fix(url-lib): shellcheck for modules.d/45url-lib

dracutdevs · Mar 29, 2021 · 8e84fa7 · 8e84fa7
1 parent 8df14af
commit 8e84fa7
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 43 deletions.
diff --git a/modules.d/45url-lib/.shchkdir b/modules.d/45url-lib/.shchkdir
diff --git a/modules.d/45url-lib/module-setup.sh b/modules.d/45url-lib/module-setup.sh
@@ -15,7 +15,7 @@ depends() {
 
 # called by dracut
 install() {
-    local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
+    local _dir _crt _found _lib _nssckbi _p11roots _p11root
     inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
     inst_multiple -o ctorrent
     inst_multiple curl
@@ -29,10 +29,12 @@ install() {
 
     for _dir in $libdirs; do
         [[ -d $dracutsysrootdir$_dir ]] || continue
-        for _lib in $dracutsysrootdir$_dir/libcurl.so.*; do
+        for _lib in "$dracutsysrootdir$_dir"/libcurl.so.*; do
             [[ -e $_lib ]] || continue
-            [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib)
-            _crt=$(grep -F --binary-files=text -z .crt $_lib)
+            if ! [[ $_nssckbi ]]; then
+                read -r -d '' _nssckbi < <(grep -F --binary-files=text -z libnssckbi "$_lib")
+            fi
+            read -r -d '' _crt < <(grep -F --binary-files=text -z .crt "$_lib")
             [[ $_crt ]] || continue
             [[ $_crt == /*/* ]] || continue
             if ! inst "${_crt#$dracutsysrootdir}"; then
@@ -53,26 +55,26 @@ install() {
         for _dir in $libdirs; do
             [[ -e $dracutsysrootdir$_dir/libnssckbi.so ]] || continue
             # this looks for directory-ish strings in the file
-            for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $dracutsysrootdir$_dir/libnssckbi.so); do
-                # the string can be a :-separated list of dirs
-                for _p11root in $(echo "$_p11roots" | tr ':' '\n'); do
-                    # check if it's actually a directory (there are
-                    # several false positives in the results)
-                    [[ -d "$dracutsysrootdir$_p11root" ]] || continue
-                    # check if it has some specific subdirs that all
-                    # p11-kit trust dirs have
-                    [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue
-                    [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue
-                    # so now we know it's really a p11-kit trust dir;
-                    # install everything in it
-                    for _p11item in $(find "$dracutsysrootdir$_p11root"); do
-                        if ! inst "${_p11item#$dracutsysrootdir}"; then
-                            dwarn "Couldn't install '${_p11item#$dracutsysrootdir}' from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work."
-                            continue
+            grep -z -o --binary-files=text '/[[:alpha:]][[:print:]]*' "${dracutsysrootdir}${_dir}"/libnssckbi.so \
+                | while read -r -d '' _p11roots || [[ $_p11roots ]]; do
+                    IFS=":" read -r -a _p11roots <<< "$_p11roots"
+                    # the string can be a :-separated list of dirs
+                    for _p11root in "${_p11roots[@]}"; do
+                        # check if it's actually a directory (there are
+                        # several false positives in the results)
+                        [[ -d "$dracutsysrootdir$_p11root" ]] || continue
+                        # check if it has some specific subdirs that all
+                        # p11-kit trust dirs have
+                        [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue
+                        [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue
+                        # so now we know it's really a p11-kit trust dir;
+                        # install everything in it
+                        mkdir -p -- "${initdir}/${_p11root}"
+                        if ! $DRACUT_CP -L -t "${initdir}/${_p11root}" "${dracutsysrootdir}${_p11root}"/*; then
+                            dwarn "Couldn't install from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work."
                         fi
                     done
                 done
-            done
         done
     fi
     [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."

diff --git a/modules.d/45url-lib/url-lib.sh b/modules.d/45url-lib/url-lib.sh
@@ -20,7 +20,8 @@ type mkuniqdir > /dev/null 2>&1 || . /lib/dracut-lib.sh
 #   other: fetch command failure (whatever curl/mount/etc return)
 fetch_url() {
     local url="$1" outloc="$2"
-    local handler="$(get_url_handler $url)"
+    local handler
+    handler="$(get_url_handler "$url")"
     [ -n "$handler" ] || return 254
     [ -n "$url" ] || return 255
     "$handler" "$url" "$outloc"
@@ -41,14 +42,14 @@ get_url_handler() {
 add_url_handler() {
     local handler="$1"
     shift
-    local schemes="$@" scheme=""
+    local schemes="$*" scheme=""
     set --
     for scheme in $schemes; do
-        [ "$(get_url_handler $scheme)" = "$handler" ] && continue
+        [ "$(get_url_handler "$scheme")" = "$handler" ] && continue
         set -- "$@" "$scheme:$handler"
     done
-    set -- "$@" $url_handler_map # add new items to *front* of list
-    url_handler_map="$@"
+    set -- "$@" "$url_handler_map" # add new items to *front* of list
+    url_handler_map="$*"
 }
 
 ### HTTP, HTTPS, FTP #################################################
@@ -65,14 +66,15 @@ curl_fetch_url() {
     local url="$1" outloc="$2"
     echo "$url" > /proc/self/fd/0
     if [ -n "$outloc" ]; then
-        curl $curl_args --output - -- "$url" > "$outloc" || return $?
+        curl "$curl_args" --output - -- "$url" > "$outloc" || return $?
     else
-        local outdir="$(mkuniqdir /tmp curl_fetch_url)"
+        local outdir
+        outdir="$(mkuniqdir /tmp curl_fetch_url)"
         (
-            cd "$outdir"
-            curl $curl_args --remote-name "$url" || return $?
+            cd "$outdir" || exit
+            curl "$curl_args" --remote-name "$url" || return $?
         )
-        outloc="$outdir/$(ls -A $outdir)"
+        outloc="$outdir/$(ls -A "$outdir")"
     fi
     if ! [ -f "$outloc" ]; then
         warn "Downloading '$url' failed!"
@@ -96,21 +98,22 @@ ctorrent_fetch_url() {
     torrent_outloc="$outloc.torrent"
     echo "$url" > /proc/self/fd/0
     if [ -n "$outloc" ]; then
-        curl $curl_args --output - -- "$url" > "$torrent_outloc" || return $?
+        curl "$curl_args" --output - -- "$url" > "$torrent_outloc" || return $?
     else
-        local outdir="$(mkuniqdir /tmp torrent_fetch_url)"
+        local outdir
+        outdir="$(mkuniqdir /tmp torrent_fetch_url)"
         (
-            cd "$outdir"
-            curl $curl_args --remote-name "$url" || return $?
+            cd "$outdir" || exit
+            curl "$curl_args" --remote-name "$url" || return $?
         )
-        torrent_outloc="$outdir/$(ls -A $outdir)"
+        torrent_outloc="$outdir/$(ls -A "$outdir")"
         outloc=${torrent_outloc%.*}
     fi
     if ! [ -f "$torrent_outloc" ]; then
         warn "Downloading '$url' failed!"
         return 253
     fi
-    ctorrent $ctorrent_args -s $outloc $torrent_outloc >&2
+    ctorrent "$ctorrent_args" -s "$outloc" "$torrent_outloc" >&2
     if ! [ -f "$outloc" ]; then
         warn "Torrent download of '$url' failed!"
         return 253
@@ -126,17 +129,17 @@ command -v ctorrent > /dev/null \
 [ -e /lib/nfs-lib.sh ] && . /lib/nfs-lib.sh
 
 nfs_already_mounted() {
-    local server="$1" path="$2" localdir="" s="" p=""
-    cat /proc/mounts | while read src mnt rest || [ -n "$src" ]; do
+    local server="$1" path="$2" s="" p=""
+    while read -r src mnt rest || [ -n "$src" ]; do
         splitsep ":" "$src" s p
         if [ "$server" = "$s" ]; then
             if [ "$path" = "$p" ]; then
-                echo $mnt
+                echo "$mnt"
             elif str_starts "$path" "$p"; then
-                echo $mnt/${path#$p/}
+                echo "$mnt"/"${path#$p/}"
             fi
         fi
-    done
+    done < /proc/mounts
 }
 
 nfs_fetch_url() {
@@ -147,7 +150,8 @@ nfs_fetch_url() {
     # skip mount if server:/filepath is already mounted
     mntdir=$(nfs_already_mounted "$server" "$path")
     if [ -z "$mntdir" ]; then
-        local mntdir="$(mkuniqdir /run nfs_mnt)"
+        local mntdir
+        mntdir="$(mkuniqdir /run nfs_mnt)"
         mount_nfs "$nfs:$server:$filepath${options:+:$options}" "$mntdir"
         # lazy unmount during pre-pivot hook
         inst_hook --hook pre-pivot --name 99url-lib-umount-nfs umount -l -- "$mntdir"