- Updated pre-commit hooks.

- Added shellcheck pre-commit hook. - Fixed issues found by shellcheck.

- Updated pre-commit hooks.
2dd1134b · nimrod · 0598d9fc · 2dd1134b · 2dd1134b
Commit 2dd1134b authored 7 years ago by nimrod
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
 -   repo: git://github.com/pre-commit/pre-commit-hooks
-    sha: 97b88d9610bcc03982ddac33caba98bb2b751f5f
+    sha: v0.9.1
    hooks:
    -   id: check-added-large-files
    -   id: check-yaml
    -   id: check-merge-conflict
 -   repo: https://www.shore.co.il/git/shell-pre-commit/
-    sha: v0.1.0
+    sha: v0.5.4
    hooks:
    -   id: shell-lint
-        files: ssl-ca
+        files: &shellscripts ssl-ca
+    -   id: shellcheck
+        files: *shellscripts
 -   repo: local
    hooks:
    -   id: test

--- a/ssl-ca
+++ b/ssl-ca
-#!/bin/sh -e
+#!/bin/sh
+set -eu

-test $(which openssl) || ( echo "Can't find openssl."; exit 1)
-seed="$(hexdump -n10 -e '10/1 "%02o" "\n"' /dev/urandom)"
+which openssl >/dev/null || ( echo "Can't find openssl."; exit 1)
+#seed="$(hexdump -n10 -e '10/1 "%02o" "\n"' /dev/urandom)"
 config=\
 "[ ca ]
 default_ca = CA_default
@@ -51,12 +52,14 @@ usage () {
 }

 init () {
+    # shellcheck disable=SC2039
    local cn
-    export cn="$(basename $PWD)"
+    cn="$(basename "$PWD")"
+    export cd
    mkdir -p certs keys
    if [ -e openssl.cnf ]
    then
-        echo openssl.cnf already exists, skipping generation.
+        echo openssl.cnf already exists, skipping generation. >&2
    else
        echo "$config" > "openssl.cnf"
    fi
@@ -99,6 +102,7 @@ init () {
 }

 sign_key () {
+    # shellcheck disable=SC2039
    local csr cn
    if [ $# -lt 1 ] || [ "$1" = "" ]
    then
@@ -117,9 +121,10 @@ sign_key () {
        exit 1
    fi
    csr="$(mktemp -t ssl-ca-XXXXXXXXX)"
-    export cn="$1.$(basename $PWD)"
+    cn="$1.$(basename "$PWD")"
+    export cn
    openssl req \
-        -key keys/$1 \
+        -key "keys/$1" \
        -new \
        -reqexts v3_req \
        -config openssl.cnf \
@@ -173,16 +178,16 @@ case "$1" in
    sign)
        for key in keys/*
        do
-            if [ ! -f "certs/$(basename $key)" ]
+            if [ ! -f "certs/$(basename "$key")" ]
            then
-                sign_key "$(basename $key)"
+                sign_key "$(basename "$key")"
            fi
        done
        ;;
    resign)
        for key in keys/*
        do
-            sign_key "$(basename $key)"
+            sign_key "$(basename "$key")"
        done
        ;;
    *)