lxc-oci: make shellcheck clean

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-oci: make shellcheck clean
4328e9e3 · Christian Brauner · a488502d · 4328e9e3
Unverified Commit 4328e9e3 authored Feb 27, 2018 by Christian Brauner
Show whitespace changes
Inline Side-by-side

Showing with 60 additions and 37 deletions

lxc-oci.in templates/lxc-oci.in +60 -37

No files found.
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -21,14 +21,13 @@
 #  USA

 set -eu
-# set -x  # debug

 # Make sure the usual locations are in PATH
 export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin

 # Check for required binaries
 for bin in skopeo umoci jq; do
-    if ! type $bin >/dev/null 2>&1; then
+  if ! which $bin >/dev/null 2>&1; then
    echo "ERROR: Missing required tool: $bin" 1>&2
    exit 1
  fi
@@ -43,6 +42,7 @@ cleanup() {
  if [ -d "${DOWNLOAD_TEMP}" ]; then
    rm -Rf "${DOWNLOAD_TEMP}"
  fi
+
  if [ -d "${LXC_ROOTFS}.tmp" ]; then
    rm -Rf "${LXC_ROOTFS}.tmp"
  fi
@@ -50,14 +50,19 @@ cleanup() {

 in_userns() {
  [ -e /proc/self/uid_map ] || { echo no; return; }
-    while read line; do
-        fields=$(echo $line | awk '{ print $1 " " $2 " " $3 }')
-        [ "$fields" = "0 0 4294967295" ] && { echo no; return; } || true
-        echo $fields | grep -q " 0 1$" && { echo userns-root; return; } || true
+  while read -r line; do
+    fields="$(echo "$line" | awk '{ print $1 " " $2 " " $3 }')"
+    if [ "${fields}" = "0 0 4294967295" ]; then
+      echo no;
+      return;
+    fi
+    if echo "${fields}" | grep -q " 0 1$"; then
+      echo userns-root;
+      return;
+    fi
  done < /proc/self/uid_map

-    [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
-        { echo userns-root; return; }
+  [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
  echo yes
 }

@@ -65,26 +70,28 @@ getconfigpath() {
  basedir="$1"
  q="$2"

-	digest=`cat "${basedir}/index.json" | jq -c -r --arg q "$q" '.manifests[] | if .annotations."org.opencontainers.image.ref.name" == $q then .digest else empty end'`
+  digest=$(jq -c -r --arg q "$q" '.manifests[] | if .annotations."org.opencontainers.image.ref.name" == $q then .digest else empty end' < "${basedir}/index.json")
  if [ -z "${digest}" ]; then
    echo "$q not found in index.json" >&2
    return
  fi

-	# Ok we have the image config digest, now get the config from that,
+  # Ok we have the image config digest, now get the config from that
+  # shellcheck disable=SC2039
  d=${digest:7}
-	cdigest=`cat "${basedir}/blobs/sha256/${d}" | jq -c -r '.config.digest'`
+  cdigest=$(jq -c -r '.config.digest' < "${basedir}/blobs/sha256/${d}")
  if [ -z "${cdigest}" ]; then
    echo "container config not found" >&2
    return
  fi

+  # shellcheck disable=SC2039
  d2=${cdigest:7}
  echo "${basedir}/blobs/sha256/${d2}"
  return
 }

-# get entrypoint from oci image.  Use sh if unspecified
+# Get entrypoint from oci image. Use sh if unspecified
 getep() {
  if [ "$#" -eq 0 ]; then
    echo "/bin/sh"
@@ -93,8 +100,8 @@ getep() {

  configpath="$1"

-	ep=`cat "${configpath}" | jq -c -r '.config.Entrypoint[]?'`
-	cmd=`cat "${configpath}" | jq -c -r '.config.Cmd[]?'`
+  ep=$(jq -c -r '.config.Entrypoint[]?'< "${configpath}")
+  cmd=$(jq -c -r '.config.Cmd[]?' < "${configpath}")
  if [ -z "${ep}" ]; then
    ep="${cmd}"
    if [ -z "${ep}" ]; then
@@ -104,7 +111,7 @@ getep() {
    ep="${ep} ${cmd}"
  fi

-	echo ${ep}
+  echo "${ep}"
  return
 }

@@ -116,7 +123,7 @@ getenv() {

  configpath="$1"

-	env=`cat "${configpath}" | jq -c -r '.config.Env[]'`
+  env=$(jq -c -r '.config.Env[]'< "${configpath}")

  echo "${env}"
  return
@@ -134,10 +141,11 @@ getuidgid() {

  configpath="$1"

-	uidgid=`cat "${configpath}" | jq -c -r '.config.User // "0:0"'`
+  uidgid=$(jq -c -r '.config.User // "0:0"' < "${configpath}")
+  # shellcheck disable=SC2039
  uidgid=(${uidgid//:/ })

-	printf '%d %d' ${uidgid[0]:-0} ${uidgid[1]:-0} 2>/dev/null || true
+  printf '%d %d' "${uidgid[0]:-0}" "${uidgid[1]:-0}" 2>/dev/null || true
  return
 }

@@ -150,7 +158,7 @@ getcwd() {

  configpath="$1"

-	cwd=`cat "${configpath}" | jq -c -r '.config.WorkingDir // "/"'`
+  cwd=$(jq -c -r '.config.WorkingDir // "/"' < "${configpath}")

  echo "${cwd}"
  return
@@ -176,15 +184,11 @@ LXC internal arguments (do not pass manually!):
 [ --rootfs <rootfs> ]: The path to the container's rootfs
 [ --mapped-uid <map> ]: A uid map (user namespaces)
 [ --mapped-gid <map> ]: A gid map (user namespaces)
-
 EOF
  return 0
 }

-options=$(getopt -o u:h -l help,url:,username:,password:,no-cache,dhcp,\
-name:,path:,rootfs:,mapped-uid:,mapped-gid: -- "$@")
-
-if [ $? -ne 0 ]; then
+if ! options=$(getopt -o u:h -l help,url:,username:,password:,no-cache,dhcp,name:,path:,rootfs:,mapped-uid:,mapped-gid: -- "$@"); then
    usage
    exit 1
 fi
@@ -221,7 +225,7 @@ done

 # Check that we have all variables we need
 if [ -z "$LXC_NAME" ] || [ -z "$LXC_PATH" ] || [ -z "$LXC_ROOTFS" ]; then
-    echo "ERROR: Not running through LXC." 1>&2
+  echo "ERROR: Not running through LXC" 1>&2
  exit 1
 fi

@@ -246,7 +250,7 @@ USERNS=$(in_userns)

 if [ "$USERNS" = "yes" ]; then
  if [ -z "$LXC_MAPPED_UID" ] || [ "$LXC_MAPPED_UID" = "-1" ]; then
-        echo "ERROR: In a user namespace without a map." 1>&2
+    echo "ERROR: In a user namespace without a map" 1>&2
    exit 1
  fi
 fi
@@ -264,46 +268,62 @@ fi
 # Trap all exit signals
 trap cleanup EXIT HUP INT TERM

-if ! type mktemp >/dev/null 2>&1; then
+if ! which mktemp >/dev/null 2>&1; then
  DOWNLOAD_TEMP="${DOWNLOAD_BASE}/lxc-oci.$$"
-    mkdir -p $DOWNLOAD_TEMP
+  mkdir -p "${DOWNLOAD_TEMP}"
 else
  DOWNLOAD_TEMP=$(mktemp -d -p "${DOWNLOAD_BASE}")
 fi

 # Download the image
+# shellcheck disable=SC2039
 skopeo_args=("")
 if [ -n "$OCI_USERNAME" ]; then
  CREDENTIALS="${OCI_USERNAME}"
+
  if [ -n "$OCI_PASSWORD" ]; then
    CREDENTIALS="${CREDENTIALS}:${OCI_PASSWORD}"
  fi
+
+  # shellcheck disable=SC2039
  skopeo_args+=(--src-creds "${CREDENTIALS}")
 fi
+
 if [ "${OCI_USE_CACHE}" = "true" ]; then
+  # shellcheck disable=SC2039
+  # shellcheck disable=SC2068
  skopeo_args+=(--dest-shared-blob-dir "${DOWNLOAD_BASE}")
+  # shellcheck disable=SC2039
+  # shellcheck disable=SC2068
  skopeo copy ${skopeo_args[@]} "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
  ln -s "${DOWNLOAD_BASE}/sha256" "${DOWNLOAD_TEMP}/blobs/sha256"
 else
+  # shellcheck disable=SC2039
+  # shellcheck disable=SC2068
  skopeo copy ${skopeo_args[@]} "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
 fi

 echo "Unpacking the rootfs"
+# shellcheck disable=SC2039
 umoci_args=("")
 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
+  # shellcheck disable=SC2039
  umoci_args+=(--rootless)
 fi
+# shellcheck disable=SC2039
+# shellcheck disable=SC2068
 umoci unpack ${umoci_args[@]} --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
 rmdir "${LXC_ROOTFS}"
 mv "${LXC_ROOTFS}.tmp/rootfs" "${LXC_ROOTFS}"

-OCI_CONF_FILE=$(getconfigpath ${DOWNLOAD_TEMP} latest)
+OCI_CONF_FILE=$(getconfigpath "${DOWNLOAD_TEMP}" latest)
 LXC_CONF_FILE="${LXC_PATH}/config"
-entrypoint=$(getep ${OCI_CONF_FILE})
+entrypoint=$(getep "${OCI_CONF_FILE}")
 echo "lxc.execute.cmd = '${entrypoint}'" >> "${LXC_CONF_FILE}"
 echo "lxc.mount.auto = proc:mixed sys:mixed cgroup:mixed" >> "${LXC_CONF_FILE}"

-environment=$(getenv ${OCI_CONF_FILE})
+environment=$(getenv "${OCI_CONF_FILE}")
+# shellcheck disable=SC2039
 while read -r line; do
  echo "lxc.environment = ${line}" >> "${LXC_CONF_FILE}"
 done <<< "${environment}"
@@ -327,12 +347,12 @@ fi

 echo "lxc.uts.name = ${LXC_NAME}" >> "${LXC_CONF_FILE}"
 # set the hostname
-cat <<EOF > ${LXC_ROOTFS}/etc/hostname
+cat <<EOF > "${LXC_ROOTFS}/etc/hostname"
 ${LXC_NAME}
 EOF

 # set minimal hosts
-cat <<EOF > ${LXC_ROOTFS}/etc/hosts
+cat <<EOF > "${LXC_ROOTFS}/etc/hosts"
 127.0.0.1   localhost
 127.0.1.1   ${LXC_NAME}
 ::1     localhost ip6-localhost ip6-loopback
@@ -342,18 +362,21 @@ ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 EOF

-uidgid=($(getuidgid ${OCI_CONF_FILE}))
+# shellcheck disable=SC2039
+uidgid=($(getuidgid "${OCI_CONF_FILE}"))
+# shellcheck disable=SC2039
 echo "lxc.init.uid = ${uidgid[0]}" >> "${LXC_CONF_FILE}"
+# shellcheck disable=SC2039
 echo "lxc.init.gid = ${uidgid[1]}" >> "${LXC_CONF_FILE}"

-cwd=$(getcwd ${OCI_CONF_FILE})
+cwd=$(getcwd "${OCI_CONF_FILE}")
 echo "lxc.init.cwd = ${cwd}" >> "${LXC_CONF_FILE}"

 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
-    chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
+  chown "$LXC_MAPPED_UID" "$LXC_PATH/config" "$LXC_PATH/fstab" > /dev/null 2>&1 || true
 fi
 if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
-    chgrp $LXC_MAPPED_GID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
+  chgrp "$LXC_MAPPED_GID" "$LXC_PATH/config" "$LXC_PATH/fstab" > /dev/null 2>&1 || true
 fi

 exit 0