From df23f2b3c1ee47012b271186f62de68b539cddef Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:09:35 +0200 Subject: [PATCH 01/14] packaging/dev-shell: Add shellcheck It was already in the closure for the pre-commit hook installation script. --- packaging/dev-shell.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/packaging/dev-shell.nix b/packaging/dev-shell.nix index 949f79752..ccfb9c4ae 100644 --- a/packaging/dev-shell.nix +++ b/packaging/dev-shell.nix @@ -118,6 +118,7 @@ pkgs.nixComponents2.nix-util.overrideAttrs ( modular.pre-commit.settings.package (pkgs.writeScriptBin "pre-commit-hooks-install" modular.pre-commit.settings.installationScript) pkgs.buildPackages.nixfmt-rfc-style + pkgs.buildPackages.shellcheck pkgs.buildPackages.gdb ] ++ lib.optional (stdenv.cc.isClang && stdenv.hostPlatform == stdenv.buildPlatform) ( From c12187b15a95d788be5e5e3f9edfc4b0e2c5d826 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:12:33 +0200 Subject: [PATCH 02/14] pre-commit: Drop exclude config/install-sh This file was part of the make-based build, which has been removed. --- maintainers/flake-module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 4815313dd..86248c883 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^config/install-sh$'' ''^misc/bash/completion\.sh$'' ''^misc/fish/completion\.fish$'' ''^misc/zsh/completion\.zsh$'' From 1878e788cec3a6a9b9b22d158cadf44659276117 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:15:44 +0200 Subject: [PATCH 03/14] misc/bash/completion.sh: Fix shellcheck --- maintainers/flake-module.nix | 1 - misc/bash/completion.sh | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 86248c883..cd62b6135 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^misc/bash/completion\.sh$'' ''^misc/fish/completion\.fish$'' ''^misc/zsh/completion\.zsh$'' ''^scripts/create-darwin-volume\.sh$'' diff --git a/misc/bash/completion.sh b/misc/bash/completion.sh index c4ba96cd3..96f98d6c1 100644 --- a/misc/bash/completion.sh +++ b/misc/bash/completion.sh @@ -1,3 +1,4 @@ +# shellcheck shell=bash function _complete_nix { local -a words local cword cur From 6195dfff3a5e43d24a0436c6109521e95519476f Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:17:58 +0200 Subject: [PATCH 04/14] pre-commit: Move fish exclude --- maintainers/flake-module.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index cd62b6135..be924b37b 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^misc/fish/completion\.fish$'' ''^misc/zsh/completion\.zsh$'' ''^scripts/create-darwin-volume\.sh$'' ''^scripts/install-darwin-multi-user\.sh$'' @@ -246,6 +245,9 @@ ''^tests/functional/user-envs\.builder\.sh$'' ''^tests/functional/user-envs\.sh$'' ''^tests/functional/why-depends\.sh$'' + + # Shellcheck doesn't support fish shell syntax + ''^misc/fish/completion\.fish$'' ]; }; }; From 34e9caaf9bbffeef9381fe086060fb333d8904b6 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:18:52 +0200 Subject: [PATCH 05/14] pre-commit: Move zsh exclude --- maintainers/flake-module.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index be924b37b..83bdda7f2 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^misc/zsh/completion\.zsh$'' ''^scripts/create-darwin-volume\.sh$'' ''^scripts/install-darwin-multi-user\.sh$'' ''^scripts/install-multi-user\.sh$'' @@ -246,8 +245,9 @@ ''^tests/functional/user-envs\.sh$'' ''^tests/functional/why-depends\.sh$'' - # Shellcheck doesn't support fish shell syntax + # Shellcheck doesn't support fish or zsh shell syntax ''^misc/fish/completion\.fish$'' + ''^misc/zsh/completion\.zsh$'' ]; }; }; From 033f13fb1af00b3d938722e0b885bceb7da37ee3 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:19:39 +0200 Subject: [PATCH 06/14] pre-commit: Remove exclude that passes --- maintainers/flake-module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 83bdda7f2..48de03116 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^scripts/create-darwin-volume\.sh$'' ''^scripts/install-darwin-multi-user\.sh$'' ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' From 43ec36cddf6c1e3cca38cd2eb3710c242b0054f2 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:21:06 +0200 Subject: [PATCH 07/14] pre-commit: Remove exclude that passes --- maintainers/flake-module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 48de03116..54284784e 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^scripts/install-darwin-multi-user\.sh$'' ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' ''^src/nix/get-env\.sh$'' From 5af644492ba6cf21acf6ef064ee3d05bcf203a73 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:31:22 +0200 Subject: [PATCH 08/14] nix develop: Apply shellcheck --- maintainers/flake-module.nix | 1 - src/nix/get-env.sh | 14 ++++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 54284784e..ac8fb6f76 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,7 +108,6 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^src/nix/get-env\.sh$'' ''^tests/functional/ca/build-dry\.sh$'' ''^tests/functional/ca/build-with-garbage-path\.sh$'' ''^tests/functional/ca/common\.sh$'' diff --git a/src/nix/get-env.sh b/src/nix/get-env.sh index 071edf9b9..39fa6f9ac 100644 --- a/src/nix/get-env.sh +++ b/src/nix/get-env.sh @@ -1,11 +1,14 @@ +# shellcheck shell=bash set -e +# shellcheck disable=SC1090 # Dynamic sourcing is intentional if [ -e "$NIX_ATTRS_SH_FILE" ]; then source "$NIX_ATTRS_SH_FILE"; fi export IN_NIX_SHELL=impure export dontAddDisableDepTrack=1 if [[ -n $stdenv ]]; then - source $stdenv/setup + # shellcheck disable=SC1091 # setup file is in nix store + source "$stdenv"/setup fi # Better to use compgen, but stdenv bash doesn't have it. @@ -17,10 +20,10 @@ __dumpEnv() { printf ' "bashFunctions": {\n' local __first=1 - while read __line; do + while read -r __line; do if ! [[ $__line =~ ^declare\ -f\ (.*) ]]; then continue; fi __fun_name="${BASH_REMATCH[1]}" - __fun_body="$(type $__fun_name)" + __fun_body="$(type "$__fun_name")" if [[ $__fun_body =~ \{(.*)\} ]]; then if [[ -z $__first ]]; then printf ',\n'; else __first=; fi __fun_body="${BASH_REMATCH[1]}" @@ -37,7 +40,7 @@ __dumpEnv() { printf ' "variables": {\n' local __first=1 - while read __line; do + while read -r __line; do if ! [[ $__line =~ ^declare\ (-[^ ])\ ([^=]*) ]]; then continue; fi local type="${BASH_REMATCH[1]}" local __var_name="${BASH_REMATCH[2]}" @@ -76,7 +79,9 @@ __dumpEnv() { elif [[ $type == -a ]]; then printf '"type": "array", "value": [' local __first2=1 + # shellcheck disable=SC1087 # Complex array manipulation, syntax is correct __var_name="$__var_name[@]" + # shellcheck disable=SC1087 # Complex array manipulation, syntax is correct for __i in "${!__var_name}"; do if [[ -z $__first2 ]]; then printf ', '; else __first2=; fi __escapeString "$__i" @@ -142,6 +147,7 @@ __dumpEnvToOutput() { # array with a format like `outname => /nix/store/hash-drvname-outname`. # Otherwise it is a space-separated list of output variable names. if [ -e "$NIX_ATTRS_SH_FILE" ]; then + # shellcheck disable=SC2154 # outputs is set by sourced file for __output in "${outputs[@]}"; do __dumpEnvToOutput "$__output" done From 8b97d14c08d9d851ff4ba03bfc5851152a01e6c3 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:57:06 +0200 Subject: [PATCH 09/14] pre-commit: Give reason for ca test wrappers exclusion --- maintainers/flake-module.nix | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index ac8fb6f76..0c2ffe781 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,20 +108,9 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^tests/functional/ca/build-dry\.sh$'' ''^tests/functional/ca/build-with-garbage-path\.sh$'' ''^tests/functional/ca/common\.sh$'' ''^tests/functional/ca/concurrent-builds\.sh$'' - ''^tests/functional/ca/eval-store\.sh$'' - ''^tests/functional/ca/gc\.sh$'' - ''^tests/functional/ca/import-from-derivation\.sh$'' - ''^tests/functional/ca/new-build-cmd\.sh$'' - ''^tests/functional/ca/nix-shell\.sh$'' - ''^tests/functional/ca/post-hook\.sh$'' - ''^tests/functional/ca/recursive\.sh$'' - ''^tests/functional/ca/repl\.sh$'' - ''^tests/functional/ca/selfref-gc\.sh$'' - ''^tests/functional/ca/why-depends\.sh$'' ''^tests/functional/characterisation-test-infra\.sh$'' ''^tests/functional/common/vars-and-functions\.sh$'' ''^tests/functional/completions\.sh$'' @@ -245,6 +234,21 @@ # Shellcheck doesn't support fish or zsh shell syntax ''^misc/fish/completion\.fish$'' ''^misc/zsh/completion\.zsh$'' + + # Content-addressed test files that use recursive-*looking* sourcing + # (cd .. && source ), causing shellcheck to loop + # They're small wrapper scripts with not a lot going on + ''^tests/functional/ca/build-dry\.sh$'' + ''^tests/functional/ca/eval-store\.sh$'' + ''^tests/functional/ca/gc\.sh$'' + ''^tests/functional/ca/import-from-derivation\.sh$'' + ''^tests/functional/ca/new-build-cmd\.sh$'' + ''^tests/functional/ca/nix-shell\.sh$'' + ''^tests/functional/ca/post-hook\.sh$'' + ''^tests/functional/ca/recursive\.sh$'' + ''^tests/functional/ca/repl\.sh$'' + ''^tests/functional/ca/selfref-gc\.sh$'' + ''^tests/functional/ca/why-depends\.sh$'' ]; }; }; From 8c31e07cce68022b52eb252270389eb5c4581545 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 19:58:00 +0200 Subject: [PATCH 10/14] tests/func*/ca/build-with-garbage-path: Fix shellcheck --- maintainers/flake-module.nix | 1 - tests/functional/ca/build-with-garbage-path.sh | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 0c2ffe781..29f8fd1f9 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,7 +108,6 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^tests/functional/ca/build-with-garbage-path\.sh$'' ''^tests/functional/ca/common\.sh$'' ''^tests/functional/ca/concurrent-builds\.sh$'' ''^tests/functional/characterisation-test-infra\.sh$'' diff --git a/tests/functional/ca/build-with-garbage-path.sh b/tests/functional/ca/build-with-garbage-path.sh index 884cd2802..298cd469a 100755 --- a/tests/functional/ca/build-with-garbage-path.sh +++ b/tests/functional/ca/build-with-garbage-path.sh @@ -8,6 +8,7 @@ requireDaemonNewerThan "2.4pre20210621" # Get the output path of `rootCA`, and put some garbage instead outPath="$(nix-build ./content-addressed.nix -A rootCA --no-out-link)" +# shellcheck disable=SC2046 # Multiple store paths need to become individual args nix-store --delete $(nix-store -q --referrers-closure "$outPath") touch "$outPath" From 926287d813a1f9d719f54dea041fc62a1ed82b06 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 20:05:37 +0200 Subject: [PATCH 11/14] tests/func*/ca/common: Fix shellcheck --- maintainers/flake-module.nix | 1 - tests/functional/ca/common.sh | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 29f8fd1f9..f0268a69d 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,7 +108,6 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^tests/functional/ca/common\.sh$'' ''^tests/functional/ca/concurrent-builds\.sh$'' ''^tests/functional/characterisation-test-infra\.sh$'' ''^tests/functional/common/vars-and-functions\.sh$'' diff --git a/tests/functional/ca/common.sh b/tests/functional/ca/common.sh index 48f1ac46b..dc8e650fd 100644 --- a/tests/functional/ca/common.sh +++ b/tests/functional/ca/common.sh @@ -1,3 +1,4 @@ +# shellcheck shell=bash source ../common.sh enableFeatures "ca-derivations" From 993ea14f528936a915262c0588d46fd7c92f571d Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 20:08:30 +0200 Subject: [PATCH 12/14] pre-commit: Remove exclude that passes --- maintainers/flake-module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index f0268a69d..3012b6427 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,7 +108,6 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^tests/functional/ca/concurrent-builds\.sh$'' ''^tests/functional/characterisation-test-infra\.sh$'' ''^tests/functional/common/vars-and-functions\.sh$'' ''^tests/functional/completions\.sh$'' From 4183308ee2f7c07b891f1c007f265531e8149bb8 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 20:17:30 +0200 Subject: [PATCH 13/14] tests/func*/characterisation-test-infra: Fix shellcheck --- maintainers/flake-module.nix | 1 - tests/functional/characterisation-test-infra.sh | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 3012b6427..c531c9297 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,7 +108,6 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^tests/functional/characterisation-test-infra\.sh$'' ''^tests/functional/common/vars-and-functions\.sh$'' ''^tests/functional/completions\.sh$'' ''^tests/functional/compute-levels\.sh$'' diff --git a/tests/functional/characterisation-test-infra.sh b/tests/functional/characterisation-test-infra.sh index 279454550..fecae29e8 100755 --- a/tests/functional/characterisation-test-infra.sh +++ b/tests/functional/characterisation-test-infra.sh @@ -40,7 +40,7 @@ echo Bye! > "$TEST_ROOT/expected" diffAndAcceptInner test "$TEST_ROOT/got" "$TEST_ROOT/expected" (( "$badDiff" == 1 )) ) -[[ "$(echo Bye! )" == $(< "$TEST_ROOT/expected") ]] +[[ "Bye!" == $(< "$TEST_ROOT/expected") ]] # _NIX_TEST_ACCEPT=1 matches non-empty echo Hi! > "$TEST_ROOT/got" @@ -57,7 +57,7 @@ echo Bye! > "$TEST_ROOT/expected" _NIX_TEST_ACCEPT=1 diffAndAcceptInner test "$TEST_ROOT/got" "$TEST_ROOT/expected" (( "$badDiff" == 1 )) ) -[[ "$(echo Hi! )" == $(< "$TEST_ROOT/expected") ]] +[[ "Hi!" == $(< "$TEST_ROOT/expected") ]] # second time succeeds ( diffAndAcceptInner test "$TEST_ROOT/got" "$TEST_ROOT/expected" From 8a9d9bb0e9f7ac414fbe0972266a38372cb54ac2 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 22 Sep 2025 20:21:07 +0200 Subject: [PATCH 14/14] pre-commit: Remove exclusion for removed file --- maintainers/flake-module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index c531c9297..a54499654 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -108,7 +108,6 @@ # We haven't linted these files yet ''^scripts/install-multi-user\.sh$'' ''^scripts/install-systemd-multi-user\.sh$'' - ''^tests/functional/common/vars-and-functions\.sh$'' ''^tests/functional/completions\.sh$'' ''^tests/functional/compute-levels\.sh$'' ''^tests/functional/config\.sh$''