From 84fe731c9476d8dae6ba519551dda584fc388411 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:38 +0200 Subject: [PATCH] treewide: curl: exit with error status on HTTP errors This makes scripts fail early on request errors. Previously, curl exited with status 0 when enountering HTTP error status codes. `-fsS` equals `--fail --silent --show-error`. --- helper/fetch-release | 6 +++--- modules/lnd.nix | 2 +- pkgs/lndinit/get-sha256.sh | 2 +- test/tests.py | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/helper/fetch-release b/helper/fetch-release index cc3ffdb..ee14de8 100755 --- a/helper/fetch-release +++ b/helper/fetch-release @@ -8,7 +8,7 @@ trap 'echo "Error at ${BASH_SOURCE[0]}, line $LINENO"' ERR repo=fort-nix/nix-bitcoin if [[ ! -v version ]]; then - version=$(curl -s --show-error "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2) + version=$(curl -fsS "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2) fi TMPDIR=$(mktemp -d) @@ -27,8 +27,8 @@ gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null # Fetch nar-hash of release cd $TMPDIR baseUrl=https://github.com/$repo/releases/download/v$version -curl -s --show-error -L -O $baseUrl/nar-hash.txt -curl -s --show-error -L -O $baseUrl/nar-hash.txt.asc +curl -fsS -L -O $baseUrl/nar-hash.txt +curl -fsS -L -O $baseUrl/nar-hash.txt.asc # Verify signature for nar-hash gpg --verify nar-hash.txt.asc &> /dev/null || { diff --git a/modules/lnd.nix b/modules/lnd.nix index 8f0fe3a..8cdbcd4 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -234,7 +234,7 @@ in { RestartSec = "10s"; ReadWritePaths = [ cfg.dataDir ]; ExecStartPost = let - curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}"; + curl = "${pkgs.curl}/bin/curl -fsS --cacert ${cfg.certPath}"; restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1"; in # Setting macaroon permissions for other users needs root permissions diff --git a/pkgs/lndinit/get-sha256.sh b/pkgs/lndinit/get-sha256.sh index b2533c0..ba65d22 100755 --- a/pkgs/lndinit/get-sha256.sh +++ b/pkgs/lndinit/get-sha256.sh @@ -8,7 +8,7 @@ cd $TMPDIR echo "Fetching latest release" repo=lightninglabs/lndinit -latest=$(curl -s --show-error https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name) +latest=$(curl -fsS https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name) echo "Latest release is $latest" git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null cd lndinit diff --git a/test/tests.py b/test/tests.py index 3f56bb0..e1599ab 100644 --- a/test/tests.py +++ b/test/tests.py @@ -203,13 +203,13 @@ def _(): wait_for_open_port(ip("btcpayserver"), 23000) # test lnd custom macaroon assert_matches( - "runuser -u btcpayserver -- curl -s --cacert /secrets/lnd-cert " + "runuser -u btcpayserver -- curl -fsS --cacert /secrets/lnd-cert " '--header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /run/lnd/btcpayserver.macaroon)" ' f"-X GET https://{ip('lnd')}:8080/v1/getinfo | jq", '"version"', ) # Test web server response - assert_matches(f"curl -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay Server") + assert_matches(f"curl -fsS -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay Server") @test("rtl") def _(): @@ -230,7 +230,7 @@ def _(): assert_running("spark-wallet") wait_for_open_port(ip("spark-wallet"), 9737) spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] - assert_matches(f"curl -s {spark_auth}@{ip('spark-wallet')}:9737", "Spark") + assert_matches(f"curl -fsS {spark_auth}@{ip('spark-wallet')}:9737", "Spark") @test("joinmarket") def _():