From abe299444edee656d8fd9797b3f50db4c35a463e Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Sun, 28 Jan 2024 22:21:25 -0800 Subject: update-02-gpg: shellcheck fixes Signed-off-by: Robin H. Johnson --- local/update-02-gpg | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/local/update-02-gpg b/local/update-02-gpg index eea8c91..5ada4b5 100755 --- a/local/update-02-gpg +++ b/local/update-02-gpg @@ -14,14 +14,14 @@ if [ -z "${GIT_DIR}" ]; then exit 1 fi -if [ -z "${refname}" -o -z "${oldrev}" -o -z "${newrev}" ]; then +if [ -z "${refname}" ] || [ -z "${oldrev}" ] || [ -z "${newrev}" ]; then echo "usage: ${0} " >&2 exit 1 fi # branch names or 'all', or 'all-refs' for all refs SIGNED_BRANCHES=$(git config --get gentoo.signed-branches) -: ${SIGNED_BRANCHES:=master} +: "${SIGNED_BRANCHES:=master}" VERIFY_SIGS=$(git config --get gentoo.verify-signatures) : "${VERIFY_SIGS:=gentoo-devs}" @@ -78,7 +78,7 @@ case ${VERIFY_SIGS} in ) EXPORT_CMD=( gpg -q - --export-options export-clean,no-export-local-sigs,no-export-attributes + --export-options 'export-clean,no-export-local-sigs,no-export-attributes' # keep-uid filter is not working in gnupg-2.4.3 or gnupg-2.2.41 #--export-filter 'keep-uid="uid =~ @gentoo.org"' --export @@ -86,7 +86,7 @@ case ${VERIFY_SIGS} in IMPORT_CMD=( gpg -q # no-self-sigs-only is needed to import the signature chain. - --import-options import-clean,no-import-local-sigs,no-keep-ownertrust,no-self-sigs-only + --import-options 'import-clean,no-import-local-sigs,no-keep-ownertrust,no-self-sigs-only' # keep-uid filter is not working in gnupg-2.4.3 or gnupg-2.2.41 #--import-filter 'keep-uid="uid =~ @gentoo.org"' --import @@ -100,8 +100,9 @@ case ${VERIFY_SIGS} in "${IMPORT_CMD[@]}" # use new GNUGPHOME to restrict to dev's keys + GNUPGHOME=${TMPHOME} export GNUPGHOME=${TMPHOME} - cat >>$GNUPGHOME/gpg.conf <<-EOF + cat >>"$GNUPGHOME"/gpg.conf <<-EOF # Explicitly set trust model; # git-2.43 does not recognize the always & direct trust model behavior # so it exports that the signatures came from an untrusted key @@ -110,7 +111,7 @@ case ${VERIFY_SIGS} in # And declare that the L1 key is trusted. # This could go into the trustdb file instead, but cleaner this way. for _k in "${CHAIN_L1[@]}" ; do - echo "trusted-key $_k" >> $GNUPGHOME/gpg.conf + echo "trusted-key $_k" >>"$GNUPGHOME"/gpg.conf done # If there are problems w/ the key export/import loop, or trust @@ -183,7 +184,7 @@ case ${SIGNED_BRANCHES} in [[ ${refname} == refs/heads/* ]] || exit 0 branch_found= for branch in ${SIGNED_BRANCHES}; do - if [[ ${refname#refs/heads/} == ${branch} ]]; then + if [[ ${refname#refs/heads/} == "${branch}" ]]; then branch_found=1 break fi -- cgit v1.2.3-65-gdbad