diff --git a/.github/workflows/_static-analysis.yml b/.github/workflows/_static-analysis.yml index 3981d0112..ba1c788b6 100644 --- a/.github/workflows/_static-analysis.yml +++ b/.github/workflows/_static-analysis.yml @@ -19,8 +19,9 @@ jobs: git diff exit 1 fi + global-linter: - runs-on: macos-14 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 @@ -30,12 +31,16 @@ jobs: name: Restore Python Cache with: path: ~/.cache/pip - key: macos-14-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }} + key: ubuntu-22.04-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }} restore-keys: | - macos-14-${{ runner.arch }}-pip- + ubuntu-22.04-${{ runner.arch }}-pip- - name: Install Python Dependencies run: | pip install -r requirements.txt + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y shfmt - name: Run pre-commit run: | pre-commit install @@ -45,4 +50,4 @@ jobs: name: Save Python Cache with: path: ~/.cache/pip - key: macos-14-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }} + key: ubuntu-22.04-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7f33d6840..44126df3b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -28,3 +28,18 @@ repos: - master - --pattern - '^(?!((chore|feat|feature|bug|fix|build|ci|docs|style|refactor|perf|test|revert)\/[@a-zA-Z0-9\-\.\/]+)$).*' + + # Third party pre-commit hooks + - repo: https://github.com/koalaman/shellcheck-precommit + rev: v0.9.0 + hooks: + - id: shellcheck + args: ["--severity=warning"] + exclude: ^.*/gradlew$ + - repo: https://github.com/pecigonzalo/pre-commit-shfmt + rev: v2.1.0 + hooks: + - id: shell-fmt + args: + - -i + - "4" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 08a443475..e23779c26 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -17,6 +17,7 @@ started. - [Pre-commit](#pre-commit) - [Elixir Development](#elixir-development) - [Rust Development](#rust-development) + - [Shell script Development](#shell-script-development) - [Reporting Bugs](#reporting-bugs) - [Opening a Pull Request](#opening-a-pull-request) - [Run Tests](#run-tests) @@ -180,6 +181,10 @@ If you are interested in contributing to the Gateway, Relay, or client library, please read the detailed info found in the [Rust Developer Guide](rust/README.md) +### Shell script Development + +See [scripts/README](scripts/README.md). + ## Reporting Bugs We appreciate any and all bug reports. diff --git a/elixir/rel/overlays/bin/bootstrap b/elixir/rel/overlays/bin/bootstrap index 17f65272a..6578299d5 100755 --- a/elixir/rel/overlays/bin/bootstrap +++ b/elixir/rel/overlays/bin/bootstrap @@ -3,10 +3,11 @@ mkdir -p /var/firezone setup_telemetry() { - [ -f /var/firezone/.tid ] || cat /proc/sys/kernel/random/uuid > /var/firezone/.tid - export TELEMETRY_ID=$(cat /var/firezone/.tid) + [ -f /var/firezone/.tid ] || cat /proc/sys/kernel/random/uuid >/var/firezone/.tid + tid=$(cat /var/firezone/.tid) + export TELEMETRY_ID="$tid" } setup_telemetry -cd -P -- "$(dirname -- "$0")" +cd -P -- "$(dirname -- "$0")" || exit 1 diff --git a/elixir/rel/overlays/bin/migrate b/elixir/rel/overlays/bin/migrate index 5f3b4a656..da41f3870 100755 --- a/elixir/rel/overlays/bin/migrate +++ b/elixir/rel/overlays/bin/migrate @@ -1,4 +1,4 @@ #!/bin/sh set -e -source "$(dirname -- "$0")/bootstrap" -exec ./${APPLICATION_NAME} eval Domain.Release.migrate +. "$(dirname -- "$0")/bootstrap" +exec ./"$APPLICATION_NAME" eval Domain.Release.migrate diff --git a/elixir/rel/overlays/bin/seed b/elixir/rel/overlays/bin/seed index 45fcf5aa2..abf7b63f5 100755 --- a/elixir/rel/overlays/bin/seed +++ b/elixir/rel/overlays/bin/seed @@ -1,4 +1,4 @@ #!/bin/sh set -e -source "$(dirname -- "$0")/bootstrap" -exec ./${APPLICATION_NAME} eval Domain.Release.seed +. "$(dirname -- "$0")/bootstrap" +exec ./"$APPLICATION_NAME" eval Domain.Release.seed diff --git a/elixir/rel/overlays/bin/server b/elixir/rel/overlays/bin/server index c5403094b..1c7b05b04 100755 --- a/elixir/rel/overlays/bin/server +++ b/elixir/rel/overlays/bin/server @@ -1,5 +1,5 @@ #!/bin/sh set -e -source "$(dirname -- "$0")/bootstrap" +. "$(dirname -- "$0")/bootstrap" ./migrate -exec ./${APPLICATION_NAME} start +exec ./"$APPLICATION_NAME" start diff --git a/rust/README.md b/rust/README.md new file mode 100644 index 000000000..c72a510c2 --- /dev/null +++ b/rust/README.md @@ -0,0 +1,9 @@ +# Rust development guide + +Firezone uses Rust for all data plane components. This directory contains the +Linux and Windows clients, and low-level networking implementations related to +STUN/TURN. + +We target the last stable release of Rust using [`rust-toolchain.toml`](./rust-toolchain.toml). +If you are using `rustup`, that is automatically handled for you. +Otherwise, ensure you have the latest stable version of Rust installed. diff --git a/rust/connlib/clients/apple/build-rust.sh b/rust/connlib/clients/apple/build-rust.sh index f7efeded7..11980fddf 100755 --- a/rust/connlib/clients/apple/build-rust.sh +++ b/rust/connlib/clients/apple/build-rust.sh @@ -9,31 +9,31 @@ set -e # Sanitize the environment to prevent Xcode's shenanigans from leaking # into our highly evolved Rust-based build system. for var in $(env | awk -F= '{print $1}'); do - if [[ "$var" != "HOME" ]] \ - && [[ "$var" != "USER" ]] \ - && [[ "$var" != "LOGNAME" ]] \ - && [[ "$var" != "TERM" ]] \ - && [[ "$var" != "PWD" ]] \ - && [[ "$var" != "SHELL" ]] \ - && [[ "$var" != "TMPDIR" ]] \ - && [[ "$var" != "XPC_FLAGS" ]] \ - && [[ "$var" != "XPC_SERVICE_NAME" ]] \ - && [[ "$var" != "PLATFORM_NAME" ]] \ - && [[ "$var" != "CONFIGURATION" ]] \ - && [[ "$var" != "NATIVE_ARCH" ]] \ - && [[ "$var" != "ONLY_ACTIVE_ARCH" ]] \ - && [[ "$var" != "ARCHS" ]] \ - && [[ "$var" != "SDKROOT" ]] \ - && [[ "$var" != "OBJROOT" ]] \ - && [[ "$var" != "SYMROOT" ]] \ - && [[ "$var" != "SRCROOT" ]] \ - && [[ "$var" != "TARGETED_DEVICE_FAMILY" ]] \ - && [[ "$var" != "RUSTC_WRAPPER" ]] \ - && [[ "$var" != "SCCACHE_GCS_BUCKET" ]] \ - && [[ "$var" != "SCCACHE_GCS_RW_MODE" ]] \ - && [[ "$var" != "CONNLIB_TARGET_DIR" ]]; then - unset $var - fi + if [[ "$var" != "HOME" ]] && + [[ "$var" != "USER" ]] && + [[ "$var" != "LOGNAME" ]] && + [[ "$var" != "TERM" ]] && + [[ "$var" != "PWD" ]] && + [[ "$var" != "SHELL" ]] && + [[ "$var" != "TMPDIR" ]] && + [[ "$var" != "XPC_FLAGS" ]] && + [[ "$var" != "XPC_SERVICE_NAME" ]] && + [[ "$var" != "PLATFORM_NAME" ]] && + [[ "$var" != "CONFIGURATION" ]] && + [[ "$var" != "NATIVE_ARCH" ]] && + [[ "$var" != "ONLY_ACTIVE_ARCH" ]] && + [[ "$var" != "ARCHS" ]] && + [[ "$var" != "SDKROOT" ]] && + [[ "$var" != "OBJROOT" ]] && + [[ "$var" != "SYMROOT" ]] && + [[ "$var" != "SRCROOT" ]] && + [[ "$var" != "TARGETED_DEVICE_FAMILY" ]] && + [[ "$var" != "RUSTC_WRAPPER" ]] && + [[ "$var" != "SCCACHE_GCS_BUCKET" ]] && + [[ "$var" != "SCCACHE_GCS_RW_MODE" ]] && + [[ "$var" != "CONNLIB_TARGET_DIR" ]]; then + unset $var + fi done # Use pristine path; the PATH from Xcode is polluted with stuff we don't want which can @@ -41,13 +41,13 @@ done export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin:$HOME/.cargo/bin:/run/current-system/sw/bin/" if [[ $1 == "clean" ]]; then - echo "Skipping build during 'clean'" - exit 0 + echo "Skipping build during 'clean'" + exit 0 fi if [[ -z "$PLATFORM_NAME" ]]; then - echo "PLATFORM_NAME is not set" - exit 1 + echo "PLATFORM_NAME is not set" + exit 1 fi export INCLUDE_PATH="$SDK_ROOT/usr/include" @@ -56,40 +56,40 @@ export LIBRARY_PATH="$SDK_ROOT/usr/lib" TARGETS="" if [[ "$PLATFORM_NAME" = "macosx" ]]; then if [[ $CONFIGURATION == "Release" ]] || [[ -z "$NATIVE_ARCH" ]]; then - TARGETS="--target aarch64-apple-darwin --target x86_64-apple-darwin" + TARGETS="--target aarch64-apple-darwin --target x86_64-apple-darwin" else - if [[ $NATIVE_ARCH == "arm64" ]]; then - TARGETS="--target aarch64-apple-darwin" - else - if [[ $NATIVE_ARCH == "x86_64" ]]; then - TARGETS="--target x86_64-apple-darwin" + if [[ $NATIVE_ARCH == "arm64" ]]; then + TARGETS="--target aarch64-apple-darwin" else - echo "Unsupported native arch for $PLATFORM_NAME: $NATIVE_ARCH" + if [[ $NATIVE_ARCH == "x86_64" ]]; then + TARGETS="--target x86_64-apple-darwin" + else + echo "Unsupported native arch for $PLATFORM_NAME: $NATIVE_ARCH" + fi fi - fi fi else - if [[ "$PLATFORM_NAME" = "iphoneos" ]]; then - TARGETS="--target aarch64-apple-ios" - else - echo "Unsupported platform: $PLATFORM_NAME" - exit 1 - fi + if [[ "$PLATFORM_NAME" = "iphoneos" ]]; then + TARGETS="--target aarch64-apple-ios" + else + echo "Unsupported platform: $PLATFORM_NAME" + exit 1 + fi fi MESSAGE="Building Connlib" if [[ $CONFIGURATION == "Release" ]]; then - echo "${MESSAGE} for Release" - CONFIGURATION_ARGS="--release" + echo "${MESSAGE} for Release" + CONFIGURATION_ARGS="--release" else - echo "${MESSAGE} for Debug" + echo "${MESSAGE} for Debug" fi if [[ -n "$CONNLIB_TARGET_DIR" ]]; then - set -x - CARGO_TARGET_DIR=$CONNLIB_TARGET_DIR - set +x + set -x + export CARGO_TARGET_DIR=$CONNLIB_TARGET_DIR + set +x fi set -x diff --git a/rust/docker-init.sh b/rust/docker-init.sh index b70d8bd5f..ee4c3747c 100755 --- a/rust/docker-init.sh +++ b/rust/docker-init.sh @@ -1,32 +1,32 @@ #!/bin/sh if [ "${FIREZONE_ENABLE_MASQUERADE}" = "1" ]; then - IFACE="tun-firezone" - # Enable masquerading for ethernet and wireless interfaces - iptables -C FORWARD -i $IFACE -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -i $IFACE -j ACCEPT - iptables -C FORWARD -o $IFACE -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -o $IFACE -j ACCEPT - iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE - iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE - ip6tables -C FORWARD -i $IFACE -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -i $IFACE -j ACCEPT - ip6tables -C FORWARD -o $IFACE -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -o $IFACE -j ACCEPT - ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE - ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE + IFACE="tun-firezone" + # Enable masquerading for ethernet and wireless interfaces + iptables -C FORWARD -i $IFACE -j ACCEPT >/dev/null 2>&1 || iptables -A FORWARD -i $IFACE -j ACCEPT + iptables -C FORWARD -o $IFACE -j ACCEPT >/dev/null 2>&1 || iptables -A FORWARD -o $IFACE -j ACCEPT + iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE >/dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE + iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE >/dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE + ip6tables -C FORWARD -i $IFACE -j ACCEPT >/dev/null 2>&1 || ip6tables -A FORWARD -i $IFACE -j ACCEPT + ip6tables -C FORWARD -o $IFACE -j ACCEPT >/dev/null 2>&1 || ip6tables -A FORWARD -o $IFACE -j ACCEPT + ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE >/dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE + ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE >/dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE fi if [ "${LISTEN_ADDRESS_DISCOVERY_METHOD}" = "gce_metadata" ]; then - echo "Using GCE metadata to discover listen address" + echo "Using GCE metadata to discover listen address" - if [ "${PUBLIC_IP4_ADDR}" = "" ]; then - public_ip4=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google" -s) - export PUBLIC_IP4_ADDR="${public_ip4}" - echo "Discovered PUBLIC_IP4_ADDR: ${PUBLIC_IP4_ADDR}" - fi + if [ "${PUBLIC_IP4_ADDR}" = "" ]; then + public_ip4=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google" -s) + export PUBLIC_IP4_ADDR="${public_ip4}" + echo "Discovered PUBLIC_IP4_ADDR: ${PUBLIC_IP4_ADDR}" + fi - if [ "${PUBLIC_IP6_ADDR}" = "" ]; then - public_ip6=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ipv6s" -H "Metadata-Flavor: Google" -s) - export PUBLIC_IP6_ADDR="${public_ip6}" - echo "Discovered PUBLIC_IP6_ADDR: ${PUBLIC_IP6_ADDR}" - fi + if [ "${PUBLIC_IP6_ADDR}" = "" ]; then + public_ip6=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ipv6s" -H "Metadata-Flavor: Google" -s) + export PUBLIC_IP6_ADDR="${public_ip6}" + echo "Discovered PUBLIC_IP6_ADDR: ${PUBLIC_IP6_ADDR}" + fi fi -exec $@ +exec "$@" diff --git a/rust/snownet-tests/router/run.sh b/rust/snownet-tests/router/run.sh index 6a055a986..24c099597 100644 --- a/rust/snownet-tests/router/run.sh +++ b/rust/snownet-tests/router/run.sh @@ -4,7 +4,7 @@ set -ex # Set up NAT nft add table ip nat -nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; } +nft add chain ip nat postrouting '{' type nat hook postrouting priority 100 \; '}' nft add rule ip nat postrouting masquerade $NAT_BEHAVIOUR # Assumption after a long debugging session involving Gabi, Jamil and Thomas: @@ -13,6 +13,6 @@ nft add rule ip nat postrouting masquerade $NAT_BEHAVIOUR # To achieve this, we set an absurdly high latency of 300ms for the WAN network. tc qdisc add dev eth1 root netem delay 300ms -echo "1" > /tmp/setup_done # This will be checked by our docker HEALTHCHECK +echo "1" >/tmp/setup_done # This will be checked by our docker HEALTHCHECK conntrack --event --proto UDP --output timestamp # Display a real-time log of NAT events in the kernel. diff --git a/rust/windows-client/dev.sh b/rust/windows-client/dev.sh index a8bb953ee..793ef8a8f 100755 --- a/rust/windows-client/dev.sh +++ b/rust/windows-client/dev.sh @@ -7,9 +7,9 @@ set -e # Fixes exiting with Ctrl-C stop() { - kill $(jobs -p) + kill "$(jobs -p)" } -trap stop SIGINT SIGTERM +trap stop INT TERM # Copy frontend dependencies cp node_modules/flowbite/dist/flowbite.min.js src/ diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 000000000..28d5ededd --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,40 @@ +# Firezone shell scripts + +This directory contains various shell scripts used for development, testing, and +deployment of the Firezone product. + +## Developer Setup + +We lint shell scripts in CI. To get your PR to pass, you'll want to ensure your +local development environment is set up to lint shell scripts: + +1. Install [`shfmt`](https://github.com/mvdan/sh): + - `brew install shfmt` on macOS + - Install shfmt from https://github.com/mvdan/sh/releases for other platforms +1. Install [`shellcheck`](https://github.com/koalaman/shellcheck/tree/master): + - `brew install shellcheck` on macOS + - `sudo apt-get install shellcheck` on Ubuntu + +Then just lint and format your shell scripts before you commit: + +``` +shfmt -i 4 **/*.sh +shellcheck --severity=warning **/*.sh +``` + +You can achieve this more easily by using `pre-commit`. See +[CONTRIBUTING](../CONTRIBUTING.md#pre-commit). + +### Editor setup + +- [Vim](https://github.com/dense-analysis/ale/blob/master/autoload/ale/fixers/shfmt.vim) + ([here's an example](https://github.com/jamilbk/nvim/blob/master/init.vim#L159) + using ALE) +- [VSCode](https://marketplace.visualstudio.com/items?itemName=mkhl.shfmt) + +## Scripting tips + +- Use `#!/usr/bin/env bash` along with `set -euo pipefail` in general for dev + and test scripts. +- In Docker images and other minimal envs, stick to `#!/bin/sh` and simply + `set -eu`. diff --git a/scripts/gateway-docker-upgrade.sh b/scripts/gateway-docker-upgrade.sh index dde553343..27fd5750a 100755 --- a/scripts/gateway-docker-upgrade.sh +++ b/scripts/gateway-docker-upgrade.sh @@ -1,20 +1,19 @@ #!/usr/bin/env bash -set -e +set -euo pipefail TARGET_IMAGE="ghcr.io/firezone/gateway:1" CURRENTLY_RUNNING=$(docker ps --format "{{.Names}} {{.Image}}" | grep -e "$TARGET_IMAGE" | awk '{print $1}') if [ "$CURRENTLY_RUNNING" == "" ]; then echo "No Firezone gateway found running on this system. Exiting." - exit -1 + exit 1 fi echo "Pulling latest image..." -docker pull "$TARGET_IMAGE" > /dev/null +docker pull "$TARGET_IMAGE" >/dev/null echo "Checking for containers to upgrade..." -for RUNNING_CONTAINER in $CURRENTLY_RUNNING -do +for RUNNING_CONTAINER in $CURRENTLY_RUNNING; do LATEST=$(docker inspect --format "{{.Id}}" "$TARGET_IMAGE") RUNNING=$(docker inspect --format "{{.Image}}" "$RUNNING_CONTAINER") RUNNING_NAME=$(docker inspect --format "{{.Name}}" "$RUNNING_CONTAINER" | sed 's~/~~g') @@ -22,28 +21,28 @@ do # Upgrade if necessary if [ "$RUNNING" != "$LATEST" ]; then echo -n "Upgrading gateway..." - docker container inspect "$RUNNING_CONTAINER" --format '{{join .Config.Env "\n"}}' | grep -v "PATH" > variables.env - docker stop "$RUNNING_CONTAINER" > /dev/null - docker rm -f "$RUNNING_CONTAINER" > /dev/null + docker container inspect "$RUNNING_CONTAINER" --format '{{join .Config.Env "\n"}}' | grep -v "PATH" >variables.env + docker stop "$RUNNING_CONTAINER" >/dev/null + docker rm -f "$RUNNING_CONTAINER" >/dev/null docker run -d \ - --restart=unless-stopped \ - --pull=always \ - --health-cmd="ip link | grep tun-firezone" \ - --name="$RUNNING_NAME" \ - --cap-add=NET_ADMIN \ - --volume /var/lib/firezone \ - --env-file variables.env \ - --sysctl net.ipv4.ip_forward=1 \ - --sysctl net.ipv4.conf.all.src_valid_mark=1 \ - --sysctl net.ipv6.conf.all.disable_ipv6=0 \ - --sysctl net.ipv6.conf.all.forwarding=1 \ - --sysctl net.ipv6.conf.default.forwarding=1 \ - --device="/dev/net/tun:/dev/net/tun" \ - "$TARGET_IMAGE" + --restart=unless-stopped \ + --pull=always \ + --health-cmd="ip link | grep tun-firezone" \ + --name="$RUNNING_NAME" \ + --cap-add=NET_ADMIN \ + --volume /var/lib/firezone \ + --env-file variables.env \ + --sysctl net.ipv4.ip_forward=1 \ + --sysctl net.ipv4.conf.all.src_valid_mark=1 \ + --sysctl net.ipv6.conf.all.disable_ipv6=0 \ + --sysctl net.ipv6.conf.all.forwarding=1 \ + --sysctl net.ipv6.conf.default.forwarding=1 \ + --device="/dev/net/tun:/dev/net/tun" \ + "$TARGET_IMAGE" rm variables.env echo "Container upgraded" else - echo "Gateway is already up to date" + echo "Gateway is already up to date" fi done diff --git a/scripts/tests/direct-curl-portal-down.sh b/scripts/tests/direct-curl-portal-down.sh index bba00296c..26b71431e 100755 --- a/scripts/tests/direct-curl-portal-down.sh +++ b/scripts/tests/direct-curl-portal-down.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -e +set -euo pipefail source "./scripts/tests/lib.sh" diff --git a/scripts/tests/direct-curl-portal-relay-down.sh b/scripts/tests/direct-curl-portal-relay-down.sh index 8b03df36c..8f9b1f3f4 100755 --- a/scripts/tests/direct-curl-portal-relay-down.sh +++ b/scripts/tests/direct-curl-portal-relay-down.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -e +set -euo pipefail source "./scripts/tests/lib.sh" diff --git a/scripts/tests/direct-curl-portal-restart.sh b/scripts/tests/direct-curl-portal-restart.sh index 4d971858e..85ba81ed6 100755 --- a/scripts/tests/direct-curl-portal-restart.sh +++ b/scripts/tests/direct-curl-portal-restart.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -e +set -euo pipefail source "./scripts/tests/lib.sh" diff --git a/scripts/tests/lib.sh b/scripts/tests/lib.sh index 2044642de..3bf67daa1 100755 --- a/scripts/tests/lib.sh +++ b/scripts/tests/lib.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -euo pipefail + function install_iptables_drop_rules() { sudo iptables -I FORWARD 1 -s 172.28.0.100 -d 172.28.0.105 -j DROP sudo iptables -I FORWARD 1 -s 172.28.0.105 -d 172.28.0.100 -j DROP diff --git a/scripts/tests/relayed-curl-portal-down.sh b/scripts/tests/relayed-curl-portal-down.sh index fecd59a7b..123a440b5 100755 --- a/scripts/tests/relayed-curl-portal-down.sh +++ b/scripts/tests/relayed-curl-portal-down.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -e +set -euo pipefail source "./scripts/tests/lib.sh" diff --git a/scripts/tests/relayed-curl-portal-restart.sh b/scripts/tests/relayed-curl-portal-restart.sh index b9f3b1ce5..40b6d38e4 100755 --- a/scripts/tests/relayed-curl-portal-restart.sh +++ b/scripts/tests/relayed-curl-portal-restart.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -e +set -euo pipefail source "./scripts/tests/lib.sh" diff --git a/swift/apple/copy_generated_connlib_files.sh b/swift/apple/copy_generated_connlib_files.sh index 9f28673cc..f9fd26536 100755 --- a/swift/apple/copy_generated_connlib_files.sh +++ b/swift/apple/copy_generated_connlib_files.sh @@ -7,16 +7,16 @@ set -e if [[ $1 == "clean" ]]; then - echo "Skipping copy during 'clean'" - exit 0 + echo "Skipping copy during 'clean'" + exit 0 fi DEST=./FirezoneNetworkExtension/Connlib if [[ -n "$CONNLIB_SOURCE_DIR" ]]; then set -x rm -rf $DEST - find $CONNLIB_SOURCE_DIR/Sources/Connlib - cp -r $CONNLIB_SOURCE_DIR/Sources/Connlib $DEST + find "$CONNLIB_SOURCE_DIR"/Sources/Connlib + cp -r "$CONNLIB_SOURCE_DIR"/Sources/Connlib $DEST set +x else echo "CONNLIB_SOURCE_DIR is not set. Is this being invoked from Xcode?" diff --git a/swift/apple/lint.sh b/swift/apple/lint.sh index 11bb72f00..e5bf74bfa 100755 --- a/swift/apple/lint.sh +++ b/swift/apple/lint.sh @@ -10,8 +10,8 @@ if [[ "$(uname -m)" == arm64 ]]; then export PATH="/opt/homebrew/bin:$PATH" fi -if which swift-format > /dev/null; then - find . -name "*.swift" -not -path "./FirezoneNetworkExtension/Connlib/Generated/*" | xargs swift-format lint --strict +if which swift-format >/dev/null; then + find . -name "*.swift" -not -path "./FirezoneNetworkExtension/Connlib/Generated/*" -exec xargs swift-format lint --strict \; else - echo "warning: swift-format not installed, install with `brew install swift-format`" + echo "warning: swift-format not installed, install with 'brew install swift-format'" fi