Merge pull request #4406 from acmesh-official/dev

sync

.github/workflows/shellcheck.yml

@@ -22,16 +22,16 @@ jobs:
   ShellCheck:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Install Shellcheck
       run: sudo apt-get install -y shellcheck
     - name: DoShellcheck
-      run: shellcheck -V  && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
+      run: shellcheck -V  && shellcheck -e SC2181 -e SC2089 **/*.sh && echo "shellcheck OK"
 
   shfmt:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Install shfmt
       run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
     - name: shfmt

deploy/gitlab.sh

@@ -67,7 +67,7 @@ gitlab_deploy() {
 
   error_response="error"
 
-  if test "${_response#*$error_response}" != "$_response"; then
+  if test "${_response#*"$error_response"}" != "$_response"; then
     _err "Error in deploying certificate:"
     _err "$_response"
     return 1

dnsapi/dns_dynv6.sh

@@ -94,8 +94,8 @@ _get_domain() {
   _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')"
   for l in $_your_hosts; do
     #echo "host: $l"
-    if test "${_full_domain#*$l}" != "$_full_domain"; then
-      _record="${_full_domain%.$l}"
+    if test "${_full_domain#*"$l"}" != "$_full_domain"; then
+      _record=${_full_domain%."$l"}
       _host=$l
       _debug "The host is $_host and the record $_record"
       return 0
@@ -143,7 +143,7 @@ _dns_dynv6_add_http() {
     return 1
   fi
   _get_zone_name "$_zone_id"
-  record="${fulldomain%%.$_zone_name}"
+  record=${fulldomain%%."$_zone_name"}
   _set_record TXT "$record" "$txtvalue"
   if _contains "$response" "$txtvalue"; then
     _info "Successfully added record"
@@ -161,7 +161,7 @@ _dns_dynv6_rm_http() {
     return 1
   fi
   _get_zone_name "$_zone_id"
-  record="${fulldomain%%.$_zone_name}"
+  record=${fulldomain%%."$_zone_name"}
   _get_record_id "$_zone_id" "$record" "$txtvalue"
   _del_record "$_zone_id" "$_record_id"
   if [ -z "$response" ]; then

dnsapi/dns_edgedns.sh

@@ -418,7 +418,7 @@ _edgedns_make_data_to_sign() {
   _secure_debug2 "hdr" "$hdr"
   _edgedns_make_content_hash
   path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')"
-  path="${path#*$AKAMAI_HOST}"
+  path=${path#*"$AKAMAI_HOST"}
   _debug "hier path" "$path"
   # dont expose headers to sign so use MT string
   _mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")"

dnsapi/dns_infomaniak.sh

@@ -76,7 +76,7 @@ dns_infomaniak_add() {
   domain_id=${zone_and_id#* }
 
   # extract first part of domain
-  key=${fulldomain%.$zone}
+  key=${fulldomain%."$zone"}
 
   _debug "zone:$zone id:$domain_id key:$key"
 
@@ -149,7 +149,7 @@ dns_infomaniak_rm() {
   domain_id=${zone_and_id#* }
 
   # extract first part of domain
-  key=${fulldomain%.$zone}
+  key=${fulldomain%."$zone"}
 
   _debug "zone:$zone id:$domain_id key:$key"
 

dnsapi/dns_oci.sh

@@ -265,6 +265,7 @@ _signed_request() {
     _response="$(_get "https://${_sig_host}${_sig_target}")"
   elif [ "$_curl_method" = "PATCH" ]; then
     export _H1="$_date_header"
+    # shellcheck disable=SC2090
     export _H2="$_sig_body_sha256"
     export _H3="$_sig_body_type"
     export _H4="$_sig_body_length"

dnsapi/dns_servercow.sh

@@ -53,7 +53,7 @@ dns_servercow_add() {
   if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then
     _info "A txt record with the same name already exists."
     # trim the string on the left
-    txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"}
+    txtvalue_old=${response#*{\"name\":\""$_sub_domain"\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"}
     # trim the string on the right
     txtvalue_old=${txtvalue_old%%\"*}
 

dnsapi/dns_vultr.sh

@@ -139,7 +139,7 @@ _vultr_rest() {
   data="$3"
   _debug "$ep"
 
-  api_key_trimmed=$(echo $VULTR_API_KEY | tr -d '"')
+  api_key_trimmed=$(echo "$VULTR_API_KEY" | tr -d '"')
 
   export _H1="Authorization: Bearer $api_key_trimmed"
   export _H2='Content-Type: application/json'