From ef4bb486a898ea3aeb5e3b6feaca6c1d52bca86b Mon Sep 17 00:00:00 2001 From: Ondrej Moris Date: Tue, 12 Mar 2024 15:06:41 +0100 Subject: [PATCH] test/integration: shellcheck fixes Signed-off-by: Ondrej Moris --- tests/integration/bind.sh | 44 +++++++++++++++-------------- tests/integration/httpd.sh | 55 +++++++++++++++++++------------------ tests/integration/libssh.sh | 29 ++++++++++--------- 3 files changed, 67 insertions(+), 61 deletions(-) diff --git a/tests/integration/bind.sh b/tests/integration/bind.sh index 209e9199..dec044b1 100644 --- a/tests/integration/bind.sh +++ b/tests/integration/bind.sh @@ -2,6 +2,7 @@ # Copyright (C) 2024 Ondrej Moris # SPDX-License-Identifier: Apache-2.0 +# shellcheck disable=SC1091 source "../helpers.sh" BASEDIR=$PWD @@ -20,7 +21,7 @@ install_dependencies() elif [ "$FEDORA_VERSION" -eq 39 ]; then releasever="--releasever=40" fi - dnf install -y $releasever --skip-broken \ + dnf install -y "$releasever" --skip-broken \ autoconf automake autoconf-archive libtool \ p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \ p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \ @@ -43,7 +44,7 @@ softhsm_token_setup() title SECTION "List token content" TOKENURL=$(p11tool --list-token-urls | grep "softhsm") - p11tool --login --set-pin $PIN --list-all $TOKENURL + p11tool --login --set-pin "$PIN" --list-all "$TOKENURL" title ENDSECTION } @@ -58,10 +59,11 @@ pkcs11_provider_setup() fi echo "Skipped (running in Github Actions)" else - git clone ${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"} \ - ${WORKDIR}/pkcs11-provider - pushd $WORKDIR/pkcs11-provider - git checkout ${GIT_REF:-"main"} + git clone \ + "${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"}" \ + "${WORKDIR}"/pkcs11-provider + pushd "${WORKDIR}"/pkcs11-provider + git checkout "${GIT_REF:-"main"}" autoreconf -fiv ./configure --libdir=/usr/lib64 make @@ -69,7 +71,7 @@ pkcs11_provider_setup() popd export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so fi - test -e $PKCS11_MODULE + test -e "$PKCS11_MODULE" } p11kit_server_setup() @@ -77,7 +79,7 @@ p11kit_server_setup() title PARA "Proxy module driver through p11-kit server" export XDG_RUNTIME_DIR=$PWD - eval $(p11-kit server --provider $PKCS11_PROVIDER_MODULE "pkcs11:") + eval "$(p11-kit server --provider "$PKCS11_PROVIDER_MODULE" "pkcs11:")" test -n "$P11_KIT_SERVER_PID" export PKCS11_PROVIDER_MODULE="/usr/lib64/pkcs11/p11-kit-client.so" } @@ -92,10 +94,10 @@ openssl_setup() -e "s|\(\[default_sect\]\)|module = $PKCS11_MODULE\n\1|" \ -e "s|\(\[default_sect\]\)|pkcs11-module-load-behavior = early\n\1|" \ -e "s|\(\[default_sect\]\)|activate = 1\n\n\1|" \ - /etc/pki/tls/openssl.cnf >${WORKDIR}/openssl.cnf + /etc/pki/tls/openssl.cnf >"${WORKDIR}"/openssl.cnf title SECTION "openssl.cnf" - cat ${WORKDIR}/openssl.cnf + cat "${WORKDIR}"/openssl.cnf title ENDSECTION } @@ -103,7 +105,7 @@ bind_setup() { title PARA "Bind setup" - cp /var/named/named.localhost ${WORKDIR}/localhost + cp /var/named/named.localhost "${WORKDIR}"/localhost } bind_test() @@ -111,16 +113,16 @@ bind_test() title PARA "Bind test" TOKENURL=$(p11tool --list-token-urls | grep "softhsm") - KSKURL="$(p11tool --login --set-pin $PIN --list-keys $TOKENURL \ + KSKURL="$(p11tool --login --set-pin "$PIN" --list-keys "$TOKENURL" \ | grep 'URL:.*object=localhost-ksk' \ | awk '{ print $NF }' \ | sed "s/type=.*\$/pin-value=$PIN/")" - ZSKURL="$(p11tool --login --set-pin $PIN --list-keys $TOKENURL \ + ZSKURL="$(p11tool --login --set-pin "$PIN" --list-keys "$TOKENURL" \ | grep 'URL:.*object=localhost-zsk' \ | awk '{ print $NF }' \ | sed "s/type=.*\$/pin-value=$PIN/")" - pushd $WORKDIR + pushd "$WORKDIR" title PARA "Test 1: Extract KSK and ZSK keys from PKCS11 URIs" PKCS11_PROVIDER_DEBUG=file:${PKCS11_DEBUG_FILE}.extract \ @@ -130,15 +132,15 @@ bind_test() OPENSSL_CONF=openssl.cnf \ dnssec-keyfromlabel -a RSASHA256 -l "$KSKURL" -f KSK localhost for K in *.key; do - cat $K >>localhost + cat "$K" >>localhost done - test -s ${PKCS11_DEBUG_FILE}.extract + test -s "${PKCS11_DEBUG_FILE}".extract title PARA "Test 2: Sign zone" PKCS11_PROVIDER_DEBUG=file:${PKCS11_DEBUG_FILE}.sign \ OPENSSL_CONF=openssl.cnf \ dnssec-signzone -o localhost localhost - test -s ${PKCS11_DEBUG_FILE}.sign + test -s "${PKCS11_DEBUG_FILE}".sign popd echo "Test passed" @@ -148,14 +150,14 @@ cleanup() { title PARA "Clean-up" - for L in ${PKCS11_DEBUG_FILE}.*; do + for L in "${PKCS11_DEBUG_FILE}".*; do title SECTION "$L" - cat $L + cat "$L" title ENDSECTION done - pushd $BASEDIR >/dev/null - rm -rf $WORKDIR + pushd "$BASEDIR" >/dev/null + rm -rf "$WORKDIR" if [ -e /var/lib/softhsm/tokens.bck ]; then rm -rf /var/lib/softhsm/tokens mv /var/lib/softhsm/tokens.bck /var/lib/softhsm/tokens diff --git a/tests/integration/httpd.sh b/tests/integration/httpd.sh index 049a0ff7..209c19d3 100644 --- a/tests/integration/httpd.sh +++ b/tests/integration/httpd.sh @@ -2,6 +2,7 @@ # Copyright (C) 2024 Ondrej Moris # SPDX-License-Identifier: Apache-2.0 +# shellcheck disable=SC1091 source "../helpers.sh" BASEDIR=$PWD @@ -22,7 +23,7 @@ install_dependencies() elif [ "$FEDORA_VERSION" -eq 39 ]; then releasever="--releasever=40" fi - dnf install -y $releasever --skip-broken \ + dnf install -y "$releasever" --skip-broken \ autoconf automake autoconf-archive libtool \ p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \ p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \ @@ -33,7 +34,7 @@ softhsm_token_setup() { title PARA "Softhsm token setup" - pushd $WORKDIR + pushd "$WORKDIR" mkdir ca server openssl req -x509 -sha256 -newkey rsa:2048 -noenc -batch \ -keyout ca/key.pem -out ca/cert.pem @@ -41,7 +42,7 @@ softhsm_token_setup() -keyout server/key.pem -out server/csr.pem openssl x509 -req -CA ca/cert.pem -CAkey ca/key.pem \ -in server/csr.pem -out server/cert.pem -CAcreateserial - chown -R apache:apache $WORKDIR + chown -R apache:apache "$WORKDIR" usermod -a -G ods apache cp -rnp /var/lib/softhsm/tokens{,.bck} @@ -54,20 +55,20 @@ softhsm_token_setup() --label httpd \ --id=%01 \ --login \ - --set-pin $PIN $TOKENURL + --set-pin "$PIN" "$TOKENURL" runuser -u apache -- p11tool \ --write \ --load-certificate server/cert.pem \ --label httpd \ --id=%01 \ --login \ - --set-pin $PIN $TOKENURL + --set-pin "$PIN" "$TOKENURL" popd export PKCS11_PROVIDER_MODULE="/usr/lib64/pkcs11/libsofthsm2.so" title SECTION "List token content" - p11tool --login --set-pin $PIN --list-all $TOKENURL + p11tool --login --set-pin "$PIN" --list-all "$TOKENURL" title ENDSECTION } @@ -83,10 +84,11 @@ pkcs11_provider_setup() fi echo "Skipped (running in Github Actions)" else - git clone ${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"} \ - ${WORKDIR}/pkcs11-provider - pushd $WORKDIR/pkcs11-provider - git checkout ${GIT_REF:-"main"} + git clone \ + "${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"}" \ + "${WORKDIR}"/pkcs11-provider + pushd "$WORKDIR"/pkcs11-provider + git checkout "${GIT_REF:-"main"}" autoreconf -fiv ./configure --libdir=/usr/lib64 make @@ -94,14 +96,14 @@ pkcs11_provider_setup() popd export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so fi - test -e $PKCS11_MODULE + test -e "$PKCS11_MODULE" } openssl_setup() { title PARA "OpenSSL setup" - echo "$PIN" >$PIN_FILE + echo "$PIN" >"$PIN_FILE" sed \ -e "s|\(default = default_sect\)|\1\npkcs11 = pkcs11_sect\n|" \ -e "s|\(\[default_sect\]\)|\[pkcs11_sect\]\n\1|" \ @@ -109,10 +111,10 @@ openssl_setup() -e "s|\(\[default_sect\]\)|pkcs11-module-load-behavior = early\n\1|" \ -e "s|\(\[default_sect\]\)|pkcs11-module-token-pin = file:$PIN_FILE\n\1|" \ -e "s|\(\[default_sect\]\)|activate = 1\n\n\1|" \ - /etc/pki/tls/openssl.cnf >${WORKDIR}/openssl.cnf + /etc/pki/tls/openssl.cnf >"${WORKDIR}"/openssl.cnf title SECTION "openssl.cnf" - cat ${WORKDIR}/openssl.cnf + cat "${WORKDIR}"/openssl.cnf title ENDSECTION } @@ -121,10 +123,10 @@ httpd_setup() title PARAM "Httpd setup" TOKENURL=$(p11tool --list-token-urls | grep "softtoken") - KEYURL="$(p11tool --login --set-pin $PIN --list-keys $TOKENURL \ + KEYURL="$(p11tool --login --set-pin "$PIN" --list-keys "$TOKENURL" \ | grep 'URL:.*object=httpd;type=private' \ | awk '{ print $NF }')?pin-value=$PIN" - CERTURL=$(p11tool --list-all-certs $TOKENURL \ + CERTURL=$(p11tool --list-all-certs "$TOKENURL" \ | grep "URL:.*object=httpd;type=cert" \ | awk '{ print $NF }') @@ -155,34 +157,35 @@ httpd_test() title PARA "Test 2: Curl connects to httpd over TLS" PKCS11_PROVIDER_DEBUG=file:${PKCS11_DEBUG_FILE}.curl \ - curl -v -sS --cacert ${WORKDIR}/ca/cert.pem https://localhost >/dev/null + curl -v -sS --cacert "${WORKDIR}"/ca/cert.pem https://localhost >/dev/null echo "Test passed" } +# shellcheck disable=SC2317 cleanup() { title PARA "Clean-up" - for L in ${PKCS11_DEBUG_FILE}.*; do + for L in "${PKCS11_DEBUG_FILE}".*; do title SECTION "$L" - cat $L + cat "$L" title ENDSECTION done ssl_log="/var/log/httpd/ssl_error_log" - if [ -e $ssl_log ]; then + if [ -e "$ssl_log" ]; then title SECTION "$ssl_log" - cat $ssl_log + cat "$ssl_log" title ENDSECTION fi - pushd $BASEDIR >/dev/null - rm -rf $WORKDIR + pushd "$BASEDIR" >/dev/null + rm -rf "$WORKDIR" if pgrep httpd >/dev/null; then pkill httpd fi - if [ -e ${MOD_SSL_CONF}.bck ]; then - mv ${MOD_SSL_CONF}.bck $MOD_SSL_CONF + if [ -e "${MOD_SSL_CONF}".bck ]; then + mv "${MOD_SSL_CONF}".bck "$MOD_SSL_CONF" fi if [ -e /var/lib/softhsm/tokens.bck ]; then rm -rf /var/lib/softhsm/tokens @@ -203,5 +206,3 @@ httpd_setup # Test. httpd_test - -exit 0 diff --git a/tests/integration/libssh.sh b/tests/integration/libssh.sh index f276df00..d69fe9fd 100644 --- a/tests/integration/libssh.sh +++ b/tests/integration/libssh.sh @@ -2,6 +2,7 @@ # Copyright (C) 2024 Ondrej Moris # SPDX-License-Identifier: Apache-2.0 +# shellcheck disable=SC1091 source "../helpers.sh" BASEDIR=$PWD @@ -30,10 +31,11 @@ pkcs11_provider_setup() exit 1 fi else - git clone ${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"} \ - ${WORKDIR}/pkcs11-provider - pushd $WORKDIR/pkcs11-provider - git checkout ${GIT_REF:-"main"} + git clone \ + "${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"}" \ + "${WORKDIR}"/pkcs11-provider + pushd "$WORKDIR"/pkcs11-provider + git checkout "${GIT_REF:-"main"}" autoreconf -fiv ./configure --libdir=/usr/lib64 make @@ -41,7 +43,7 @@ pkcs11_provider_setup() popd export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so fi - test -e $PKCS11_MODULE + test -e "$PKCS11_MODULE" } libssh_setup() @@ -49,17 +51,17 @@ libssh_setup() title PRAM "Clone, setup and build libssh" git clone https://gitlab.com/libssh/libssh-mirror.git \ - ${WORKDIR}/libssh-mirror + "${WORKDIR}"/libssh-mirror - mkdir ${WORKDIR}/libssh-mirror/build - pushd ${WORKDIR}/libssh-mirror/build + mkdir "${WORKDIR}"/libssh-mirror/build + pushd "${WORKDIR}"/libssh-mirror/build cmake \ -DUNIT_TESTING=ON \ -DCLIENT_TESTING=ON \ -DCMAKE_BUILD_TYPE=Debug \ -DWITH_PKCS11_URI=ON \ -DWITH_PKCS11_PROVIDER=ON \ - -DPKCS11_PROVIDER=${PKCS11_MODULE} .. + -DPKCS11_PROVIDER="${PKCS11_MODULE}" .. make popd } @@ -68,7 +70,7 @@ libssh_test() { title PARAM "Run libssh pkcs11 tests" - pushd ${WORKDIR}/libssh-mirror/build + pushd "${WORKDIR}"/libssh-mirror/build PKCS11_PROVIDER_DEBUG=file:$PKCS11_DEBUG_FILE ctest \ --output-on-failure -R \ '(torture_auth_pkcs11|torture_pki_rsa_uri|torture_pki_ecdsa_uri)' \ @@ -80,16 +82,17 @@ libssh_test() popd } +# shellcheck disable=SC2317 cleanup() { title PARA "Clean-up" title SECTION "$PKCS11_DEBUG_FILE" - cat $PKCS11_DEBUG_FILE + cat "$PKCS11_DEBUG_FILE" title ENDSECTION - pushd $BASEDIR >/dev/null - rm -rf $WORKDIR + pushd "$BASEDIR" >/dev/null + rm -rf "$WORKDIR" title LINE "Done" }