Run shellcheck on nix-installer.sh (#995)

* Shellcheck nix-installer.sh * Disable variable quoting requirement * Add disable statements to script
DeterminateSystems · Jun 19, 2024 · 1998fe1 · 1998fe1
1 parent f151954
commit 1998fe1
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ jobs:
 
   build-aarch64-linux:
     uses: ./.github/workflows/build-aarch64-linux.yml
-  
+
   build-aarch64-darwin:
     uses: ./.github/workflows/build-aarch64-darwin.yml
 
@@ -52,6 +52,8 @@ jobs:
         run: nix develop --command check-nixpkgs-fmt
       - name: Check EditorConfig conformance
         run: nix develop --command check-editorconfig
+      - name: Shell check for nix-installer.sh
+        run: nix develop --command shellcheck ./nix-installer.sh
 
   run-x86_64-linux:
     name: Run x86_64 Linux

diff --git a/flake.nix b/flake.nix
@@ -141,6 +141,7 @@
             nativeBuildInputs = with pkgs; [ ];
             buildInputs = with pkgs; [
               toolchain
+              shellcheck
               rust-analyzer
               cargo-outdated
               cacert

diff --git a/nix-installer.sh b/nix-installer.sh
@@ -290,18 +290,22 @@ downloader() {
         _ciphersuites="$RETVAL"
         if [ -n "$_ciphersuites" ]; then
             if [ -n "${NIX_INSTALLER_FORCE_ALLOW_HTTP-}" ]; then
+                # shellcheck disable=SC2086 # ignore because $_retry could be a flag (e.g. `--retry 5`)
                 _err=$(curl $_retry --silent --show-error --fail --location "$1" --output "$2" 2>&1)
             else
+                # shellcheck disable=SC2086 # ignore because $_retry could be a flag (e.g. `--retry 5`)
                 _err=$(curl $_retry --proto '=https' --tlsv1.2 --ciphers "$_ciphersuites" --silent --show-error --fail --location "$1" --output "$2" 2>&1)
             fi
             _status=$?
         else
             echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
             if ! check_help_for "$3" curl --proto --tlsv1.2; then
                 echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
+                # shellcheck disable=SC2086 # ignore because $_retry could be a flag (e.g. `--retry 5`)
                 _err=$(curl $_retry --silent --show-error --fail --location "$1" --output "$2" 2>&1)
                 _status=$?
             else
+                # shellcheck disable=SC2086 # ignore because $_retry could be a flag (e.g. `--retry 5`)
                 _err=$(curl $_retry --proto '=https' --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2" 2>&1)
                 _status=$?
             fi
@@ -410,7 +414,6 @@ check_curl_for_retry_support() {
   fi
 
   RETVAL="$_retry_supported"
-
 }
 
 # Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites