shellcheck: prevent globbing and word splitting in unit shell scripts
This commit is contained in:
Otto Sabart
parent
4e63301ac3
commit
ee15837244
|
|
@ -264,16 +264,16 @@ let
|
||||||
# The jm scripts create a 'logs' dir in the working dir,
|
# The jm scripts create a 'logs' dir in the working dir,
|
||||||
# so run them inside dataDir.
|
# so run them inside dataDir.
|
||||||
cli = pkgs.runCommand "joinmarket-cli" {} ''
|
cli = pkgs.runCommand "joinmarket-cli" {} ''
|
||||||
mkdir -p $out/bin
|
mkdir -p "$out/bin"
|
||||||
jm=${nbPkgs.joinmarket}/bin
|
jm=${nbPkgs.joinmarket}/bin
|
||||||
cd $jm
|
cd "$jm"
|
||||||
for bin in jm-*; do
|
for bin in jm-*; do
|
||||||
{
|
{
|
||||||
echo "#!${pkgs.bash}/bin/bash";
|
echo "#!${pkgs.bash}/bin/bash";
|
||||||
echo "cd '${cfg.dataDir}' && ${cfg.cliExec} ${runAsUser} ${cfg.user} $jm/$bin --datadir='${cfg.dataDir}' \"\$@\"";
|
echo "cd '${cfg.dataDir}' && ${cfg.cliExec} ${runAsUser} ${cfg.user} "$jm/$bin" --datadir='${cfg.dataDir}' \"\$@\"";
|
||||||
} > $out/bin/$bin
|
} > "$out/bin/$bin"
|
||||||
done
|
done
|
||||||
chmod -R +x $out/bin
|
chmod -R +x "$out/bin"
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
inherit options;
|
inherit options;
|
||||||
|
|
@ -314,7 +314,7 @@ in {
|
||||||
'';
|
'';
|
||||||
postStart = ''
|
postStart = ''
|
||||||
walletname=wallet.jmdat
|
walletname=wallet.jmdat
|
||||||
wallet=${cfg.dataDir}/wallets/$walletname
|
wallet="${cfg.dataDir}/wallets/$walletname"
|
||||||
if [[ ! -f $wallet ]]; then
|
if [[ ! -f $wallet ]]; then
|
||||||
${optionalString (cfg.rpcWalletFile != null) ''
|
${optionalString (cfg.rpcWalletFile != null) ''
|
||||||
echo "Create watch-only wallet ${cfg.rpcWalletFile}"
|
echo "Create watch-only wallet ${cfg.rpcWalletFile}"
|
||||||
|
|
@ -330,17 +330,19 @@ in {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
''}
|
''}
|
||||||
|
|
||||||
# Restore wallet from seed if available
|
# Restore wallet from seed if available
|
||||||
seed=
|
seed=()
|
||||||
if [[ -e jm-wallet-seed ]]; then
|
if [[ -e jm-wallet-seed ]]; then
|
||||||
seed="--recovery-seed-file jm-wallet-seed"
|
seed=(--recovery-seed-file jm-wallet-seed)
|
||||||
fi
|
fi
|
||||||
cd ${cfg.dataDir}
|
cd "${cfg.dataDir}"
|
||||||
|
|
||||||
# Strip trailing newline from password file
|
# Strip trailing newline from password file
|
||||||
if ! tr -d "\n" <"${secretsDir}/jm-wallet-password" \
|
if ! tr -d '\n' < '${secretsDir}/jm-wallet-password' \
|
||||||
| ${nbPkgs.joinmarket}/bin/jm-genwallet \
|
| ${nbPkgs.joinmarket}/bin/jm-genwallet \
|
||||||
--datadir=${cfg.dataDir} --wallet-password-stdin $seed $walletname \
|
--datadir="${cfg.dataDir}" --wallet-password-stdin "''${seed[@]}" "$walletname" \
|
||||||
| (if [[ ! $seed ]]; then
|
| (if ((! ''${#seed[@]})); then
|
||||||
umask u=r,go=
|
umask u=r,go=
|
||||||
grep -ohP '(?<=recovery_seed:).*' > jm-wallet-seed
|
grep -ohP '(?<=recovery_seed:).*' > jm-wallet-seed
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -74,7 +74,7 @@ in {
|
||||||
waitForFile /var/lib/tor/state
|
waitForFile /var/lib/tor/state
|
||||||
|
|
||||||
cd ${cfg.dataDir}
|
cd ${cfg.dataDir}
|
||||||
rm -rf *
|
rm -rf ./*
|
||||||
|
|
||||||
${concatMapStrings
|
${concatMapStrings
|
||||||
(user: ''
|
(user: ''
|
||||||
|
|
@ -82,10 +82,10 @@ in {
|
||||||
chown ${user} ${user}
|
chown ${user} ${user}
|
||||||
${concatMapStrings
|
${concatMapStrings
|
||||||
(service: ''
|
(service: ''
|
||||||
onionFile=/var/lib/tor/onion/${service}/hostname
|
onionFile='/var/lib/tor/onion/${service}/hostname'
|
||||||
waitForFile $onionFile
|
waitForFile "$onionFile"
|
||||||
cp $onionFile ${user}/${service}
|
cp "$onionFile" '${user}/${service}'
|
||||||
chown ${user} ${user}/${service}
|
chown '${user}' '${user}/${service}'
|
||||||
'')
|
'')
|
||||||
cfg.access.${user}
|
cfg.access.${user}
|
||||||
}
|
}
|
||||||
|
|
@ -95,8 +95,8 @@ in {
|
||||||
|
|
||||||
${concatMapStrings (service: ''
|
${concatMapStrings (service: ''
|
||||||
onionFile=/var/lib/tor/onion/${service}/hostname
|
onionFile=/var/lib/tor/onion/${service}/hostname
|
||||||
waitForFile $onionFile
|
waitForFile "$onionFile"
|
||||||
install -D -o ${config.systemd.services.${service}.serviceConfig.User} -m 400 $onionFile services/${service}
|
install -D -o ${config.systemd.services.${service}.serviceConfig.User} -m 400 "$onionFile" services/${service}
|
||||||
'') cfg.services}
|
'') cfg.services}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -281,9 +281,9 @@ let
|
||||||
systemd.services.bitcoind.postStart = mkAfter ''
|
systemd.services.bitcoind.postStart = mkAfter ''
|
||||||
cli=${config.services.bitcoind.cli}/bin/bitcoin-cli
|
cli=${config.services.bitcoind.cli}/bin/bitcoin-cli
|
||||||
if ! $cli listwallets | ${pkgs.jq}/bin/jq -e 'index("test")'; then
|
if ! $cli listwallets | ${pkgs.jq}/bin/jq -e 'index("test")'; then
|
||||||
$cli -named createwallet wallet_name=test load_on_startup=true
|
"$cli" -named createwallet wallet_name=test load_on_startup=true
|
||||||
address=$($cli -rpcwallet=test getnewaddress)
|
address=$($cli -rpcwallet=test getnewaddress)
|
||||||
$cli generatetoaddress ${toString config.test.data.num_blocks} $address
|
"$cli" generatetoaddress ${toString config.test.data.num_blocks} "$address"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue