%.py}"
     }
 
-    cp scripts/joinmarketd.py $out/bin/joinmarketd
+    cp scripts/joinmarketd.py "$out/bin/joinmarketd"
     cpBin add-utxo.py
     cpBin convert_old_wallet.py
     cpBin receive-payjoin.py
@@ -52,17 +52,17 @@ stdenv.mkDerivation {
     cpBin yg-privacyenhanced.py
     cpBin genwallet.py
 
-    chmod +x -R $out/bin
-    patchShebangs $out/bin
+    chmod +x -R "$out/bin"
+    patchShebangs "$out/bin"
 
     ## ob-watcher
     obw=$out/libexec/joinmarket-ob-watcher
-    install -D scripts/obwatch/ob-watcher.py $obw/ob-watcher
-    patchShebangs $obw/ob-watcher
-    ln -s $obw/ob-watcher $out/bin/jm-ob-watcher
+    install -D scripts/obwatch/ob-watcher.py "$obw/ob-watcher"
+    patchShebangs "$obw/ob-watcher"
+    ln -s "$obw/ob-watcher" "$out/bin/jm-ob-watcher"
 
     # These files must be placed in the same dir as ob-watcher
-    cp -r scripts/obwatch/{orderbook.html,sybil_attack_calculations.py,vendor} $obw
+    cp -r scripts/obwatch/{orderbook.html,sybil_attack_calculations.py,vendor} "$obw"
   '';
 
   meta = with lib; {
diff --git a/pkgs/netns-exec/default.nix b/pkgs/netns-exec/default.nix
index 5998549..6365c97 100644
--- a/pkgs/netns-exec/default.nix
+++ b/pkgs/netns-exec/default.nix
@@ -5,6 +5,6 @@ stdenv.mkDerivation {
   buildInputs = [ pkgs.libcap ];
   src = ./src;
   installPhase = ''
-    cp main $out
+    cp main "$out"
   '';
 }
diff --git a/pkgs/nixops/default.nix b/pkgs/nixops/default.nix
index 6af17d6..e7857c7 100644
--- a/pkgs/nixops/default.nix
+++ b/pkgs/nixops/default.nix
@@ -34,8 +34,8 @@ let
   };
 
   src = runCommand "src" {} ''
-    cp --no-preserve=mode -r ${origSrc} $out
-    cd $out
+    cp --no-preserve=mode -r '${origSrc}' "$out"
+    cd "$out"
     patch -p1 < ${./release.nix.patch}
   '';
 
diff --git a/pkgs/python-packages/specific-versions/autobahn.nix b/pkgs/python-packages/specific-versions/autobahn.nix
index 2557100..0b2e106 100644
--- a/pkgs/python-packages/specific-versions/autobahn.nix
+++ b/pkgs/python-packages/specific-versions/autobahn.nix
@@ -19,7 +19,7 @@ buildPythonPackage rec {
   checkInputs = [ mock pytest ];
   checkPhase = ''
     runHook preCheck
-    USE_TWISTED=true py.test $out
+    USE_TWISTED=true py.test "$out"
     runHook postCheck
   '';
 
diff --git a/pkgs/rtl/default.nix b/pkgs/rtl/default.nix
index 388e337..2b895fa 100644
--- a/pkgs/rtl/default.nix
+++ b/pkgs/rtl/default.nix
@@ -58,8 +58,8 @@ let self = stdenvNoCC.mkDerivation {
       ${self.nodeModules}/lib/node_modules \
       $dest
 
-    makeWrapper ${self.nodejsRuntime}/bin/node $out/bin/rtl \
-      --add-flags $dest/rtl.js
+    makeWrapper ${self.nodejsRuntime}/bin/node "$out/bin/rtl" \
+      --add-flags "$dest/rtl.js"
 
     runHook postInstall
   '';