diff --git a/manage_sudo.sh b/manage_sudo.sh index 1ac50da..7cb1cde 100644 --- a/manage_sudo.sh +++ b/manage_sudo.sh @@ -42,7 +42,7 @@ # or LOCAL_CONFIG_FILE instead # define the V.R.F (version/release/fix) -MY_VRF="1.5.2" +MY_VRF="1.6.0" # name of the global configuration file (script) GLOBAL_CONFIG_FILE="manage_sudo.conf" # name of the local configuration file (script) @@ -52,8 +52,8 @@ TMP_DIR="/var/tmp" # ------------------------- CONFIGURATION ends here --------------------------- # miscelleaneous PATH=${PATH}:/usr/bin:/usr/local/bin -SCRIPT_NAME=$(basename $0) -SCRIPT_DIR=$(dirname $0) +SCRIPT_NAME="$(basename $0)" +SCRIPT_DIR="$(dirname $0)" OS_NAME="$(uname)" HOST_NAME="$(hostname)" FRAGS_FILE="" @@ -209,7 +209,7 @@ fi # --local-dir if [[ -n "${ARG_LOCAL_DIR}" ]] then - if [ \( ! -d "${ARG_LOCAL_DIR}" \) -o \( ! -r "${ARG_LOCAL_DIR}" \) ] + if [[ ! -d "${ARG_LOCAL_DIR}" ]] -o [[ ! -r "${ARG_LOCAL_DIR}" ]] then print -u2 "ERROR: unable to read directory ${ARG_LOCAL_DIR}" exit 1 @@ -240,7 +240,7 @@ fi # --targets if [[ -n "${ARG_TARGETS}" ]] then - > ${TMP_FILE} + : > ${TMP_FILE} # write comma-separated target list to the temporary file print "${ARG_TARGETS}" | tr -s ',' '\n' | while read TARGET_HOST do @@ -263,7 +263,7 @@ return 0 # ----------------------------------------------------------------------------- function check_root_user { -(IFS='()'; set -- $(id); print $2) | read UID +(IFS='()'; set -- "$(id)"; print $2) | read UID if [[ "${UID}" = "root" ]] then return 0 @@ -816,6 +816,7 @@ return 0 # ----------------------------------------------------------------------------- # log an INFO: message (via STDIN). Do not use when STDIN is still open +# shellcheck disable=SC2120 function logc { NOW="$(date '+%d-%h-%Y %H:%M:%S')" @@ -921,7 +922,7 @@ function merge_fragments # initialize temporary working copy (need be different for each background job) # do not use 'mktemp' here as we need a fixed file name TMP_MERGE_FILE="$1/fragments" -> ${TMP_MERGE_FILE} +: > ${TMP_MERGE_FILE} (( $? )) && die "unable to create temporary file for mangling of 'fragments' file" log "fragments are stored in a DIRECTORY, first merging all fragments into ${TMP_MERGE_FILE}" @@ -945,9 +946,7 @@ return 0 # resolve a host (check) function resolve_host { -LOOKUP_HOST="$1" - -nslookup $1 2>/dev/null | grep -q -E -e 'Address:.*([0-9]{1,3}[\.]){3}[0-9]{1,3}' +nslookup "$1" 2>/dev/null | grep -q -E -e 'Address:.*([0-9]{1,3}[\.]){3}[0-9]{1,3}' return $? } @@ -965,7 +964,8 @@ TRANSFER_PERMS="${TRANSFER_FILE##*!}" # cut out the permission bits and the directory path TRANSFER_FILE="${TRANSFER_FILE%!*}" SOURCE_FILE="${TRANSFER_FILE##*/}" -OLD_PWD=$(pwd) && cd ${TRANSFER_DIR} +OLD_PWD=$(pwd) +cd ${TRANSFER_DIR} || return 1 # transfer, (possibly) chmod the file to/on the target server (keep STDERR) if (( DO_SFTP_CHMOD )) @@ -984,7 +984,7 @@ EOT SFTP_RC=$? fi -cd ${OLD_PWD} +cd ${OLD_PWD} || return 1 return ${SFTP_RC} } @@ -1001,7 +1001,7 @@ then log "SSH agent already running on ${HOST_NAME} with PID: ${SSH_AGENT_PID}" else # start the SSH agent - eval $(ssh-agent) >/dev/null 2>/dev/null + eval "$(ssh-agent)" >/dev/null 2>/dev/null if [[ -z "${SSH_AGENT_PID}" ]] then @@ -1143,7 +1143,7 @@ do do shift # child is still alive? - if $(kill -0 ${PID} 2>/dev/null) + if kill -0 ${PID} 2>/dev/null then (( ARG_DEBUG )) && print -u2 "DEBUG: ${PID} is still alive" set -- "$@" "${PID}" @@ -1227,7 +1227,7 @@ return 0 #****************************************************************************** # parse arguments/parameters -CMD_LINE="$@" +CMD_LINE="$*" for PARAMETER in ${CMD_LINE} do case ${PARAMETER} in @@ -1379,10 +1379,12 @@ if [[ -r "${SCRIPT_DIR}/${GLOBAL_CONFIG_FILE}" || -r "${SCRIPT_DIR}/${LOCAL_CONF then if [[ -r "${SCRIPT_DIR}/${GLOBAL_CONFIG_FILE}" ]] then + # shellcheck source=/dev/null . "${SCRIPT_DIR}/${GLOBAL_CONFIG_FILE}" fi if [[ -r "${SCRIPT_DIR}/${LOCAL_CONFIG_FILE}" ]] then + # shellcheck source=/dev/null . "${SCRIPT_DIR}/${LOCAL_CONFIG_FILE}" fi else @@ -1406,7 +1408,7 @@ case ${ARG_ACTION} in # check for root or non-root model if [[ "${SUDO_UPDATE_USER}" != "root" ]] then - check_root_user && die "must NOT be run as user 'root'" + check_root_user && die "must NOT be run as user 'root'" fi # start SSH agent (if needed) if (( DO_SSH_AGENT && CAN_START_AGENT )) @@ -1430,7 +1432,7 @@ case ${ARG_ACTION} in } # set max updates in background COUNT=${MAX_BACKGROUND_PROCS} - for CLIENT in ${CLIENTS[@]} + for CLIENT in "${CLIENTS[@]}" do if (( DO_SLAVE )) then @@ -1466,7 +1468,7 @@ case ${ARG_ACTION} in # check for root or non-root model if [[ "${SUDO_UPDATE_USER}" != "root" ]] then - check_root_user && die "must NOT be run as user 'root'" + check_root_user && die "must NOT be run as user 'root'" fi # start SSH agent (if needed) if (( DO_SSH_AGENT && CAN_START_AGENT )) @@ -1490,7 +1492,7 @@ case ${ARG_ACTION} in } # set max updates in background COUNT=${MAX_BACKGROUND_PROCS} - for CLIENT in ${CLIENTS[@]} + for CLIENT in "${CLIENTS[@]}" do if (( DO_SLAVE )) then @@ -1666,7 +1668,7 @@ case ${ARG_ACTION} in ;; esac else - die "SUDO controls repository at "${FIX_DIR}" does not exist?" + die "SUDO controls repository at ${FIX_DIR} does not exist?" fi log "finished applying fixes to the local SUDO control repository" ;; @@ -1700,7 +1702,7 @@ case ${ARG_ACTION} in } # set max updates in background COUNT=${MAX_BACKGROUND_PROCS} - for CLIENT in ${CLIENTS[@]} + for CLIENT in "${CLIENTS[@]}" do if (( DO_SLAVE )) then @@ -1747,7 +1749,7 @@ case ${ARG_ACTION} in then TIMESTAMP="$(date '+%Y%m%d-%H%M')" BACKUP_TAR_FILE="${BACKUP_DIR}/backup_repo_${TIMESTAMP}.tar" - if [ \( -f ${BACKUP_TAR_FILE} \) -o \( -f "${BACKUP_TAR_FILE}.gz" \) ] + if [[ -f ${BACKUP_TAR_FILE} ]] || [[ -f "${BACKUP_TAR_FILE}.gz" ]] then die "backup file ${BACKUP_TAR_FILE}(.gz) already exists" fi