Shell Check fixes

install/production-filesystem/build/init-cron.sh

@@ -1,5 +1,5 @@
-
 #!/bin/bash
+
 echo "Initializing cron..."
  # Placeholder for cron initialization commands
 echo "cron initialized."

install/production-filesystem/build/init-nginx.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 echo "Initializing nginx..."
-install -d -o netalertx -g netalertx -m 700 ${SYSTEM_SERVICES_RUN_TMP}/client_body;
+install -d -o netalertx -g netalertx -m 700 "${SYSTEM_SERVICES_RUN_TMP}/client_body";
 echo "nginx initialized."

install/production-filesystem/entrypoint.d/0-storage-permission.sh

@@ -52,11 +52,11 @@ EOF
     >&2 printf "%s" "${RESET}"
 
     # Set ownership to netalertx user for all read-write paths
-    chown -R netalertx ${READ_WRITE_PATHS} 2>/dev/null || true
+    chown -R netalertx "${READ_WRITE_PATHS}" 2>/dev/null || true
 
     # Set directory and file permissions for all read-write paths
-    find ${READ_WRITE_PATHS} -type d -exec chmod u+rwx {} \;
-    find ${READ_WRITE_PATHS} -type f -exec chmod u+rw {} \;
+    find "${READ_WRITE_PATHS}" -type d -exec chmod u+rwx {} \;
+    find "${READ_WRITE_PATHS}" -type f -exec chmod u+rw {} \;
     echo Permissions fixed for read-write paths. Please restart the container as user 20211.
     sleep infinity & wait $!
 fi

install/production-filesystem/entrypoint.d/01-data-migration.sh

@@ -16,11 +16,11 @@ LEGACY_DB=/app/db
 MARKER_NAME=.migration
 
 is_mounted() {
-    local path="$1"
-    if [ ! -d "${path}" ]; then
+    my_path="$1"
+    if [ ! -d "${my_path}" ]; then
         return 1
     fi
-    mountpoint -q "${path}" 2>/dev/null
+    mountpoint -q "${my_path}" 2>/dev/null
 }
 
 warn_unmount_legacy() {

install/production-filesystem/entrypoint.d/15-first-run-config.sh

@@ -2,7 +2,7 @@
 # first-run-check.sh - Checks and initializes configuration files on first run
 
 # Check for app.conf and deploy if required
-if [ ! -f ${NETALERTX_CONFIG}/app.conf ]; then
+if [ ! -f "${NETALERTX_CONFIG}/app.conf" ]; then
     mkdir -p "${NETALERTX_CONFIG}" || {
         >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}"
         exit 1

install/production-filesystem/entrypoint.d/20-first-run-db.sh

@@ -441,7 +441,9 @@ CREATE TRIGGER "trg_delete_devices"
             END;
 end-of-database-schema
 
-if [ $? -ne 0 ]; then
+database_creation_status=$?
+
+if [ $database_creation_status -ne 0 ]; then
   RED=$(printf '\033[1;31m')
   RESET=$(printf '\033[0m')
   >&2 printf "%s" "${RED}"

install/production-filesystem/entrypoint.sh

@@ -50,7 +50,7 @@ fi
 RED='\033[1;31m'
 GREY='\033[90m'
 RESET='\033[0m'
-printf "${RED}"
+printf "%s" "${RED}"
 echo '
  _   _      _    ___  _           _  __   __
 | \ | |    | |  / _ \| |         | | \ \ / /
@@ -60,7 +60,7 @@ echo '
 \_| \_/\___|\__\_| |_/_|\___|_|   \__\/   \/
 '
 
-printf "\033[0m"
+printf "%s" "${RESET}"
 echo '   Network intruder and presence detector. 
    https://netalertx.com
 
@@ -69,7 +69,7 @@ set -u
 
 FAILED_STATUS=""
 echo "Startup pre-checks"
-for script in ${ENTRYPOINT_CHECKS}/*; do
+for script in "${ENTRYPOINT_CHECKS}"/*; do
     if [ -n "${SKIP_TESTS:-}" ]; then
         echo "Skipping startup checks as SKIP_TESTS is set."
         break
@@ -77,7 +77,7 @@ for script in ${ENTRYPOINT_CHECKS}/*; do
     script_name=$(basename "$script" | sed 's/^[0-9]*-//;s/\.(sh|py)$//;s/-/ /g')
     echo "--> ${script_name} "
 	if [ -n "${SKIP_STARTUP_CHECKS:-}" ] && echo "${SKIP_STARTUP_CHECKS}" | grep -q "\b${script_name}\b"; then
-		printf "${GREY}skip${RESET}\n"
+    printf "%sskip%s\n" "${GREY}" "${RESET}"
 		continue
 	fi
 
@@ -134,7 +134,7 @@ fi
 
 # Update vendor data (MAC address OUI database) in the background
 # This happens concurrently with service startup to avoid blocking container readiness
-bash ${SYSTEM_SERVICES_SCRIPTS}/update_vendors.sh &
+bash "${SYSTEM_SERVICES_SCRIPTS}/update_vendors.sh" &
 
 
 

install/production-filesystem/services/start-backend.sh

@@ -3,7 +3,7 @@
 cd "${NETALERTX_APP}" || exit 1
 max_attempts=50  # 10 seconds total (50 * 0.2s)
 attempt=0
-while ps ax | grep -v grep | grep -q python3 && [ $attempt -lt $max_attempts ]; do
+while pgrep -x python3 >/dev/null && [ $attempt -lt $max_attempts ]; do
 	killall -TERM python3 &>/dev/null
 	sleep 0.2
 	((attempt++))
@@ -12,4 +12,5 @@ done
 killall -KILL python3 &>/dev/null
 
 echo "Starting python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > ${NETALERTX_LOG}/stdout.log 2> >(tee ${NETALERTX_LOG}/stderr.log >&2)"
-exec python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > ${NETALERTX_LOG}/stdout.log 2> >(tee ${NETALERTX_LOG}/stderr.log >&2)
+read -ra EXTRA_PARAMS < <(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null)
+exec python3 "${EXTRA_PARAMS[@]}" -m server > "${NETALERTX_LOG}/stdout.log" 2> >(tee "${NETALERTX_LOG}/stderr.log" >&2)

install/production-filesystem/services/start-cron.sh

@@ -4,18 +4,22 @@ set -euo pipefail
 
 crond_pid=""
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 cleanup() {
 	status=$?
 	echo "Supercronic stopped! (exit ${status})"
 }
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 forward_signal() {
 	if [[ -n "${crond_pid}" ]]; then
 		kill -TERM "${crond_pid}" 2>/dev/null || true
 	fi
 }
 
-while ps ax | grep -v -e grep -e '.sh' | grep crond >/dev/null 2>&1; do
+while pgrep -x crond >/dev/null 2>&1; do
 	killall crond &>/dev/null
 	sleep 0.2
 done

install/production-filesystem/services/start-nginx.sh

@@ -11,11 +11,15 @@ mkdir -p "${LOG_DIR}" "${RUN_DIR}" "${TMP_DIR}"
 
 nginx_pid=""
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 cleanup() {
 	status=$?
 	echo "nginx stopped! (exit ${status})"
 }
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 forward_signal() {
 	if [[ -n "${nginx_pid}" ]]; then
 		kill -TERM "${nginx_pid}" 2>/dev/null || true
@@ -24,12 +28,15 @@ forward_signal() {
 
 
 # When in devcontainer we must kill any existing nginx processes
-while ps ax | grep -v -e "grep" -e "nginx.sh" | grep nginx >/dev/null 2>&1; do
+while pgrep -x nginx >/dev/null 2>&1; do
 	killall nginx &>/dev/null || true
 	sleep 0.2
 done
 
 TEMP_CONFIG_FILE=$(mktemp "${TMP_DIR}/netalertx.conf.XXXXXX")
+
+# Shell check doesn't recognize envsubst variables
+# shellcheck disable=SC2016
 if envsubst '${LISTEN_ADDR} ${PORT}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then
 	mv "${TEMP_CONFIG_FILE}" "${SYSTEM_SERVICES_ACTIVE_CONFIG_FILE}"
 else

install/production-filesystem/services/start-php-fpm.sh

@@ -3,18 +3,22 @@ set -euo pipefail
 
 php_fpm_pid=""
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 cleanup() {
 	status=$?
 	echo "php-fpm stopped! (exit ${status})"
 }
 
+# Called externally, but shellcheck does not see that and claims it is unused.
+# shellcheck disable=SC2329,SC2317
 forward_signal() {
 	if [[ -n "${php_fpm_pid}" ]]; then
 		kill -TERM "${php_fpm_pid}" 2>/dev/null || true
 	fi
 }
 
-while ps ax | grep -v grep | grep php-fpm83 >/dev/null; do
+while pgrep -x php-fpm83 >/dev/null; do
 	killall php-fpm83 &>/dev/null
 	sleep 0.2
 done
@@ -27,5 +31,6 @@ echo "Starting /usr/sbin/php-fpm83 -y \"${PHP_FPM_CONFIG_FILE}\" -F >>\"${LOG_AP
 php_fpm_pid=$!
 
 wait "${php_fpm_pid}"
+exit_status=$?
 echo -ne " done"
-exit $?
+exit $exit_status