Skip to content

Commit e49c2d5

Browse files
authored
Shellcheck linting (#641)
1 parent 8640038 commit e49c2d5

File tree

6 files changed

+84
-79
lines changed

6 files changed

+84
-79
lines changed

app/cert_status

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,8 @@ for cert in /etc/nginx/certs/*/fullchain.pem; do
3535
[[ -e "$cert" ]] || continue
3636
if [[ -e "${cert%fullchain.pem}chain.pem" ]]; then
3737
# Verify the certificate with OpenSSL.
38-
verify=$(openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert" 2>&1)
39-
if [[ $? -eq 0 ]]; then
40-
echo $verify
38+
if verify=$(openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert" 2>&1); then
39+
echo "$verify"
4140
# Print certificate info.
4241
print_cert_info "$cert"
4342
else
@@ -57,7 +56,8 @@ for cert in /etc/nginx/certs/*/fullchain.pem; do
5756
for symlink in /etc/nginx/certs/*.crt; do
5857
[[ -e "$symlink" ]] || continue
5958
if [[ "$(readlink -f "$symlink")" == "$cert" ]]; then
60-
domain="$(echo "${symlink%.crt}" | sed 's#/etc/nginx/certs/##g')"
59+
domain="${symlink%.crt}"
60+
domain="${domain//\/etc\/nginx\/certs\//}"
6161
symlinked_domains+=("$domain")
6262
fi
6363
done

app/entrypoint.sh

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
11
#!/bin/bash
2-
# shellcheck disable=SC2155
32

43
set -u
54

5+
# shellcheck source=functions.sh
6+
source /app/functions.sh
7+
DEBUG="$(lc "$DEBUG")"
8+
69
function check_deprecated_env_var {
710
if [[ -n "${ACME_TOS_HASH:-}" ]]; then
811
echo "Info: the ACME_TOS_HASH environment variable is no longer used by simp_le and has been deprecated."
@@ -24,8 +27,9 @@ function check_docker_socket {
2427
function check_writable_directory {
2528
local dir="$1"
2629
if [[ $(get_self_cid) ]]; then
27-
docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"
28-
[[ $? -ne 0 ]] && echo "Warning: '$dir' does not appear to be a mounted volume."
30+
if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then
31+
echo "Warning: '$dir' does not appear to be a mounted volume."
32+
fi
2933
else
3034
echo "Warning: can't check if '$dir' is a mounted volume without self container ID."
3135
fi
@@ -34,13 +38,12 @@ function check_writable_directory {
3438
echo "Check that '$dir' directory is declared as a writable volume." >&2
3539
exit 1
3640
fi
37-
touch $dir/.check_writable 2>/dev/null
38-
if [[ $? -ne 0 ]]; then
41+
if ! touch "$dir/.check_writable" 2>/dev/null ; then
3942
echo "Error: can't write to the '$dir' directory !" >&2
4043
echo "Check that '$dir' directory is export as a writable volume." >&2
4144
exit 1
4245
fi
43-
rm -f $dir/.check_writable
46+
rm -f "$dir/.check_writable"
4447
}
4548

4649
function check_dh_group {
@@ -59,9 +62,9 @@ function check_dh_group {
5962
local GEN_LOCKFILE="/tmp/le_companion_dhparam_generating.lock"
6063

6164
# The hash of the pregenerated dhparam file is used to check if the pregen dhparam is already in use
62-
local PREGEN_HASH=$(sha256sum "$PREGEN_DHPARAM_FILE" | cut -d ' ' -f1)
65+
local PREGEN_HASH; PREGEN_HASH=$(sha256sum "$PREGEN_DHPARAM_FILE" | cut -d ' ' -f1)
6366
if [[ -f "$DHPARAM_FILE" ]]; then
64-
local CURRENT_HASH=$(sha256sum "$DHPARAM_FILE" | cut -d ' ' -f1)
67+
local CURRENT_HASH; CURRENT_HASH=$(sha256sum "$DHPARAM_FILE" | cut -d ' ' -f1)
6568
if [[ "$PREGEN_HASH" != "$CURRENT_HASH" ]]; then
6669
# There is already a dhparam, and it's not the default
6770
set_ownership_and_permissions "$DHPARAM_FILE"
@@ -106,7 +109,7 @@ function check_default_cert_key {
106109
# than 3 months / 7776000 seconds (60 x 60 x 24 x 30 x 3).
107110
check_cert_min_validity /etc/nginx/certs/default.crt 7776000
108111
cert_validity=$?
109-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: a default certificate with $default_cert_cn is present."
112+
[[ "$DEBUG" == true ]] && echo "Debug: a default certificate with $default_cert_cn is present."
110113
fi
111114

112115
# Create a default cert and private key if:
@@ -123,17 +126,15 @@ function check_default_cert_key {
123126
&& mv /etc/nginx/certs/default.key.new /etc/nginx/certs/default.key \
124127
&& mv /etc/nginx/certs/default.crt.new /etc/nginx/certs/default.crt
125128
echo "Info: a default key and certificate have been created at /etc/nginx/certs/default.key and /etc/nginx/certs/default.crt."
126-
elif [[ "$(lc $DEBUG)" == true && "${default_cert_cn:-}" =~ $cn ]]; then
129+
elif [[ "$DEBUG" == true && "${default_cert_cn:-}" =~ $cn ]]; then
127130
echo "Debug: the self generated default certificate is still valid for more than three months. Skipping default certificate creation."
128-
elif [[ "$(lc $DEBUG)" == true ]]; then
131+
elif [[ "$DEBUG" == true ]]; then
129132
echo "Debug: the default certificate is user provided. Skipping default certificate creation."
130133
fi
131134
set_ownership_and_permissions "/etc/nginx/certs/default.key"
132135
set_ownership_and_permissions "/etc/nginx/certs/default.crt"
133136
}
134137

135-
source /app/functions.sh
136-
137138
if [[ "$*" == "/bin/bash /app/start.sh" ]]; then
138139
acmev1_r='acme-(v01\|staging)\.api\.letsencrypt\.org'
139140
if [[ "${ACME_CA_URI:-}" =~ $acmev1_r ]]; then

app/force_renew

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
#!/bin/bash
22

3+
# shellcheck source=letsencrypt_service
34
source /app/letsencrypt_service --source-only
45

56
update_certs --force-renew

app/functions.sh

Lines changed: 28 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,11 @@
11
#!/bin/bash
2-
# shellcheck disable=SC2155
2+
3+
# Convert argument to lowercase (bash 4 only)
4+
function lc {
5+
echo "${@,,}"
6+
}
7+
8+
DEBUG="$(lc "$DEBUG")"
39

410
[[ -z "${VHOST_DIR:-}" ]] && \
511
declare -r VHOST_DIR=/etc/nginx/vhost.d
@@ -9,7 +15,7 @@
915
declare -r END_HEADER='## End of configuration add by letsencrypt container'
1016

1117
function check_nginx_proxy_container_run {
12-
local _nginx_proxy_container=$(get_nginx_proxy_container)
18+
local _nginx_proxy_container; _nginx_proxy_container=$(get_nginx_proxy_container)
1319
if [[ -n "$_nginx_proxy_container" ]]; then
1420
if [[ $(docker_api "/containers/${_nginx_proxy_container}/json" | jq -r '.State.Status') = "running" ]];then
1521
return 0
@@ -156,22 +162,22 @@ function docker_api {
156162
return 1
157163
fi
158164
if [[ $DOCKER_HOST == unix://* ]]; then
159-
curl_opts+=(--unix-socket ${DOCKER_HOST#unix://})
165+
curl_opts+=(--unix-socket "${DOCKER_HOST#unix://}")
160166
scheme='http://localhost'
161167
else
162168
scheme="http://${DOCKER_HOST#*://}"
163169
fi
164170
[[ $method = "POST" ]] && curl_opts+=(-H 'Content-Type: application/json')
165-
curl "${curl_opts[@]}" -X${method} ${scheme}$1
171+
curl "${curl_opts[@]}" -X "${method}" "${scheme}$1"
166172
}
167173

168174
function docker_exec {
169175
local id="${1?missing id}"
170176
local cmd="${2?missing command}"
171-
local data=$(printf '{ "AttachStdin": false, "AttachStdout": true, "AttachStderr": true, "Tty":false,"Cmd": %s }' "$cmd")
177+
local data; data=$(printf '{ "AttachStdin": false, "AttachStdout": true, "AttachStderr": true, "Tty":false,"Cmd": %s }' "$cmd")
172178
exec_id=$(docker_api "/containers/$id/exec" "POST" "$data" | jq -r .Id)
173179
if [[ -n "$exec_id" && "$exec_id" != "null" ]]; then
174-
docker_api /exec/$exec_id/start "POST" '{"Detach": false, "Tty":false}'
180+
docker_api "/exec/${exec_id}/start" "POST" '{"Detach": false, "Tty":false}'
175181
else
176182
echo "$(date "+%Y/%m/%d %T"), Error: can't exec command ${cmd} in container ${id}. Check if the container is running." >&2
177183
return 1
@@ -190,12 +196,12 @@ function docker_kill {
190196
}
191197

192198
function labeled_cid {
193-
docker_api "/containers/json" | jq -r '.[] | select(.Labels["'$1'"])|.Id'
199+
docker_api "/containers/json" | jq -r '.[] | select(.Labels["'"$1"'"])|.Id'
194200
}
195201

196202
function is_docker_gen_container {
197203
local id="${1?missing id}"
198-
if [[ $(docker_api "/containers/$id/json" | jq -r '.Config.Env[]' | egrep -c '^DOCKER_GEN_VERSION=') = "1" ]]; then
204+
if [[ $(docker_api "/containers/$id/json" | jq -r '.Config.Env[]' | grep -c -E '^DOCKER_GEN_VERSION=') = "1" ]]; then
199205
return 0
200206
else
201207
return 1
@@ -204,7 +210,7 @@ function is_docker_gen_container {
204210

205211
function get_docker_gen_container {
206212
# First try to get the docker-gen container ID from the container label.
207-
local docker_gen_cid="$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen)"
213+
local docker_gen_cid; docker_gen_cid="$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen)"
208214

209215
# If the labeled_cid function dit not return anything and the env var is set, use it.
210216
if [[ -z "$docker_gen_cid" ]] && [[ -n "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then
@@ -218,7 +224,7 @@ function get_docker_gen_container {
218224
function get_nginx_proxy_container {
219225
local volumes_from
220226
# First try to get the nginx container ID from the container label.
221-
local nginx_cid="$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy)"
227+
local nginx_cid; nginx_cid="$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy)"
222228

223229
# If the labeled_cid function dit not return anything ...
224230
if [[ -z "${nginx_cid}" ]]; then
@@ -230,7 +236,7 @@ function get_nginx_proxy_container {
230236
volumes_from=$(docker_api "/containers/$(get_self_cid)/json" | jq -r '.HostConfig.VolumesFrom[]' 2>/dev/null)
231237
for cid in $volumes_from; do
232238
cid="${cid%:*}" # Remove leading :ro or :rw set by remote docker-compose (thx anoopr)
233-
if [[ $(docker_api "/containers/$cid/json" | jq -r '.Config.Env[]' | egrep -c '^NGINX_VERSION=') = "1" ]];then
239+
if [[ $(docker_api "/containers/$cid/json" | jq -r '.Config.Env[]' | grep -c -E '^NGINX_VERSION=') = "1" ]];then
234240
nginx_cid="$cid"
235241
break
236242
fi
@@ -244,8 +250,8 @@ function get_nginx_proxy_container {
244250

245251
## Nginx
246252
function reload_nginx {
247-
local _docker_gen_container=$(get_docker_gen_container)
248-
local _nginx_proxy_container=$(get_nginx_proxy_container)
253+
local _docker_gen_container; _docker_gen_container=$(get_docker_gen_container)
254+
local _nginx_proxy_container; _nginx_proxy_container=$(get_nginx_proxy_container)
249255

250256
if [[ -n "${_docker_gen_container:-}" ]]; then
251257
# Using docker-gen and nginx in separate container
@@ -285,16 +291,16 @@ function set_ownership_and_permissions {
285291
return 1
286292
fi
287293

288-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: checking $path ownership and permissions."
294+
[[ "$DEBUG" == true ]] && echo "Debug: checking $path ownership and permissions."
289295

290296
# Find the user numeric ID if the FILES_UID environment variable isn't numeric.
291297
if [[ "$user" =~ ^[0-9]+$ ]]; then
292298
user_num="$user"
293299
# Check if this user exist inside the container
294300
elif id -u "$user" > /dev/null 2>&1; then
295301
# Convert the user name to numeric ID
296-
local user_num="$(id -u "$user")"
297-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: numeric ID of user $user is $user_num."
302+
local user_num; user_num="$(id -u "$user")"
303+
[[ "$DEBUG" == true ]] && echo "Debug: numeric ID of user $user is $user_num."
298304
else
299305
echo "Warning: user $user not found in the container, please use a numeric user ID instead of a user name. Skipping ownership and permissions check."
300306
return 1
@@ -306,8 +312,8 @@ function set_ownership_and_permissions {
306312
# Check if this group exist inside the container
307313
elif getent group "$group" > /dev/null 2>&1; then
308314
# Convert the group name to numeric ID
309-
local group_num="$(getent group "$group" | awk -F ':' '{print $3}')"
310-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: numeric ID of group $group is $group_num."
315+
local group_num; group_num="$(getent group "$group" | awk -F ':' '{print $3}')"
316+
[[ "$DEBUG" == true ]] && echo "Debug: numeric ID of group $group is $group_num."
311317
else
312318
echo "Warning: group $group not found in the container, please use a numeric group ID instead of a group name. Skipping ownership and permissions check."
313319
return 1
@@ -316,7 +322,7 @@ function set_ownership_and_permissions {
316322
# Check and modify ownership if required.
317323
if [[ -e "$path" ]]; then
318324
if [[ "$(stat -c %u:%g "$path" )" != "$user_num:$group_num" ]]; then
319-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: setting $path ownership to $user:$group."
325+
[[ "$DEBUG" == true ]] && echo "Debug: setting $path ownership to $user:$group."
320326
if [[ -L "$path" ]]; then
321327
chown -h "$user_num:$group_num" "$path"
322328
else
@@ -326,21 +332,21 @@ function set_ownership_and_permissions {
326332
# If the path is a folder, check and modify permissions if required.
327333
if [[ -d "$path" ]]; then
328334
if [[ "$(stat -c %a "$path")" != "$d_perms" ]]; then
329-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: setting $path permissions to $d_perms."
335+
[[ "$DEBUG" == true ]] && echo "Debug: setting $path permissions to $d_perms."
330336
chmod "$d_perms" "$path"
331337
fi
332338
# If the path is a file, check and modify permissions if required.
333339
elif [[ -f "$path" ]]; then
334340
# Use different permissions for private files (private keys and ACME account files) ...
335341
if [[ "$path" =~ ^.*(default\.key|key\.pem|\.json)$ ]]; then
336342
if [[ "$(stat -c %a "$path")" != "$f_perms" ]]; then
337-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: setting $path permissions to $f_perms."
343+
[[ "$DEBUG" == true ]] && echo "Debug: setting $path permissions to $f_perms."
338344
chmod "$f_perms" "$path"
339345
fi
340346
# ... and for public files (certificates, chains, fullchains, DH parameters).
341347
else
342348
if [[ "$(stat -c %a "$path")" != "644" ]]; then
343-
[[ "$(lc $DEBUG)" == true ]] && echo "Debug: setting $path permissions to 644."
349+
[[ "$DEBUG" == true ]] && echo "Debug: setting $path permissions to 644."
344350
chmod "644" "$path"
345351
fi
346352
fi
@@ -350,8 +356,3 @@ function set_ownership_and_permissions {
350356
return 1
351357
fi
352358
}
353-
354-
# Convert argument to lowercase (bash 4 only)
355-
function lc {
356-
echo "${@,,}"
357-
}

0 commit comments

Comments
 (0)