- Added shellcheck test, fix found warnings.

- Added test to source bundle_certs.
- Better handling of sourcing detection.
- Bump Python version in TravisCI to 3.5.

.pre-commit-config.yaml

@@ -4,14 +4,16 @@
     -   id: check-added-large-files
     -   id: check-merge-conflict
 -   repo: https://www.shore.co.il/git/shell-pre-commit/
-    sha: v0.3.0
+    sha: v0.4.0
     hooks:
     -   id: shell-lint
         files: bundle_certs
+    -   id: shellcheck
+        files: bundle_certs
 -   repo: local
     hooks:
     -   id: test
         name: make test
         language: system
-        entry: make test
+        entry: make test test_source
         files: bundle_certs|Makefile

.travis.yml

 ---
 language: python
-python: "2.7"
+python: "3.5"
 dist: trusty
 sudo: false
 group: beta
@@ -11,11 +11,14 @@ cache:
 
 addons:
   apt:
+    sources:
+      - sourceline: 'deb http://archive.ubuntu.com/ubuntu trusty-backports main universe multiverse'
     packages:
       - mawk
       - openssl
       - curl
       - build-essential
+      - shellcheck
 
 install:
   - pip install pre_commit

Makefile

@@ -54,3 +54,6 @@ test: .testcerts/bundle.crt .testcerts/root.crt .testcerts/server.key
 clean:
 	- kill "$$(cat .server.pid)"
 	git clean -fdx
+
+test_source:
+	/bin/sh -c '. ./bundle_certs'

bundle_certs

-#!/bin/sh -e
-# Check if the script is being sourced or not.
-[ "$_" != "$0" ] && expr "$-" : ".*i.*" > /dev/null && sourced=1
+#!/bin/sh
+# shellcheck disable=SC2039
 
+# Check if the script is being sourced or not.
+# shellcheck disable=SC2142
+alias is_sourced='[ "$_" != "$0" ] && expr "$-" : ".*i.*" > /dev/null'
 
 # Returns the subject hash of the certificate path provided.
 alias subject_hash='openssl x509 -noout -subject_hash -in'
@@ -16,7 +18,7 @@ find_root_cert () {
     for filename in "$@"
     do
         if [ -f "$filename" ] && \
-            [ "$(subject_hash $filename)" = "$(issuer_hash $filename)" ]
+            [ "$(subject_hash "$filename")" = "$(issuer_hash "$filename")" ]
         then
             echo "$filename"
             break
@@ -34,8 +36,8 @@ find_cert_by_issuer_hash () {
     for filename in "$@"
     do
         if [ -f "$filename" ] && \
-            [ "$(issuer_hash $filename)" = "$certhash" ] && \
-            [ "$(issuer_hash $filename)" != "$(subject_hash $filename)" ]
+            [ "$(issuer_hash "$filename")" = "$certhash" ] && \
+            [ "$(issuer_hash "$filename")" != "$(subject_hash "$filename")" ]
         then
             echo "$filename"
             break
@@ -49,12 +51,12 @@ unbundle_cert () {
     # filenames are the subject hash for each certificate).
     local certificate
     mkdir -p certs
-    awk '/-----BEGIN[A-Z0-9 ]*CERTIFICATE-----/ {n++} \
+    awk '/-----BEGIN[A-Z0-9 ]*CERTIFICATE-----/ {n++}
         n > 0 {print > ("certs/cert" (1+n))}' "$1"
     for certificate in certs/cert*
     do
         [ -f "$certificate" ] || continue
-        mv "$certificate" "certs/$(subject_hash $certificate)"
+        mv "$certificate" "certs/$(subject_hash "$certificate")"
     done
 }
 
@@ -65,28 +67,33 @@ bundle_certs () {
         [ -f "$filename" ] && unbundle_cert "$filename"
     done
     cd certs
-    issuer="$(find_root_cert *)"
+    issuer="$(find_root_cert "*")"
     if [ -z "$issuer" ]
     then
         echo "Failed to find root certificate." > /dev/stderr
         exit 1
     fi
-    issued="$(find_cert_by_issuer_hash $issuer *)"
+    issued="$(find_cert_by_issuer_hash "$issuer" "*")"
     while [ -n "$issued" ]
     do
         ordered_certs="$issued $ordered_certs"
         issuer="$issued"
-        issued="$(find_cert_by_issuer_hash $issuer *)"
+        issued="$(find_cert_by_issuer_hash "$issuer" "*")"
     done
-    cat $ordered_certs
+    cat "$ordered_certs"
     cd ..
     rm -r certs
 }
 
 
-if [ ! "$sourced" ] && [ $# -eq 0 ]
+if ! is_sourced
+then
+    set -eu
+    if [ $# -eq 0 ]
     then
         echo "Usage: $0 filename [filename2 [filename3 ...]]" > /dev/stderr
         exit 1
+    else
+        bundle_certs "$@"
+    fi
 fi
-[ ! "$sourced" ] && bundle_certs "$@"