fix for shellcheck

2025-10-31 02:17:18 +00:00 · 2016-11-09 21:06:22 +08:00 · 2016-11-09 21:06:22 +08:00 · f9a6988ece
commit f9a6988ece
parent 95e06de5de
1 changed files with 28 additions and 29 deletions
--- a/acme.sh
+++ b/acme.sh
@ -306,7 +306,7 @@ _h2b() {
  _debug3 _URGLY_PRINTF "$_URGLY_PRINTF"
  while true; do
    if [ -z "$_URGLY_PRINTF" ]; then
-      h="$(printf $hex | cut -c $i-$j)"
+      h="$(printf "%s" "$hex" | cut -c $i-$j)"
      if [ -z "$h" ]; then
        break
      fi
@ -479,7 +479,7 @@ _sign() {
    if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"; then
      _err "Sign failed: $_sign_openssl"
      _err "Key file: $keyfile"
-      _err "Key content:$(cat "$keyfile" | wc -l) lises"
+      _err "Key content:$(wc -l <"$keyfile") lises"
      return 1
    fi
    _debug3 "_signedECText" "$_signedECText"
@ -516,7 +516,7 @@ _createkey() {
  f="$2"
  eccname="$length"
  if _startswith "$length" "ec-"; then
-    length=$(printf "$length" | cut -d '-' -f 2-100)
+    length=$(printf "%s" "$length" | cut -d '-' -f 2-100)

    if [ "$length" = "256" ]; then
      eccname="prime256v1"
@ -608,10 +608,10 @@ _createcsr() {
    #single domain
    _info "Single domain" "$domain"
  else
-    domainlist="$(_idn $domainlist)"
+    domainlist="$(_idn "$domainlist")"
    _debug2 domainlist "$domainlist"
    if _contains "$domainlist" ","; then
-      alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
+      alt="DNS:$(echo "$domainlist" | sed "s/,/,DNS:/g")"
    else
      alt="DNS:$domainlist"
    fi
@ -803,7 +803,7 @@ createDomainKey() {
    length="$DEFAULT_DOMAIN_KEY_LENGTH"
  fi

-  _initpath $domain "$length"
+  _initpath "$domain" "$length"

  if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then
    _createkey "$length" "$CERT_KEY_PATH"
@ -849,18 +849,17 @@ createCSR() {
 }

 _urlencode() {
-  __n=$(cat)
-  echo $__n | tr '/+' '_-' | tr -d '= '
+  tr '/+' '_-' | tr -d '= '
 }

 _time2str() {
  #BSD
-  if date -u -d@$1 2>/dev/null; then
+  if date -u -d@"$1" 2>/dev/null; then
    return
  fi

  #Linux
-  if date -u -r $1 2>/dev/null; then
+  if date -u -r "$1" 2>/dev/null; then
    return
  fi

@ -905,16 +904,16 @@ _calcjwk() {
  EC_SIGN=""
  if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
    _debug "RSA key"
-    pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
+    pub_exp=$(openssl rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
    if [ "${#pub_exp}" = "5" ]; then
      pub_exp=0$pub_exp
    fi
    _debug3 pub_exp "$pub_exp"

-    e=$(echo $pub_exp | _h2b | _base64)
+    e=$(echo "$pub_exp" | _h2b | _base64)
    _debug3 e "$e"

-    modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2)
+    modulus=$(openssl rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2)
    _debug3 modulus "$modulus"
    n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)"
    jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}'
@ -926,12 +925,12 @@ _calcjwk() {
  elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
    _debug "EC key"
    EC_SIGN="1"
-    crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")"
+    crv="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")"
    _debug3 crv "$crv"

    if [ -z "$crv" ]; then
      _debug "Let's try ASN1 OID"
-      crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")"
+      crv_oid="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")"
      _debug3 crv_oid "$crv_oid"
      case "${crv_oid}" in
        "prime256v1")
@ -951,15 +950,15 @@ _calcjwk() {
      _debug3 crv "$crv"
    fi

-    pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)"
+    pubi="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)"
    pubi=$(_math $pubi + 1)
    _debug3 pubi "$pubi"

-    pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
+    pubj="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
    pubj=$(_math $pubj - 1)
    _debug3 pubj "$pubj"

-    pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
+    pubtext="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
    _debug3 pubtext "$pubtext"

    xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)"
@ -967,14 +966,14 @@ _calcjwk() {
    _debug3 xlen "$xlen"

    xend=$(_math "$xlen" + 1)
-    x="$(printf "%s" "$pubtext" | cut -d : -f 2-$xend)"
+    x="$(printf "%s" "$pubtext" | cut -d : -f 2-"$xend")"
    _debug3 x "$x"

    x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)"
    _debug3 x64 "$x64"

    xend=$(_math "$xend" + 1)
-    y="$(printf "%s" "$pubtext" | cut -d : -f $xend-10000)"
+    y="$(printf "%s" "$pubtext" | cut -d : -f "$xend"-10000)"
    _debug3 y "$y"

    y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)"
@ -1148,9 +1147,9 @@ _get() {
    fi
    _debug "_CURL" "$_CURL"
    if [ "$onlyheader" ]; then
-      $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url
+      $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
    else
-      $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url
+      $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url"
    fi
    ret=$?
    if [ "$ret" != "0" ]; then
@ -1167,9 +1166,9 @@ _get() {
    fi
    _debug "_WGET" "$_WGET"
    if [ "$onlyheader" ]; then
-      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null $url 2>&1 | sed 's/^[ ]*//g'
+      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g'
    else
-      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url
+      $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - "$url"
    fi
    ret=$?
    if [ "$_ret" = "8" ]; then
@ -1192,9 +1191,9 @@ _head_n() {
 }

 _tail_n() {
-  if ! tail -n $1 2>/dev/null; then
+  if ! tail -n "$1" 2>/dev/null; then
    #fix for solaris
-    tail -$1
+    tail -"$1"
  fi
 }

@ -1207,7 +1206,7 @@ _send_signed_request() {
  if [ -z "$keyfile" ]; then
    keyfile="$ACCOUNT_KEY_PATH"
  fi
-  _debug url $url
+  _debug url "$url"
  _debug payload "$payload"

  if ! _calcjwk "$keyfile"; then
@ -1215,7 +1214,7 @@ _send_signed_request() {
  fi

  payload64=$(printf "%s" "$payload" | _base64 | _urlencode)
-  _debug3 payload64 $payload64
+  _debug3 payload64 "$payload64"

  if [ -z "$_CACHED_NONCE" ]; then
    _debug2 "Get nonce."
@ -1255,7 +1254,7 @@ _send_signed_request() {
  body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
  _debug3 body "$body"

-  response="$(_post "$body" $url "$needbase64")"
+  response="$(_post "$body" "$url" "$needbase64")"
  _CACHED_NONCE=""
  if [ "$?" != "0" ]; then
    _err "Can not post to $url"