sanebox: remove extraneous quotes

probably some still remain
2024-05-17 23:01:24 +00:00 · 2024-05-17 23:01:24 +00:00 · bf98da0061
commit bf98da0061
parent 76434b6970
1 changed files with 65 additions and 63 deletions
--- a/pkgs/additional/sanebox/sanebox
+++ b/pkgs/additional/sanebox/sanebox
@ -150,8 +150,8 @@ usage() {
 # if `path` is absolute, returns `path`
 # otherwise, joins `path` onto `$PWD`
 relativeToPwd() {
-  local outvar="$1"
-  local path="$2"
+  local outvar=$1
+  local path=$2
  if [ "${path:0:1}" == "/" ]; then
    declare -g "$outvar"="$path"
  else
@ -169,15 +169,15 @@ relativeToPwd() {
 #   myHead=/top
 #   myTail=
 splitHead() {
-  local outHead="$1"
-  local outTail="$2"
-  local path="$3"
+  local outHead=$1
+  local outTail=$2
+  local path=$3

  # chomp leading `/`
-  path="${path:1}"
-  local leadingComp="${path%%/*}"
-  local compLen="${#leadingComp}"
-  local tail="${path:$compLen}"
+  path=${path:1}
+  local leadingComp=${path%%/*}
+  local compLen=${#leadingComp}
+  local tail=${path:$compLen}

  declare -g "$outHead"="/$leadingComp"
  declare -g "$outTail"="$tail"
@ -189,13 +189,13 @@ splitHead() {
 # chomps trailing slashes.
 # does not resolve symlinks, nor check for existence of any component of the path.
 normPath() {
-  local outVar="$1"
-  local unparsed="$2"
+  local outVar=$1
+  local unparsed=$2
  local comps=()
  while [ -n "$unparsed" ]; do
    splitHead _npThisComp _npUnparsed "$unparsed"
-    unparsed="$_npUnparsed"
-    local thisComp="$_npThisComp"
+    unparsed=$_npUnparsed
+    local thisComp=$_npThisComp

    if [ "$thisComp" = "/.." ]; then
      # "go up" path component => delete the leaf dir (if any)
@ -214,7 +214,7 @@ normPath() {
  else
    local joined=
    for comp in "${comps[@]}"; do
-      joined="$joined$comp"
+      joined=$joined$comp
    done
    declare -g "$outVar"="$joined"
  fi
@ -258,21 +258,22 @@ locate() {
 # `urldecode outVar <uri>`
 # convert e.g. `file:///Local%20Users/foo.mp3` to `file:///Local Users/foo.mp3`
 urldecode() {
-  local outVar="$1"
+  local outVar=$1
  shift

  # source: <https://stackoverflow.com/q/6250698>
  # replace each `+` with space
-  local i="${*//+/ }"
+  local i=${*//+/ }
  # then replace each `%` with `\x`
  # and have `echo` evaluate the escape sequences
-  declare -g "$outVar"="$(echo -e "${i//%/\\x}")"
+  local decoded=$(echo -e "${i//%/\\x}")
+  declare -g "$outVar"="$decoded"
 }

 # `contains needle ${haystack[0]} ${haystack[1]} ...`
 # evals `true` if the first argument is equal to any of the other args
 contains() {
-  local needle="$1"
+  local needle=$1
  shift
  for item in "$@"; do
    if [ "$needle" = "$item" ]; then
@ -287,21 +288,21 @@ contains() {
 # unlink `derefOnce`, this only acts if the leaf of `path` is a symlink,
 # not if it's an ordinary entry within a symlinked directory.
 readlinkOnce() {
-  local outVar="$1"
-  local path="$2"
+  local outVar=$1
+  local path=$2
  local linkTarget=
-  if [ -v linkCache["$path"] ]; then
-    linkTarget="${linkCache["$path"]}"
+  if [ -v linkCache[$path] ]; then
+    linkTarget=${linkCache["$path"]}
  elif [ -L "$path" ]; then
    # path is a link, but not in the cache
-    linkTarget="$(readlink "$path")"
+    linkTarget=$(readlink "$path")
    # insert it into the cache, in case we traverse it again
-    linkCache["$path"]="$linkTarget"
+    linkCache[$path]=$linkTarget
  else
    # remember for later that this path doesn't represent a link.
    # empty target is used to indicate a non-symlink (i.e. ordinary file/directory).
    #   i think a symlink can *technically* point to "" (via `symlink` syscall), but `ln -s` doesn't allow it
-    linkCache["$path"]=
+    linkCache[$path]=
  fi
  declare -g "$outVar"="$linkTarget"
 }
@ -311,20 +312,20 @@ readlinkOnce() {
 # the dereferenced path may yet contain more unresolved symlinks.
 # if no links are encountered, then `outVar` is set empty.
 derefOnce() {
-  local outVar="$1"
-  local source="$2"
+  local outVar=$1
+  local source=$2
  local target=

  local walked=
-  local unwalked="$source"
+  local unwalked=$source
  while [ -n "$unwalked" ]; do
    splitHead _head _unwalked "$unwalked"
-    unwalked="$_unwalked"
-    walked="$walked$_head"
+    unwalked=$_unwalked
+    walked=$walked$_head

    readlinkOnce _linkTarget "$walked"
    if [ -n "$_linkTarget" ]; then
-      target="$_linkTarget$unwalked"
+      target=$_linkTarget$unwalked
      break
    fi
  done
@ -334,11 +335,11 @@ derefOnce() {
    if [ "${target:0:1}" != "/" ]; then
      # `walked` is a relative link.
      # then, the link is relative to the parent directory of `walked`
-      target="$walked/../$target"
+      target=$walked/../$target
    fi
    # canonicalize
    normPath _normTarget "$target"
-    target="$_normTarget"
+    target=$_normTarget
  fi
  declare -g "$outVar"="$target"
 }
@ -350,8 +351,8 @@ derefOnce() {
 # adds an entry to `paths` and evals `true` on success;
 # evals `false` if the path couldn't be added, for any reason.
 tryPath() {
-  local path="$1"
-  local how="$2"
+  local path=$1
+  local how=$2

  if [ "$how" = "existing" ]; then
    # the caller wants to access either a file, or a directory (possibly a symlink to such a thing)
@ -386,24 +387,24 @@ tryPath() {
 # this function ingests absolute, relative, or file:///-type URIs.
 # but it converts any such path into an absolute path before adding it to paths.
 tryArgAsPath() {
-  local arg="$1"
-  local how="$2"
+  local arg=$1
+  local how=$2
  path=
  if [ "${arg:0:1}" = "/" ]; then
    # absolute path
-    path="$arg"
+    path=$arg
  elif [ "${arg:0:8}" = "file:///" ]; then
    # URI to an absolute path which is presumably on this vfs
    # commonly found when xdg-open/mimeo passes a path on to an application
    # if URIs to relative paths exist, this implementation doesn't support them
    urldecode _path "${arg:7}"
-    path="$_path"
+    path=$_path
  elif [ "${path:0:1}" = "-" ]; then
    # 99% chance it's a CLI argument. if not, use `./-<...>`
    return
  else
    # assume relative path
-    _path="$PWD/$arg"
+    _path=$PWD/$arg
  fi

  tryPath "$path" "$how"
@ -416,7 +417,7 @@ tryArgAsPath() {
 parseArgsExtra=()
 parseArgs() {
  while [ "$#" -ne 0 ]; do
-    local arg="$1"
+    local arg=$1
    shift
    case "$arg" in
      (--)
@ -456,7 +457,7 @@ parseArgs() {
        isDryRun=1
        ;;
      (--sanebox-method)
-        method="$1"
+        method=$1
        shift
        ;;
      (--sanebox-autodetect)
@ -464,11 +465,11 @@ parseArgs() {
        # this is handy for e.g. media players or document viewers.
        # it's best combined with some two-tiered thing.
        #   e.g. first drop to the broadest path set of interest (Music,Videos,tmp, ...), then drop via autodetect.
-        autodetect="$1"
+        autodetect=$1
        shift
        ;;
      (--sanebox-cap)
-        local cap="$1"
+        local cap=$1
        shift
        capabilities+=("$cap")
        ;;
@ -485,27 +486,28 @@ parseArgs() {
        ;;
      (--sanebox-dns)
        # N.B.: these named temporary variables ensure that "set -x" causes $1 to be printed
-        local dns="$1"
+        local dns=$1
        shift
        dns+=("$dns")
        ;;
      (--sanebox-firejail-arg)
-        local fjFlag="$1"
+        local fjFlag=$1
        shift
        firejailFlags+=("$fjFlag")
        ;;
      (--sanebox-bwrap-arg)
-        local bwrapFlag="$1"
+        local bwrapFlag=$1
        shift
        bwrapFlags+=("$bwrapFlag")
        ;;
      (--sanebox-net)
-        net="$1"
+        net=$1
        shift
        ;;
      (--sanebox-keep-namespace)
-        local namespace="$1"
+        local namespace=$1
        shift
+        # TODO: should this include `net` namespace??
        if [ "$namespace" = all ]; then
          keepNamespace+=("cgroup" "ipc" "pid" "uts")
        else
@ -513,18 +515,18 @@ parseArgs() {
        fi
        ;;
      (--sanebox-path)
-        local path="$1"
+        local path=$1
        shift
        relativeToPwd _absPath "$path"
        paths+=("$_absPath")
        ;;
      (--sanebox-home-path)
-        local path="$1"
+        local path=$1
        shift
        paths+=("$HOME/$path")
        ;;
      (--sanebox-run-path)
-        local path="$1"
+        local path=$1
        shift
        paths+=("$XDG_RUNTIME_DIR/$path")
        ;;
@ -701,9 +703,9 @@ landlockIngestPath() {
    # sandboxer will error if that part fails.
    if [ -z "$landlockPaths" ]; then
      # avoid leading :, which would otherwise cause a "no such file" error.
-      landlockPaths="$1"
+      landlockPaths=$1
    else
-      landlockPaths="$landlockPaths:$1"
+      landlockPaths=$landlockPaths:$1
    fi
  fi
 }
@ -760,9 +762,9 @@ capshonlyIngestCapability() {
  # therefore, only grant it those capabilities i know will succeed.
  if capsh "--has-p=cap_$1" 2>/dev/null; then
    if [ -z "$capshCapsArg" ]; then
-      capshCapsArg="cap_$1=eip"
+      capshCapsArg=cap_$1=eip
    else
-      capshCapsArg="cap_$1,$capshCapsArg"
+      capshCapsArg=cap_$1,$capshCapsArg
    fi
  else
    debug "capsh: don't have capability $1"
@ -806,9 +808,9 @@ loadLinkCache() {
  readarray -t _linkCacheArray < /etc/sanebox/symlink-cache
  for link in "${_linkCacheArray[@]}"; do
    # XXX: bash doesn't give a good way to escape the tab character, but that's what we're splitting on here.
-    local from="${link%%	*}"
-    local to="${link##*	}"
-    linkCache["$from"]="$to"
+    local from=${link%%	*}
+    local to=${link##*	}
+    linkCache[$from]=$to
  done
 }

@ -929,10 +931,10 @@ parseArgsAndEnvironment "$@"
 # N.B.: SANEBOX_DEBUG FREQUENTLY BREAKS APPLICATIONS WHICH PARSE STDOUT
 # example is wireshark parsing stdout of dumpcap;
 # in such a case invoke the app with --sanebox-debug instead of the env var.
-export SANEBOX_DEBUG="$SANEBOX_DEBUG"
-export SANEBOX_DISABLE="$SANEBOX_DISABLE"
-export SANEBOX_PREPEND="$SANEBOX_PREPEND"
-export SANEBOX_APPEND="$SANEBOX_APPEND"
+export SANEBOX_DEBUG=$SANEBOX_DEBUG
+export SANEBOX_DISABLE=$SANEBOX_DISABLE
+export SANEBOX_PREPEND=$SANEBOX_PREPEND
+export SANEBOX_APPEND=$SANEBOX_APPEND

 if [ -z "$isDisable" ]; then
  loadLinkCache