Add shellcheck to the CI

Updates our scripts to pass. Achieves POSIX compliance for
`increase_default_stack_size.sh` via replacing `hexdump` with `od` and `tr`.
Replaces the non-POSIX `dd status=none` with the POSIX `dd 2> /dev/null`.

Author: kayabaNerve

.github/workflows/lint.yml

@@ -201,3 +201,14 @@ jobs:
           cp processor/ethereum/erc20/contracts/IERC20.sol processor/ethereum/router/contracts/
           cd processor/ethereum/router/contracts
           slither Router.sol
+
+    shellcheck:
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
+        - name: shellcheck
+          run: |
+            sudo apt install shellcheck
+            find . -iname "*.sh" | while read -r script; do
+              shellcheck --enable=all --shell=sh --severity=info $script
+            done

orchestration/dev/networks/bitcoin/run.sh

@@ -1,9 +1,10 @@
 #!/bin/sh
+set -e
 
 RPC_USER="${RPC_USER:=serai}"
 RPC_PASS="${RPC_PASS:=seraidex}"
 
 bitcoind -regtest --port=8333 \
-  -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS \
+  -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS" \
   -rpcbind=0.0.0.0 -rpcallowip=0.0.0.0/0 -rpcport=8332 \
-  $@
+  "$@"

orchestration/dev/networks/ethereum/run.sh

@@ -1,3 +1,4 @@
 #!/bin/sh
+set -e
 
 ~/.foundry/bin/anvil --host 0.0.0.0 --no-cors --no-mining --slots-in-an-epoch 32 --silent

orchestration/dev/networks/monero-wallet-rpc/run.sh

@@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 
 monero-wallet-rpc \
   --allow-mismatched-daemon-version \

orchestration/dev/networks/monero/run.sh

@@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 
 RPC_USER="${RPC_USER:=serai}"
 RPC_PASS="${RPC_PASS:=seraidex}"
@@ -7,5 +8,5 @@ RPC_PASS="${RPC_PASS:=seraidex}"
 monerod --non-interactive --regtest --offline --fixed-difficulty=1 \
   --no-zmq --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18081 --confirm-external-bind \
   --rpc-access-control-origins "*" --disable-rpc-ban \
-  --rpc-login=$RPC_USER:$RPC_PASS --log-level 2 \
-  $@
+  --rpc-login="$RPC_USER":"$RPC_PASS" --log-level 2 \
+  "$@"

orchestration/dev/serai/run.sh

@@ -1,3 +1,5 @@
 #!/bin/sh
+set -e
 
-serai-node --unsafe-rpc-external --rpc-cors all --chain local --$SERAI_NAME
+${SERAI_NAME:?} # Ensure this is present in the environment
+serai-node --unsafe-rpc-external --rpc-cors all --chain local --"$SERAI_NAME"

orchestration/increase_default_stack_size.sh

@@ -1,3 +1,5 @@
+#!/bin/sh
+
 # Raises `PT_GNU_STACK`'s memory to be at least 8 MB.
 #
 # This causes `musl` to use a 8 MB default for new threads, resolving the primary
@@ -7,8 +9,7 @@
 # for reference. This differs that instead of setting at time of link, it
 # patches the binary as an already-linked ELF executable.
 
-#!/bin/bash
-set -eo pipefail
+set -e
 
 ELF="$1"
 if [ ! -f "$ELF" ]; then
@@ -19,26 +20,30 @@ if [ ! -f "$ELF" ]; then
   exit 1
 fi
 
-function hex {
-  hexdump -e '1 1 "%.2x"' -v
+hex() {
+  od -tx1 -v -A none | tr -d "[:space:]"
 }
-function read_bytes {
-   dd status=none bs=1 skip=$1 count=$2 if="$ELF" | hex
+read_bytes() {
+   dd bs=1 skip="$1" count="$2" if="$ELF" 2> /dev/null | hex
 }
-function write_bytes {
+write_bytes() {
   POS=$1
   BYTES=$2
-  while [ ! $BYTES = "" ]; do
-    printf "\x$(printf $BYTES | head -c2)" | dd status=none conv=notrunc bs=1 seek=$POS of="$ELF"
-    # Start with the third byte, as in, after the first two bytes
-    BYTES=$(printf $BYTES | tail -c+3)
-    POS=$(($POS + 1))
+  while [ ! "$BYTES" = "" ]; do
+    NEXT=$(printf "%s" "$BYTES" | head -c2)
+    # Advance to the third byte, as in, after the first two bytes
+    BYTES=$(printf "%s" "$BYTES" | tail -c+3)
+
+    # shellcheck disable=SC2059
+    printf "\x$NEXT" | dd conv=notrunc bs=1 seek="$POS" of="$ELF" 2> /dev/null
+    POS=$((POS + 1))
   done
 }
 
 # Magic
 MAGIC=$(read_bytes 0 4)
-if [ ! $MAGIC = $(printf "\x7fELF" | hex) ]; then
+EXPECTED_MAGIC=$(printf "\x7ELF" | hex)
+if [ ! "$MAGIC" = "$EXPECTED_MAGIC" ]; then
   echo "Not ELF"
   exit 2
 fi
@@ -55,18 +60,20 @@ case $BITS in
 esac
 
 # For `value_per_bits a b`, `a` if 32-bit and `b` if 64-bit
-function value_per_bits {
+value_per_bits() {
   RESULT=$(($1))
   if [ $BITS = 64 ]; then
     RESULT=$(($2))
   fi
-  printf $RESULT
+  printf "%s" "$RESULT"
 }
 
 # Read an integer by its offset, differing depending on if 32- or 64-bit
-function read_integer_by_offset {
-  OFFSET=$(value_per_bits $1 $2)
-  printf $(( 0x$(swap_native_endian $(read_bytes $OFFSET $3)) ))
+read_integer_by_offset() {
+  OFFSET=$(value_per_bits "$1" "$2")
+  BYTES=$(read_bytes "$OFFSET" "$3")
+  BYTES=$(swap_native_endian "$BYTES")
+  printf "%i" $(( 0x$BYTES ))
 }
 
 # 1 if little-endian, 2 if big-endian
@@ -83,81 +90,84 @@ esac
 # While this script is written in big-endian, we need to work with the file in
 # its declared endian. This function swaps from big to native, or vice versa,
 # as necessary.
-function swap_native_endian {
+swap_native_endian() {
   BYTES="$1"
   if [ "$BYTES" = "" ]; then
-    read BYTES
+    read -r BYTES
   fi
 
-  if [ $LITTLE_ENDIAN -eq 0 ]; then
-    printf $BYTES
+  if [ "$LITTLE_ENDIAN" -eq 0 ]; then
+    printf "%s" "$BYTES"
     return
   fi
 
-  while [ ! $BYTES = "" ]; do
-    printf $(printf $BYTES | tail -c2)
-    BYTES=$(printf $BYTES | head -c-2)
+  while [ ! "$BYTES" = "" ]; do
+    printf "%s" "$BYTES" | tail -c2
+    BYTES=$(printf "%s" "$BYTES" | head -c-2)
   done
 }
 
 ELF_VERSION=$(read_bytes 6 1)
-if [ ! $ELF_VERSION = "01" ]; then
+if [ ! "$ELF_VERSION" = "01" ]; then
   echo "Unknown ELF Version ($ELF_VERSION)"
   exit 5
 fi
 
 ELF_VERSION_2=$(read_bytes $((0x14)) 4)
-if [ ! $ELF_VERSION_2 = $(swap_native_endian 00000001) ]; then
+if [ ! "$ELF_VERSION_2" = "$(swap_native_endian 00000001)" ]; then
   echo "Unknown secondary ELF Version ($ELF_VERSION_2)"
   exit 6
 fi
 
 # Find where the program headers are
-PROGRAM_HEADERS_OFFSET=$(read_integer_by_offset 0x1c 0x20 $(value_per_bits 4 8))
+PROGRAM_HEADERS_OFFSET=$(read_integer_by_offset 0x1c 0x20 "$(value_per_bits 4 8)")
 PROGRAM_HEADER_SIZE=$(value_per_bits 0x20 0x38)
 DECLARED_PROGRAM_HEADER_SIZE=$(read_integer_by_offset 0x2a 0x36 2)
-if [ ! $PROGRAM_HEADER_SIZE -eq $DECLARED_PROGRAM_HEADER_SIZE ]; then
+if [ ! "$PROGRAM_HEADER_SIZE" -eq "$DECLARED_PROGRAM_HEADER_SIZE" ]; then
   echo "Unexpected size of a program header ($DECLARED_PROGRAM_HEADER_SIZE)"
   exit 7
 fi
-function program_header_start {
-  printf $(($PROGRAM_HEADERS_OFFSET + ($1 * $PROGRAM_HEADER_SIZE)))
+program_header_start() {
+  printf "%i" $((PROGRAM_HEADERS_OFFSET + ($1 * PROGRAM_HEADER_SIZE)))
 }
-function read_program_header {
-  read_bytes $(program_header_start $1) $PROGRAM_HEADER_SIZE
+read_program_header() {
+  START=$(program_header_start "$1")
+  read_bytes "$START" "$PROGRAM_HEADER_SIZE"
 }
 
 # Iterate over each program header
 PROGRAM_HEADERS=$(read_integer_by_offset 0x2c 0x38 2)
-NEXT_PROGRAM_HEADER=$(( $PROGRAM_HEADERS - 1 ))
+NEXT_PROGRAM_HEADER=$(( PROGRAM_HEADERS - 1 ))
 FOUND=0
-while [ $NEXT_PROGRAM_HEADER -ne -1 ]; do
+while [ "$NEXT_PROGRAM_HEADER" -ne -1 ]; do
   THIS_PROGRAM_HEADER=$NEXT_PROGRAM_HEADER
-  NEXT_PROGRAM_HEADER=$(( $NEXT_PROGRAM_HEADER - 1 ))
-  PROGRAM_HEADER=$(read_program_header $THIS_PROGRAM_HEADER)
+  NEXT_PROGRAM_HEADER=$(( NEXT_PROGRAM_HEADER - 1 ))
+  PROGRAM_HEADER=$(read_program_header "$THIS_PROGRAM_HEADER")
 
-  HEADER_TYPE=$(printf $PROGRAM_HEADER | head -c8)
+  HEADER_TYPE=$(printf "%s" "$PROGRAM_HEADER" | head -c8)
+  HEADER_TYPE=$(swap_native_endian "$HEADER_TYPE")
   # `PT_GNU_STACK`
   # https://github.com/torvalds/linux/blob/c2f2b01b74be8b40a2173372bcd770723f87e7b2/include/uapi/linux/elf.h#L41
-  if [ ! "$(swap_native_endian $HEADER_TYPE)" = "6474e551" ]; then
+  if [ ! "$HEADER_TYPE" = "6474e551" ]; then
     continue
   fi
   FOUND=1
 
-  MEMSZ_OFFSET=$(( $(program_header_start $THIS_PROGRAM_HEADER) + $(value_per_bits 0x14 0x28) ))
+  MEMSZ_OFFSET=$(( $(program_header_start "$THIS_PROGRAM_HEADER") + $(value_per_bits 0x14 0x28) ))
   MEMSZ_LEN=$(value_per_bits 4 8)
   # `MEMSZ_OFFSET MEMSZ_OFFSET` as we've already derived it depending on the amount of bits
-  MEMSZ=$(read_integer_by_offset $MEMSZ_OFFSET $MEMSZ_OFFSET $MEMSZ_LEN)
+  MEMSZ=$(read_integer_by_offset "$MEMSZ_OFFSET" "$MEMSZ_OFFSET" "$MEMSZ_LEN")
   DESIRED_STACK_SIZE=$((8 * 1024 * 1024))
   # Only run if the inherent value is _smaller_
-  if [ $MEMSZ -lt $DESIRED_STACK_SIZE ]; then
+  if [ "$MEMSZ" -lt "$DESIRED_STACK_SIZE" ]; then
     # `2 *`, as this is its length in hexadecimal
-    HEX_MEMSZ=$(printf %."$((2 * $MEMSZ_LEN))"x $DESIRED_STACK_SIZE)
-    write_bytes $MEMSZ_OFFSET $(swap_native_endian $HEX_MEMSZ)
+    HEX_MEMSZ=$(printf %."$((2 * MEMSZ_LEN))"x "$DESIRED_STACK_SIZE")
+    HEX_MEMSZ=$(swap_native_endian "$HEX_MEMSZ")
+    write_bytes "$MEMSZ_OFFSET" "$HEX_MEMSZ"
   fi
 done
 
-if [ $FOUND -eq 0 ]; then
+if [ "$FOUND" -eq 0 ]; then
   echo "\`PT_GNU_STACK\` program header not found"
   exit 8
 fi

orchestration/testnet/networks/bitcoin/run.sh

@@ -1,9 +1,10 @@
 #!/bin/sh
+set -e
 
 RPC_USER="${RPC_USER:=serai}"
 RPC_PASS="${RPC_PASS:=seraidex}"
 
 bitcoind -testnet -port=8333 \
-  -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS \
+  -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS" \
   -rpcbind=0.0.0.0 -rpcallowip=0.0.0.0/0 -rpcport=8332 \
   --datadir=/volume

orchestration/testnet/networks/ethereum/consensus/lighthouse/run.sh

@@ -1,3 +1,4 @@
 #!/bin/sh
+set -e
 
 RUST_LOG=info lighthouse bn --execution-endpoint http://localhost:8551 --execution-jwt /home/ethereum/.jwt

orchestration/testnet/networks/ethereum/consensus/nimbus/run.sh

@@ -1,3 +1,4 @@
 #!/bin/sh
+set -e
 
 exit 1