$ shellcheck ec2-instance-connect/eic_curl_authorized_keys ec2-instance-
connect/eic_parse_authorized_keys ec2-instance-
connect/eic_run_authorized_keys
In ec2-instance-connect/eic_curl_authorized_keys line 36:
elif [ ! $(cat /sys/devices/virtual/dmi/id/board_asset_tag) = $instance ] ;
then
^-- SC2046: Quote this to prevent word splitting.
^-- SC2086:
Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 41:
elif [ ! $(cat /sys/hypervisor/uuid | cut -c1-3) = "ec2" ] ; then
^-- SC2046: Quote this to prevent word splitting.
^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file
| ..' instead.
In ec2-instance-connect/eic_curl_authorized_keys line 58:
if [ $? -ne 0 ] ; then
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly
with $?.
In ec2-instance-connect/eic_curl_authorized_keys line 64:
if [ $(eval "${curl_cmd} -o /dev/null -I -w %{http_code}
http://169.254.169.254/latest/meta-data/managed-ssh-keys/active-keys/${1}/";)
-eq 404 ]
^-- SC2046: Quote this to prevent word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 72:
if [ $? -ne 0 ]
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly
with $?.
In ec2-instance-connect/eic_curl_authorized_keys line 79:
region=$(echo $zone | sed -n 's/\(\([a-z]\+-\)\+[0-9]\+\).*/\1/p')
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 81:
if [ $? -ne 0 ]
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly
with $?.
In ec2-instance-connect/eic_curl_authorized_keys line 90:
chmod 700 $userpath # Disallow any other writes to tempdir
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 91:
signerkeyfile=signer-cert.pem
^-- SC2034: signerkeyfile appears unused. Verify it or export it.
In ec2-instance-connect/eic_curl_authorized_keys line 92:
keysfile=allowed-keys
^-- SC2034: keysfile appears unused. Verify it or export it.
In ec2-instance-connect/eic_curl_authorized_keys line 105:
if [ $? -ne 0 ]
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly
with $?.
In ec2-instance-connect/eic_curl_authorized_keys line 110:
ocsp_path=$(mktemp -d $userpath/eic-ocsp-XXXXXXXX)
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 111:
chmod 700 $ocsp_path # Disallow any other writes to tempdir
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 114:
eval "${curl_cmd}"
"http://169.254.169.254/latest/meta-data/managed-ssh-keys/signer-ocsp/${word}";
| base64 -d > $ocsp_path/$word
^-- SC2086: Double quote to prevent
globbing and word splitting.
^-- SC2086: Double quote to
prevent globbing and word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 115:
if [ $? -ne 0 ]
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not
indirectly with $?.
In ec2-instance-connect/eic_curl_authorized_keys line 119:
chmod 400 $ocsp_path/$word # Disable access to staple file
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 128:
output=$($DIR/eic_parse_authorized_keys -x false -r "${curl_command}" -o
"${OPENSSL}" -d "${userpath}" -s "${certificate}" -i "${instance}" -c
"${expected_signer}" -a "${ca_path}" -v "${ocsp_path}")
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_curl_authorized_keys line 131:
output=$($DIR/eic_parse_authorized_keys -x false -r "${curl_command}" -o
"${OPENSSL}" -d "${userpath}" -s "${certificate}" -i "${instance}" -c
"${expected_signer}" -a "${ca_path}" -v "${ocsp_path}" -f "${2}")
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 49:
cname=$($2 x509 -noout -subject -in $3 2>/dev/null | sed -n -e
's/^.*CN=//p')
^-- SC2086: Double quote to prevent
globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 50:
fingerprint=$($2 x509 -noout -fingerprint -sha1 -inform pem -in $3
2>/dev/null | sed -n 's/SHA1 Fingerprint[[:space:]]*=[[:space:]]*\(.*\)/\1/p' |
tr -d ':')
^-- SC2086:
Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 51:
ocsp_out=$($2 ocsp -no_nonce -issuer $4 -cert $3 -VAfile $4 -respin
$5/$fingerprint 2>/dev/null)
^-- SC2086: Double quote to prevent
globbing and word splitting.
^-- SC2086: Double quote to
prevent globbing and word splitting.
^-- SC2086: Double
quote to prevent globbing and word splitting.
^--
SC2086: Double quote to prevent globbing and word splitting.
^--
SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 52:
if [ $? -ne 0 ] || ! startswith "${ocsp_out}" "${3}: good" ; then
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not
indirectly with $?.
In ec2-instance-connect/eic_parse_authorized_keys line 53:
fail $1 "EC2 Instance Connect could not verify certificate ${cname} has
not been revoked. No keys have been trusted."
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 117:
ca_bundles_dir=$(mktemp -d $tmpdir/eic-cert-XXXXXXXX)
^-- SC2086: Double quote to prevent globbing and
word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 118:
chmod 700 $ca_bundles_dir
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 119:
end=$(find $tmpdir -maxdepth 1 -type f -name "cert*.pem" -regextype sed -regex
".*/cert[0-9]\+\.pem" | wc -l)
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 120:
if [ $(expr $end) -gt 0 ] ; then
^-- SC2046: Quote this to prevent word splitting.
^-- SC2003: expr is antiquated. Consider rewriting this using $((..)),
${} or [[ ]].
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 122:
for i in `seq 1 $end` ; do
^-- SC2006: Use $(..) instead of legacy `..`.
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 143:
cat $(find $tmpdir -maxdepth 1 -type f -name "cert*.pem" -regextype sed -regex
".*/cert[0-9]\+\.pem$") > $tmpdir/ca-trust.pem 2>/dev/null
^-- SC2046: Quote this to prevent word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 147:
cat "${ca_bundles_dir}/${underscored}" >> $tmpdir/ca-trust.pem 2>/dev/null
^-- SC2086: Double quote to
prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 149:
cat "${ca_path}" >> $tmpdir/ca-trust.pem 2>/dev/null
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 154:
signer_cn=$($OPENSSL x509 -noout -subject -in $tmpdir/cert.pem | sed -n -e
's/^.*CN[[:space:]]*=[[:space:]]*//p')
^-- SC2086: Double quote to
prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 156:
fail $is_debug "EC2 Instance Connect encountered an unrecognized signer
certificate. No keys have been trusted."
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 165:
verify_out=$($OPENSSL verify -x509_strict -CApath ${ca_path_option} -CAfile
$tmpdir/ca-trust.pem $tmpdir/cert.pem)
^--
SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 166:
if [ $? -ne 0 ] || [ "${verify_out}" != "${tmpdir}/cert.pem: OK" ] ; then
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly
with $?.
In ec2-instance-connect/eic_parse_authorized_keys line 167:
fail $is_debug "EC2 Instance Connect could not verify the signer trust
chain. No keys have been trusted."
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 172:
mv $tmpdir/cert.pem $tmpdir/cert0.pem # Better naming consistency for loop
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word
splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 173:
for i in `seq 0 $(( $end - 1 ))` ; do
^-- SC2006: Use $(..) instead of legacy `..`.
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In ec2-instance-connect/eic_parse_authorized_keys line 188:
verifyocsp $is_debug $OPENSSL "${tmpdir}/cert${i}.pem" "${tmpdir}/cert$((
$i + 1)).pem" "${ocsp_dir_path}"
^-- SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word
splitting.
^-- SC2004: $/${} is unnecessary on arithmetic variables.
In ec2-instance-connect/eic_parse_authorized_keys line 192:
rm -rf $ca_bundles_dir
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 196:
if [ $? -ne 0 ] ; then # $? must be numeric 0-255 and requires no quote escaping
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly
with $?.
In ec2-instance-connect/eic_parse_authorized_keys line 197:
fail $is_debug "EC2 Instance Connect failed to extract the public key from
the signer certificate. No keys have been trusted."
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 203:
if [ ! -z ${expected_key+x} ] ; then
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 249:
timestamp=$(removeprefix $line "#Timestamp=")
^-- SC2086: Double quote to prevent
globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 251:
instance_id=$(removeprefix $line "#Instance=")
^-- SC2086: Double quote to prevent
globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 253:
caller=$(removeprefix $line "#Caller=")
^-- SC2086: Double quote to prevent
globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 255:
request=$(removeprefix $line "#Request=")
^-- SC2086: Double quote to prevent
globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 280:
echo -n $sigline > /tmp/sigline
^-- SC2039: In POSIX sh, echo flags are undefined.
In ec2-instance-connect/eic_parse_authorized_keys line 291:
if [ ! -z "${instance_id}" ] && [ $timestamp -ne 0 ] ; then
^-- SC2086: Double quote to
prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 293:
expiration=$(expr "${timestamp}")
^-- SC2003: expr is antiquated. Consider rewriting
this using $((..)), ${} or [[ ]].
In ec2-instance-connect/eic_parse_authorized_keys line 297:
if [ "${current_instance_id}" = "${instance_id}" ] && [
$expiration -gt $curtime ] ; then
^--
SC2086: Double quote to prevent globbing and word splitting.
^-- SC2086: Double quote to prevent globbing and word splitting.
In ec2-instance-connect/eic_parse_authorized_keys line 303:
if [ $? -eq 0 ] ; then
^-- SC2181: Check exit code directly with e.g.
'if mycmd;', not indirectly with $?.
In ec2-instance-connect/eic_parse_authorized_keys line 338:
count=$(expr "${count}" + 1)
^-- SC2003: expr is antiquated. Consider rewriting this using
$((..)), ${} or [[ ]].
In ec2-instance-connect/eic_run_authorized_keys line 20:
timeout 5s $DIR/eic_curl_authorized_keys "$@"
^-- SC2086: Double quote to prevent globbing and word splitting.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835114
Title:
[MIR] ec2-instance-connect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1835114/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
