Lint dokku-letsencrypt with shellcheck

Use shellcheck to lint dokku-letsencrypt (https://github.com/koalaman/shellcheck) Fixes all lint warnings
dokku · May 14, 2016 · 32efa18 · 32efa18
1 parent 87f3a2d
commit 32efa18
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 54 deletions.
diff --git a/commands b/commands
@@ -7,6 +7,7 @@ case "$1" in
   help | letsencrypt:help)
 
     help_content_func() {
+      #shellcheck disable=SC2034
       declare desc="return letsencrypt plugin help content"
 
       cat<<help_content

diff --git a/functions b/functions
@@ -6,40 +6,43 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
 source "$PLUGIN_CORE_AVAILABLE_PATH/certs/functions"
 
 letsencrypt_update () {
+  #shellcheck disable=SC2034
   declare desc="update the docker image used for ACME validation"
   dokku_log_info1 "Updating letsencrypt docker image..."
   docker pull dokkupaas/letsencrypt-simp_le:latest
   dokku_log_verbose "done updating"
 }
 
 letsencrypt_create_root () {
+  #shellcheck disable=SC2034
   declare desc="Ensure the let's encrypt root directory exists"
   local app="$1"; verify_app_name "$app"
 
   local app_root="$DOKKU_ROOT/$app"
   local le_root="$app_root/letsencrypt"
 
-  mkdir -p $le_root
+  mkdir -p "$le_root"
 }
 
 letsencrypt_format_timediff() {
+  #shellcheck disable=SC2034
   declare desc="format a time difference in seconds into a human-readable string"
   local td="$1"
   local negative_td=0
 
-  if [ $td -lt 0 ]; then
+  if [ "$td" -lt 0 ]; then
     negative_td=1
-    td=$(( - $td ));
+    td=$(( - td ));
   fi
 
-  local days=$(( $td / (24 * 60 * 60) ));
-  td=$(($td % (24 * 60 * 60) ));
+  local days=$(( td / (24 * 60 * 60) ));
+  td=$((td % (24 * 60 * 60) ));
 
-  local hours=$(( $td / (60 * 60)));
-  td=$(($td % (60 * 60)));
+  local hours=$(( td / (60 * 60)));
+  td=$((td % (60 * 60)));
 
-  local minutes=$(( $td / 60 ));
-  local secs=$(( $td % 60 ));
+  local minutes=$(( td / 60 ));
+  local secs=$(( td % 60 ));
 
   local res=""
   if [ $days -gt 0 ]; then
@@ -59,7 +62,7 @@ letsencrypt_format_timediff() {
   fi
 
   # remove trailing comma
-  res="$( echo $res | sed -re 's/, ?$//g')";
+  res="$( echo "$res" | sed -re 's/, ?$//g')";
 
   if [[ $negative_td == 1 ]]; then
     res="${res} ago"
@@ -69,13 +72,15 @@ letsencrypt_format_timediff() {
 }
 
 letsencrypt_get_expirydate() {
+  #shellcheck disable=SC2034
   declare desc="print SSL certificate expiry date as UNIX timestamp"
   local app="$1"
 
-  date -d "$(openssl x509 -in $DOKKU_ROOT/$app/tls/server.crt -enddate -noout | sed -e "s/^notAfter=//")" "+%s"
+  date -d "$(openssl x509 -in "$DOKKU_ROOT/$app/tls/server.crt" -enddate -noout | sed -e "s/^notAfter=//")" "+%s"
 }
 
 letsencrypt_is_active() {
+  #shellcheck disable=SC2034
   declare desc="checks if app is secured by let's encrypt"
   local app=$1; verify_app_name "$app"
 
@@ -93,6 +98,7 @@ letsencrypt_is_active() {
 }
 
 letsencrypt_list_apps_and_expiry() {
+  #shellcheck disable=SC2034
   declare desc="list all letsencrypt-secured apps together with their expiry date"
 
   # prints a tab-separated list of
@@ -104,17 +110,18 @@ letsencrypt_list_apps_and_expiry() {
 
   for app in $(dokku_apps); do
     if [[ "$app" == "=====>" ]] || [[ "$app" == "My" ]] || [[ "$app" == "Apps" ]]; then continue; fi
-    if [[ "$(letsencrypt_is_active $app)" ]]; then
-      local expiry=$(letsencrypt_get_expirydate $app)
-      local grace_period=$(config_get --global DOKKU_LETSENCRYPT_GRACEPERIOD || config_get $app DOKKU_LETSENCRYPT_GRACEPERIOD || echo $((60 * 60 * 24 * 30)) );
-      local time_to_expiry=$(( $expiry - $(date +%s) ))
-      local time_to_renewal=$(( $expiry - $grace_period - $(date +%s) ))
+    if [[ "$(letsencrypt_is_active "$app")" ]]; then
+      local expiry=$(letsencrypt_get_expirydate "$app")
+      local grace_period=$(config_get --global DOKKU_LETSENCRYPT_GRACEPERIOD || config_get "$app" DOKKU_LETSENCRYPT_GRACEPERIOD || echo $((60 * 60 * 24 * 30)) );
+      local time_to_expiry=$(( expiry - $(date +%s) ))
+      local time_to_renewal=$(( expiry - grace_period - $(date +%s) ))
       echo -e "$app\t$expiry\t$grace_period\t$time_to_expiry\t$time_to_renewal"
     fi
   done
 }
 
 letsencrypt_configure_and_get_dir() {
+  #shellcheck disable=SC2034
   declare desc="assemble simp_le command line arguments and create a config hash directory for them"
 
   local app="$1"; verify_app_name "$app"
@@ -123,7 +130,7 @@ letsencrypt_configure_and_get_dir() {
   local le_root="$app_root/letsencrypt"
 
   eval "$(config_export global)"
-  eval "$(config_export app $app)"
+  eval "$(config_export app "$app")"
 
   # build up a string of all certificate-controlling configuration settings.
   # this will be used to determine the folder name for the account key and certificates
@@ -156,12 +163,13 @@ letsencrypt_configure_and_get_dir() {
 }
 
 letsencrypt_check_email() {
+  #shellcheck disable=SC2034
   declare desc="Check if an e-mail address is provided globally or for the app"
 
   local app="$1"; verify_app_name "$app"
 
   eval "$(config_export global)"
-  eval "$(config_export app $app)"
+  eval "$(config_export app "$app")"
 
   local email="$DOKKU_LETSENCRYPT_EMAIL"
 

diff --git a/subcommands/auto-renew b/subcommands/auto-renew
@@ -5,6 +5,7 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
 source "$PLUGIN_AVAILABLE_PATH/letsencrypt/functions"
 
 letsencrypt_auto_renew_cmd() {
+  #shellcheck disable=SC2034
   declare desc="auto-renew certificates if necessary"
   local app="$2"
 
@@ -20,9 +21,9 @@ letsencrypt_auto_renew_cmd() {
 
         if [[ ${appExpiry[4]} -lt 0 ]]; then
           dokku_log_info1 "${appExpiry[0]} needs renewal"
-          dokku letsencrypt ${appExpiry[0]}
+          dokku letsencrypt "${appExpiry[0]}"
         else
-          days_left=$(letsencrypt_format_timediff ${appExpiry[4]})
+          days_left=$(letsencrypt_format_timediff "${appExpiry[4]}")
           dokku_log_verbose "${appExpiry[0]} still has $days_left days left before renewal"
         fi
 
@@ -32,14 +33,13 @@ letsencrypt_auto_renew_cmd() {
 
   else
 
-    local expiry=$(letsencrypt_get_expirydate $app)
-    local grace_period=$(config_get --global DOKKU_LETSENCRYPT_GRACEPERIOD || config_get $app DOKKU_LETSENCRYPT_GRACEPERIOD || echo $((60 * 60 * 24 * 30)) );
-    local time_to_expiry=$(( $expiry - $(date +%s) ))
-    local time_to_renewal=$(( $expiry - $grace_period - $(date +%s) ))
+    local expiry=$(letsencrypt_get_expirydate "$app")
+    local grace_period=$(config_get --global DOKKU_LETSENCRYPT_GRACEPERIOD || config_get "$app" DOKKU_LETSENCRYPT_GRACEPERIOD || echo $((60 * 60 * 24 * 30)) );
+    local time_to_renewal=$(( expiry - grace_period - $(date +%s) ))
 
     if [[ $time_to_renewal -lt 0 ]]; then
       dokku_log_info2 "Auto-renew ${app}..."
-      dokku letsencrypt $app
+      dokku letsencrypt "$app"
     else
       days_left=$(letsencrypt_format_timediff $time_to_renewal)
       dokku_log_verbose "$app still has $days_left days left before renewal"

diff --git a/subcommands/cleanup b/subcommands/cleanup
@@ -4,6 +4,7 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
 source "$PLUGIN_AVAILABLE_PATH/letsencrypt/functions"
 
 letsencrypt_cleanup_cmd () {
+  #shellcheck disable=SC2034
   declare desc="clean up unused certificate directories"
   local app="$2"
 
@@ -14,7 +15,7 @@ letsencrypt_cleanup_cmd () {
   local app_root="$DOKKU_ROOT/$app"
   local le_root="$app_root/letsencrypt"
 
-  local current_config="$(basename $(readlink $le_root/certs/current))"
+  local current_config="$(basename "$(readlink "$le_root/certs/current")")"
 
   if [ -z "$current_config" ] || [[ ! -d "$le_root/certs/$current_config" ]]; then
     dokku_log_warn "Cannot resolve the 'current' certificate directory!"
@@ -24,10 +25,13 @@ letsencrypt_cleanup_cmd () {
   dokku_log_info2 "Cleaning up stale certificate directories for $app"
   dokku_log_info1 "  - current config hash $current_config"
 
-  for certdir in $(ls $le_root/certs); do
-    if [[ "$certdir" == "current" ]] || [[ "$certdir" == "$current_config" ]]; then continue; fi
-    dokku_log_info1 "  - stale directory $certdir"
-    rm -rf "$le_root/certs/$certdir"
+  for certdir in $le_root/certs/*; do
+    local certdir_basename=$(basename "$certdir");
+
+    if [[ "$certdir_basename" == "current" ]] || [[ "$certdir_basename" == "$current_config" ]]; then continue; fi
+    dokku_log_info1 "  - stale directory $certdir_basename"
+
+    rm -rf "$le_root/certs/$certdir_basename"
   done
 
 }

diff --git a/subcommands/default b/subcommands/default
@@ -6,6 +6,7 @@ source "$PLUGIN_AVAILABLE_PATH/letsencrypt/functions"
 
 
 letsencrypt_acmeproxy_on () {
+  #shellcheck disable=SC2034
   declare desc="enable ACME proxy for an app"
   local app="$1"; verify_app_name "$app"
   local acme_port="$2"
@@ -29,6 +30,7 @@ letsencrypt_acmeproxy_on () {
 
 
 letsencrypt_acmeproxy_off() {
+  #shellcheck disable=SC2034
   declare desc="disable ACME proxy for an app"
   local app="$1"; verify_app_name "$app"
 
@@ -43,6 +45,7 @@ letsencrypt_acmeproxy_off() {
 }
 
 letsencrypt_link () {
+  #shellcheck disable=SC2034
   declare desc="symlink let's encrypt certificates so they can be found by dokku"
 
   local app="$1"; verify_app_name "$app"
@@ -55,7 +58,7 @@ letsencrypt_link () {
   dokku_log_info1 "Symlinking let's encrypt certificates"
 
   # link the current config directory to 'current'
-  ln -nsf $config_dir $le_root/certs/current
+  ln -nsf "$config_dir" "$le_root/certs/current"
 
   # link the certificates from current to the app's TLS certificate storage
   mkdir -p "$tls_root"
@@ -65,6 +68,7 @@ letsencrypt_link () {
 
 
 letsencrypt_acme () {
+  #shellcheck disable=SC2034
   declare desc="perform actual ACME validation procedure"
   local app="$1"
   local acme_port="$2"
@@ -73,11 +77,12 @@ letsencrypt_acme () {
 
   dokku_log_info1 "Getting letsencrypt certificate for ${app}..."
 
-  local config_dir="$(letsencrypt_configure_and_get_dir $app)"
-  local config="$(cat $config_dir/config)"
+  # read simp_le arguments from appropriate config file into the config array
+  local config_dir="$(letsencrypt_configure_and_get_dir "$app")"
+  read -r -a config < "$config_dir/config"
 
   eval "$(config_export global)"
-  eval "$(config_export app $app)"
+  eval "$(config_export app "$app")"
 
   local graceperiod="${DOKKU_LETSENCRYPT_GRACEPERIOD:-$((60 * 60 * 24 * 30))}"
 
@@ -91,7 +96,7 @@ letsencrypt_acme () {
     -f account_key.json \
     -f fullchain.pem -f chain.pem -f cert.pem -f key.pem \
     --valid_min "${graceperiod}" \
-    $config
+    "${config[@]}"
 
   local simple_result=$?
   set -e
@@ -119,6 +124,7 @@ letsencrypt_acme () {
 
 
 letsencrypt_default_cmd() {
+  #shellcheck disable=SC2034
   declare desc="Validate an app's domains and retrieve a certificate"
   local app="$2"
 

diff --git a/subcommands/ls b/subcommands/ls
@@ -5,16 +5,17 @@ source "$PLUGIN_AVAILABLE_PATH/letsencrypt/functions"
 
 
 letsencrypt_ls_cmd() {
+  #shellcheck disable=SC2034
   declare desc="list letsencrypt-secured apps and certificate expiries"
 
   dokku_col_log_info1_quiet "App name" "Certificate Expiry" "Time before expiry" "Time before renewal"
 
   letsencrypt_list_apps_and_expiry |
     sort -nk2 |
     while IFS=$'\t' read -r -a appExpiry; do
-      expire_date=$(date -d @${appExpiry[1]} +"%F %T")
-      expire_time=$(letsencrypt_format_timediff ${appExpiry[3]});
-      renew_time=$(letsencrypt_format_timediff ${appExpiry[4]});
+      expire_date=$(date -d "@${appExpiry[1]}" +"%F %T")
+      expire_time=$(letsencrypt_format_timediff "${appExpiry[3]}");
+      renew_time=$(letsencrypt_format_timediff "${appExpiry[4]}");
       dokku_col_log_msg "${appExpiry[0]}" "${expire_date}" "${expire_time}" "${renew_time}"
     done
 }

diff --git a/subcommands/revoke b/subcommands/revoke
@@ -5,15 +5,17 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/nginx-vhosts/functions"
 source "$PLUGIN_AVAILABLE_PATH/letsencrypt/functions"
 
 letsencrypt_acme_revoke () {
+  #shellcheck disable=SC2034
   declare desc="perform actual certificate revocation"
   local app="$1"
 
   letsencrypt_create_root "$app"
 
   dokku_log_info1 "Revoking letsencrypt certificate for ${app}..."
 
-  local config_dir="$(letsencrypt_configure_and_get_dir $app)"
-  local config="$(cat $config_dir/config)"
+  # read simp_le arguments from appropriate config file into the config array
+  local config_dir="$(letsencrypt_configure_and_get_dir "$app")"
+  read -r -a config < "$config_dir/config"
 
   # run letsencrypt as a docker container using "certonly" mode
   # port 80 of the standalone webserver will be forwarded by the proxy
@@ -24,7 +26,7 @@ letsencrypt_acme_revoke () {
     -f account_key.json \
     -f fullchain.pem -f chain.pem -f cert.pem -f key.pem \
     --revoke \
-    $config
+    "${config[@]}"
 
   local simple_result=$?
   set -e
@@ -43,29 +45,30 @@ letsencrypt_acme_revoke () {
   fi
 
   # move revoked certificates away
-  mv -f $config_dir/fullchain.pem{,.revoked}
-  mv -f $config_dir/chain.pem{,.revoked}
-  mv -f $config_dir/cert.pem{,.revoked}
-  mv -f $config_dir/key.pem{,.revoked}
+  mv -f "$config_dir/fullchain.pem" "$config_dir/fullchain.pem.revoked" 
+  mv -f "$config_dir/chain.pem" "$config_dir/chain.pem.revoked"
+  mv -f "$config_dir/cert.pem" "$config_dir/cert.pem.revoked"
+  mv -f "$config_dir/key.pem" "$config_dir/key.pem.revoked"
 
   # removing the certificate will automatically reconfigure nginx
-  dokku certs:remove $app
+  dokku certs:remove "$app"
 
 }
 
 letsencrypt_revoke_cmd() {
-    declare desc="Revoke a certificate"
-    local app="$2"
+  #shellcheck disable=SC2034
+  declare desc="Revoke a certificate"
+  local app="$2"
 
-    [[ -z $app ]] && echo "Please specify an app to run the command on" && exit 1
+  [[ -z $app ]] && echo "Please specify an app to run the command on" && exit 1
 
-    dokku_log_info2 "Revoke Let's Encrypt certificate from ${app}..."
+  dokku_log_info2 "Revoke Let's Encrypt certificate from ${app}..."
 
-    letsencrypt_check_email "$app"
-    letsencrypt_update
-    letsencrypt_acme_revoke "$app" || true
+  letsencrypt_check_email "$app"
+  letsencrypt_update
+  letsencrypt_acme_revoke "$app" || true
 
-    dokku_log_verbose "done"
+  dokku_log_verbose "done"
 }
 
 letsencrypt_revoke_cmd "$@"