From c5733ff47f7158c8c86050cd80258aab92ba4101 Mon Sep 17 00:00:00 2001 From: "John R. Lenton" Date: Mon, 22 May 2017 10:57:41 +0100 Subject: [PATCH] many: make shell scripts shellcheck-clean Also make run-checks run shellcheck on the data completion scripts as well as on tests/lib/*.sh. Includes making pinentry-fake.sh an actual script (so shellcheck can check it too) instead of a here-document inside another one. --- data/completion/complete.sh | 6 +- data/completion/etelpmoc.sh | 2 +- get-deps.sh | 11 +-- run-checks | 62 ++++++++++------- tests/lib/apt.sh | 6 +- tests/lib/boot.sh | 3 +- tests/lib/changes.sh | 2 +- tests/lib/dirs.sh | 4 +- tests/lib/mkpinentry.sh | 26 +------ tests/lib/network.sh | 4 +- tests/lib/pinentry-fake.sh | 18 +++++ tests/lib/pkgdb.sh | 2 + tests/lib/prepare-project.sh | 23 ++++--- tests/lib/prepare.sh | 117 +++++++++++++++++--------------- tests/lib/reset.sh | 25 ++++--- tests/lib/snaps.sh | 8 ++- tests/lib/store.sh | 17 ++--- tests/lib/systemd.sh | 8 +-- tests/main/completion/task.yaml | 2 +- tests/main/create-key/task.yaml | 2 +- tests/main/snap-sign/task.yaml | 2 +- 21 files changed, 190 insertions(+), 160 deletions(-) mode change 100644 => 100755 tests/lib/mkpinentry.sh create mode 100755 tests/lib/pinentry-fake.sh diff --git a/data/completion/complete.sh b/data/completion/complete.sh index fe570fc2f4f..6cbad3ecc12 100644 --- a/data/completion/complete.sh +++ b/data/completion/complete.sh @@ -40,7 +40,7 @@ _complete_from_snap() { { # De-serialize the output of 'snap run --command=complete ...' into the format # bash expects: - read -a opts + read -r -a opts # opts is expected to be a series of compopt options if [[ ${#opts[@]} -gt 0 ]]; then if [[ "${opts[0]}" == "cannot" ]]; then @@ -56,7 +56,7 @@ _complete_from_snap() { done fi - read bounced + read -r bounced case "$bounced" in ""|"alias"|"export"|"job"|"variable") # OK @@ -67,7 +67,7 @@ _complete_from_snap() { ;; esac - read sep + read -r sep if [ -n "$sep" ]; then # non-blank separator? madness! return 2 diff --git a/data/completion/etelpmoc.sh b/data/completion/etelpmoc.sh index dad9a087cdd..c9806dbe470 100755 --- a/data/completion/etelpmoc.sh +++ b/data/completion/etelpmoc.sh @@ -30,7 +30,7 @@ _die() { exit 1 } -if [[ "$BASH_SOURCE" != "$0" ]]; then +if [[ "${BASH_SOURCE[0]}" != "$0" ]]; then _die "ERROR: this is meant to be run, not sourced." fi diff --git a/get-deps.sh b/get-deps.sh index d14f2e5b2be..76b234e7e80 100755 --- a/get-deps.sh +++ b/get-deps.sh @@ -2,11 +2,14 @@ set -eu -if [ -z "$(which govendor)" ];then - echo Installing govendor - go get -u github.com/kardianos/govendor +if ! which govendor >/dev/null;then + export PATH="$PATH:${GOPATH%%:*}/bin" + + if ! which govendor >/dev/null;then + echo Installing govendor + go get -u github.com/kardianos/govendor + fi fi -export PATH=$PATH:$GOPATH/bin echo Obtaining dependencies govendor sync diff --git a/run-checks b/run-checks index 03e1f20e330..0f6c41bd6fa 100755 --- a/run-checks +++ b/run-checks @@ -1,5 +1,4 @@ -#!/bin/bash -# bash because of the codecov integration +#!/bin/sh if [ "$TRAVIS_BUILD_NUMBER" ]; then echo travis_fold:start:env @@ -16,6 +15,9 @@ if which goctest >/dev/null; then else goctest="go test" fi +COVERMODE=${COVERMODE:-atomic} +export GOPATH="${GOPATH:-$(realpath "$(dirname "$0")"/../../../../)}" +export PATH="$PATH:${GOPATH%%:*}/bin" STATIC= UNIT= @@ -52,6 +54,7 @@ exit_with_exit_code() { } addtrap() { CURRENTTRAP="$CURRENTTRAP ; $1" + # shellcheck disable=SC2064 trap "store_exit_code; $CURRENTTRAP ; exit_with_exit_code" EXIT } @@ -64,7 +67,7 @@ endmsg() { m="Crushing failure and despair." fi echo - if [ -t 1 -a -z "$STATIC" ]; then + if [ -t 1 ] && [ -z "$STATIC" ]; then cat "data/$p" else echo "$m" @@ -76,7 +79,7 @@ addtrap endmsg append_coverage() ( profile="$1" if [ -f "$profile" ]; then - grep -v "mode: set" -- "$profile" >> .coverage/coverage.out + grep -v "^mode:" -- "$profile" >> .coverage/coverage.out rm "$profile" fi ) @@ -86,12 +89,12 @@ if [ "$STATIC" = 1 ]; then # Run static tests. echo Checking docs - ./mdlint.py docs/*.md + ./mdlint.py ./*.md docs/*.md echo Checking formatting fmt="" - for pkg in $(go list ./... | grep -v '/vendor/' ); do - s="$(gofmt -s -l $GOPATH/src/$pkg)" + for dir in $(go list -f '{{.Dir}}' ./... | grep -v '/vendor/' ); do + s="$(gofmt -s -l "$dir")" if [ -n "$s" ]; then fmt="$s\n$fmt" fi @@ -105,26 +108,33 @@ if [ "$STATIC" = 1 ]; then # go vet echo Running vet - for pkg in $(go list ./... | grep -v '/vendor/' ); do - go vet $pkg - done + # shellcheck disable=SC2046 + go vet $(go list ./... | grep -v '/vendor/' ) - if which shellcheck 2>/dev/null; then + if which shellcheck >/dev/null; then echo Checking shell scripts... - shellcheck -s bash data/completion/*.sh + shellcheck -s sh run-checks get-deps.sh + shellcheck tests/lib/*.sh + shellcheck -s bash -e SC1090,SC1091 data/completion/*.sh fi echo Checking spelling errors - go get -u github.com/client9/misspell/cmd/misspell - for file in $(ls . | grep -v 'vendor\|po'); do - ${GOBIN:-$GOPATH/bin}/misspell -error -i auther $file + if ! which misspell >/dev/null; then + go get -u github.com/client9/misspell/cmd/misspell + fi + for file in *; do + if [ "$file" = "vendor" ] || [ "$file" = "po" ]; then + continue + fi + misspell -error -i auther "$file" done echo Checking for ineffective assignments - go get -u github.com/gordonklaus/ineffassign - for file in $(ls . | grep -v 'vendor\|po'); do - ${GOBIN:-$GOPATH/bin}/ineffassign $file - done + if ! which ineffassign >/dev/null; then + go get -u github.com/gordonklaus/ineffassign + fi + # ineffassign knows about ignoring vendor/ \o/ + ineffassign . fi if [ "$UNIT" = 1 ]; then @@ -133,22 +143,22 @@ if [ "$UNIT" = 1 ]; then # Prepare the coverage output profile. rm -rf .coverage mkdir .coverage - echo "mode: set" > .coverage/coverage.out + echo "mode: $COVERMODE" > .coverage/coverage.out echo Building go build -v github.com/snapcore/snapd/... # tests - echo Running tests from $(pwd) + echo Running tests from "$PWD" for pkg in $(go list ./... | grep -v '/vendor/' ); do - go test -i $pkg - $goctest -v -coverprofile=.coverage/profile.out -covermode=atomic $pkg + go test -i "$pkg" + $goctest -v -coverprofile=.coverage/profile.out -covermode="$COVERMODE" "$pkg" append_coverage .coverage/profile.out done # upload to codecov.io if on travis if [ "${TRAVIS_BUILD_NUMBER:-}" ]; then - bash <(curl -s https://codecov.io/bash) -f .coverage/coverage.out + curl -s https://codecov.io/bash | bash /dev/stdin -f .coverage/coverage.out fi fi @@ -157,7 +167,7 @@ if [ "$SPREAD" = 1 ]; then addtrap "rm -rf \"$TMP_SPREAD\"" export PATH=$TMP_SPREAD:$PATH - ( cd $TMP_SPREAD && curl -s -O https://niemeyer.s3.amazonaws.com/spread-amd64.tar.gz && tar xzvf spread-amd64.tar.gz ) + ( cd "$TMP_SPREAD" && curl -s -O https://niemeyer.s3.amazonaws.com/spread-amd64.tar.gz && tar xzvf spread-amd64.tar.gz ) spread -v linode: @@ -170,7 +180,7 @@ if [ "$DEPRECATED" = 1 ]; then fi -UNCLEAN="$(git status -s|grep ^??)" || true +UNCLEAN="$(git status -s|grep '^??')" || true if [ -n "$UNCLEAN" ]; then cat </dev/null; then diff --git a/tests/lib/changes.sh b/tests/lib/changes.sh index 7974f6e9eff..7028e3b4ce0 100755 --- a/tests/lib/changes.sh +++ b/tests/lib/changes.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash change_id() { # takes [] diff --git a/tests/lib/dirs.sh b/tests/lib/dirs.sh index 069fd7199de..693667f4d80 100644 --- a/tests/lib/dirs.sh +++ b/tests/lib/dirs.sh @@ -1,5 +1,5 @@ #!/bin/sh # Default applies for: Ubuntu, Debian -SNAPMOUNTDIR=/snap -LIBEXECDIR=/usr/lib +export SNAPMOUNTDIR=/snap +export LIBEXECDIR=/usr/lib diff --git a/tests/lib/mkpinentry.sh b/tests/lib/mkpinentry.sh old mode 100644 new mode 100755 index f094fe2ba4c..1f909375ca6 --- a/tests/lib/mkpinentry.sh +++ b/tests/lib/mkpinentry.sh @@ -1,25 +1,5 @@ #!/bin/sh echo "setup fake gpg pinentry environment" -cat > /tmp/pinentry-fake <<'EOF' -#!/bin/sh -set -e -echo "OK Pleased to meet you" -while true; do - read line - case $line in - GETPIN) - echo "D pass" - echo "OK" - ;; - BYE) - exit 0 - ;; - *) - echo "OK I'm not very smart" - ;; -esac -done -EOF -chmod +x /tmp/pinentry-fake -mkdir -pm 0700 $HOME/.snap/gnupg/ -echo pinentry-program /tmp/pinentry-fake > $HOME/.snap/gnupg/gpg-agent.conf +mkdir -p ~/.snap/gnupg/ +echo pinentry-program "$TESTSLIB/pinentry-fake.sh" > ~/.snap/gnupg/gpg-agent.conf +chmod -R go-rwx ~/.snap diff --git a/tests/lib/network.sh b/tests/lib/network.sh index 18fc95c57c8..976b3cdf96c 100644 --- a/tests/lib/network.sh +++ b/tests/lib/network.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash get_default_iface(){ - echo "$(ip route get 8.8.8.8 | awk '{ print $5; exit }')" + ip route get 8.8.8.8 | awk '{ print $5; exit }' } diff --git a/tests/lib/pinentry-fake.sh b/tests/lib/pinentry-fake.sh new file mode 100755 index 00000000000..5d2b273e0d5 --- /dev/null +++ b/tests/lib/pinentry-fake.sh @@ -0,0 +1,18 @@ +#!/bin/sh +set -e +echo "OK Pleased to meet you" +while true; do + read -r line + case $line in + GETPIN) + echo "D pass" + echo "OK" + ;; + BYE) + exit 0 + ;; + *) + echo "OK I'm not very smart" + ;; + esac +done diff --git a/tests/lib/pkgdb.sh b/tests/lib/pkgdb.sh index 1728c47ede6..7d676679e91 100644 --- a/tests/lib/pkgdb.sh +++ b/tests/lib/pkgdb.sh @@ -1,5 +1,6 @@ #!/bin/bash +# shellcheck source=tests/lib/quiet.sh . "$TESTSLIB/quiet.sh" debian_name_package() { @@ -46,6 +47,7 @@ distro_install_local_package() { if [ "$allow_downgrades" = "true" ]; then flags="$flags --allow-downgrades" fi + # shellcheck disable=SC2086 apt install $flags "$@" ;; *) diff --git a/tests/lib/prepare-project.sh b/tests/lib/prepare-project.sh index 45cf9c63ba9..6653e0e2857 100644 --- a/tests/lib/prepare-project.sh +++ b/tests/lib/prepare-project.sh @@ -29,7 +29,7 @@ build_deb(){ su -l -c "cd $PWD && DEB_BUILD_OPTIONS='nocheck testkeys' dpkg-buildpackage -tc -b -Zgzip" test # put our debs to a safe place - cp ../*.deb $GOPATH + cp ../*.deb "${GOPATH%%:*}" } download_from_published(){ @@ -51,7 +51,7 @@ install_dependencies_from_published(){ local published_version="$1" for dep in snap-confine ubuntu-core-launcher; do - dpkg -i "${GOPATH}/${dep}_${published_version}_$(dpkg --print-architecture).deb" + dpkg -i "${GOPATH%%:*}/${dep}_${published_version}_$(dpkg --print-architecture).deb" done } @@ -60,6 +60,7 @@ install_dependencies_from_published(){ echo "Running with SNAP_REEXEC: $SNAP_REEXEC" # check that we are not updating +# shellcheck source=tests/lib/boot.sh . "$TESTSLIB/boot.sh" if [ "$(bootenv snap_mode)" = "try" ]; then echo "Ongoing reboot upgrade process, please try again when finished" @@ -67,23 +68,25 @@ if [ "$(bootenv snap_mode)" = "try" ]; then fi # declare the "quiet" wrapper +# shellcheck source=tests/lib/quiet.sh . "$TESTSLIB/quiet.sh" +# shellcheck source=tests/lib/dirs.sh . "$TESTSLIB/dirs.sh" if [ "$SPREAD_BACKEND" = external ]; then # build test binaries - if [ ! -f $GOPATH/bin/snapbuild ]; then - mkdir -p $GOPATH/bin + if [ ! -f "${GOPATH%%:*}/bin/snapbuild" ]; then + mkdir -p "${GOPATH%%:*}/bin" snap install --edge test-snapd-snapbuild - cp $SNAPMOUNTDIR/test-snapd-snapbuild/current/bin/snapbuild $GOPATH/bin/snapbuild + cp "$SNAPMOUNTDIR/test-snapd-snapbuild/current/bin/snapbuild" "${GOPATH%%:*}/bin/snapbuild" snap remove test-snapd-snapbuild fi # stop and disable autorefresh - if [ -e $SNAPMOUNTDIR/core/current/meta/hooks/configure ]; then + if [ -e "$SNAPMOUNTDIR/core/current/meta/hooks/configure" ]; then systemctl disable --now snapd.refresh.timer snap set core refresh.disabled=true fi - chown test.test -R $PROJECT_PATH + chown test.test -R "$PROJECT_PATH" exit 0 fi @@ -98,6 +101,7 @@ fi create_test_user +# shellcheck source=tests/lib/pkgdb.sh . "$TESTSLIB/pkgdb.sh" distro_update_package_db @@ -129,11 +133,11 @@ distro_purge_package snapd distro_install_package build-essential curl devscripts expect gdebi-core jq rng-tools git netcat-openbsd # in 16.04: apt build-dep -y ./ -quiet apt-get install -y $(gdebi --quiet --apt-line ./debian/control) +gdebi --quiet --apt-line ./debian/control | quiet xargs -r apt-get install -y # update vendoring if [ "$(which govendor)" = "" ]; then - rm -rf $GOPATH/src/github.com/kardianos/govendor + rm -rf "${GOPATH%%:*}/src/github.com/kardianos/govendor" go get -u github.com/kardianos/govendor fi quiet govendor sync @@ -153,6 +157,7 @@ fakestore_tags= if [ "$REMOTE_STORE" = staging ]; then fakestore_tags="-tags withstagingkeys" fi +# shellcheck disable=SC2086 go get $fakestore_tags ./tests/lib/fakestore/cmd/fakestore # Build additional utilities we need for testing diff --git a/tests/lib/prepare.sh b/tests/lib/prepare.sh index 7c906825388..329024076cd 100755 --- a/tests/lib/prepare.sh +++ b/tests/lib/prepare.sh @@ -2,9 +2,12 @@ set -eux -. $TESTSLIB/dirs.sh -. $TESTSLIB/apt.sh -. $TESTSLIB/snaps.sh +# shellcheck source=tests/lib/dirs.sh +. "$TESTSLIB/dirs.sh" +# shellcheck source=tests/lib/apt.sh +. "$TESTSLIB/apt.sh" +# shellcheck source=tests/lib/snaps.sh +. "$TESTSLIB/snaps.sh" disable_kernel_rate_limiting() { # kernel rate limiting hinders debugging security policy so turn it off @@ -29,7 +32,7 @@ update_core_snap_for_classic_reexec() { # shove the new snap-exec and snapctl in there, and repack it. # First of all, unmount the core - core="$(readlink -f $SNAPMOUNTDIR/core/current || readlink -f $SNAPMOUNTDIR/ubuntu-core/current)" + core="$(readlink -f "$SNAPMOUNTDIR/core/current" || readlink -f "$SNAPMOUNTDIR/ubuntu-core/current")" snap="$(mount | grep " $core" | awk '{print $1}')" umount --verbose "$core" @@ -38,7 +41,7 @@ update_core_snap_for_classic_reexec() { # clean the old snapd libexec binaries, just in case rm squashfs-root/usr/lib/snapd/* # and copy in the current ones - cp -a $LIBEXECDIR/snapd/* squashfs-root/usr/lib/snapd/ + cp -a "$LIBEXECDIR"/snapd/* squashfs-root/usr/lib/snapd/ # also the binaries themselves cp -a /usr/bin/{snap,snapctl} squashfs-root/usr/bin/ # and snap-confine's apparmor @@ -57,18 +60,18 @@ update_core_snap_for_classic_reexec() { mount "$snap" "$core" check_file() { - if ! cmp $1 $2 ; then + if ! cmp "$1" "$2" ; then echo "$1 in tree and $2 in core snap are unexpectedly not the same" exit 1 fi } # Make sure we're running with the correct copied bits - for p in $LIBEXECDIR/snapd/snap-exec $LIBEXECDIR/snapd/snap-confine $LIBEXECDIR/snapd/snap-discard-ns $LIBEXECDIR/snapd/snapd; do - check_file ${p} ${core}/usr/lib/snapd/$(basename ${p}) + for p in "$LIBEXECDIR/snapd/snap-exec" "$LIBEXECDIR/snapd/snap-confine" "$LIBEXECDIR/snapd/snap-discard-ns" "$LIBEXECDIR/snapd/snapd"; do + check_file "$p" "$core/usr/lib/snapd/$(basename "$p")" done for p in /usr/bin/snapctl /usr/bin/snap; do - check_file ${p} ${core}${p} + check_file "$p" "$core$p" done } @@ -96,10 +99,10 @@ prepare_classic() { apt-cache policy snapd exit 1 fi - if $LIBEXECDIR/snapd/snap-confine --version | MATCH unknown; then + if "$LIBEXECDIR/snapd/snap-confine" --version | MATCH unknown; then echo "Package build incorrect, 'snap-confine --version' mentions 'unknown'" apt-cache policy snap-confine - $LIBEXECDIR/snapd/snap-confine --version + "$LIBEXECDIR/snapd/snap-confine" --version exit 1 fi @@ -117,17 +120,18 @@ StartLimitInterval=0 EOF if [ "$REMOTE_STORE" = staging ]; then - . $TESTSLIB/store.sh + # shellcheck source=tests/lib/store.sh + . "$TESTSLIB/store.sh" setup_staging_store fi # Snapshot the state including core. - if [ ! -f $SPREAD_PATH/snapd-state.tar.gz ]; then + if [ ! -f "$SPREAD_PATH/snapd-state.tar.gz" ]; then ! snap list | grep core || exit 1 # use parameterized core channel (defaults to edge) instead # of a fixed one and close to stable in order to detect defects # earlier - snap install --${CORE_CHANNEL} core + snap install --"$CORE_CHANNEL" core snap list | grep core # ensure no auto-refresh happens during the tests @@ -149,16 +153,16 @@ EOF update_core_snap_for_classic_reexec systemctl daemon-reload - escaped_snap_mount_dir="$(systemd-escape --path $SNAPMOUNTDIR)" + escaped_snap_mount_dir="$(systemd-escape --path "$SNAPMOUNTDIR")" mounts="$(systemctl list-unit-files --full | grep "^$escaped_snap_mount_dir[-.].*\.mount" | cut -f1 -d ' ')" services="$(systemctl list-unit-files --full | grep "^$escaped_snap_mount_dir[-.].*\.service" | cut -f1 -d ' ')" for unit in $services $mounts; do - systemctl stop $unit + systemctl stop "$unit" done - tar czf $SPREAD_PATH/snapd-state.tar.gz /var/lib/snapd $SNAPMOUNTDIR /etc/systemd/system/$escaped_snap_mount_dir-*core*.mount + tar czf "$SPREAD_PATH"/snapd-state.tar.gz /var/lib/snapd "$SNAPMOUNTDIR" /etc/systemd/system/"$escaped_snap_mount_dir"-*core*.mount systemctl daemon-reload # Workaround for http://paste.ubuntu.com/17735820/ for unit in $mounts $services; do - systemctl start $unit + systemctl start "$unit" done systemctl start snapd.socket fi @@ -177,10 +181,10 @@ EOF setup_reflash_magic() { # install the stuff we need distro_install_package kpartx busybox-static - distro_install_local_package ${GOPATH}/snapd_*.deb + distro_install_local_package "${GOPATH%%:*}"/snapd_*.deb distro_clean_package_cache - snap install --${CORE_CHANNEL} core + snap install "--${CORE_CHANNEL}" core # install ubuntu-image snap install --classic --edge ubuntu-image @@ -188,47 +192,47 @@ setup_reflash_magic() { # needs to be under /home because ubuntu-device-flash # uses snap-confine and that will hide parts of the hostfs IMAGE_HOME=/home/image - mkdir -p $IMAGE_HOME + mkdir -p "$IMAGE_HOME" # modify the core snap so that the current root-pw works there # for spread to do the first login UNPACKD="/tmp/core-snap" - unsquashfs -d $UNPACKD /var/lib/snapd/snaps/core_*.snap + unsquashfs -d "$UNPACKD" /var/lib/snapd/snaps/core_*.snap # FIXME: netplan workaround - mkdir -p $UNPACKD/etc/netplan + mkdir -p "$UNPACKD/etc/netplan" # set root pw by concating root line from host and rest from core want_pw="$(grep ^root /etc/shadow)" echo "$want_pw" > /tmp/new-shadow tail -n +2 /etc/shadow >> /tmp/new-shadow - cp -v /tmp/new-shadow $UNPACKD/etc/shadow - cp -v /etc/passwd $UNPACKD/etc/passwd + cp -v /tmp/new-shadow "$UNPACKD/etc/shadow" + cp -v /etc/passwd "$UNPACKD/etc/passwd" # ensure spread -reuse works in the core image as well if [ -e /.spread.yaml ]; then - cp -av /.spread.yaml $UNPACKD + cp -av /.spread.yaml "$UNPACKD" fi # we need the test user in the image # see the comment in spread.yaml about 12345 - sed -i "s/^test.*$//" $UNPACKD/etc/{shadow,passwd} - chroot $UNPACKD addgroup --quiet --gid 12345 test - chroot $UNPACKD adduser --quiet --no-create-home --uid 12345 --gid 12345 --disabled-password --gecos '' test - echo 'test ALL=(ALL) NOPASSWD:ALL' >> $UNPACKD/etc/sudoers.d/99-test-user + sed -i 's/^test.*$//' "$UNPACKD"/etc/{shadow,passwd} + chroot "$UNPACKD" addgroup --quiet --gid 12345 test + chroot "$UNPACKD" adduser --quiet --no-create-home --uid 12345 --gid 12345 --disabled-password --gecos '' test + echo 'test ALL=(ALL) NOPASSWD:ALL' >> "$UNPACKD/etc/sudoers.d/99-test-user" - echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' >> $UNPACKD/etc/sudoers.d/99-ubuntu-user + echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' >> "$UNPACKD/etc/sudoers.d/99-ubuntu-user" # modify sshd so that we can connect as root - sed -i 's/\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/' $UNPACKD/etc/ssh/sshd_config + sed -i 's/\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/' "$UNPACKD/etc/ssh/sshd_config" # FIXME: install would be better but we don't have dpkg on # the image # unpack our freshly build snapd into the new core snap - dpkg-deb -x ${SPREAD_PATH}/../snapd_*.deb $UNPACKD + dpkg-deb -x "$SPREAD_PATH"/../snapd_*.deb "$UNPACKD" # add gpio and iio slots - cat >> $UNPACKD/meta/snap.yaml <<-EOF + cat >> "$UNPACKD/meta/snap.yaml" <<-EOF slots: gpio-pin: interface: gpio @@ -240,10 +244,10 @@ slots: EOF # build new core snap for the image - snapbuild $UNPACKD $IMAGE_HOME + snapbuild "$UNPACKD" "$IMAGE_HOME" # FIXME: fetch directly once its in the assertion service - cp "$TESTSLIB/assertions/pc-${REMOTE_STORE}.model" $IMAGE_HOME/pc.model + cp "$TESTSLIB/assertions/pc-${REMOTE_STORE}.model" "$IMAGE_HOME/pc.model" # FIXME: how to test store updated of ubuntu-core with sideloaded snap? IMAGE=all-snap-amd64.img @@ -252,13 +256,13 @@ EOF # test keys and not the bundled version of usr/bin/snap from the snap. # Note that we can not put it into /usr/bin as '/usr' is different # when the snap uses confinement. - cp /usr/bin/snap $IMAGE_HOME - export UBUNTU_IMAGE_SNAP_CMD=$IMAGE_HOME/snap + cp /usr/bin/snap "$IMAGE_HOME" + export UBUNTU_IMAGE_SNAP_CMD="$IMAGE_HOME/snap" EXTRA_FUNDAMENTAL= IMAGE_CHANNEL=edge if [ "$KERNEL_CHANNEL" = "$GADGET_CHANNEL" ]; then - IMAGE_CHANNEL=$KERNEL_CHANNEL + IMAGE_CHANNEL="$KERNEL_CHANNEL" else # download pc-kernel snap for the specified channel and set ubuntu-image channel # to gadget, so that we don't need to download it @@ -268,15 +272,15 @@ EOF IMAGE_CHANNEL="$GADGET_CHANNEL" fi - /snap/bin/ubuntu-image -w $IMAGE_HOME $IMAGE_HOME/pc.model \ - --channel $IMAGE_CHANNEL \ - $EXTRA_FUNDAMENTAL \ - --extra-snaps $IMAGE_HOME/core_*.snap \ - --output $IMAGE_HOME/$IMAGE + /snap/bin/ubuntu-image -w "$IMAGE_HOME" "$IMAGE_HOME/pc.model" \ + --channel "$IMAGE_CHANNEL" \ + "$EXTRA_FUNDAMENTAL" \ + --extra-snaps "$IMAGE_HOME"/core_*.snap \ + --output "$IMAGE_HOME/$IMAGE" rm -f ./pc-kernel_*.{snap,assert} ./pc_*.{snap,assert} # mount fresh image and add all our SPREAD_PROJECT data - kpartx -avs $IMAGE_HOME/$IMAGE + kpartx -avs "$IMAGE_HOME/$IMAGE" # FIXME: hardcoded mapper location, parse from kpartx mount /dev/mapper/loop2p3 /mnt mkdir -p /mnt/user-data/ @@ -293,7 +297,7 @@ EOF # we have subdirs/files in /etc/systemd/system (created below) # the writeable-path sync-boot won't work mkdir -p /mnt/system-data/etc/systemd - (cd /tmp ; unsquashfs -v $IMAGE_HOME/core_*.snap etc/systemd/system) + (cd /tmp ; unsquashfs -v "$IMAGE_HOME"/core_*.snap etc/systemd/system) cp -avr /tmp/squashfs-root/etc/systemd/system /mnt/system-data/etc/systemd/ # FIXUP silly systemd @@ -312,11 +316,11 @@ StartLimitInterval=0 EOF umount /mnt - kpartx -d $IMAGE_HOME/$IMAGE + kpartx -d "$IMAGE_HOME/$IMAGE" # the reflash magic # FIXME: ideally in initrd, but this is good enough for now - cat > $IMAGE_HOME/reflash.sh << EOF + cat > "$IMAGE_HOME/reflash.sh" << EOF #!/bin/sh -ex mount -t tmpfs none /tmp cp /bin/busybox /tmp @@ -328,10 +332,10 @@ sync /tmp/busybox sync /tmp/busybox echo b > /proc/sysrq-trigger EOF - chmod +x $IMAGE_HOME/reflash.sh + chmod +x "$IMAGE_HOME/reflash.sh" # extract ROOT from /proc/cmdline - ROOT=$(cat /proc/cmdline | sed -e 's/^.*root=//' -e 's/ .*$//') + ROOT=$(sed -e 's/^.*root=//' -e 's/ .*$//' /proc/cmdline) cat >/boot/grub/grub.cfg < generic-consumer/meta/snap.yaml snapbuild generic-consumer generic-consumer snap install --dangerous generic-consumer/*.snap diff --git a/tests/lib/store.sh b/tests/lib/store.sh index c6a0bb7092f..3cbf89ce6b8 100644 --- a/tests/lib/store.sh +++ b/tests/lib/store.sh @@ -1,13 +1,14 @@ -#!/bin/sh +#!/bin/bash STORE_CONFIG=/etc/systemd/system/snapd.service.d/store.conf -. $TESTSLIB/systemd.sh +# shellcheck source=tests/lib/systemd.sh +. "$TESTSLIB/systemd.sh" _configure_store_backends(){ systemctl stop snapd.service snapd.socket - mkdir -p $(dirname $STORE_CONFIG) - rm -f $STORE_CONFIG - cat > $STORE_CONFIG < "$STORE_CONFIG" < /run/systemd/system/$1.service + printf "[Unit]\nDescription=For testing purposes\n[Service]\nType=simple\nExecStart=%s\n" "$2" > "/run/systemd/system/$1.service" if [ -n "${3:-}" ]; then - echo "Environment=$3" >> /run/systemd/system/$1.service + echo "Environment=$3" >> "/run/systemd/system/$1.service" fi systemctl daemon-reload - systemctl start $1 + systemctl start "$1" } # Use like systemd_stop_and_destroy_unit(fakestore) @@ -15,6 +15,6 @@ systemd_stop_and_destroy_unit() { if systemctl status "$1"; then systemctl stop "$1" fi - rm -f /run/systemd/system/$1.service + rm -f "/run/systemd/system/$1.service" systemctl daemon-reload } diff --git a/tests/main/completion/task.yaml b/tests/main/completion/task.yaml index e873beed9f4..e9f5593d6ed 100644 --- a/tests/main/completion/task.yaml +++ b/tests/main/completion/task.yaml @@ -11,7 +11,7 @@ prepare: | touch bar.snap snap install core snap install test-snapd-tools - . "$TESTSLIB/mkpinentry.sh" + "$TESTSLIB"/mkpinentry.sh expect -d -f key.exp0 restore: | diff --git a/tests/main/create-key/task.yaml b/tests/main/create-key/task.yaml index 45c49fe0c03..3ced0ca4d09 100644 --- a/tests/main/create-key/task.yaml +++ b/tests/main/create-key/task.yaml @@ -3,7 +3,7 @@ summary: Checks for snap create-key systems: [-ubuntu-core-16-*, -ubuntu-*-ppc64el] prepare: | - . "$TESTSLIB/mkpinentry.sh" + "$TESTSLIB"/mkpinentry.sh execute: | echo "Checking passphrase mismatch error" diff --git a/tests/main/snap-sign/task.yaml b/tests/main/snap-sign/task.yaml index 744318ec034..34e58d7cea6 100644 --- a/tests/main/snap-sign/task.yaml +++ b/tests/main/snap-sign/task.yaml @@ -4,7 +4,7 @@ summary: Run snap sign to sign a model assertion systems: [-ubuntu-core-16-*, -ubuntu-*-ppc64el] prepare: | - . "$TESTSLIB/mkpinentry.sh" + "$TESTSLIB"/mkpinentry.sh execute: | echo "Creating a new key without a password"