From fa8c972296518f2850b3d3180880d0b67b6e259b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 21:58:11 +0100 Subject: [PATCH] Optimized shellcheck hints --- scripts/encryption/storage/Readme.md | 2 ++ scripts/encryption/storage/base.sh | 15 ++++++++++----- scripts/encryption/storage/raid1/base.sh | 4 ++++ .../encryption/storage/raid1/mount_on_boot.sh | 8 +++++--- scripts/encryption/storage/raid1/setup.sh | 17 ++++++++++------- scripts/encryption/storage/single_drive/base.sh | 1 + .../encryption/storage/single_drive/mount.sh | 7 +++++-- .../storage/single_drive/mount_on_boot.sh | 6 ++++-- .../encryption/storage/single_drive/setup.sh | 15 +++++++++------ .../encryption/storage/single_drive/umount.sh | 7 +++++-- 10 files changed, 55 insertions(+), 27 deletions(-) diff --git a/scripts/encryption/storage/Readme.md b/scripts/encryption/storage/Readme.md index 844fec9..db33164 100644 --- a/scripts/encryption/storage/Readme.md +++ b/scripts/encryption/storage/Readme.md @@ -1,2 +1,4 @@ # Storage For security reasons storages **SHOULD** be encrypted with [LUKS](https://de.wikipedia.org/wiki/Dm-crypt#Erweiterung_mit_LUKS). To keep it standardized and easy this scripts will use [btrfs](https://de.wikipedia.org/wiki/Btrfs) as file system. + +@todo create mount folder diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 069ccbe..9141734 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -1,4 +1,9 @@ #!/bin/bash +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2034 # Unused variables +# shellcheck disable=SC2154 # Referenced but not assigned +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2001 # See if you can use ${variable//search/replace} instead source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1) set_device_mount_partition_and_mapper_paths(){ @@ -26,13 +31,13 @@ create_luks_key_and_update_cryptab(){ then warning "File allready exist. Overwritting!" fi - sudo dd if=/dev/urandom of=$secret_key_path bs=512 count=8 && - sudo cryptsetup -v luksAddKey $2 $secret_key_path && + sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 && + sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && info "Opening and closing device to verify that that everything works fine..." && - sudo cryptsetup -v luksOpen $2 $1 --key-file=$secret_key_path && - sudo cryptsetup -v luksClose $1 && + sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" && + sudo cryptsetup -v luksClose "$1" && info "Reading UUID..." && - uuid_line=$(sudo cryptsetup luksDump $2 | grep "UUID") && + uuid_line=$(sudo cryptsetup luksDump "$2" | grep "UUID") && uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") && crypttab_path="/etc/crypttab" && crypttab_entry="$1 UUID=$uuid $secret_key_path luks" && diff --git a/scripts/encryption/storage/raid1/base.sh b/scripts/encryption/storage/raid1/base.sh index da70cf6..256b2d9 100644 --- a/scripts/encryption/storage/raid1/base.sh +++ b/scripts/encryption/storage/raid1/base.sh @@ -1,4 +1,8 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2034 # Unused variables +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) set_raid1_devices_mount_partition_and_mapper_paths(){ info "RAID1 partition 1..." && diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 090ba7c..44f1eba 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -1,7 +1,9 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) info "Automount raid1 encrypted storages..." -create_luks_key_and_update_cryptab $mapper_name_1 $partition_path_1 -create_luks_key_and_update_cryptab $mapper_name_2 $partition_path_2 -update_fstab $mapper_path_1 $mount_path_1 +create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1" +create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2" +update_fstab "$mapper_path_1" "$mount_path_1" success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/raid1/setup.sh b/scripts/encryption/storage/raid1/setup.sh index 991b169..3124806 100644 --- a/scripts/encryption/storage/raid1/setup.sh +++ b/scripts/encryption/storage/raid1/setup.sh @@ -2,19 +2,22 @@ # @author Kevin Veen-Birkenbach [kevin@veen.world] # @see https://balaskas.gr/btrfs/raid1.html # @see https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1/ +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) set_raid1_devices_mount_partition_and_mapper_paths info "Encrypting $partition_path_1..." && -cryptsetup luksFormat $partition_path_1 && +cryptsetup luksFormat "$partition_path_1" && info "Encrypting $partition_path_2..." && -cryptsetup luksFormat $partition_path_2 && +cryptsetup luksFormat "$partition_path_2" && blkid | tail -2 && -cryptsetup luksOpen $partition_path_1 $mapper_name_1 && -cryptsetup luksOpen $partition_path_2 $mapper_name_2 && -cryptsetup status $mapper_path_1 && -cryptsetup status $mapper_path_2 && -mkfs.btrfs -L $label -m raid1 -d raid1 $mapper_path_1 $mapper_path_2 && +cryptsetup luksOpen "$partition_path_1" "$mapper_name_1" && +cryptsetup luksOpen "$partition_path_2" "$mapper_name_2" && +cryptsetup status "$mapper_path_1" && +cryptsetup status "$mapper_path_2" && +mkfs.btrfs -m raid1 -d raid1 "$mapper_path_1" "$mapper_path_2" && success "Encryption successfull :)" || error diff --git a/scripts/encryption/storage/single_drive/base.sh b/scripts/encryption/storage/single_drive/base.sh index 9b74781..3c00ca1 100644 --- a/scripts/encryption/storage/single_drive/base.sh +++ b/scripts/encryption/storage/single_drive/base.sh @@ -1,2 +1,3 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) diff --git a/scripts/encryption/storage/single_drive/mount.sh b/scripts/encryption/storage/single_drive/mount.sh index 13cf0b0..a54896a 100644 --- a/scripts/encryption/storage/single_drive/mount.sh +++ b/scripts/encryption/storage/single_drive/mount.sh @@ -1,15 +1,18 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Mounts encrypted storages" set_device_mount_partition_and_mapper_paths info "Unlock partition..." && -sudo cryptsetup luksOpen $partition_path $mapper_name || +sudo cryptsetup luksOpen "$partition_path" "$mapper_name" || error info "Mount partition..." && -sudo mount $mapper_path $mount_path || +sudo mount "$mapper_path" "$mount_path" || error success "Mounting successfull :)" diff --git a/scripts/encryption/storage/single_drive/mount_on_boot.sh b/scripts/encryption/storage/single_drive/mount_on_boot.sh index 1a39f2f..d44dff1 100644 --- a/scripts/encryption/storage/single_drive/mount_on_boot.sh +++ b/scripts/encryption/storage/single_drive/mount_on_boot.sh @@ -1,11 +1,13 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Automount encrypted storages" echo set_device_mount_partition_and_mapper_paths -create_luks_key_and_update_cryptab $mapper_name $partition_path +create_luks_key_and_update_cryptab "$mapper_name" "$partition_path" -update_fstab $mapper_path $mount_path +update_fstab "$mapper_path" "$mount_path" success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/single_drive/setup.sh b/scripts/encryption/storage/single_drive/setup.sh index e79703e..7071f5d 100644 --- a/scripts/encryption/storage/single_drive/setup.sh +++ b/scripts/encryption/storage/single_drive/setup.sh @@ -1,4 +1,7 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Setups disk encryption" @@ -23,25 +26,25 @@ info "Creating partition table..." error info "Encrypt $device_path..." && -sudo cryptsetup -v -y luksFormat $partition_path || +sudo cryptsetup -v -y luksFormat "$partition_path" || error info "Unlock partition..." && -sudo cryptsetup luksOpen $partition_path $mapper_name || +sudo cryptsetup luksOpen "$partition_path" "$mapper_name" || error info "Create btrfs file system..." && -sudo mkfs.btrfs $mapper_path || error +sudo mkfs.btrfs "$mapper_path" || error info "Creating mount folder unter \"$mount_path\"..." && -sudo mkdir -p $mount_path || error +sudo mkdir -p "$mount_path" || error info "Mount partition..." && -sudo mount $mapper_path $mount_path || +sudo mount "$mapper_path" "$mount_path" || error info "Own partition by user..." && -sudo chown -R $USER:$USER $mount_path || +sudo chown -R "$USER":"$USER" "$mount_path" || error success "Encryption successfull :)" diff --git a/scripts/encryption/storage/single_drive/umount.sh b/scripts/encryption/storage/single_drive/umount.sh index d894ba7..cd46017 100644 --- a/scripts/encryption/storage/single_drive/umount.sh +++ b/scripts/encryption/storage/single_drive/umount.sh @@ -1,12 +1,15 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Unmount encrypted storages" set_device_mount_partition_and_mapper_paths info "Unmount $mapper_path..." -sudo umount $mapper_path && -sudo cryptsetup luksClose $mapper_path || +sudo umount "$mapper_path" && +sudo cryptsetup luksClose "$mapper_path" || error success "Successfull :)"