tools: Fix shellcheck issues in lib.sh

Address shellcheck warnings including proper variable quoting,
use of [[ ]] over [ ], declaring and assigning variables separately,
and adding appropriate shellcheck disable directives where needed.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Made-with: Cursor

tools/osbuilder/scripts/lib.sh

@@ -8,6 +8,7 @@ set -e
 
 KATA_REPO=${KATA_REPO:-github.com/kata-containers/kata-containers}
 # Give preference to variable set by CI
+# shellcheck disable=SC2154
 yq_file="${script_dir}/../../../ci/install_yq.sh"
 kata_versions_file="${script_dir}/../../../versions.yaml"
 
@@ -48,7 +49,7 @@ check_program()
 
 check_root()
 {
-	if [ "$(id -u)" != "0" ]; then
+	if [[ "$(id -u)" != "0" ]]; then
 		echo "Root is needed"
 		exit 1
 	fi
@@ -56,6 +57,7 @@ check_root()
 
 generate_dnf_config()
 {
+	# shellcheck disable=SC2154
 	cat > "${DNF_CONF}" << EOF
 [main]
 reposdir=/root/mash
@@ -64,14 +66,16 @@ reposdir=/root/mash
 name=${OS_NAME}-${OS_VERSION} base
 releasever=${OS_VERSION}
 EOF
-	if [ "$BASE_URL" != "" ]; then
-		echo "baseurl=$BASE_URL" >> "$DNF_CONF"
-	elif [ "$METALINK" != "" ]; then
-		echo "metalink=$METALINK" >> "$DNF_CONF"
+	# shellcheck disable=SC2154
+	if [[ "${BASE_URL}" != "" ]]; then
+		echo "baseurl=${BASE_URL}" >> "${DNF_CONF}"
+	elif [[ "${METALINK}" != "" ]]; then
+		echo "metalink=${METALINK}" >> "${DNF_CONF}"
 	fi
 
-	if [ -n "$GPG_KEY_URL" ]; then
-		if [ ! -f "${CONFIG_DIR}/${GPG_KEY_FILE}" ]; then
+	if [[ -n "${GPG_KEY_URL}" ]]; then
+		# shellcheck disable=SC2154
+		if [[ ! -f "${CONFIG_DIR}/${GPG_KEY_FILE}" ]]; then
 			curl -L "${GPG_KEY_URL}" -o "${CONFIG_DIR}/${GPG_KEY_FILE}"
 		fi
 		cat >> "${DNF_CONF}" << EOF
@@ -79,15 +83,17 @@ gpgcheck=1
 gpgkey=file://${CONFIG_DIR}/${GPG_KEY_FILE}
 EOF
 	fi
-	if [ "$SELINUX" == "yes" ]; then
+	# shellcheck disable=SC2154
+	if [[ "${SELINUX}" == "yes" ]]; then
 		cat > "${DNF_CONF}" << EOF
 [appstream]
 name=${OS_NAME}-${OS_VERSION} upstream
 releasever=${OS_VERSION}
 EOF
-		echo "metalink=$METALINK_APPSTREAM" >> "$DNF_CONF"
-		if [ -n "$GPG_KEY_URL" ]; then
-			if [ ! -f "${CONFIG_DIR}/${GPG_KEY_FILE}" ]; then
+		# shellcheck disable=SC2154
+		echo "metalink=${METALINK_APPSTREAM}" >> "${DNF_CONF}"
+		if [[ -n "${GPG_KEY_URL}" ]]; then
+			if [[ ! -f "${CONFIG_DIR}/${GPG_KEY_FILE}" ]]; then
 				curl -L "${GPG_KEY_URL}" -o "${CONFIG_DIR}/${GPG_KEY_FILE}"
 			fi
 			cat >> "${DNF_CONF}" << EOF
@@ -103,7 +109,7 @@ build_rootfs()
 	# Mandatory
 	local ROOTFS_DIR="$1"
 
-	[ -z "$ROOTFS_DIR" ] && die "need rootfs"
+	[[ -z "${ROOTFS_DIR}" ]] && die "need rootfs"
 
 	# In case of support EXTRA packages, use it to allow
 	# users add more packages to the base rootfs
@@ -115,12 +121,12 @@ build_rootfs()
 	#local CONFIG_DIR=${CONFIG_DIR}
 
 	check_root
-	if [ ! -f "${DNF_CONF}" ] && [ -z "${DISTRO_REPO}" ] ; then
+	if [[ ! -f "${DNF_CONF}" ]] && [[ -z "${DISTRO_REPO}" ]] ; then
 		DNF_CONF="./kata-${OS_NAME}-dnf.conf"
 		generate_dnf_config
 	fi
 	mkdir -p "${ROOTFS_DIR}"
-	if [ -n "${PKG_MANAGER}" ]; then
+	if [[ -n "${PKG_MANAGER}" ]]; then
 		info "DNF path provided by user: ${PKG_MANAGER}"
 	elif check_program "dnf"; then
 		PKG_MANAGER="dnf"
@@ -131,16 +137,17 @@ build_rootfs()
 	fi
 
 	DNF="${PKG_MANAGER} -y --installroot=${ROOTFS_DIR} --noplugins"
-	if [ -n "${DNF_CONF}" ] ; then
+	if [[ -n "${DNF_CONF}" ]] ; then
 		DNF="${DNF} --config=${DNF_CONF}"
 	else
 		DNF="${DNF} --releasever=${OS_VERSION}"
 	fi
 
 	info "install packages for rootfs"
-	$DNF install ${EXTRA_PKGS} ${PACKAGES}
+	# shellcheck disable=SC2154,SC2086
+	${DNF} install ${EXTRA_PKGS} ${PACKAGES}
 
-	rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh}
+	rm -rf "${ROOTFS_DIR}"/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh}
 }
 
 # Create a YAML metadata file inside the rootfs.
@@ -151,7 +158,7 @@ create_summary_file()
 {
 	local -r rootfs_dir="$1"
 
-	[ -z "$rootfs_dir" ] && die "need rootfs"
+	[[ -z "${rootfs_dir}" ]] && die "need rootfs"
 
 	local -r file_dir="/var/lib/osbuilder"
 	local -r dir="${rootfs_dir}${file_dir}"
@@ -159,16 +166,16 @@ create_summary_file()
 	local -r filename="osbuilder.yaml"
 	local file="${dir}/${filename}"
 
-	local -r now=$(date -u -d@${SOURCE_DATE_EPOCH:-$(date +%s.%N)} '+%Y-%m-%dT%T.%N%zZ')
+	local -r now=$(date -u -d@"${SOURCE_DATE_EPOCH:-$(date +%s.%N)}" '+%Y-%m-%dT%T.%N%zZ')
 
 	# sanitise package lists
-	PACKAGES=$(echo "$PACKAGES"|tr ' ' '\n'|sort -u|tr '\n' ' ')
-	EXTRA_PKGS=$(echo "$EXTRA_PKGS"|tr ' ' '\n'|sort -u|tr '\n' ' ')
+	PACKAGES=$(echo "${PACKAGES}"|tr ' ' '\n'|sort -u|tr '\n' ' ')
+	EXTRA_PKGS=$(echo "${EXTRA_PKGS}"|tr ' ' '\n'|sort -u|tr '\n' ' ')
 
 	local -r packages=$(for pkg in ${PACKAGES}; do echo "      - \"${pkg}\""; done)
 	local -r extra=$(for pkg in ${EXTRA_PKGS}; do echo "      - \"${pkg}\""; done)
 
-	mkdir -p "$dir"
+	mkdir -p "${dir}"
 
 	# Semantic version of the summary file format.
 	#
@@ -177,14 +184,18 @@ create_summary_file()
 
 	local -r osbuilder_url="https://github.com/kata-containers/kata-containers/tools/osbuilder"
 
+	# shellcheck disable=SC2154
 	local agent="${AGENT_DEST}"
-	[ "$AGENT_INIT" = yes ] && agent="${init}"
+	# shellcheck disable=SC2154,SC2034
+	[[ "${AGENT_INIT}" = yes ]] && agent="${init}"
 
 	local -r agentdir="${script_dir}/../../../"
-	local agent_version=$(cat ${agentdir}/VERSION 2> /dev/null)
-	[ -z "$agent_version" ] && agent_version="unknown"
+	local agent_version
+	agent_version=$(cat "${agentdir}/VERSION" 2> /dev/null)
+	[[ -z "${agent_version}" ]] && agent_version="unknown"
 
-	cat >"$file"<<-EOF
+	# shellcheck disable=SC2154
+	cat >"${file}"<<-EOF
 	---
 	osbuilder:
 	  url: "${osbuilder_url}"
@@ -208,7 +219,8 @@ ${extra}
 	  agent-is-init-daemon: "${AGENT_INIT}"
 EOF
 
-	local rootfs_file="${file_dir}/$(basename "${file}")"
+	local rootfs_file
+	rootfs_file="${file_dir}/$(basename "${file}")"
 	info "Created summary file '${rootfs_file}' inside rootfs"
 }
 
@@ -218,18 +230,20 @@ EOF
 generate_dockerfile()
 {
 	dir="$1"
-	[ -d "${dir}" ] || die "${dir}: not a directory"
+	[[ -d "${dir}" ]] || die "${dir}: not a directory"
 
-	local rustarch="$ARCH"
-	[ "$ARCH" = ppc64le ] && rustarch=powerpc64le
+	local rustarch="${ARCH}"
+	[[ "${ARCH}" = ppc64le ]] && rustarch=powerpc64le
 
-	[ -n "${http_proxy:-}" ] && readonly set_proxy="RUN sed -i '$ a proxy="${http_proxy:-}"' /etc/dnf/dnf.conf /etc/yum.conf; true"
+	# shellcheck disable=SC2027
+	[[ -n "${http_proxy:-}" ]] && readonly set_proxy="RUN sed -i '$ a proxy="${http_proxy:-}"' /etc/dnf/dnf.conf /etc/yum.conf; true"
 
 	# Only install Rust if agent needs to be built
 	local install_rust=""
 
-	if [ ! -z "${AGENT_SOURCE_BIN}" ] ; then
-		if [ "$RUST_VERSION" == "null" ]; then
+	# shellcheck disable=SC2154
+	if [[ -n "${AGENT_SOURCE_BIN}" ]] ; then
+		if [[ "${RUST_VERSION}" == "null" ]]; then
 			detect_rust_version || \
 				die "Could not detect the required rust version for AGENT_VERSION='${AGENT_VERSION:-main}'."
 		fi
@@ -246,7 +260,7 @@ RUN . /root/.cargo/env; cargo install cargo-when
 
 	sed \
 		-e "s#@OS_VERSION@#${OS_VERSION:-}#g" \
-		-e "s#@ARCH@#$ARCH#g" \
+		-e "s#@ARCH@#${ARCH}#g" \
 		-e "s#@INSTALL_RUST@#${install_rust//$'\n'/\\n}#g" \
 		-e "s#@SET_PROXY@#${set_proxy:-}#g" \
 		Dockerfile.in > Dockerfile
@@ -259,13 +273,15 @@ get_package_version_from_kata_yaml()
 	local yq_version
 	local yq_args
 
+	# shellcheck disable=SC2154
 	typeset -r yq=$(command -v yq || command -v "${GOPATH}/bin/yq" || echo "${GOPATH}/bin/yq")
-	if [ ! -f "$yq" ]; then
-		source "$yq_file"
+	if [[ ! -f "${yq}" ]]; then
+		# shellcheck source=/dev/null
+		source "${yq_file}"
 	fi
 
-	yq_version=$($yq -V)
-	case $yq_version in
+	yq_version=$(${yq} -V)
+	case ${yq_version} in
 	*"version "[1-3]*)
 		yq_args="r -X - ${yq_path}"
 		;;
@@ -274,9 +290,10 @@ get_package_version_from_kata_yaml()
 		;;
 	esac
 
-	PKG_VERSION="$(cat "${kata_versions_file}" | $yq ${yq_args})"
+	# shellcheck disable=SC2086
+	PKG_VERSION="$(${yq} ${yq_args} < "${kata_versions_file}")"
 
-	[ "$?" == "0" ] && [ "$PKG_VERSION" != "null" ] && echo "$PKG_VERSION" || echo ""
+	[[ "${PKG_VERSION}" != "null" ]] && echo "${PKG_VERSION}" || echo ""
 }
 
 detect_rust_version()
@@ -285,9 +302,9 @@ detect_rust_version()
 	local yq_path="languages.rust.meta.newest-version"
 
 	info "Get rust version from ${kata_versions_file}"
-	RUST_VERSION="$(get_package_version_from_kata_yaml "$yq_path")"
+	RUST_VERSION="$(get_package_version_from_kata_yaml "${yq_path}")"
 
-	[ -n "$RUST_VERSION" ]
+	[[ -n "${RUST_VERSION}" ]]
 }
 
 detect_libseccomp_info()
@@ -297,16 +314,20 @@ detect_libseccomp_info()
 	info "Get libseccomp version and url from ${kata_versions_file}"
 	local libseccomp_ver_yq_path="externals.libseccomp.version"
 	local libseccomp_url_yq_path="externals.libseccomp.url"
-	export LIBSECCOMP_VERSION="$(get_package_version_from_kata_yaml "$libseccomp_ver_yq_path")"
-	export LIBSECCOMP_URL="$(get_package_version_from_kata_yaml "$libseccomp_url_yq_path")"
+	LIBSECCOMP_VERSION="$(get_package_version_from_kata_yaml "${libseccomp_ver_yq_path}")"
+	export LIBSECCOMP_VERSION
+	LIBSECCOMP_URL="$(get_package_version_from_kata_yaml "${libseccomp_url_yq_path}")"
+	export LIBSECCOMP_URL
 
 	info "Get gperf version and url from ${kata_versions_file}"
 	local gperf_ver_yq_path="externals.gperf.version"
 	local gperf_url_yq_path="externals.gperf.url"
-	export GPERF_VERSION="$(get_package_version_from_kata_yaml "$gperf_ver_yq_path")"
-	export GPERF_URL="$(get_package_version_from_kata_yaml "$gperf_url_yq_path")"
+	GPERF_VERSION="$(get_package_version_from_kata_yaml "${gperf_ver_yq_path}")"
+	export GPERF_VERSION
+	GPERF_URL="$(get_package_version_from_kata_yaml "${gperf_url_yq_path}")"
+	export GPERF_URL
 
-	[ -n "$LIBSECCOMP_VERSION" ] && [ -n "$GPERF_VERSION" ] && [ -n "$LIBSECCOMP_URL" ] && [ -n "$GPERF_URL" ]
+	[[ -n "${LIBSECCOMP_VERSION}" ]] && [[ -n "${GPERF_VERSION}" ]] && [[ -n "${LIBSECCOMP_URL}" ]] && [[ -n "${GPERF_URL}" ]]
 }
 
 before_starting_container() {