From ee15837244392cc70d36e085f590f58d3b3abab6 Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Sun, 31 Jul 2022 23:32:12 +0200 Subject: [PATCH] shellcheck: prevent globbing and word splitting in unit shell scripts --- modules/joinmarket.nix | 26 ++++++++++++++------------ modules/onion-addresses.nix | 14 +++++++------- test/tests.nix | 4 ++-- 3 files changed, 23 insertions(+), 21 deletions(-) diff --git a/modules/joinmarket.nix b/modules/joinmarket.nix index f5d2324..0034fd6 100644 --- a/modules/joinmarket.nix +++ b/modules/joinmarket.nix @@ -264,16 +264,16 @@ let # The jm scripts create a 'logs' dir in the working dir, # so run them inside dataDir. cli = pkgs.runCommand "joinmarket-cli" {} '' - mkdir -p $out/bin + mkdir -p "$out/bin" jm=${nbPkgs.joinmarket}/bin - cd $jm + cd "$jm" for bin in jm-*; do { echo "#!${pkgs.bash}/bin/bash"; - echo "cd '${cfg.dataDir}' && ${cfg.cliExec} ${runAsUser} ${cfg.user} $jm/$bin --datadir='${cfg.dataDir}' \"\$@\""; - } > $out/bin/$bin + echo "cd '${cfg.dataDir}' && ${cfg.cliExec} ${runAsUser} ${cfg.user} "$jm/$bin" --datadir='${cfg.dataDir}' \"\$@\""; + } > "$out/bin/$bin" done - chmod -R +x $out/bin + chmod -R +x "$out/bin" ''; in { inherit options; @@ -314,7 +314,7 @@ in { ''; postStart = '' walletname=wallet.jmdat - wallet=${cfg.dataDir}/wallets/$walletname + wallet="${cfg.dataDir}/wallets/$walletname" if [[ ! -f $wallet ]]; then ${optionalString (cfg.rpcWalletFile != null) '' echo "Create watch-only wallet ${cfg.rpcWalletFile}" @@ -330,17 +330,19 @@ in { fi fi ''} + # Restore wallet from seed if available - seed= + seed=() if [[ -e jm-wallet-seed ]]; then - seed="--recovery-seed-file jm-wallet-seed" + seed=(--recovery-seed-file jm-wallet-seed) fi - cd ${cfg.dataDir} + cd "${cfg.dataDir}" + # Strip trailing newline from password file - if ! tr -d "\n" <"${secretsDir}/jm-wallet-password" \ + if ! tr -d '\n' < '${secretsDir}/jm-wallet-password' \ | ${nbPkgs.joinmarket}/bin/jm-genwallet \ - --datadir=${cfg.dataDir} --wallet-password-stdin $seed $walletname \ - | (if [[ ! $seed ]]; then + --datadir="${cfg.dataDir}" --wallet-password-stdin "''${seed[@]}" "$walletname" \ + | (if ((! ''${#seed[@]})); then umask u=r,go= grep -ohP '(?<=recovery_seed:).*' > jm-wallet-seed else diff --git a/modules/onion-addresses.nix b/modules/onion-addresses.nix index 9ddd1c0..f2a3565 100644 --- a/modules/onion-addresses.nix +++ b/modules/onion-addresses.nix @@ -74,7 +74,7 @@ in { waitForFile /var/lib/tor/state cd ${cfg.dataDir} - rm -rf * + rm -rf ./* ${concatMapStrings (user: '' @@ -82,10 +82,10 @@ in { chown ${user} ${user} ${concatMapStrings (service: '' - onionFile=/var/lib/tor/onion/${service}/hostname - waitForFile $onionFile - cp $onionFile ${user}/${service} - chown ${user} ${user}/${service} + onionFile='/var/lib/tor/onion/${service}/hostname' + waitForFile "$onionFile" + cp "$onionFile" '${user}/${service}' + chown '${user}' '${user}/${service}' '') cfg.access.${user} } @@ -95,8 +95,8 @@ in { ${concatMapStrings (service: '' onionFile=/var/lib/tor/onion/${service}/hostname - waitForFile $onionFile - install -D -o ${config.systemd.services.${service}.serviceConfig.User} -m 400 $onionFile services/${service} + waitForFile "$onionFile" + install -D -o ${config.systemd.services.${service}.serviceConfig.User} -m 400 "$onionFile" services/${service} '') cfg.services} ''; }; diff --git a/test/tests.nix b/test/tests.nix index 77129ba..7df63f0 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -281,9 +281,9 @@ let systemd.services.bitcoind.postStart = mkAfter '' cli=${config.services.bitcoind.cli}/bin/bitcoin-cli if ! $cli listwallets | ${pkgs.jq}/bin/jq -e 'index("test")'; then - $cli -named createwallet wallet_name=test load_on_startup=true + "$cli" -named createwallet wallet_name=test load_on_startup=true address=$($cli -rpcwallet=test getnewaddress) - $cli generatetoaddress ${toString config.test.data.num_blocks} $address + "$cli" generatetoaddress ${toString config.test.data.num_blocks} "$address" fi '';