diff options
| author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2019-01-09 15:13:52 -0500 |
|---|---|---|
| committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2019-01-09 15:13:52 -0500 |
| commit | 98cf2f78ac1fce06bb3abe63f8a46fe9b707f2a6 (patch) | |
| tree | 9f053b8c49073fc6cec6914acd7cbae25e957a32 | |
| parent | b254750828cf42c059aae231510e5c9096f2da26 (diff) | |
| download | korg-helpers-98cf2f78ac1fce06bb3abe63f8a46fe9b707f2a6.tar.gz | |
Lots of small cleanups
This makes the linter happy and makes the shell scripts more uniform.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
| -rwxr-xr-x | get-verified-tarball | 136 | ||||
| -rwxr-xr-x | git-archive-signer | 40 | ||||
| -rwxr-xr-x | git-mailbomb-cron.py | 6 | ||||
| -rwxr-xr-x | linux-bundle-clone | 30 |
4 files changed, 105 insertions, 107 deletions
diff --git a/get-verified-tarball b/get-verified-tarball index e195127..51a521f 100755 --- a/get-verified-tarball +++ b/get-verified-tarball @@ -57,91 +57,91 @@ DEVKEYS="torvalds@kernel.org gregkh@kernel.org" SHAKEYS="autosigner@kernel.org" # What kernel version do you want? -VER=$1 -if [ -z "$VER" ]; then +VER=${1} +if [[ -z ${VER} ]]; then # Assume you want the latest stable - VER=$($CURLBIN -sL https://www.kernel.org/finger_banner \ + VER=$(${CURLBIN} -sL https://www.kernel.org/finger_banner \ | grep 'latest stable' \ | awk -F: '{gsub(/ /,"", $0); print $2}') fi -if [ -z "$VER" ]; then +if [[ -z ${VER} ]]; then echo "Could not figure out the latest stable version." exit 1 fi -MAJOR="$(echo $VER | cut -d. -f1)" -if [ $MAJOR -lt 3 ]; then +MAJOR="$(echo ${VER} | cut -d. -f1)" +if [[ ${MAJOR} -lt 3 ]]; then echo "This script only supports kernel v3.x.x and above" exit 1 fi -if [ ! -d $TARGETDIR ]; then - echo "$TARGETDIR does not exist" +if [[ ! -d ${TARGETDIR} ]]; then + echo "${TARGETDIR} does not exist" exit 1 fi -TARGET="$TARGETDIR/linux-$VER.tar.xz" +TARGET="${TARGETDIR}/linux-${VER}.tar.xz" # Do we already have this file? -if [ -f $TARGET ]; then - echo "File $TARGETDIR/linux-$VER.tar.xz already exists." +if [[ -f ${TARGET} ]]; then + echo "File ${TARGETDIR}/linux-${VER}.tar.xz already exists." exit 0 fi # Start by making sure our GnuPG environment is sane -if [ ! -x $GPGBIN ]; then - echo "Could not find gpg in $GPGBIN" +if [[ ! -x ${GPGBIN} ]]; then + echo "Could not find gpg in ${GPGBIN}" exit 1 fi -if [ ! -x $GPGVBIN ]; then - echo "Could not find gpgv in $GPGVBIN" +if [[ ! -x ${GPGVBIN} ]]; then + echo "Could not find gpgv in ${GPGVBIN}" exit 1 fi # Let's make a safe temporary directory for intermediates -TMPDIR=$(mktemp -d $TARGETDIR/linux-tarball-verify.XXXXXXXXX.untrusted) -echo "Using TMPDIR=$TMPDIR" +TMPDIR=$(mktemp -d ${TARGETDIR}/linux-tarball-verify.XXXXXXXXX.untrusted) +echo "Using TMPDIR=${TMPDIR}" # Are we using a keyring? -if [ -z "$USEKEYRING" ]; then - if [ -z "$GNUPGHOME" ]; then - GNUPGHOME="$TMPDIR/gnupg" - elif [ ! -d $GNUPGHOME ]; then - echo "GNUPGHOME directory $GNUPGHOME does not exist" +if [[ -z ${USEKEYRING} ]]; then + if [[ -z ${GNUPGHOME} ]]; then + GNUPGHOME="${TMPDIR}/gnupg" + elif [[ ! -d ${GNUPGHOME} ]]; then + echo "GNUPGHOME directory ${GNUPGHOME} does not exist" echo -n "Create it? [Y/n]" read YN - if [ "$YN" == 'n' ]; then + if [[ ${YN} == 'n' ]]; then echo "Exiting" - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi fi - mkdir -p -m 0700 $GNUPGHOME + mkdir -p -m 0700 ${GNUPGHOME} echo "Making sure we have all the necessary keys" - $GPGBIN --batch --quiet \ - --homedir $GNUPGHOME \ + ${GPGBIN} --batch --quiet \ + --homedir ${GNUPGHOME} \ --auto-key-locate wkd \ - --locate-keys $DEVKEYS $SHAKEYS + --locate-keys ${DEVKEYS} ${SHAKEYS} # If this returned non-0, we bail - if [ "$?" != "0" ]; then + if [[ $? != "0" ]]; then echo "Something went wrong fetching keys" - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi # Make a temporary keyring and set USEKEYRING to it - USEKEYRING=$TMPDIR/keyring.gpg - $GPGBIN --batch --export $DEVKEYS $SHAKEYS > $USEKEYRING + USEKEYRING=${TMPDIR}/keyring.gpg + ${GPGBIN} --batch --export ${DEVKEYS} ${SHAKEYS} > ${USEKEYRING} fi # Now we make two keyrings -- one for the autosigner, and # the other for kernel developers. We do this in order to # make sure that we never verify kernel tarballs using the # autosigner keys, only using developer keys. -SHAKEYRING=$TMPDIR/shakeyring.gpg -$GPGBIN --batch \ - --no-default-keyring --keyring $USEKEYRING \ - --export $SHAKEYS > $SHAKEYRING -DEVKEYRING=$TMPDIR/devkeyring.gpg -$GPGBIN --batch \ - --no-default-keyring --keyring $USEKEYRING \ - --export $DEVKEYS > $DEVKEYRING +SHAKEYRING=${TMPDIR}/shakeyring.gpg +${GPGBIN} --batch \ + --no-default-keyring --keyring ${USEKEYRING} \ + --export ${SHAKEYS} > ${SHAKEYRING} +DEVKEYRING=${TMPDIR}/devkeyring.gpg +${GPGBIN} --batch \ + --no-default-keyring --keyring ${USEKEYRING} \ + --export ${DEVKEYS} > ${DEVKEYRING} # Now that we know we can verify them, grab the contents TXZ="https://cdn.kernel.org/pub/linux/kernel/v${MAJOR}.x/linux-${VER}.tar.xz" @@ -153,62 +153,62 @@ SHA="https://cdn.kernel.org/pub/linux/kernel/v${MAJOR}.x/sha256sums.asc" # CDN cache poisoning that could, in theory, use vulnerabilities in # the XZ binary to alter the verification process or compromise the # system performing the verification. -SHAFILE=$TMPDIR/sha256sums.asc -echo "Downloading the checksums file for linux-$VER" -if ! $CURLBIN -sL -o $SHAFILE $SHA; then +SHAFILE=${TMPDIR}/sha256sums.asc +echo "Downloading the checksums file for linux-${VER}" +if ! ${CURLBIN} -sL -o ${SHAFILE} ${SHA}; then echo "Failed to download the checksums file" - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi echo "Verifying the checksums file" -COUNT=$($GPGVBIN --keyring=$SHAKEYRING --status-fd=1 $SHAFILE \ +COUNT=$(${GPGVBIN} --keyring=${SHAKEYRING} --status-fd=1 ${SHAFILE} \ | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') -if [ "$COUNT" -lt "2" ]; then +if [[ ${COUNT} -lt 2 ]]; then echo "FAILED to verify the sha256sums.asc file." - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi # Grab only the tarball we want from the full list -SHACHECK=$TMPDIR/sha256sums.txt -grep "linux-$VER.tar.xz" $SHAFILE > $SHACHECK +SHACHECK=${TMPDIR}/sha256sums.txt +grep "linux-${VER}.tar.xz" ${SHAFILE} > ${SHACHECK} echo -echo "Downloading the signature file for linux-$VER" -SIGFILE=$TMPDIR/linux-${VER}.tar.asc -if ! $CURLBIN -sL -o $SIGFILE $SIG; then +echo "Downloading the signature file for linux-${VER}" +SIGFILE=${TMPDIR}/linux-${VER}.tar.asc +if ! ${CURLBIN} -sL -o ${SIGFILE} ${SIG}; then echo "Failed to download the signature file" - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi -echo "Downloading the XZ tarball for linux-$VER" -TXZFILE=$TMPDIR/linux-$VER.tar.xz -if ! $CURLBIN -L -o $TXZFILE $TXZ; then +echo "Downloading the XZ tarball for linux-${VER}" +TXZFILE=${TMPDIR}/linux-${VER}.tar.xz +if ! ${CURLBIN} -L -o ${TXZFILE} ${TXZ}; then echo "Failed to download the tarball" - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi -pushd $TMPDIR >/dev/null -echo "Verifying checksum on linux-$VER.tar.xz" -if ! $SHA256SUMBIN -c $SHACHECK; then +pushd ${TMPDIR} >/dev/null +echo "Verifying checksum on linux-${VER}.tar.xz" +if ! ${SHA256SUMBIN} -c ${SHACHECK}; then echo "FAILED to verify the downloaded tarball checksum" popd >/dev/null - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi popd >/dev/null echo echo "Verifying developer signature on the tarball" -COUNT=$($XZBIN -cd $TXZFILE \ - | $GPGVBIN --keyring=$DEVKEYRING --status-fd=1 $SIGFILE - \ +COUNT=$(${XZBIN} -cd ${TXZFILE} \ + | ${GPGVBIN} --keyring=${DEVKEYRING} --status-fd=1 ${SIGFILE} - \ | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') -if [ "$COUNT" -lt "2" ]; then +if [[ ${COUNT} -lt 2 ]]; then echo "FAILED to verify the tarball!" - rm -rf $TMPDIR + rm -rf ${TMPDIR} exit 1 fi -mv -f $TXZFILE $TARGET -rm -rf $TMPDIR +mv -f ${TXZFILE} ${TARGET} +rm -rf ${TMPDIR} echo -echo "Successfully downloaded and verified $TARGET" +echo "Successfully downloaded and verified ${TARGET}" diff --git a/git-archive-signer b/git-archive-signer index f49d437..6bdbf1e 100755 --- a/git-archive-signer +++ b/git-archive-signer @@ -11,8 +11,8 @@ NOTEREF="refs/notes/signatures/tar" # Pass the tag as the only parameter, otherwise we grab the latest # annotated tag we find. You may also pass "list" to list all tags that # already carry corresponding signature notes. -if [ "$1" == "list" ]; then - git notes --ref $NOTEREF list | cut -d' ' -f2 | xargs git describe +if [[ $1 == "list" ]]; then + git notes --ref ${NOTEREF} list | cut -d' ' -f2 | xargs git describe exit 0 fi @@ -21,7 +21,7 @@ TAG=$1 # Set this to your gitolite.kernel.org remote # We'll also use git config --get archive-signer.remote if we find it REMOTE="$(git config --get archive-signer.remote)" -if [ -z "${REMOTE}" ]; then +if [[ -z ${REMOTE} ]]; then REMOTE="origin" fi @@ -39,16 +39,16 @@ USEKEY="$(git config --get archive-signer.usekey)" # Set it here if guessing basename is wrong. # We'll also use git config archive-signer.tarname value if we find it TARNAME="$(git config --get archive-signer.tarname)" -if [ -z "${TARNAME}" ]; then +if [[ -z ${TARNAME} ]]; then TARNAME="$(basename $(pwd))" fi # You shouldn't need to change anything below -if [ -z "${TAG}" ]; then +if [[ -z ${TAG} ]]; then # Assume you want the latest tag TAG="$(git describe --abbrev=0)" - if [ -z "${TAG}" ]; then + if [[ -z ${TAG} ]]; then echo "Could not figure out which tag you want" exit 1 fi @@ -62,8 +62,8 @@ PREFIX="${TARNAME}-${TAG#v}" # Do we already have a signature note for this tag? # Start by fetching the origin notes echo "Updating notes from remote" -git fetch $REMOTE "refs/notes/*:refs/notes/*" -if git notes --ref=$NOTEREF list $TAG >/dev/null 2>&1; then +git fetch ${REMOTE} "refs/notes/*:refs/notes/*" +if git notes --ref=${NOTEREF} list ${TAG} >/dev/null 2>&1; then echo "Signature note for ${TAG} already exists!" echo "To make a new one, delete it first:" echo " git notes --ref=${NOTEREF} remove ${TAG}" @@ -73,10 +73,8 @@ fi echo -n "Generate signature note for ${PREFIX}.tar? [Y/n] " read YN -[[ -z "${YN}" ]] && YN=y -if [ "${YN}" != "y" ]; then - exit 1 -fi +[[ -z ${YN} ]] && YN=y +[[ ${YN} != "y" ]] && exit 1 # We add the exact archive line to sig comments, # so put it together here @@ -84,32 +82,32 @@ GIT_ARCHIVE_CMD="git archive --format tar --prefix=${PREFIX}/ ${TAG}" # Record the version of git that created this archive GIT_VERSION=$(git --version) -if [ ! -z "${USEKEY}" ]; then +if [[ ! -z ${USEKEY} ]]; then GPGBIN="${GPGBIN} -u ${USEKEY}" fi -git notes --ref=$NOTEREF add -C "$( - $GIT_ARCHIVE_CMD | $GPGBIN -a -b -o - \ +git notes --ref=${NOTEREF} add -C "$( + ${GIT_ARCHIVE_CMD} | ${GPGBIN} -a -b -o - \ --comment "This signature is for the .tar version of the archive" \ - --comment "$GIT_ARCHIVE_CMD" \ - --comment "$GIT_VERSION" | + --comment "${GIT_ARCHIVE_CMD}" \ + --comment "${GIT_VERSION}" | git hash-object -w --stdin)" "${TAG}" -if [ "$?" != "0" ]; then +if [[ $? != 0 ]]; then echo "git notes exited with error" exit 1 fi echo -git --no-pager notes --ref=$NOTEREF show ${TAG} +git --no-pager notes --ref=${NOTEREF} show ${TAG} echo echo -n "Push to ${REMOTE}? [Y/n] " read YN echo -[[ -z "${YN}" ]] && YN=y -if [ "${YN}" != "y" ]; then +[[ -z ${YN} ]] && YN=y +if [[ ${YN} != "y" ]]; then echo "Remember to push it using:" echo " git push ${REMOTE} refs/notes/*" exit 0 diff --git a/git-mailbomb-cron.py b/git-mailbomb-cron.py index 556a8b8..80d10bd 100755 --- a/git-mailbomb-cron.py +++ b/git-mailbomb-cron.py @@ -24,7 +24,7 @@ import sys import argparse import json -from fcntl import lockf, LOCK_EX, LOCK_UN, LOCK_NB +from fcntl import lockf, LOCK_EX, LOCK_NB # You need the latest dev version that supports excludeMergeRevisions import git_multimail as gm @@ -82,8 +82,8 @@ def main(args): sys.exit(1) try: - with open('%s.lock' % args.statefile, 'w') as lockfh: - lockf(lockfh, LOCK_EX | LOCK_NB) + lockfh = open('%s.lock' % args.statefile, 'w') + lockf(lockfh, LOCK_EX | LOCK_NB) except IOError: print('Could not obtain an exclusive lock, assuming another process is running.') sys.exit(0) diff --git a/linux-bundle-clone b/linux-bundle-clone index 504cc74..ec9ac8a 100755 --- a/linux-bundle-clone +++ b/linux-bundle-clone @@ -4,22 +4,22 @@ # Use this script to clone a Linux repository using a CDN-hosted bundle. # This is the recommended way to clone Linux in a CI environment where # the full repository needs to be cloned every time. -REMOTE=$1 -if [ -z "${REMOTE}" ]; then +REMOTE=${1} +if [[ -z ${REMOTE} ]]; then echo "Please specify the remote to clone" - echo "Example: $0 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux master" + echo "Example: ${0} https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux master" exit 1 fi -TARGET=$2 -if [ -z "${TARGET}" ]; then +TARGET=${2} +if [[ -z ${TARGET} ]]; then echo "Please specify the target directory" - echo "Example: $0 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux master" + echo "Example: ${0} https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux master" exit 1 fi -CHECKOUT=$3 -if [ -z "${CHECKOUT}" ]; then +CHECKOUT=${3} +if [[ -z ${CHECKOUT} ]]; then CHECKOUT=master fi @@ -40,27 +40,27 @@ CDNBUNDLE="https://cdn.kernel.org/pub/scm/.bundles/pub/scm/linux/kernel/git/torv BUNDLELOCAL=$(mktemp /tmp/linux.XXXXXXXXXX.bundle) echo "Getting the bundle file" -if ! curl -L $CDNBUNDLE -o $BUNDLELOCAL; then +if ! curl -L ${CDNBUNDLE} -o ${BUNDLELOCAL}; then echo "Getting the clone bundle failed." # clean up to not litter huge files around - rm -f $BUNDLELOCAL + rm -f ${BUNDLELOCAL} exit 1 fi echo "Cloning from the bundle file" -if ! git clone $BUNDLELOCAL $TARGET; then +if ! git clone ${BUNDLELOCAL} ${TARGET}; then echo "Cloning from bundle failed." echo "The bundle is in ${BUNDLELOCAL}" exit 1 fi # We're done with the bundle now -rm -f $BUNDLELOCAL +rm -f ${BUNDLELOCAL} -cd $TARGET +cd ${TARGET} echo "Fetching latest objects" git remote remove origin -git remote add origin $REMOTE +git remote add origin ${REMOTE} git remote update origin -git checkout $CHECKOUT +git checkout ${CHECKOUT} |