From 3ea7dd925c79aab0f9f56628755925384262d1ac Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 12 May 2019 19:07:02 +0800 Subject: [PATCH 1/4] Quote var/cmd output in shell script to prevent word splitting --- dnscrypt-wrapper.sh | 6 +++--- entrypoint.sh | 4 ++-- key-rotation.sh | 4 ++-- unbound.sh | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dnscrypt-wrapper.sh b/dnscrypt-wrapper.sh index 9235a29..64a8f40 100755 --- a/dnscrypt-wrapper.sh +++ b/dnscrypt-wrapper.sh @@ -10,7 +10,7 @@ prune() { } rotation_needed() { - if [ $(/usr/bin/find "$STKEYS_DIR" -name '*.cert' -type f -cmin -720 -print -quit | wc -l | sed 's/[^0-9]//g') -le 0 ]; then + if [ "$(/usr/bin/find "$STKEYS_DIR" -name '*.cert' -type f -cmin -720 -print -quit | wc -l | sed 's/[^0-9]//g')" -le 0 ]; then echo true else echo false @@ -54,7 +54,7 @@ provider_name=$(cat "$KEYS_DIR/provider_name") mkdir -p "$STKEYS_DIR" prune -[ $(rotation_needed) = true ] && new_key +[ "$(rotation_needed)" = true ] && new_key [ -r "$BLACKLIST" ] && blacklist_opt="--blacklist-file=${BLACKLIST}" @@ -64,5 +64,5 @@ exec /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \ --resolver-address=127.0.0.1:553 \ --provider-name="$provider_name" \ --provider-cert-file="$(stcerts_files)" \ - --crypt-secretkey-file=$(stkeys_files) \ + --crypt-secretkey-file="$(stkeys_files)" \ $blacklist_opt diff --git a/entrypoint.sh b/entrypoint.sh index c8743c5..b604b2a 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,7 +9,7 @@ KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" # -N provider-name -E external-ip-address:port init() { - if [ $(is_initialized) = yes ]; then + if [ "$(is_initialized)" = yes ]; then start exit $? fi @@ -73,7 +73,7 @@ is_initialized() { } ensure_initialized() { - if [ $(is_initialized) = no ]; then + if [ "$(is_initialized)" = no ]; then echo "Please provide an initial configuration (init -N -E )" >&2 exit 1 fi diff --git a/key-rotation.sh b/key-rotation.sh index 5f67c66..71ffba5 100755 --- a/key-rotation.sh +++ b/key-rotation.sh @@ -6,13 +6,13 @@ KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" STKEYS_DIR="${KEYS_DIR}/short-term" rotation_needed() { - if [ $(/usr/bin/find "$STKEYS_DIR" -type f -cmin -720 -print -quit | wc -l | sed 's/[^0-9]//g') -le 0 ]; then + if [ "$(/usr/bin/find "$STKEYS_DIR" -type f -cmin -720 -print -quit | wc -l | sed 's/[^0-9]//g')" -le 0 ]; then echo true else echo false fi } -[ $(rotation_needed) = true ] || exit 0 +[ "$(rotation_needed)" = true ] || exit 0 sv status dnscrypt-wrapper | egrep -q '^run:' || exit 0 sv restart dnscrypt-wrapper diff --git a/unbound.sh b/unbound.sh index 6cea2e7..9467183 100755 --- a/unbound.sh +++ b/unbound.sh @@ -13,7 +13,7 @@ availableMemory=$(($availableMemory - $reserved)) msg_cache_size=$(($availableMemory / 3)) rr_cache_size=$(($availableMemory / 3)) nproc=$(nproc) -if [ $nproc -gt 1 ]; then +if [ "$nproc" -gt 1 ]; then threads=$(($nproc - 1)) else threads=1 From 96b9dc9b32178f99d9b7a747232289b22f5af6d4 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 12 May 2019 19:13:06 +0800 Subject: [PATCH 2/4] Remoe unnecessary `$` on arithmetic variables in shell script --- unbound.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/unbound.sh b/unbound.sh index 9467183..c793094 100755 --- a/unbound.sh +++ b/unbound.sh @@ -5,16 +5,16 @@ ZONES_DIR="/opt/unbound/etc/unbound/zones" reserved=12582912 availableMemory=$((1024 * $( (fgrep MemAvailable /proc/meminfo || fgrep MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) )) -if [ $availableMemory -le $(($reserved * 2)) ]; then +if [ $availableMemory -le $((reserved * 2)) ]; then echo "Not enough memory" >&2 exit 1 fi -availableMemory=$(($availableMemory - $reserved)) -msg_cache_size=$(($availableMemory / 3)) -rr_cache_size=$(($availableMemory / 3)) +availableMemory=$((availableMemory - reserved)) +msg_cache_size=$((availableMemory / 3)) +rr_cache_size=$((availableMemory / 3)) nproc=$(nproc) if [ "$nproc" -gt 1 ]; then - threads=$(($nproc - 1)) + threads=$((nproc - 1)) else threads=1 fi From 3de5db51e9666956d85e84a7c54c417e2ce7c288 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 12 May 2019 19:17:50 +0800 Subject: [PATCH 3/4] Improve `if` condition syntax in shell script --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index b604b2a..85f0862 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -65,7 +65,7 @@ provider_info() { } is_initialized() { - if [ ! -f "${KEYS_DIR}/public.key" -a ! -f "${KEYS_DIR}/secret.key" -a ! -f "${KEYS_DIR}/provider_name" ]; then + if [ ! -f "${KEYS_DIR}/public.key" ] && [ ! -f "${KEYS_DIR}/secret.key" ] && [ ! -f "${KEYS_DIR}/provider_name" ]; then echo no else echo yes From fc47a319d493e37cf1c387c86c1632beff00df41 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 12 May 2019 19:19:21 +0800 Subject: [PATCH 4/4] Use replace non-standard egrep/fgrep with grep `-E/-F` --- key-rotation.sh | 2 +- unbound.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/key-rotation.sh b/key-rotation.sh index 71ffba5..bfe7285 100755 --- a/key-rotation.sh +++ b/key-rotation.sh @@ -14,5 +14,5 @@ rotation_needed() { } [ "$(rotation_needed)" = true ] || exit 0 -sv status dnscrypt-wrapper | egrep -q '^run:' || exit 0 +sv status dnscrypt-wrapper | grep -E -q '^run:' || exit 0 sv restart dnscrypt-wrapper diff --git a/unbound.sh b/unbound.sh index c793094..c44c3a9 100755 --- a/unbound.sh +++ b/unbound.sh @@ -4,7 +4,7 @@ KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" ZONES_DIR="/opt/unbound/etc/unbound/zones" reserved=12582912 -availableMemory=$((1024 * $( (fgrep MemAvailable /proc/meminfo || fgrep MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) )) +availableMemory=$((1024 * $( (grep -F MemAvailable /proc/meminfo || grep -F MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) )) if [ $availableMemory -le $((reserved * 2)) ]; then echo "Not enough memory" >&2 exit 1