diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 898cd16e58..0260e85342 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -2,6 +2,7 @@ name: Run Shellcheck on push and PR
on:
push:
+ branches: [ "dev" ]
pull_request:
jobs:
@@ -28,5 +29,4 @@ jobs:
tests/test_helpers.v2.d
helpers/vendor
src/vendor
- hooks
helpers
diff --git a/hooks/backup/05-conf_ldap b/hooks/backup/05-conf_ldap
index ea1a5e2257..5afe57229b 100644
--- a/hooks/backup/05-conf_ldap
+++ b/hooks/backup/05-conf_ldap
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
# Backup destination
diff --git a/hooks/backup/17-data_home b/hooks/backup/17-data_home
index b537d4e82a..465db0384d 100644
--- a/hooks/backup/17-data_home
+++ b/hooks/backup/17-data_home
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
# Backup destination
diff --git a/hooks/backup/18-data_multimedia b/hooks/backup/18-data_multimedia
index 98529ec118..2190023979 100644
--- a/hooks/backup/18-data_multimedia
+++ b/hooks/backup/18-data_multimedia
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
# Backup destination
diff --git a/hooks/backup/20-conf_ynh_settings b/hooks/backup/20-conf_ynh_settings
index 9793c41f23..e9b6a41995 100644
--- a/hooks/backup/20-conf_ynh_settings
+++ b/hooks/backup/20-conf_ynh_settings
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
# Backup destination
diff --git a/hooks/backup/21-conf_ynh_certs b/hooks/backup/21-conf_ynh_certs
index be910202f0..75b45e67cc 100644
--- a/hooks/backup/21-conf_ynh_certs
+++ b/hooks/backup/21-conf_ynh_certs
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
# Backup destination
diff --git a/hooks/backup/23-data_mail b/hooks/backup/23-data_mail
index 8a2ff231bb..9f0254aa1c 100644
--- a/hooks/backup/23-data_mail
+++ b/hooks/backup/23-data_mail
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
# Backup destination
diff --git a/hooks/backup/50-conf_manually_modified_files b/hooks/backup/50-conf_manually_modified_files
index 7ee46acc15..c95e1d421e 100644
--- a/hooks/backup/50-conf_manually_modified_files
+++ b/hooks/backup/50-conf_manually_modified_files
@@ -18,7 +18,13 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
+
ynh_abort_if_errors
YNH_CWD="${YNH_BACKUP_DIR%/}/conf/manually_modified_files"
mkdir -p "$YNH_CWD"
diff --git a/hooks/conf_regen/01-yunohost b/hooks/conf_regen/01-yunohost
index 59bb66bdfe..458606a742 100755
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@@ -18,7 +18,8 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
base_folder_and_perm_init() {
@@ -226,26 +227,26 @@ do_pre_regen() {
cd /usr/share/yunohost/conf/yunohost
- mkdir -p $pending_dir/etc/systemd/system
- mkdir -p $pending_dir/etc/cron.d/
- mkdir -p $pending_dir/etc/cron.daily/
+ mkdir -p "$pending_dir/etc/systemd/system"
+ mkdir -p "$pending_dir/etc/cron.d/"
+ mkdir -p "$pending_dir/etc/cron.daily/"
# add cron job for diagnosis to be ran at 7h and 19h + a random delay between
# 0 and 20min, meant to avoid every instances running their diagnosis at
# exactly the same time, which may overload the diagnosis server.
- cat > $pending_dir/etc/cron.d/yunohost-diagnosis << EOF
+ cat > "$pending_dir/etc/cron.d/yunohost-diagnosis" << EOF
SHELL=/bin/bash
0 7,19 * * * root : YunoHost Automatic Diagnosis; sleep \$((RANDOM\\%1200)); yunohost diagnosis run --email > /dev/null 2>/dev/null || echo "Running the automatic diagnosis failed miserably"
EOF
# Cron job that upgrade the app list everyday
- cat > $pending_dir/etc/cron.daily/yunohost-fetch-apps-catalog << EOF
+ cat > "$pending_dir/etc/cron.daily/yunohost-fetch-apps-catalog" << EOF
#!/bin/bash
sleep \$((RANDOM%3600)); yunohost tools update apps > /dev/null
EOF
# Cron job that renew lets encrypt certificates if there's any that needs renewal
- cat > $pending_dir/etc/cron.daily/yunohost-certificate-renew << EOF
+ cat > "$pending_dir/etc/cron.daily/yunohost-certificate-renew" << EOF
#!/bin/bash
yunohost domain cert renew --email
EOF
@@ -254,7 +255,7 @@ EOF
# - delay between 0 and 60 secs to spread the check over a 1 min window
# - do not run the command if some process already has the lock, to avoid queuing hundreds of commands...
if ls -l /etc/yunohost/dyndns/K*.key 2> /dev/null; then
- cat > $pending_dir/etc/cron.d/yunohost-dyndns << EOF
+ cat > "$pending_dir/etc/cron.d/yunohost-dyndns" << EOF
SHELL=/bin/bash
# Every 10 minutes,
# - (sleep random 60 is here to spread requests over a 1-min window)
@@ -265,13 +266,13 @@ SHELL=/bin/bash
EOF
else
# (Delete cron if no dyndns domain found)
- touch $pending_dir/etc/cron.d/yunohost-dyndns
+ touch "$pending_dir/etc/cron.d/yunohost-dyndns"
fi
# Skip ntp if inside a container (inspired from the conf of systemd-timesyncd)
if systemctl | grep -q 'ntp.service'; then
- mkdir -p ${pending_dir}/etc/systemd/system/ntp.service.d/
- cat > ${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf << EOF
+ mkdir -p "$pending_dir/etc/systemd/system/ntp.service.d/"
+ cat > "$pending_dir/etc/systemd/system/ntp.service.d/ynh-override.conf" << EOF
[Unit]
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
@@ -279,8 +280,8 @@ EOF
fi
# Make nftable conflict with yunohost-firewall
- mkdir -p ${pending_dir}/etc/systemd/system/nftables.service.d/
- cat > ${pending_dir}/etc/systemd/system/nftables.service.d/ynh-override.conf << EOF
+ mkdir -p "$pending_dir/etc/systemd/system/nftables.service.d/"
+ cat > "$pending_dir/etc/systemd/system/nftables.service.d/ynh-override.conf" << EOF
[Unit]
# yunohost-firewall and nftables conflict with each other
Conflicts=yunohost-firewall.service
@@ -289,22 +290,22 @@ ConditionPathExists=!/etc/systemd/system/multi-user.target.wants/yunohost-firewa
EOF
# Don't suspend computer on LidSwitch
- mkdir -p ${pending_dir}/etc/systemd/logind.conf.d/
- cat > ${pending_dir}/etc/systemd/logind.conf.d/ynh-override.conf << EOF
+ mkdir -p "$pending_dir/etc/systemd/logind.conf.d/"
+ cat > "$pending_dir/etc/systemd/logind.conf.d/ynh-override.conf" << EOF
[Login]
HandleLidSwitch=ignore
HandleLidSwitchDocked=ignore
HandleLidSwitchExternalPower=ignore
EOF
- cp yunohost-api.service ${pending_dir}/etc/systemd/system/yunohost-api.service
- cp yunohost-portal-api.service ${pending_dir}/etc/systemd/system/yunohost-portal-api.service
- cp yunohost-firewall.service ${pending_dir}/etc/systemd/system/yunohost-firewall.service
- cp yunoprompt.service ${pending_dir}/etc/systemd/system/yunoprompt.service
- cp proc-hidepid.service ${pending_dir}/etc/systemd/system/proc-hidepid.service
+ cp yunohost-api.service "$pending_dir/etc/systemd/system/yunohost-api.service"
+ cp yunohost-portal-api.service "$pending_dir/etc/systemd/system/yunohost-portal-api.service"
+ cp yunohost-firewall.service "$pending_dir/etc/systemd/system/yunohost-firewall.service"
+ cp yunoprompt.service "$pending_dir/etc/systemd/system/yunoprompt.service"
+ cp proc-hidepid.service "$pending_dir/etc/systemd/system/proc-hidepid.service"
- mkdir -p ${pending_dir}/etc/dpkg/origins/
- cp dpkg-origins ${pending_dir}/etc/dpkg/origins/yunohost
+ mkdir -p "$pending_dir/etc/dpkg/origins/"
+ cp dpkg-origins "$pending_dir/etc/dpkg/origins/yunohost"
# Remove legacy hackish/clumsy nodejs autoupdate which ends up filling up space with ambiguous upgrades >_>
touch "/etc/cron.daily/node_update"
@@ -342,7 +343,7 @@ do_post_regen() {
find /etc/cron.*/yunohost-* -type f -exec chown root:root {} \;
for USER in $(yunohost user list --quiet --output-as json | jq -r '.users | .[] | .username'); do
- [ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- /home/$USER
+ [ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- "/home/$USER"
done
# Misc configuration / state files
@@ -373,12 +374,12 @@ do_post_regen() {
if [[ "$regen_conf_files" =~ "yunoprompt.service" ]]; then
systemctl daemon-reload
action=$([[ -e /etc/systemd/system/yunoprompt.service ]] && echo 'enable' || echo 'disable')
- systemctl $action yunoprompt --quiet --now
+ systemctl "$action" yunoprompt --quiet --now
fi
if [[ "$regen_conf_files" =~ "proc-hidepid.service" ]]; then
systemctl daemon-reload
action=$([[ -e /etc/systemd/system/proc-hidepid.service ]] && echo 'enable' || echo 'disable')
- systemctl $action proc-hidepid --quiet --now
+ systemctl "$action" proc-hidepid --quiet --now
fi
systemctl enable yunohost-portal-api.service --quiet
@@ -396,4 +397,4 @@ do_post_regen() {
fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/02-ssl b/hooks/conf_regen/02-ssl
index 303b421077..411a6e263e 100755
--- a/hooks/conf_regen/02-ssl
+++ b/hooks/conf_regen/02-ssl
@@ -18,7 +18,8 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
ssl_dir="/usr/share/yunohost/ssl"
template_dir="/usr/share/yunohost/conf/ssl"
@@ -54,7 +55,7 @@ regen_local_ca() {
-keyout ca/cakey.pem \
-nodes \
-batch \
- -subj /CN=${domain}/O=${domain%.*} 2>&1
+ -subj "/CN=${domain}/O=${domain%.*}" 2>&1
chmod 640 ca/cacert.pem
chmod 640 ca/cakey.pem
@@ -141,11 +142,11 @@ do_post_regen() {
chmod o+r ${ssl_dir}/certs/yunohost_crt.pem
if [[ "$current_local_ca_domain" != "$main_domain" ]]; then
- regen_local_ca $main_domain
+ regen_local_ca "$main_domain"
# Idk how useful this is, but this was in the previous python code (domain.main_domain())
- ln -sf /etc/yunohost/certs/$main_domain/crt.pem /etc/ssl/certs/yunohost_crt.pem
- ln -sf /etc/yunohost/certs/$main_domain/key.pem /etc/ssl/private/yunohost_key.pem
+ ln -sf "/etc/yunohost/certs/$main_domain/crt.pem" /etc/ssl/certs/yunohost_crt.pem
+ ln -sf "/etc/yunohost/certs/$main_domain/key.pem" /etc/ssl/private/yunohost_key.pem
fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/03-ssh b/hooks/conf_regen/03-ssh
index ef9bbfc82b..d8e7162197 100755
--- a/hooks/conf_regen/03-ssh
+++ b/hooks/conf_regen/03-ssh
@@ -20,7 +20,9 @@
set -e
-. /usr/share/yunohost/helpers
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
do_pre_regen() {
pending_dir=$1
@@ -44,6 +46,7 @@ do_post_regen() {
regen_conf_files=$1
# If no file changed, there's nothing to do
+
[[ -n "$regen_conf_files" ]] || return 0
# Enforce permissions for /etc/ssh/sshd_config
@@ -53,4 +56,4 @@ do_post_regen() {
systemctl restart ssh
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/06-slapd b/hooks/conf_regen/06-slapd
index 12e37f0058..27955a9dac 100755
--- a/hooks/conf_regen/06-slapd
+++ b/hooks/conf_regen/06-slapd
@@ -18,7 +18,8 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
tmp_backup_dir_file="/root/slapd-backup-dir.txt"
@@ -101,13 +102,14 @@ do_pre_regen() {
rm -f "$tmp_backup_dir_file"
# Define if we need to migrate from hdb to mdb
- curr_backend=$(grep '^database' /etc/ldap/slapd.conf 2> /dev/null | awk '{print $2}')
- if [ -e /etc/ldap/slapd.conf ] && [ -n "$curr_backend" ] \
- && [ $curr_backend != 'mdb' ]; then
- backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
- mkdir -p "$backup_dir"
- slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
- echo "$backup_dir" > "$tmp_backup_dir_file"
+ if [ -e /etc/ldap/slapd.conf ]; then
+ curr_backend=$(grep '^database' /etc/ldap/slapd.conf | awk '{print $2}')
+ if [ "$curr_backend" != 'mdb' ]; then
+ backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
+ mkdir -p "$backup_dir"
+ slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
+ echo "$backup_dir" > "$tmp_backup_dir_file"
+ fi
fi
# create needed directories
@@ -121,8 +123,8 @@ do_pre_regen() {
cp -a ldap.conf "$ldap_dir"
cp -a sudo.ldif mailserver.ldif permission.ldif "$schema_dir"
- mkdir -p ${pending_dir}/etc/systemd/system/slapd.service.d/
- cp systemd-override.conf ${pending_dir}/etc/systemd/system/slapd.service.d/ynh-override.conf
+ mkdir -p "$pending_dir/etc/systemd/system/slapd.service.d/"
+ cp systemd-override.conf "$pending_dir/etc/systemd/system/slapd.service.d/ynh-override.conf"
install -D -m 644 slapd.default "${pending_dir}/etc/default/slapd"
}
@@ -139,7 +141,9 @@ do_post_regen() {
# Fix weird scenarios where /etc/sudo-ldap.conf doesn't exists (yet is supposed to be
# created by the sudo-ldap package) : https://github.com/YunoHost/issues/issues/2091
- [ -e /etc/sudo-ldap.conf ] || ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
+ if [ ! -e /etc/sudo-ldap.conf ]; then
+ ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
+ fi
# If we changed the systemd ynh-override conf
if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/slapd.service.d/ynh-override.conf$"; then
@@ -162,19 +166,23 @@ objectClass: top"
nscd -i group
fi
- [ -z "$regen_conf_files" ] && exit 0
+ if [ -z "$regen_conf_files" ]; then
+ exit 0
+ fi
# regenerate LDAP config directory from slapd.conf
echo "Regenerate LDAP config directory from config.ldif"
_regenerate_slapd_conf
# If there's a backup, re-import its data
- backup_dir=$(cat "$tmp_backup_dir_file" 2> /dev/null || true)
- if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
- # regenerate LDAP config directory and import database as root
- echo "Import the database using slapadd"
- slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
- chown -R openldap:openldap /var/lib/ldap 2>&1
+ if [ -f "$tmp_backup_dir_file" ]; then
+ backup_dir=$(cat "$tmp_backup_dir_file")
+ if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
+ # regenerate LDAP config directory and import database as root
+ echo "Import the database using slapadd"
+ slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
+ chown -R openldap:openldap /var/lib/ldap 2>&1
+ fi
fi
echo "Running slapdindex"
@@ -184,4 +192,4 @@ objectClass: top"
systemctl force-reload slapd
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/09-nslcd b/hooks/conf_regen/09-nslcd
index dafd9b1cc6..30cf6a7b6b 100755
--- a/hooks/conf_regen/09-nslcd
+++ b/hooks/conf_regen/09-nslcd
@@ -18,7 +18,8 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
do_init_regen() {
do_pre_regen ""
@@ -40,4 +41,4 @@ do_post_regen() {
|| systemctl restart nslcd
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/10-apt b/hooks/conf_regen/10-apt
index 630d148062..ffe7a86095 100755
--- a/hooks/conf_regen/10-apt
+++ b/hooks/conf_regen/10-apt
@@ -18,7 +18,8 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
readonly YNH_DEFAULT_PHP_VERSION=8.2
@@ -28,7 +29,7 @@ do_pre_regen() {
mkdir --parents "${pending_dir}/etc/apt/preferences.d"
# Add sury
- mkdir -p ${pending_dir}/etc/apt/sources.list.d/
+ mkdir -p "$pending_dir/etc/apt/sources.list.d/"
echo "deb [signed-by=/etc/apt/trusted.gpg.d/extra_php_version.gpg] https://packages.sury.org/php/ $(lsb_release --codename --short) main" > "${pending_dir}/etc/apt/sources.list.d/extra_php_version.list"
# Ban some packages from sury
@@ -91,11 +92,9 @@ Pin-Priority: -1
}
do_post_regen() {
- regen_conf_files=$1
-
# Purge expired keys (such as sury 95BD4743)
- EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2> /dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')"
- for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2> /dev/null; done
+ EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2> /dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g' || true)"
+ for KEY in $EXPIRED_KEYS; do apt-key del "$KEY" 2> /dev/null; done
# Add sury key
# We do this only at the post regen and if the key doesn't already exists, because we don't want the regenconf to fuck everything up if the regenconf runs while the network is down
@@ -114,4 +113,4 @@ do_post_regen() {
fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/15-nginx b/hooks/conf_regen/15-nginx
index 93c98b7dbf..d878120548 100755
--- a/hooks/conf_regen/15-nginx
+++ b/hooks/conf_regen/15-nginx
@@ -18,9 +18,12 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
set -e
-. /usr/share/yunohost/helpers
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
do_base_regen() {
@@ -188,4 +191,4 @@ do_post_regen() {
}
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/19-postfix b/hooks/conf_regen/19-postfix
index 3ff0d06eaa..e0eec8e591 100755
--- a/hooks/conf_regen/19-postfix
+++ b/hooks/conf_regen/19-postfix
@@ -18,9 +18,12 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
set -e
-. /usr/share/yunohost/helpers
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
do_pre_regen() {
pending_dir=$1
@@ -123,4 +126,4 @@ do_post_regen() {
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/25-dovecot b/hooks/conf_regen/25-dovecot
index 87b5f8d723..20684402ef 100755
--- a/hooks/conf_regen/25-dovecot
+++ b/hooks/conf_regen/25-dovecot
@@ -18,9 +18,12 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
-. /usr/share/yunohost/helpers
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
do_pre_regen() {
pending_dir=$1
@@ -87,4 +90,4 @@ do_post_regen() {
systemctl restart dovecot
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/30-opendkim b/hooks/conf_regen/30-opendkim
index 26e4045c1b..8dc58dbdc5 100755
--- a/hooks/conf_regen/30-opendkim
+++ b/hooks/conf_regen/30-opendkim
@@ -18,14 +18,15 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
do_pre_regen() {
pending_dir=$1
cd /usr/share/yunohost/conf/opendkim
- install -D -m 644 opendkim.conf "${pending_dir}/etc/opendkim.conf"
+ install -D -m 644 opendkim.conf "$pending_dir/etc/opendkim.conf"
}
do_post_regen() {
@@ -39,14 +40,14 @@ do_post_regen() {
domain_list="$(yunohost domain list --features mail_in mail_out --output-as json | jq -r ".domains[]" | tr '\n' ' ')"
for domain in $domain_list; do
domain_key="/etc/dkim/${domain}.mail.key"
- [ ! -f "$domain_key" ] && {
+ if [ ! -f "$domain_key" ]; then
# We use a 1024 bit size because nsupdate doesn't seem to be able to
# handle 2048...
opendkim-genkey --domain="$domain" \
--selector=mail --directory=/etc/dkim -b 1024
mv /etc/dkim/mail.private "$domain_key"
mv /etc/dkim/mail.txt "/etc/dkim/${domain}.mail.txt"
- }
+ fi
echo "mail._domainkey.${domain} ${domain}:mail:${domain_key}" >> /etc/dkim/keytable
echo "*@$domain mail._domainkey.${domain}" >> /etc/dkim/signingtable
@@ -58,4 +59,4 @@ do_post_regen() {
systemctl restart opendkim
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/34-mysql b/hooks/conf_regen/34-mysql
index 3f38c05e07..e68383eb94 100755
--- a/hooks/conf_regen/34-mysql
+++ b/hooks/conf_regen/34-mysql
@@ -18,8 +18,12 @@
# along with this program. If not, see .
#
-set -e
-. /usr/share/yunohost/helpers
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
if ! dpkg --list | grep -q 'ii *mariadb-server '; then
echo 'mysql/mariadb is not installed, skipping'
@@ -27,11 +31,8 @@ if ! dpkg --list | grep -q 'ii *mariadb-server '; then
fi
do_pre_regen() {
- pending_dir=$1
-
- #cd /usr/share/yunohost/conf/mysql
-
# Nothing to do
+ :
}
do_post_regen() {
@@ -44,12 +45,14 @@ do_post_regen() {
MYSQL_PKG="$(dpkg --list | sed -ne 's/^ii \(mariadb-server-[[:digit:].]\+\) .*$/\1/p')"
dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
- systemctl -q is-active mariadb.service \
- || systemctl start mariadb
-
+ if ! systemctl -q is-active mariadb.service; then
+ systemctl start mariadb
+ fi
sleep 5
- echo "" | mysql && echo "Can't connect to mysql using unix_socket auth ... something went wrong during initial configuration of mysql !?" >&2
+ if ! echo "" | mysql; then
+ echo "Can't connect to mysql using unix_socket auth ... something went wrong during initial configuration of mysql !?" >&2
+ fi
fi
# mysql is supposed to be an alias to mariadb... but in some weird case is not
@@ -60,11 +63,14 @@ do_post_regen() {
systemctl disable mysql -q
systemctl disable mariadb -q
systemctl enable mariadb -q
- systemctl is-active mariadb -q || systemctl start mariadb
+ if ! systemctl is-active mariadb -q; then
+ systemctl start mariadb
+ fi
fi
- [[ -z "$regen_conf_files" ]] \
- || systemctl restart mysql
+ if [[ -n "$regen_conf_files" ]]; then
+ systemctl restart mysql
+ fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/35-postgresql b/hooks/conf_regen/35-postgresql
index 35f07c3984..f19902cc90 100755
--- a/hooks/conf_regen/35-postgresql
+++ b/hooks/conf_regen/35-postgresql
@@ -18,8 +18,12 @@
# along with this program. If not, see .
#
-set -e
-. /usr/share/yunohost/helpers
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
if ! dpkg --list | grep -q "ii *postgresql-$PSQL_VERSION "; then
echo 'postgresql is not installed, skipping'
@@ -31,7 +35,8 @@ if [ ! -e "/etc/postgresql/$PSQL_VERSION" ]; then
fi
do_pre_regen() {
- return 0
+ # Nothing to do
+ :
}
do_post_regen() {
@@ -41,21 +46,22 @@ do_post_regen() {
# (N.B. : to check the active state, we check the cluster state because
# postgresql could be flagged as active even though the cluster is in
# failed state because of how the service is configured..)
- systemctl is-active postgresql@$PSQL_VERSION-main -q || ynh_systemd_action --service_name=postgresql --action=restart
- systemctl is-enabled postgresql -q || systemctl enable postgresql --quiet
+ if ! systemctl is-active "postgresql@$PSQL_VERSION-main" -q; then
+ ynh_systemd_action --service_name=postgresql --action=restart
+ fi
+ if ! systemctl is-enabled postgresql -q; then
+ systemctl enable postgresql --quiet
+ fi
# If this is the very first time, we define the root password
# and configure a few things
- if [ ! -f "$PSQL_ROOT_PWD_FILE" ] || [ -z "$(cat $PSQL_ROOT_PWD_FILE)" ]; then
- ynh_string_random > $PSQL_ROOT_PWD_FILE
+ if [ ! -f "$PSQL_ROOT_PWD_FILE" ] || [ ! -s "$PSQL_ROOT_PWD_FILE" ]; then
+ ynh_string_random > "$PSQL_ROOT_PWD_FILE"
fi
+ chown root:postgres "$PSQL_ROOT_PWD_FILE"
+ chmod 440 "$PSQL_ROOT_PWD_FILE"
- [ ! -e $PSQL_ROOT_PWD_FILE ] || {
- chown root:postgres $PSQL_ROOT_PWD_FILE
- chmod 440 $PSQL_ROOT_PWD_FILE
- }
-
- sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$(cat $PSQL_ROOT_PWD_FILE)'" postgres
+ sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$(cat "$PSQL_ROOT_PWD_FILE")'" postgres
# force all user to connect to local databases using hashed passwords
# https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
@@ -67,4 +73,4 @@ do_post_regen() {
ynh_systemd_action --service_name=postgresql --action=reload
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/37-mdns b/hooks/conf_regen/37-mdns
index f168d25107..b1dda89ef0 100755
--- a/hooks/conf_regen/37-mdns
+++ b/hooks/conf_regen/37-mdns
@@ -18,15 +18,16 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
_generate_config() {
echo "domains:"
# Add yunohost.local (only if yunohost.local ain't already in ynh_domains)
- if ! echo "$YNH_DOMAINS" | tr ' ' '\n' | grep -q --line-regexp 'yunohost.local'; then
+ if ! echo "${YNH_DOMAINS:-}" | tr ' ' '\n' | grep -q --line-regexp 'yunohost.local'; then
echo " - yunohost.local"
fi
- for domain in $YNH_DOMAINS; do
+ for domain in ${YNH_DOMAINS:-}; do
# Only keep .local domains (don't keep
[[ "$domain" =~ [^.]+\.[^.]+\.local$ ]] && echo "Subdomain $domain cannot be handled by Bonjour/Zeroconf/mDNS" >&2
[[ "$domain" =~ ^[^.]+\.local$ ]] || continue
@@ -40,7 +41,7 @@ _generate_config() {
}
do_init_regen() {
- do_pre_regen
+ do_pre_regen ""
do_post_regen /etc/systemd/system/yunomdns.service
systemctl enable yunomdns --quiet
}
@@ -49,13 +50,15 @@ do_pre_regen() {
pending_dir="$1"
cd /usr/share/yunohost/conf/mdns
- mkdir -p ${pending_dir}/etc/systemd/system/
- cp yunomdns.service ${pending_dir}/etc/systemd/system/
+ mkdir -p "${pending_dir}/etc/systemd/system/"
+ cp yunomdns.service "${pending_dir}/etc/systemd/system/"
- getent passwd mdns &> /dev/null || useradd --no-create-home --shell /usr/sbin/nologin --system --user-group mdns
+ if ! getent passwd mdns &>/dev/null; then
+ useradd --no-create-home --shell /usr/sbin/nologin --system --user-group mdns
+ fi
- mkdir -p ${pending_dir}/etc/yunohost
- _generate_config > ${pending_dir}/etc/yunohost/mdns.yml
+ mkdir -p "$pending_dir/etc/yunohost"
+ _generate_config > "$pending_dir/etc/yunohost/mdns.yml"
}
do_post_regen() {
@@ -74,8 +77,9 @@ do_post_regen() {
sleep 2
fi
- [[ -z "$regen_conf_files" ]] \
- || systemctl restart yunomdns
+ if [[ -n "$regen_conf_files" ]]; then
+ systemctl restart yunomdns
+ fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/43-dnsmasq b/hooks/conf_regen/43-dnsmasq
index b416266277..45fcf1b26e 100755
--- a/hooks/conf_regen/43-dnsmasq
+++ b/hooks/conf_regen/43-dnsmasq
@@ -18,8 +18,12 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
set -e
-. /usr/share/yunohost/helpers
+
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
do_pre_regen() {
pending_dir=$1
@@ -111,4 +115,4 @@ do_post_regen() {
systemctl restart dnsmasq
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/46-nsswitch b/hooks/conf_regen/46-nsswitch
index 095a697278..061b0ab67d 100755
--- a/hooks/conf_regen/46-nsswitch
+++ b/hooks/conf_regen/46-nsswitch
@@ -18,7 +18,8 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
do_init_regen() {
do_pre_regen ""
@@ -30,14 +31,15 @@ do_pre_regen() {
cd /usr/share/yunohost/conf/nsswitch
- install -D -m 644 nsswitch.conf "${pending_dir}/etc/nsswitch.conf"
+ install -D -m 644 nsswitch.conf "$pending_dir/etc/nsswitch.conf"
}
do_post_regen() {
regen_conf_files=$1
- [[ -z "$regen_conf_files" ]] \
- || systemctl restart unscd
+ if [[ -n "$regen_conf_files" ]]; then
+ systemctl restart unscd
+ fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/conf_regen/52-fail2ban b/hooks/conf_regen/52-fail2ban
index 3ebec305ab..9731f9c0a1 100755
--- a/hooks/conf_regen/52-fail2ban
+++ b/hooks/conf_regen/52-fail2ban
@@ -18,9 +18,12 @@
# along with this program. If not, see .
#
-set -e
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
-. /usr/share/yunohost/helpers
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
+source /usr/share/yunohost/helpers
do_pre_regen() {
pending_dir=$1
@@ -48,8 +51,9 @@ do_post_regen() {
chmod 644 /etc/fail2ban/jail.d/*.conf
fi
- [[ -z "$regen_conf_files" ]] \
- || systemctl reload fail2ban
+ if [[ -n "$regen_conf_files" ]]; then
+ systemctl reload fail2ban
+ fi
}
-do_$1_regen ${@:2}
+"do_$1_regen" "${*:2}"
diff --git a/hooks/post_user_create/ynh_multimedia b/hooks/post_user_create/ynh_multimedia
index a991d7c6ab..4f493002c0 100644
--- a/hooks/post_user_create/ynh_multimedia
+++ b/hooks/post_user_create/ynh_multimedia
@@ -34,12 +34,12 @@ mkdir -p "$MEDIA_DIRECTORY/$user/eBook"
ln -sfn "$MEDIA_DIRECTORY/share" "$MEDIA_DIRECTORY/$user/Share"
# Création du lien symbolique dans le home de l'utilisateur.
#link will only be created if the home directory of the user exists and if it's located in '/home' folder
-user_home="$(getent passwd $user | cut -d: -f6 | grep '^/home/')"
+user_home="$(getent passwd "$user" | cut -d: -f6 | grep '^/home/')"
if [[ -d "$user_home" ]]; then
ln -sfn "$MEDIA_DIRECTORY/$user" "$user_home/Multimedia"
fi
# Propriétaires des dossiers utilisateurs.
-chown -R $user "$MEDIA_DIRECTORY/$user"
+chown -R "$user" "$MEDIA_DIRECTORY/$user"
## Application des droits étendus sur le dossier multimedia.
# Droit d'écriture pour le groupe et le groupe multimedia en acl et droit de lecture pour other:
diff --git a/hooks/restore/05-conf_ldap b/hooks/restore/05-conf_ldap
index 09404ee997..d496964203 100644
--- a/hooks/restore/05-conf_ldap
+++ b/hooks/restore/05-conf_ldap
@@ -18,6 +18,9 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
backup_dir="${1}/conf/ldap"
systemctl stop slapd
diff --git a/hooks/restore/17-data_home b/hooks/restore/17-data_home
index eee53be4f0..e596cec931 100644
--- a/hooks/restore/17-data_home
+++ b/hooks/restore/17-data_home
@@ -18,6 +18,9 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
backup_dir="$1/data/home"
-cp -a $backup_dir/. /home
+cp -a "$backup_dir/." /home
diff --git a/hooks/restore/18-data_multimedia b/hooks/restore/18-data_multimedia
index 799ddbbff9..66d269fbcf 100644
--- a/hooks/restore/18-data_multimedia
+++ b/hooks/restore/18-data_multimedia
@@ -19,9 +19,10 @@
#
# Exit hook on subcommand error or unset variable
-set -eu
+set -Eeuo pipefail
# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
backup_dir="data/multimedia"
diff --git a/hooks/restore/20-conf_ynh_settings b/hooks/restore/20-conf_ynh_settings
index 8cd89ec692..b2945ea027 100644
--- a/hooks/restore/20-conf_ynh_settings
+++ b/hooks/restore/20-conf_ynh_settings
@@ -18,6 +18,9 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
backup_dir="$1/conf/ynh"
cp -a "${backup_dir}/current_host" /etc/yunohost/current_host
diff --git a/hooks/restore/21-conf_ynh_certs b/hooks/restore/21-conf_ynh_certs
index 185977059f..fc2f69be5e 100644
--- a/hooks/restore/21-conf_ynh_certs
+++ b/hooks/restore/21-conf_ynh_certs
@@ -18,8 +18,11 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
backup_dir="$1/conf/ynh/certs"
mkdir -p /etc/yunohost/certs/
-cp -a $backup_dir/. /etc/yunohost/certs/
+cp -a "$backup_dir/." /etc/yunohost/certs/
diff --git a/hooks/restore/23-data_mail b/hooks/restore/23-data_mail
index 901c2d5af7..bbeae1169d 100644
--- a/hooks/restore/23-data_mail
+++ b/hooks/restore/23-data_mail
@@ -18,7 +18,10 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
backup_dir="$1/data/mail"
-cp -a $backup_dir/. /var/mail/ || echo 'No mail found'
+cp -a "$backup_dir/." /var/mail/ || echo 'No mail found'
chown -R vmail:mail /var/mail/
diff --git a/hooks/restore/50-conf_manually_modified_files b/hooks/restore/50-conf_manually_modified_files
index c58fc638f4..69863b6870 100644
--- a/hooks/restore/50-conf_manually_modified_files
+++ b/hooks/restore/50-conf_manually_modified_files
@@ -18,7 +18,13 @@
# along with this program. If not, see .
#
+# Exit hook on subcommand error or unset variable
+set -Eeuo pipefail
+
+# Source YNH helpers
+# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers
+
ynh_abort_if_errors
YNH_CWD="${YNH_BACKUP_DIR%/}/conf/manually_modified_files"
cd "$YNH_CWD"