From 515c9843dd84cfac17b64bd992543d8350132ed2 Mon Sep 17 00:00:00 2001 From: Phil Connor Date: Mon, 25 May 2026 05:28:31 +0200 Subject: [PATCH] Fix ShellCheck errors: remove local outside functions, fix openssl redirections, unquote loop var --- add-nginx-js-challenge.sh | 6 +++--- certificate-smoke-tests.sh | 10 +++++----- hestia-js-challenge.sh | 6 +++--- setup-web-server.sh | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/add-nginx-js-challenge.sh b/add-nginx-js-challenge.sh index d00fd97..7278ffe 100644 --- a/add-nginx-js-challenge.sh +++ b/add-nginx-js-challenge.sh @@ -279,8 +279,8 @@ geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { fi # Collect server_name values from nginx configs to build same-site referer map - local REFERER_ENTRIES="" - local _jsc_domain_seen=() + REFERER_ENTRIES="" + _jsc_domain_seen=() for _conf in /etc/nginx/conf.d/*.conf /etc/nginx/sites-enabled/*; do [[ -f "$_conf" ]] || continue while read -r _sn; do @@ -289,7 +289,7 @@ fi _d="${_d%;}" [[ " ${_jsc_domain_seen[*]:-} " == *" $_d "* ]] && continue _jsc_domain_seen+=("$_d") - local _d_escaped="${_d//./\\.}" + _d_escaped="${_d//./\\.}" REFERER_ENTRIES+=" ~^1:https?://${_d_escaped} 1;\n" done done < <(grep -oP '^\s*server_name\s+\K[^;]+;?' "$_conf" 2>/dev/null) diff --git a/certificate-smoke-tests.sh b/certificate-smoke-tests.sh index 9d02c0e..b0fa359 100755 --- a/certificate-smoke-tests.sh +++ b/certificate-smoke-tests.sh @@ -117,10 +117,10 @@ fetch_cert() { local host="$1" port="$2" pem_file pem_file="${CERT_TMP}/${host}_${port}.pem" verbose "Fetching certificate from ${host}:${port}" - if echo | timeout "${CONNECT_TIMEOUT}" openssl s_client \ + if timeout "${CONNECT_TIMEOUT}" openssl s_client \ -connect "${host}:${port}" \ -servername "${host}" \ - -showcerts /dev/null \ + -showcerts < /dev/null 2>/dev/null \ | openssl x509 -outform PEM > "${pem_file}" 2>/dev/null; then if [[ -s "${pem_file}" ]]; then echo "${pem_file}" @@ -134,11 +134,11 @@ fetch_cert() { fetch_chain() { local host="$1" port="$2" chain_file chain_file="${CERT_TMP}/${host}_${port}_chain.pem" - echo | timeout "${CONNECT_TIMEOUT}" openssl s_client \ + timeout "${CONNECT_TIMEOUT}" openssl s_client \ -connect "${host}:${port}" \ -servername "${host}" \ - -showcerts "${CERT_TMP}/s_client_err.txt" \ - > "${chain_file}" 2>/dev/null || true + -showcerts < /dev/null 2>"${CERT_TMP}/s_client_err.txt" \ + > "${chain_file}" || true if [[ -s "${chain_file}" ]]; then echo "${chain_file}" fi diff --git a/hestia-js-challenge.sh b/hestia-js-challenge.sh index 2b10f27..eb77728 100644 --- a/hestia-js-challenge.sh +++ b/hestia-js-challenge.sh @@ -367,8 +367,8 @@ geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { fi # Collect server_name values from nginx configs to build same-site referer map - local REFERER_ENTRIES="" - local _jsc_domain_seen=() + REFERER_ENTRIES="" + _jsc_domain_seen=() for _conf in /etc/nginx/conf.d/*.conf /etc/nginx/sites-enabled/*; do [[ -f "$_conf" ]] || continue while read -r _sn; do @@ -377,7 +377,7 @@ fi _d="${_d%;}" [[ " ${_jsc_domain_seen[*]:-} " == *" $_d "* ]] && continue _jsc_domain_seen+=("$_d") - local _d_escaped="${_d//./\\.}" + _d_escaped="${_d//./\\.}" REFERER_ENTRIES+=" ~^1:https?://${_d_escaped} 1;\n" done done < <(grep -oP '^\s*server_name\s+\K[^;]+;?' "$_conf" 2>/dev/null) diff --git a/setup-web-server.sh b/setup-web-server.sh index 9ed7f34..a122e49 100644 --- a/setup-web-server.sh +++ b/setup-web-server.sh @@ -775,7 +775,7 @@ cmd_status() { echo echo -e "# ${BOLD}TLS Certificates${NC}" - for d in "$DOMAIN"; do + for d in $DOMAIN; do local cert="/etc/letsencrypt/live/${d}/fullchain.pem" if [[ -f "$cert" ]]; then local expiry