hack: quote all parameters with variable interpolation

better safe then sorry. especially for rm

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>

hack/dind

@@ -60,7 +60,7 @@ for HIER in $(cut -d: -f2 /proc/1/cgroup); do
 
 	mkdir -p "$CGROUP/$HIER"
 
-	if ! mountpoint -q $CGROUP/$HIER; then
+	if ! mountpoint -q "$CGROUP/$HIER"; then
 		mount -n -t cgroup -o "$OHIER" cgroup "$CGROUP/$HIER"
 	fi
 

hack/make.sh

@@ -252,7 +252,7 @@ bundle() {
 	bundlescript=$1
 	bundle=$(basename $bundlescript)
 	echo "---> Making bundle: $bundle (in bundles/$VERSION/$bundle)"
-	mkdir -p bundles/$VERSION/$bundle
+	mkdir -p "bundles/$VERSION/$bundle"
 	source "$bundlescript" "$(pwd)/bundles/$VERSION/$bundle"
 }
 
@@ -262,13 +262,13 @@ main() {
 	mkdir -p bundles
 	if [ -e "bundles/$VERSION" ]; then
 		echo "bundles/$VERSION already exists. Removing."
-		rm -fr bundles/$VERSION && mkdir bundles/$VERSION || exit 1
+		rm -fr "bundles/$VERSION" && mkdir "bundles/$VERSION" || exit 1
 		echo
 	fi
 
 	if [ "$(go env GOHOSTOS)" != 'windows' ]; then
 		# Windows and symlinks don't get along well
-		ln -sfT $VERSION bundles/latest
+		ln -sfT "$VERSION" bundles/latest
 	fi
 
 	if [ $# -lt 1 ]; then
@@ -277,7 +277,7 @@ main() {
 		bundles=($@)
 	fi
 	for bundle in ${bundles[@]}; do
-		bundle $SCRIPTDIR/make/$bundle
+		bundle "$SCRIPTDIR/make/$bundle"
 		echo
 	done
 }

hack/make/.dockerinit

@@ -30,4 +30,4 @@ else
 fi
 
 # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
-export DOCKER_INITSHA1="$($sha1sum $DEST/dockerinit-$VERSION | cut -d' ' -f1)"
+export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)

hack/make/.dockerinit-gccgo

@@ -27,4 +27,4 @@ else
 fi
 
 # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
-export DOCKER_INITSHA1="$($sha1sum $DEST/dockerinit-$VERSION | cut -d' ' -f1)"
+export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)

hack/make/.integration-daemon-stop

@@ -2,8 +2,8 @@
 
 for pidFile in $(find "$DEST" -name docker.pid); do
 	pid=$(set -x; cat "$pidFile")
-	( set -x; kill $pid )
-	if ! wait $pid; then
+	( set -x; kill "$pid" )
+	if ! wait "$pid"; then
 		echo >&2 "warning: PID $pid from $pidFile had a nonzero exit code"
 	fi
 done

hack/make/test-integration

@@ -22,4 +22,4 @@ bundle_test_integration() {
 # spews when it is given packages that aren't used
 bundle_test_integration 2>&1 \
 	| grep --line-buffered -v '^warning: no packages being tested depend on ' \
-	| tee -a $DEST/test.log
+	| tee -a "$DEST/test.log"

hack/make/test-unit

@@ -85,4 +85,4 @@ go_run_test_dir() {
 	fi
 }
 
-bundle_test_unit 2>&1 | tee -a $DEST/test.log
+bundle_test_unit 2>&1 | tee -a "$DEST/test.log"

hack/make/ubuntu

@@ -40,26 +40,26 @@ bundle_ubuntu() {
 	DIR=$DEST/build
 
 	# Include our udev rules
-	mkdir -p $DIR/etc/udev/rules.d
-	cp contrib/udev/80-docker.rules $DIR/etc/udev/rules.d/
+	mkdir -p "$DIR/etc/udev/rules.d"
+	cp contrib/udev/80-docker.rules "$DIR/etc/udev/rules.d/"
 
 	# Include our init scripts
-	mkdir -p $DIR/etc/init
-	cp contrib/init/upstart/docker.conf $DIR/etc/init/
-	mkdir -p $DIR/etc/init.d
-	cp contrib/init/sysvinit-debian/docker $DIR/etc/init.d/
-	mkdir -p $DIR/etc/default
-	cp contrib/init/sysvinit-debian/docker.default $DIR/etc/default/docker
-	mkdir -p $DIR/lib/systemd/system
-	cp contrib/init/systemd/docker.{service,socket} $DIR/lib/systemd/system/
+	mkdir -p "$DIR/etc/init"
+	cp contrib/init/upstart/docker.conf "$DIR/etc/init/"
+	mkdir -p "$DIR/etc/init.d"
+	cp contrib/init/sysvinit-debian/docker "$DIR/etc/init.d/"
+	mkdir -p "$DIR/etc/default"
+	cp contrib/init/sysvinit-debian/docker.default "$DIR/etc/default/docker"
+	mkdir -p "$DIR/lib/systemd/system"
+	cp contrib/init/systemd/docker.{service,socket} "$DIR/lib/systemd/system/"
 
 	# Include contributed completions
-	mkdir -p $DIR/etc/bash_completion.d
-	cp contrib/completion/bash/docker $DIR/etc/bash_completion.d/
-	mkdir -p $DIR/usr/share/zsh/vendor-completions
-	cp contrib/completion/zsh/_docker $DIR/usr/share/zsh/vendor-completions/
-	mkdir -p $DIR/etc/fish/completions
-	cp contrib/completion/fish/docker.fish $DIR/etc/fish/completions/
+	mkdir -p "$DIR/etc/bash_completion.d"
+	cp contrib/completion/bash/docker "$DIR/etc/bash_completion.d/"
+	mkdir -p "$DIR/usr/share/zsh/vendor-completions"
+	cp contrib/completion/zsh/_docker "$DIR/usr/share/zsh/vendor-completions/"
+	mkdir -p "$DIR/etc/fish/completions"
+	cp contrib/completion/fish/docker.fish "$DIR/etc/fish/completions/"
 
 	# Include contributed man pages
 	docs/man/md2man-all.sh -q
@@ -76,11 +76,11 @@ bundle_ubuntu() {
 
 	# Copy the binary
 	# This will fail if the binary bundle hasn't been built
-	mkdir -p $DIR/usr/bin
-	cp $DEST/../binary/docker-$VERSION $DIR/usr/bin/docker
+	mkdir -p "$DIR/usr/bin"
+	cp "$DEST/../binary/docker-$VERSION" "$DIR/usr/bin/docker"
 
 	# Generate postinst/prerm/postrm scripts
-	cat > $DEST/postinst <<'EOF'
+	cat > "$DEST/postinst" <<'EOF'
 #!/bin/sh
 set -e
 set -u
@@ -104,7 +104,7 @@ service docker $_dh_action 2>/dev/null || true
 
 #DEBHELPER#
 EOF
-	cat > $DEST/prerm <<'EOF'
+	cat > "$DEST/prerm" <<'EOF'
 #!/bin/sh
 set -e
 set -u
@@ -113,7 +113,7 @@ service docker stop 2>/dev/null || true
 
 #DEBHELPER#
 EOF
-	cat > $DEST/postrm <<'EOF'
+	cat > "$DEST/postrm" <<'EOF'
 #!/bin/sh
 set -e
 set -u
@@ -131,18 +131,18 @@ fi
 #DEBHELPER#
 EOF
 	# TODO swaths of these were borrowed from debhelper's auto-inserted stuff, because we're still using fpm - we need to use debhelper instead, and somehow reconcile Ubuntu that way
-	chmod +x $DEST/postinst $DEST/prerm $DEST/postrm
+	chmod +x "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"
 
 	(
 		# switch directories so we create *.deb in the right folder
-		cd $DEST
+		cd "$DEST"
 
 		# create lxc-docker-VERSION package
-		fpm -s dir -C $DIR \
-			--name lxc-docker-$VERSION --version "$PKGVERSION" \
-			--after-install $DEST/postinst \
-			--before-remove $DEST/prerm \
-			--after-remove $DEST/postrm \
+		fpm -s dir -C "$DIR" \
+			--name "lxc-docker-$VERSION" --version "$PKGVERSION" \
+			--after-install "$DEST/postinst" \
+			--before-remove "$DEST/prerm" \
+			--after-remove "$DEST/postrm" \
 			--architecture "$PACKAGE_ARCHITECTURE" \
 			--prefix / \
 			--depends iptables \
@@ -184,8 +184,8 @@ EOF
 	)
 
 	# clean up after ourselves so we have a clean output directory
-	rm $DEST/postinst $DEST/prerm $DEST/postrm
-	rm -r $DIR
+	rm "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"
+	rm -r "$DIR"
 }
 
 bundle_ubuntu

hack/release.sh

@@ -71,23 +71,23 @@ BUCKET=$AWS_S3_BUCKET
 
 setup_s3() {
 	# Try creating the bucket. Ignore errors (it might already exist).
-	s3cmd mb s3://$BUCKET 2>/dev/null || true
+	s3cmd mb "s3://$BUCKET" 2>/dev/null || true
 	# Check access to the bucket.
 	# s3cmd has no useful exit status, so we cannot check that.
 	# Instead, we check if it outputs anything on standard output.
 	# (When there are problems, it uses standard error instead.)
-	s3cmd info s3://$BUCKET | grep -q .
+	s3cmd info "s3://$BUCKET" | grep -q .
 	# Make the bucket accessible through website endpoints.
-	s3cmd ws-create --ws-index index --ws-error error s3://$BUCKET
+	s3cmd ws-create --ws-index index --ws-error error "s3://$BUCKET"
 }
 
 # write_to_s3 uploads the contents of standard input to the specified S3 url.
 write_to_s3() {
 	DEST=$1
 	F=`mktemp`
-	cat > $F
-	s3cmd --acl-public --mime-type='text/plain' put $F $DEST
-	rm -f $F
+	cat > "$F"
+	s3cmd --acl-public --mime-type='text/plain' put "$F" "$DEST"
+	rm -f "$F"
 }
 
 s3_url() {
@@ -246,20 +246,20 @@ release_build() {
 # 1. A full APT repository is published at $BUCKET/ubuntu/
 # 2. Instructions for using the APT repository are uploaded at $BUCKET/ubuntu/index
 release_ubuntu() {
-	[ -e bundles/$VERSION/ubuntu ] || {
+	[ -e "bundles/$VERSION/ubuntu" ] || {
 		echo >&2 './hack/make.sh must be run before release_ubuntu'
 		exit 1
 	}
 
 	# Sign our packages
 	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k releasedocker \
-		--sign builder bundles/$VERSION/ubuntu/*.deb
+		--sign builder "bundles/$VERSION/ubuntu/"*.deb
 
 	# Setup the APT repo
 	APTDIR=bundles/$VERSION/ubuntu/apt
-	mkdir -p $APTDIR/conf $APTDIR/db
-	s3cmd sync s3://$BUCKET/ubuntu/db/ $APTDIR/db/ || true
-	cat > $APTDIR/conf/distributions <<EOF
+	mkdir -p "$APTDIR/conf" "$APTDIR/db"
+	s3cmd sync "s3://$BUCKET/ubuntu/db/" "$APTDIR/db/" || true
+	cat > "$APTDIR/conf/distributions" <<EOF
 Codename: docker
 Components: main
 Architectures: amd64 i386
@@ -267,19 +267,19 @@ EOF
 
 	# Add the DEB package to the APT repo
 	DEBFILE=bundles/$VERSION/ubuntu/lxc-docker*.deb
-	reprepro -b $APTDIR includedeb docker $DEBFILE
+	reprepro -b "$APTDIR" includedeb docker "$DEBFILE"
 
 	# Sign
 	for F in $(find $APTDIR -name Release); do
-		gpg -u releasedocker --passphrase $GPG_PASSPHRASE \
+		gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \
 			--armor --sign --detach-sign \
-			--output $F.gpg $F
+			--output "$F.gpg" "$F"
 	done
 
 	# Upload keys
-	s3cmd sync $HOME/.gnupg/ s3://$BUCKET/ubuntu/.gnupg/
-	gpg --armor --export releasedocker > bundles/$VERSION/ubuntu/gpg
-	s3cmd --acl-public put bundles/$VERSION/ubuntu/gpg s3://$BUCKET/gpg
+	s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"
+	gpg --armor --export releasedocker > "bundles/$VERSION/ubuntu/gpg"
+	s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"
 
 	local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9
 	if [[ $BUCKET == test* ]]; then
@@ -287,7 +287,7 @@ EOF
 	fi
 
 	# Upload repo
-	s3cmd --acl-public sync $APTDIR/ s3://$BUCKET/ubuntu/
+	s3cmd --acl-public sync "$APTDIR/" "s3://$BUCKET/ubuntu/"
 	cat <<EOF | write_to_s3 s3://$BUCKET/ubuntu/index
 # Check that HTTPS transport is available to APT
 if [ ! -e /usr/lib/apt/methods/https ]; then
@@ -312,14 +312,14 @@ EOF
 
 	# Add redirect at /ubuntu/info for URL-backwards-compatibility
 	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
-	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile s3://$BUCKET/ubuntu/info
+	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/ubuntu/info"
 
 	echo "APT repository uploaded. Instructions available at $(s3_url)/ubuntu"
 }
 
 # Upload binaries and tgz files to S3
 release_binaries() {
-	[ -e bundles/$VERSION/cross/linux/amd64/docker-$VERSION ] || {
+	[ -e "bundles/$VERSION/cross/linux/amd64/docker-$VERSION" ] || {
 		echo >&2 './hack/make.sh must be run before release_binaries'
 		exit 1
 	}
@@ -341,29 +341,29 @@ EOF
 
 	# Add redirect at /builds/info for URL-backwards-compatibility
 	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
-	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile s3://$BUCKET/builds/info
+	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/builds/info"
 
 	if [ -z "$NOLATEST" ]; then
 		echo "Advertising $VERSION on $BUCKET as most recent version"
-		echo $VERSION | write_to_s3 s3://$BUCKET/latest
+		echo "$VERSION" | write_to_s3 "s3://$BUCKET/latest"
 	fi
 }
 
 # Upload the index script
 release_index() {
-	sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 s3://$BUCKET/index
+	sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 "s3://$BUCKET/index"
 }
 
 release_test() {
 	if [ -e "bundles/$VERSION/test" ]; then
-		s3cmd --acl-public sync bundles/$VERSION/test/ s3://$BUCKET/test/
+		s3cmd --acl-public sync "bundles/$VERSION/test/" "s3://$BUCKET/test/"
 	fi
 }
 
 setup_gpg() {
 	# Make sure that we have our keys
-	mkdir -p $HOME/.gnupg/
-	s3cmd sync s3://$BUCKET/ubuntu/.gnupg/ $HOME/.gnupg/ || true
+	mkdir -p "$HOME/.gnupg/"
+	s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" || true
 	gpg --list-keys releasedocker >/dev/null || {
 		gpg --gen-key --batch <<EOF
 Key-Type: RSA