Change Details

Script started on Sat Sep 8 07:31:51 2018 % /opt/salt/nasqueron-operations ] (git)-[cachet] [?2004harc lint --everythingarc lint --everything[?2004l >>> Lint for roles/mailserver/certificates/files/update-smtp-certificates.sh:  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 16 # and will be lost if the state is redeployed. 17 # </auto-generated> 18 >>> 19 : ${CONTAINER_NAME='mailserver'} ^ 20 : ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} 22  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 17 # </auto-generated> 18 19 : ${CONTAINER_NAME='mailserver'} >>> 20 : ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} ^ 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} 22 23 cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 18 19 : ${CONTAINER_NAME='mailserver'} 20 : ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} >>> 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} ^ 22 23 cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt 24 cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 20 : ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} 22 >>> 23 cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt ^ 24 cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key 25 26 # Mail servers can read the certificate as root before dropping privileges  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 20 : ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} 22 >>> 23 cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt ^ 24 cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key 25 26 # Mail servers can read the certificate as root before dropping privileges  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} 22 23 cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt >>> 24 cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key ^ 25 26 # Mail servers can read the certificate as root before dropping privileges 27 chown 0:0 $CONTAINER_DIR/etc/ssl/private/mailserver.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 21 : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} 22 23 cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt >>> 24 cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key ^ 25 26 # Mail servers can read the certificate as root before dropping privileges 27 chown 0:0 $CONTAINER_DIR/etc/ssl/private/mailserver.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 24 cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key 25 26 # Mail servers can read the certificate as root before dropping privileges >>> 27 chown 0:0 $CONTAINER_DIR/etc/ssl/private/mailserver.key ^ 28 chmod 400 $CONTAINER_DIR/etc/ssl/private/mailserver.key 29 30 lxc-attach -n $CONTAINER_NAME -- service postfix restart  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 25 26 # Mail servers can read the certificate as root before dropping privileges 27 chown 0:0 $CONTAINER_DIR/etc/ssl/private/mailserver.key >>> 28 chmod 400 $CONTAINER_DIR/etc/ssl/private/mailserver.key ^ 29 30 lxc-attach -n $CONTAINER_NAME -- service postfix restart 31 lxc-attach -n $CONTAINER_NAME -- service dovecot restart  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 27 chown 0:0 $CONTAINER_DIR/etc/ssl/private/mailserver.key 28 chmod 400 $CONTAINER_DIR/etc/ssl/private/mailserver.key 29 >>> 30 lxc-attach -n $CONTAINER_NAME -- service postfix restart ^ 31 lxc-attach -n $CONTAINER_NAME -- service dovecot restart  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 28 chmod 400 $CONTAINER_DIR/etc/ssl/private/mailserver.key 29 30 lxc-attach -n $CONTAINER_NAME -- service postfix restart >>> 31 lxc-attach -n $CONTAINER_NAME -- service dovecot restart ^ >>> Lint for roles/mailserver/dkim/files/bin/get-dkim-dns-entries.sh:  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 19 # Parses arguments 20 if [ $# -eq 0 ] 21 then >>> 22 echo "Usage: `basename $0` <domain>" ^ 23 exit 1 24 fi 25  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 19 # Parses arguments 20 if [ $# -eq 0 ] 21 then >>> 22 echo "Usage: `basename $0` <domain>" ^ 23 exit 1 24 fi 25  Advice  (SC2231) SHELLCHECK Quote expansions in this for loop glob to prevent wordsplitting, e.g. "$dir"/*.txt . 32 exit 2 33 fi 34 >>> 35 for f in $DIR/*.txt ^ 36 do 37 get-dkim-dns-entry $f 38 done  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 34 35 for f in $DIR/*.txt 36 do >>> 37 get-dkim-dns-entry $f ^ 38 done >>> Lint for roles/mailserver/dkim/files/bin/get-dkim-key-table.sh:  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 18 19 for d in /etc/opendkim/keys/* 20 do >>> 21 DOMAIN=`basename $d` ^ 22 23 for f in $d/*.private 24 do  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 18 19 for d in /etc/opendkim/keys/* 20 do >>> 21 DOMAIN=`basename $d` ^ 22 23 for f in $d/*.private 24 do  Advice  (SC2231) SHELLCHECK Quote expansions in this for loop glob to prevent wordsplitting, e.g. "$dir"/*.txt . 20 do 21 DOMAIN=`basename $d` 22 >>> 23 for f in $d/*.private ^ 24 do 25 SELECTOR=`basename $f .private` 26 echo "$SELECTOR._domainkey.$DOMAIN $DOMAIN:$SELECTOR:$f"  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 22 23 for f in $d/*.private 24 do >>> 25 SELECTOR=`basename $f .private` ^ 26 echo "$SELECTOR._domainkey.$DOMAIN $DOMAIN:$SELECTOR:$f" 27 done 28 done  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 22 23 for f in $d/*.private 24 do >>> 25 SELECTOR=`basename $f .private` ^ 26 echo "$SELECTOR._domainkey.$DOMAIN $DOMAIN:$SELECTOR:$f" 27 done 28 done >>> Lint for roles/mailserver/dkim/files/bin/get-dkim-signing-table.sh:  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 18 19 for d in /etc/opendkim/keys/* 20 do >>> 21 DOMAIN=`basename $d` ^ 22 23 for f in $d/*.private 24 do  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 18 19 for d in /etc/opendkim/keys/* 20 do >>> 21 DOMAIN=`basename $d` ^ 22 23 for f in $d/*.private 24 do  Advice  (SC2231) SHELLCHECK Quote expansions in this for loop glob to prevent wordsplitting, e.g. "$dir"/*.txt . 20 do 21 DOMAIN=`basename $d` 22 >>> 23 for f in $d/*.private ^ 24 do 25 SELECTOR=`basename $f .private` 26 echo "$DOMAIN $SELECTOR._domainkey.$DOMAIN"  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 22 23 for f in $d/*.private 24 do >>> 25 SELECTOR=`basename $f .private` ^ 26 echo "$DOMAIN $SELECTOR._domainkey.$DOMAIN" 27 done 28 done  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 22 23 for f in $d/*.private 24 do >>> 25 SELECTOR=`basename $f .private` ^ 26 echo "$DOMAIN $SELECTOR._domainkey.$DOMAIN" 27 done 28 done >>> Lint for roles/mailserver/systemd-unit/files/lxc-container-mailserver-start.sh:  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 37 #Web rules 38 for PORT in $PORTS 39 do >>> 40 $IPTABLES -t nat -I PREROUTING -i $HOST_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 41 done 42 43 #Need 80 port for main nginx  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 37 #Web rules 38 for PORT in $PORTS 39 do >>> 40 $IPTABLES -t nat -I PREROUTING -i $HOST_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 41 done 42 43 #Need 80 port for main nginx  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 46 #Docker rules 47 for PORT in $DOCKER_PORTS 48 do >>> 49 $IPTABLES -t nat -I PREROUTING -i $DOCKER_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 50 done  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 46 #Docker rules 47 for PORT in $DOCKER_PORTS 48 do >>> 49 $IPTABLES -t nat -I PREROUTING -i $DOCKER_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 50 done >>> Lint for roles/mailserver/systemd-unit/files/lxc-container-mailserver-stop.sh:  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 33 #Web rules 34 for PORT in $PORTS 35 do >>> 36 $IPTABLES -t nat -D PREROUTING -i $HOST_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 37 done 38 39 #Need 80 port for main nginx  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 33 #Web rules 34 for PORT in $PORTS 35 do >>> 36 $IPTABLES -t nat -D PREROUTING -i $HOST_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 37 done 38 39 #Need 80 port for main nginx  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 43 #Docker rules 44 for PORT in $DOCKER_PORTS 45 do >>> 46 $IPTABLES -t nat -D PREROUTING -i $DOCKER_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 47 done 48 49 $LXC_STOP -n $CONTAINER_NAME  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 43 #Docker rules 44 for PORT in $DOCKER_PORTS 45 do >>> 46 $IPTABLES -t nat -D PREROUTING -i $DOCKER_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT ^ 47 done 48 49 $LXC_STOP -n $CONTAINER_NAME >>> Lint for roles/mumble/certificates/files/update-mumble-certificates.sh:  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 16 # and will be lost if the state is redeployed. 17 # </auto-generated> 18 >>> 19 : ${JAIL_HOSTNAME='mumble.nasqueron.org'} ^ 20 : ${CERT_DIR="/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME"} 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`}  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 17 # </auto-generated> 18 19 : ${JAIL_HOSTNAME='mumble.nasqueron.org'} >>> 20 : ${CERT_DIR="/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME"} ^ 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} 23  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 18 19 : ${JAIL_HOSTNAME='mumble.nasqueron.org'} 20 : ${CERT_DIR="/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME"} >>> 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} ^ 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} 23 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt  Advice  (SC2223) SHELLCHECK This default assignment may cause DoS due to globbing. Quote it. 19 : ${JAIL_HOSTNAME='mumble.nasqueron.org'} 20 : ${CERT_DIR="/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME"} 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} >>> 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} ^ 23 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 19 : ${JAIL_HOSTNAME='mumble.nasqueron.org'} 20 : ${CERT_DIR="/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME"} 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} >>> 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} ^ 23 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 19 : ${JAIL_HOSTNAME='mumble.nasqueron.org'} 20 : ${CERT_DIR="/usr/local/etc/letsencrypt/live/$JAIL_HOSTNAME"} 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} >>> 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} ^ 23 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} 23 >>> 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt ^ 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key 26 27 # murmur has uid 338  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 21 : ${JAIL_DIR="/usr/local/jails/$JAIL_HOSTNAME"} 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} 23 >>> 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt ^ 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key 26 27 # murmur has uid 338  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} 23 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt >>> 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key ^ 26 27 # murmur has uid 338 28 chown 338:0 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 22 : ${JAIL_ID=`jls | grep $JAIL_HOSTNAME | awk '{print $1}'`} 23 24 cp $CERT_DIR/fullchain.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.crt >>> 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key ^ 26 27 # murmur has uid 338 28 chown 338:0 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 25 cp $CERT_DIR/privkey.pem $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key 26 27 # murmur has uid 338 >>> 28 chown 338:0 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key ^ 29 chmod 400 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key 30 31 jexec $JAIL_ID service murmur restart  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 26 27 # murmur has uid 338 28 chown 338:0 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key >>> 29 chmod 400 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key ^ 30 31 jexec $JAIL_ID service murmur restart  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 28 chown 338:0 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key 29 chmod 400 $JAIL_DIR/usr/local/etc/ssl/nasqueron.org/mumble.key 30 >>> 31 jexec $JAIL_ID service murmur restart ^ >>> Lint for roles/phabricator/arcanist/files/arc.sh:  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 48 # Enable log printing 49 PRINT_LOG=1 50 # Set a random name for the container >>> 51 INSTANCE="arc-"`openssl rand -hex 21` ^ 52 FLAGS="-i -a=stdin --name=$INSTANCE" 53 fi 54 fi  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 64 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 65 66 if [ $PRINT_LOG -eq 0 ]; then >>> 67 docker run $FLAGS --rm -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" ^ 68 else 69 docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" > /dev/null 70 sleep 3  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 64 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 65 66 if [ $PRINT_LOG -eq 0 ]; then >>> 67 docker run $FLAGS --rm -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" ^ 68 else 69 docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" > /dev/null 70 sleep 3  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 66 if [ $PRINT_LOG -eq 0 ]; then 67 docker run $FLAGS --rm -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" 68 else >>> 69 docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" > /dev/null ^ 70 sleep 3 71 docker logs $INSTANCE 72 docker rm $INSTANCE >/dev/null  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 66 if [ $PRINT_LOG -eq 0 ]; then 67 docker run $FLAGS --rm -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" 68 else >>> 69 docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" > /dev/null ^ 70 sleep 3 71 docker logs $INSTANCE 72 docker rm $INSTANCE >/dev/null  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 68 else 69 docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" > /dev/null 70 sleep 3 >>> 71 docker logs $INSTANCE ^ 72 docker rm $INSTANCE >/dev/null 73 fi  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 69 docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND "$@" > /dev/null 70 sleep 3 71 docker logs $INSTANCE >>> 72 docker rm $INSTANCE >/dev/null ^ 73 fi >>> Lint for roles/phabricator/containers/files/run-devcentral.sh:  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 85 # the old celerity map would be kept by APCu. 86 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 87 >>> 88 docker exec $INSTANCE_NAME sh -c 'mkdir -p /root/.ssh && \ ^ 89 cp /opt/phabricator/conf/deploy-keys/* /root/.ssh' 90 docker exec $INSTANCE_NAME ssh -o StrictHostKeyChecking=no ${REPO_LOGIN}@${REPO_HOST} 91 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 88 docker exec $INSTANCE_NAME sh -c 'mkdir -p /root/.ssh && \ 89 cp /opt/phabricator/conf/deploy-keys/* /root/.ssh' 90 docker exec $INSTANCE_NAME ssh -o StrictHostKeyChecking=no ${REPO_LOGIN}@${REPO_HOST} >>> 91 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ ^ 92 git remote add private "$PHABRICATOR_PROD_REPO" && \ 93 git fetch --all && \ 94 git checkout $PHABRICATOR_PROD_BRANCH && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 89 cp /opt/phabricator/conf/deploy-keys/* /root/.ssh' 90 docker exec $INSTANCE_NAME ssh -o StrictHostKeyChecking=no ${REPO_LOGIN}@${REPO_HOST} 91 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ >>> 92 git remote add private "$PHABRICATOR_PROD_REPO" && \ ^ 93 git fetch --all && \ 94 git checkout $PHABRICATOR_PROD_BRANCH && \ 95 sv restart php-fpm && sv restart phd'  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 90 docker exec $INSTANCE_NAME ssh -o StrictHostKeyChecking=no ${REPO_LOGIN}@${REPO_HOST} 91 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ 92 git remote add private "$PHABRICATOR_PROD_REPO" && \ >>> 93 git fetch --all && \ ^ 94 git checkout $PHABRICATOR_PROD_BRANCH && \ 95 sv restart php-fpm && sv restart phd' 96  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 91 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ 92 git remote add private "$PHABRICATOR_PROD_REPO" && \ 93 git fetch --all && \ >>> 94 git checkout $PHABRICATOR_PROD_BRANCH && \ ^ 95 sv restart php-fpm && sv restart phd' 96 97 echo "Deployment done at `date`."  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 94 git checkout $PHABRICATOR_PROD_BRANCH && \ 95 sv restart php-fpm && sv restart phd' 96 >>> 97 echo "Deployment done at `date`." ^ 98 exit 0 >>> Lint for roles/phabricator/containers/files/run-wolfphab.sh:  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 64 -e PHABRICATOR_STORAGE_NAMESPACE="$MYSQL_NAMESPACE" \ 65 --name $INSTANCE_NAME nasqueron/phabricator 66 >>> 67 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ ^ 68 bin/config set mysql.host mysql && \ 69 bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 65 --name $INSTANCE_NAME nasqueron/phabricator 66 67 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ >>> 68 bin/config set mysql.host mysql && \ ^ 69 bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 66 67 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ 68 bin/config set mysql.host mysql && \ >>> 69 bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ ^ 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \ 72 bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 67 docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ 68 bin/config set mysql.host mysql && \ 69 bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ >>> 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ ^ 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \ 72 bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \ 73 bin/config set mailgun.domain $DOMAIN && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 68 bin/config set mysql.host mysql && \ 69 bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ >>> 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \ ^ 72 bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \ 73 bin/config set mailgun.domain $DOMAIN && \ 74 rm -f /etc/nginx/sites-enabled/default && \  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 69 bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \ >>> 72 bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \ ^ 73 bin/config set mailgun.domain $DOMAIN && \ 74 rm -f /etc/nginx/sites-enabled/default && \ 75 chown -R app /var/repo'  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 70 bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \ 72 bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \ >>> 73 bin/config set mailgun.domain $DOMAIN && \ ^ 74 rm -f /etc/nginx/sites-enabled/default && \ 75 chown -R app /var/repo' 76  Advice  (SC1004) SHELLCHECK This backslash+linefeed is literal. Break outside single quotes if you just want to break the line. 71 bin/config set phabricator.base-uri $PHABRICATOR_URL && \ 72 bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \ 73 bin/config set mailgun.domain $DOMAIN && \ >>> 74 rm -f /etc/nginx/sites-enabled/default && \ ^ 75 chown -R app /var/repo' 76 77 # Fixes bug phd doesn't run at the very first container launch  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 77 # Fixes bug phd doesn't run at the very first container launch 78 docker exec $INSTANCE_NAME sv restart phd 79 >>> 80 echo "Deployment done at `date`." ^ 81 exit 0 >>> Lint for roles/shellserver/user-session/files/whom-diff.sh:  Advice  (SC2006) SHELLCHECK Use $(..) instead of legacy `..`. 23 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24 25 if [ "$SESSION_ID" = "" ]; then >>> 26 SESSION_ID=`who am I | md5 | cut -c1-8` ^ 27 fi 28 29 DIR=/var/tmp/whom/$USER/$SESSION_ID  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 34 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 35 36 if [ "$1" = "--session" ] || [ "$1" = "-s" ]; then >>> 37 echo $SESSION_ID ^ 38 exit 0 39 fi 40  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 45 46 if [ $# -eq 0 ]; then 47 # Creates working directory if needed >>> 48 if [ ! -d $DIR ]; then ^ 49 mkdir -p $DIR 50 touch $DIR/old 51 fi  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 46 if [ $# -eq 0 ]; then 47 # Creates working directory if needed 48 if [ ! -d $DIR ]; then >>> 49 mkdir -p $DIR ^ 50 touch $DIR/old 51 fi 52  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 47 # Creates working directory if needed 48 if [ ! -d $DIR ]; then 49 mkdir -p $DIR >>> 50 touch $DIR/old ^ 51 fi 52 53 # Let's diff  Warning  (SC2164) SHELLCHECK Use 'cd ... || exit' or 'cd ... || return' in case cd fails. 51 fi 52 53 # Let's diff >>> 54 cd $DIR ^ 55 whom > current 56 diff old current | tail -n +2 57 mv current old  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 51 fi 52 53 # Let's diff >>> 54 cd $DIR ^ 55 whom > current 56 diff old current | tail -n +2 57 mv current old  Advice  (SC2086) SHELLCHECK Double quote to prevent globbing and word splitting. 65 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 66 67 if [ "$1" = "--clean" ] || [ "$1" = "-c" ]; then >>> 68 rm -rf $DIR ^ 69 exit $? 70 fi 71 >>> Lint for roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh:  Advice  (SC2143) SHELLCHECK Use grep -q instead of comparing output with [ -n .. ]. 20 nginx_output="$(nginx -t 2>&1)" 21 nginx_returncode="$?" 22 >>> 23 if [ "$nginx_returncode" -eq 0 ] && [ -n "$(echo "${nginx_output}" | grep warn)" ]; then ^ 24 return 2; 25 else 26 return "$nginx_returncode"; % /opt/salt/nasqueron-operations ] (git)-[cachet] [?2004h[?2004l Script done on Sat Sep 8 07:32:06 2018