From a3c73ffde6bd8f58abe6eee435f6d275243ed332 Mon Sep 17 00:00:00 2001 From: fiftydinar <65243233+fiftydinar@users.noreply.github.com> Date: Tue, 1 Oct 2024 14:58:55 +0200 Subject: [PATCH] chore: Partially utilize bash modules to use `readonly` --- modules/akmods/akmods.sh | 18 ++++++------- modules/bling/installers/1password.sh | 10 +++---- modules/bling/installers/gnome-vrr.sh | 2 +- modules/bling/installers/ublue-update.sh | 12 +++++---- modules/brew/brew-nofile-limits-logic.sh | 10 +++---- modules/brew/brew.sh | 4 +-- modules/chezmoi/chezmoi.sh | 2 +- modules/gnome-extensions/gnome-extensions.sh | 8 +++--- .../gschema-overrides/gschema-overrides.sh | 26 +++++++++---------- 9 files changed, 47 insertions(+), 45 deletions(-) diff --git a/modules/akmods/akmods.sh b/modules/akmods/akmods.sh index 2da87263..338085c7 100644 --- a/modules/akmods/akmods.sh +++ b/modules/akmods/akmods.sh @@ -1,21 +1,21 @@ #!/usr/bin/env bash set -euo pipefail -ENABLE_MULTIMEDIA_REPO() { +enable_multimedia_repo() { sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo sed -i "0,/enabled/ s@enabled=0@enabled=1@g" /etc/yum.repos.d/negativo17-fedora-multimedia.repo } -readonly -f ENABLE_MULTIMEDIA_REPO +readonly -f enable_multimedia_repo -DISABLE_MULTIMEDIA_REPO() { +disable_multimedia_repo() { sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/negativo17-fedora-multimedia.repo } -readonly -f DISABLE_MULTIMEDIA_REPO +readonly -f disable_multimedia_repo -SET_HIGHER_PRIORITY_AKMODS_REPO() { +set_higher_priority_akmods_repo() { echo "priority=90" >> /etc/yum.repos.d/_copr_ublue-os-akmods.repo } -readonly -f SET_HIGHER_PRIORITY_AKMODS_REPO +readonly -f set_higher_priority_akmods_repo get_yaml_array INSTALL '.install[]' "$1" @@ -26,8 +26,8 @@ readonly INSTALL_STR=$(echo "${INSTALL_PATH[*]}" | tr -d '\n') if [[ ${#INSTALL[@]} -gt 0 ]]; then echo "Installing akmods" echo "Installing: $(echo "${INSTALL[*]}" | tr -d '\n')" - SET_HIGHER_PRIORITY_AKMODS_REPO - ENABLE_MULTIMEDIA_REPO + set_higher_priority_akmods_repo + enable_multimedia_repo rpm-ostree install ${INSTALL_STR} - DISABLE_MULTIMEDIA_REPO + disable_multimedia_repo fi diff --git a/modules/bling/installers/1password.sh b/modules/bling/installers/1password.sh index 27161af8..01cf6132 100644 --- a/modules/bling/installers/1password.sh +++ b/modules/bling/installers/1password.sh @@ -1,17 +1,17 @@ #!/usr/bin/env bash -set -ouex pipefail +set -euxo pipefail #### Variables # Can be "beta" or "stable" -RELEASE_CHANNEL="${ONEPASSWORD_RELEASE_CHANNEL:-stable}" +readonly RELEASE_CHANNEL="${ONEPASSWORD_RELEASE_CHANNEL:-stable}" # Must be over 1000 -GID_ONEPASSWORD="${GID_ONEPASSWORD:-1500}" +readonly GID_ONEPASSWORD="${GID_ONEPASSWORD:-1500}" # Must be over 1000 -GID_ONEPASSWORDCLI="${GID_ONEPASSWORDCLI:-1600}" +readonly GID_ONEPASSWORDCLI="${GID_ONEPASSWORDCLI:-1600}" echo "Installing 1Password" @@ -81,7 +81,7 @@ chmod 4755 /usr/lib/1Password/chrome-sandbox # BrowserSupport binary needs setgid. This gives no extra permissions to the binary. # It only hardens it against environmental tampering. -BROWSER_SUPPORT_PATH="/usr/lib/1Password/1Password-BrowserSupport" +readonly BROWSER_SUPPORT_PATH="/usr/lib/1Password/1Password-BrowserSupport" chgrp "${GID_ONEPASSWORD}" "${BROWSER_SUPPORT_PATH}" chmod g+s "${BROWSER_SUPPORT_PATH}" diff --git a/modules/bling/installers/gnome-vrr.sh b/modules/bling/installers/gnome-vrr.sh index 88f223c1..09ba33bb 100644 --- a/modules/bling/installers/gnome-vrr.sh +++ b/modules/bling/installers/gnome-vrr.sh @@ -9,7 +9,7 @@ if [[ $(gnome-shell --version) =~ "46" ]]; then exit 1 fi -REPO_URL="https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-${OS_VERSION}/ublue-os-staging-fedora-${OS_VERSION}.repo" +readonly REPO_URL="https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-${OS_VERSION}/ublue-os-staging-fedora-${OS_VERSION}.repo" echo "Downloading repo file ${REPO_URL}" curl -fLs --create-dirs "${REPO_URL}" -o "/etc/yum.repos.d/ublue-os-staging.repo" diff --git a/modules/bling/installers/ublue-update.sh b/modules/bling/installers/ublue-update.sh index c5d93354..da936a9e 100644 --- a/modules/bling/installers/ublue-update.sh +++ b/modules/bling/installers/ublue-update.sh @@ -6,11 +6,13 @@ set -euo pipefail get_config_value() { sed -n '/^'"$1"'=/{s/'"$1"'=//;p}' "$2" } +readonly -f get_config_value set_config_value() { CURRENT=$(get_config_value "$1" "$3") sed -i 's/'"$1"'='"$CURRENT"'/'"$1"'='"$2"'/g' "$3" } +readonly -f set_config_value # Check if ublue-os-update-services rpm is installed, these services conflict with ublue-update if rpm -q ublue-os-update-services > /dev/null; then @@ -18,17 +20,17 @@ if rpm -q ublue-os-update-services > /dev/null; then fi # Change the conflicting update policy for rpm-ostreed -RPM_OSTREE_CONFIG="/etc/rpm-ostreed.conf" +readonly -f RPM_OSTREE_CONFIG="/etc/rpm-ostreed.conf" -if [[ -f "$RPM_OSTREE_CONFIG" ]]; then - if [[ $(get_config_value "AutomaticUpdatePolicy" "$RPM_OSTREE_CONFIG") == "stage" ]]; then - set_config_value "AutomaticUpdatePolicy" "none" "$RPM_OSTREE_CONFIG" +if [[ -f "${RPM_OSTREE_CONFIG}" ]]; then + if [[ $(get_config_value "AutomaticUpdatePolicy" "${RPM_OSTREE_CONFIG}") == "stage" ]]; then + set_config_value "AutomaticUpdatePolicy" "none" "${RPM_OSTREE_CONFIG}" fi fi systemctl disable rpm-ostreed-automatic.timer # Fetch ublue COPR -REPO_URL="https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-${OS_VERSION}/ublue-os-staging-fedora-${OS_VERSION}.repo" +readonly REPO_URL="https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-${OS_VERSION}/ublue-os-staging-fedora-${OS_VERSION}.repo" echo "Downloading repo file ${REPO_URL}" curl -fLs --create-dirs "${REPO_URL}" -o "/etc/yum.repos.d/ublue-os-staging-fedora-${OS_VERSION}.repo" echo "Downloaded repo file ${REPO_URL}" diff --git a/modules/brew/brew-nofile-limits-logic.sh b/modules/brew/brew-nofile-limits-logic.sh index 7189be31..03a3f9f6 100644 --- a/modules/brew/brew-nofile-limits-logic.sh +++ b/modules/brew/brew-nofile-limits-logic.sh @@ -7,11 +7,11 @@ set -euo pipefail # (if nofile limit is already applied with appropriate values in the base image, than this tweak is not applied) # Modifies limits nofile value & systemd DefaultLimitNOFILE value -DESIRED_SOFT_LIMIT=4096 -DESIRED_HARD_LIMIT=524288 -BREW_LIMITS_D_CONFIG="/etc/security/limits.d/zz1-brew-limits.conf" -BREW_SYSTEMD_SYSTEM_CONFIG="/usr/lib/systemd/system.conf.d/zz1-brew-limits.conf" -BREW_SYSTEMD_USER_CONFIG="/usr/lib/systemd/user.conf.d/zz1-brew-limits.conf" +readonly DESIRED_SOFT_LIMIT=4096 +readonly DESIRED_HARD_LIMIT=524288 +readonly BREW_LIMITS_D_CONFIG="/etc/security/limits.d/zz1-brew-limits.conf" +readonly BREW_SYSTEMD_SYSTEM_CONFIG="/usr/lib/systemd/system.conf.d/zz1-brew-limits.conf" +readonly BREW_SYSTEMD_USER_CONFIG="/usr/lib/systemd/user.conf.d/zz1-brew-limits.conf" # SSH/TTY nofile limit (security ulimit config) diff --git a/modules/brew/brew.sh b/modules/brew/brew.sh index fdc96aec..66b69754 100644 --- a/modules/brew/brew.sh +++ b/modules/brew/brew.sh @@ -246,8 +246,8 @@ if [[ "${BREW_ANALYTICS}" == false ]]; then if [[ ! -f "/etc/environment" ]]; then echo "" > "/etc/environment" # touch fails for some reason, probably a bug with it fi - CURRENT_ENVIRONMENT=$(cat "/etc/environment") - CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/etc/environment") + readonly CURRENT_ENVIRONMENT=$(cat "/etc/environment") + readonly CURRENT_HOMEBREW_CONFIG=$(awk -F= '/HOMEBREW_NO_ANALYTICS/ {print $0}' "/etc/environment") if [[ -n "${CURRENT_ENVIRONMENT}" ]]; then if [[ "${CURRENT_HOMEBREW_CONFIG}" == "HOMEBREW_NO_ANALYTICS=0" ]]; then echo "Disabling Brew analytics" diff --git a/modules/chezmoi/chezmoi.sh b/modules/chezmoi/chezmoi.sh index 201d52f5..12d94497 100644 --- a/modules/chezmoi/chezmoi.sh +++ b/modules/chezmoi/chezmoi.sh @@ -16,7 +16,7 @@ if [[ $DEBUG == true ]]; then fi # The repository with your chezmoi dotfiles. (default: null) -DOTFILE_REPOSITORY=$(echo "$1" | yq -I=0 ".repository") # (string) +readonly DOTFILE_REPOSITORY=$(echo "$1" | yq -I=0 ".repository") # (string) # If true, chezmoi services will be enabled for all logged in users, and users with lingering enabled. (default: true) # If false, chezmoi services will not be enabled for any users, but can be enabled manually, after installation. diff --git a/modules/gnome-extensions/gnome-extensions.sh b/modules/gnome-extensions/gnome-extensions.sh index 9f40ae43..da2252fc 100644 --- a/modules/gnome-extensions/gnome-extensions.sh +++ b/modules/gnome-extensions/gnome-extensions.sh @@ -28,9 +28,9 @@ else fi -GNOME_VER=$(gnome-shell --version | sed 's/[^0-9]*\([0-9]*\).*/\1/') +readonly GNOME_VER=$(gnome-shell --version | sed 's/[^0-9]*\([0-9]*\).*/\1/') echo "Gnome version: ${GNOME_VER}" -LEGACY=false +legacy=false # Legacy support for installing extensions, to retain compatibility with legacy configs if [[ ${#INSTALL[@]} -gt 0 ]]; then @@ -41,7 +41,7 @@ if [[ ${#INSTALL[@]} -gt 0 ]]; then if [[ ! "${EXTENSION}" == *".v"*([0-9]) ]]; then break else - LEGACY=true + legacy=true fi shopt -u extglob echo "ATTENTION: This is the legacy method of installing extensions." @@ -129,7 +129,7 @@ if [[ ${#INSTALL[@]} -gt 0 ]]; then fi # New method of installing extensions -if [[ ${#INSTALL[@]} -gt 0 ]] && ! "${LEGACY}"; then +if [[ ${#INSTALL[@]} -gt 0 ]] && ! "${legacy}"; then for INSTALL_EXT in "${INSTALL[@]}"; do if [[ ! "${INSTALL_EXT}" =~ ^[0-9]+$ ]]; then # Literal-name extension config diff --git a/modules/gschema-overrides/gschema-overrides.sh b/modules/gschema-overrides/gschema-overrides.sh index bf9b01ef..98a9162f 100644 --- a/modules/gschema-overrides/gschema-overrides.sh +++ b/modules/gschema-overrides/gschema-overrides.sh @@ -4,9 +4,9 @@ set -euo pipefail get_yaml_array INCLUDE '.include[]' "$1" -schema_include_location="${CONFIG_DIRECTORY}/gschema-overrides" -schema_test_location="/tmp/bluebuild-schema-test" -schema_location="/usr/share/glib-2.0/schemas" +readonly SCHEMA_INCLUDE_LOCATION="${CONFIG_DIRECTORY}/gschema-overrides" +readonly SCHEMA_TEST_LOCATION="/tmp/bluebuild-schema-test" +readonly SCHEMA_LOCATION="/usr/share/glib-2.0/schemas" gschema_extension=false echo "Installing gschema-overrides module" @@ -20,7 +20,7 @@ fi # Abort build if included file does not have .gschema.override extension if [[ ${#INCLUDE[@]} -gt 0 ]]; then for file in "${INCLUDE[@]}"; do - if [[ "$file" == *.gschema.override ]]; then + if [[ "${file}" == *.gschema.override ]]; then gschema_extension=true else echo "Module failed because included files in module don't have .gschema.override extension." @@ -33,20 +33,20 @@ fi if [[ ${#INCLUDE[@]} -gt 0 ]] && $gschema_extension; then printf "Applying the following gschema-overrides:\n" for file in "${INCLUDE[@]}"; do - printf "%s\n" "$file" + printf "%s\n" "${file}" done - mkdir -p "$schema_test_location" "$schema_location" - find "$schema_location" -type f ! -name "*.gschema.override" -exec cp {} "$schema_test_location" \; + mkdir -p "${SCHEMA_TEST_LOCATION}" "${SCHEMA_LOCATION}" + find "${SCHEMA_LOCATION}" -type f ! -name "*.gschema.override" -exec cp {} "${SCHEMA_TEST_LOCATION}" \; for file in "${INCLUDE[@]}"; do - file_path="${schema_include_location}/${file}" - cp "$file_path" "$schema_test_location" + file_path="${SCHEMA_INCLUDE_LOCATION}/${file}" + cp "${file_path}" "${SCHEMA_TEST_LOCATION}" done echo "Running error-checking test for your gschema-overrides. If test fails, build also fails." - glib-compile-schemas --strict "$schema_test_location" + glib-compile-schemas --strict "${SCHEMA_TEST_LOCATION}" echo "Compiling gschema to include your changes with gschema-override" for file in "${INCLUDE[@]}"; do - file_path="${schema_test_location}/${file}" - cp "$file_path" "$schema_location" + file_path="${SCHEMA_TEST_LOCATION}/${file}" + cp "${file_path}" "${SCHEMA_LOCATION}" done - glib-compile-schemas "$schema_location" &>/dev/null + glib-compile-schemas "${SCHEMA_LOCATION}" &>/dev/null fi