meta-google: authorized-keys-comp: Fix shellcheck issues
Change-Id: I31aa8a608e404e50325569fdd97617033d4f3edf
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-google/recipes-google/ssh/authorized-keys-comp/authorized-keys-comp.sh b/meta-google/recipes-google/ssh/authorized-keys-comp/authorized-keys-comp.sh
index caff0a7..836ec70 100644
--- a/meta-google/recipes-google/ssh/authorized-keys-comp/authorized-keys-comp.sh
+++ b/meta-google/recipes-google/ssh/authorized-keys-comp/authorized-keys-comp.sh
@@ -3,12 +3,12 @@
# We want to iterate over all system users, check if they are opted-in to ssh
# authorized_keys building, and then construct their keyfile
-for user in $(cut -d':' -f1 /etc/passwd); do
- home="$(eval echo ~$user)" || continue
- link="$(readlink $home/.ssh/authorized_keys 2>/dev/null)" || continue
+while read -r user; do
+ home="$(eval echo "~$user")" || continue
+ link="$(readlink "$home"/.ssh/authorized_keys 2>/dev/null)" || continue
# Users are only opted-in if they symlink to our well-known directory where
# the final output of this script lives.
- if [ "$link" != "/run/authorized_keys/$user" ]; then
+ if [[ $link != "/run/authorized_keys/$user" ]]; then
echo "Ignoring $user $home/.ssh/authorized_keys" >&2
continue
fi
@@ -46,6 +46,6 @@
cat "${basemap[$key]}" >>/run/authorized_keys.tmp
done
mkdir -p /run/authorized_keys
- mv /run/authorized_keys.tmp /run/authorized_keys/$user
- chown $user /run/authorized_keys/$user
-done
+ mv /run/authorized_keys.tmp /run/authorized_keys/"$user"
+ chown "$user" /run/authorized_keys/"$user"
+done < <(cut -d':' -f1 /etc/passwd)