From 91a03ce7d2a4d92edcb875938454da91b4178a21 Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Tue, 16 Aug 2022 21:00:00 +0200 Subject: [PATCH] shellcheck: fix lint of scripts in /helper --- helper/fetch-release | 10 ++++---- helper/push-release.sh | 30 ++++++++++++------------ helper/update-fixed-output-derivation.sh | 6 ++--- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/helper/fetch-release b/helper/fetch-release index ee14de8..2066b3b 100755 --- a/helper/fetch-release +++ b/helper/fetch-release @@ -12,10 +12,10 @@ if [[ ! -v version ]]; then fi TMPDIR=$(mktemp -d) -trap "rm -rf $TMPDIR" EXIT +trap 'rm -rf $TMPDIR' EXIT export GNUPGHOME=$TMPDIR/gpg-home -mkdir -p -m 700 "$GNUPGHOME" +mkdir -m 700 "$GNUPGHOME" # Import key gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null @@ -25,10 +25,10 @@ gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null # Fetch nar-hash of release -cd $TMPDIR +cd "$TMPDIR" baseUrl=https://github.com/$repo/releases/download/v$version -curl -fsS -L -O $baseUrl/nar-hash.txt -curl -fsS -L -O $baseUrl/nar-hash.txt.asc +curl -fsS -L -O "$baseUrl/nar-hash.txt" +curl -fsS -L -O "$baseUrl/nar-hash.txt.asc" # Verify signature for nar-hash gpg --verify nar-hash.txt.asc &> /dev/null || { diff --git a/helper/push-release.sh b/helper/push-release.sh index 9e833a3..91407f5 100755 --- a/helper/push-release.sh +++ b/helper/push-release.sh @@ -37,11 +37,11 @@ fi cd "${BASH_SOURCE[0]%/*}" RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null) -echo "Latest release" $(echo $RESPONSE | jq -r '.tag_name' | tail -c +2) +echo "Latest release" "$(echo "$RESPONSE" | jq -r '.tag_name' | tail -c +2)" if [[ ! $DRY_RUN ]]; then while true; do - read -p "Create release $TAG_NAME? [yn] " yn + read -rp "Create release ${TAG_NAME}? [yn] " yn case $yn in [Yy]* ) break;; [Nn]* ) exit;; @@ -51,22 +51,22 @@ if [[ ! $DRY_RUN ]]; then fi TMPDIR=$(mktemp -d) -if [[ ! $DRY_RUN ]]; then trap "rm -rf $TMPDIR" EXIT; fi +if [[ ! $DRY_RUN ]]; then trap 'rm -rf $TMPDIR' EXIT; fi ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz ARCHIVE=$TMPDIR/$ARCHIVE_NAME # Need to be in the repo root directory for archiving -(cd $(git rev-parse --show-toplevel); git archive --format=tar.gz -o $ARCHIVE $BRANCH) +(cd "$(git rev-parse --show-toplevel)"; git archive --format=tar.gz -o "$ARCHIVE" "$BRANCH") SHA256SUMS=$TMPDIR/SHA256SUMS.txt # Use relative path with sha256sums because it'll output the first # argument -(cd $TMPDIR; sha256sum $ARCHIVE_NAME > $SHA256SUMS) -gpg -o $SHA256SUMS.asc -a --detach-sig $SHA256SUMS +(cd "$TMPDIR"; sha256sum "$ARCHIVE_NAME" > "$SHA256SUMS") +gpg -o "$SHA256SUMS.asc" -a --detach-sig "$SHA256SUMS" -pushd $TMPDIR >/dev/null +pushd "$TMPDIR" >/dev/null -nix hash to-sri --type sha256 $(nix-prefetch-url --unpack file://$ARCHIVE 2> /dev/null) > nar-hash.txt +nix hash to-sri --type sha256 "$(nix-prefetch-url --unpack "file://$ARCHIVE" 2> /dev/null)" > nar-hash.txt gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt if [[ $DRY_RUN ]]; then @@ -76,7 +76,7 @@ fi POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }" RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null) -ID=$(echo $RESPONSE | jq -r '.id') +ID=$(echo "$RESPONSE" | jq -r '.id') if [[ $ID == null ]]; then echo "Failed to create release with $POST_DATA" exit 1 @@ -85,20 +85,20 @@ fi post_asset() { GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name=" curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \ - $GH_ASSET/$(basename $1) &> /dev/null + "$GH_ASSET/$(basename "$1")" &> /dev/null } post_asset nar-hash.txt post_asset nar-hash.txt.asc # Post additional assets for backwards compatibility. # This allows older nix-bitcoin installations to upgrade via `fetch-release`. -post_asset $ARCHIVE -post_asset $SHA256SUMS -post_asset $SHA256SUMS.asc +post_asset "$ARCHIVE" +post_asset "$SHA256SUMS" +post_asset "$SHA256SUMS.asc" popd >/dev/null if [[ ! $DRY_RUN ]]; then - git push $GIT_REMOTE $BRANCH:release + git push "$GIT_REMOTE" "${BRANCH}:release" fi -echo "Successfully created" $(echo $POST_DATA | jq -r .tag_name) +echo "Successfully created" "$(echo "$POST_DATA" | jq -r .tag_name)" diff --git a/helper/update-fixed-output-derivation.sh b/helper/update-fixed-output-derivation.sh index 65e99d0..dafceb4 100755 --- a/helper/update-fixed-output-derivation.sh +++ b/helper/update-fixed-output-derivation.sh @@ -7,10 +7,10 @@ flakeOutput=$2 # A pattern in a line preceding the hash that should be updated patternPrecedingHash=$3 -sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"\";|" $file +sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"\";|" "$file" # Display stderr and capture it. stdbuf is required to disable output buffering. stderr=$( - nix build --no-link -L .#$flakeOutput |& + nix build --no-link -L ".#$flakeOutput" |& stdbuf -oL grep -v '\berror:.*failed to build$' | tee /dev/stderr || : ) @@ -20,5 +20,5 @@ if [[ ! $hash ]]; then echo "Error: No hash in build output." exit 1 fi -sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"$hash\";|" $file +sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"$hash\";|" "$file" echo "(Note: The above hash mismatch message is not an error. It is part of the fetching process.)"