style: limit line length per file extension

Editorconfig can only act based on file extension and path, not
attributes, it remains a mean only for multiple collaborators to use the
same configuration on their editor. When it is too restrictive, such as
not considering the file syntax, use a lint tool for the specific file
type instead of trusting editorconfig. Changes were made to increase
readability.

.editorconfig

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 
@@ -16,8 +16,24 @@ end_of_line = lf
 indent_style = tab
 indent_size = 8
 
-[*.{md,sh,yaml,yml,toml,json}]
+[*.{md,toml,json}]
 indent_size = 2
 
-[*.{py}]
+[*.{yaml,yml}]
+indent_size = 2
+max_line_length = 120
+
+[*.{sls,top,jinja}]
+max_line_length = 160
+
+[*.py]
 indent_size = 4
+max_line_length = 79
+
+[{*.{sh,bash,ksh,zsh,lessfilter,xinitrc,Xinitrc,xsession,Xsession,xsessionrc,Xsessionrc,xprofile,Xprofile},**/.config/{sh,bash,ksh,zsh}/**,**/git/shell/**,**/qubes-bind-dirs.d/**,**/lib-qubes-bind-dirs.d/**,**/rc.local.d/**,**/dom0/files/autostartart-scripts/**,**/git/template/hooks/**,**/git/files/client/git-core/**}]
+indent_size = 2
+## Impossible to be sure via file extension if it is a shell file.
+# /bin/.*
+# /rpc/.*
+# /network-hooks\.d/.*
+# /qubes-firewall\.d/.*

.github/workflows/reject-pr.yaml

@@ -52,5 +52,9 @@ jobs:
         uses: peter-evans/close-pull@v3
         with:
           # yamllint disable-line rule:line-length
-          comment: 'Automatically closing this PR due to submitter not reading the contribution guidelines and using GitHub WebUI to commit. Please fix the issues and open a new PR after you have read the contribution guidelines.'
+          comment: >
+            Automatically closing this PR due to submitter not reading the
+            contribution guidelines and using GitHub WebUI to commit. Please
+            fix the issues and open a new PR after you have read the
+            contribution guidelines.
           delete-branch: false

.pre-commit-config.yaml

@@ -28,9 +28,15 @@ repos:
         language: script
         pass_filenames: true
         # yamllint disable rule:line-length
-        files: (\.sh|/rc\.local\.d/.*\.rc|/bin/.*|/rpc/.*|/network-hooks\.d/.*|/qubes-firewall\.d/.*|/(lib-)?qubes-bind-dirs\.d/.*|/\.config/(sh|bash|zsh|less|x11|git/shell|git/template/hooks)/.*|/autostart-scripts/.*|/qvm-copy-dotfiles|/git-core/.*)
+        files: >-
+          (\.sh|/rc\.local\.d/.*\.rc|/bin/.*|/rpc/.*|/network-hooks\.d/.*|
+          /qubes-firewall\.d/.*|/(lib-)?qubes-bind-dirs\.d/.*|
+          /\.config/(sh|bash|zsh|less|x11|git/shell|git/template/hooks)/.*|
+          /autostart-scripts/.*|/qvm-copy-dotfiles|/git-core/.*)
         # yamllint disable rule:line-length
-        exclude: \.(policy|asc|txt|top|sls|jinja|toml|vim|py|muttrc|nft|md|spec|list|sources|repo|socket|timer|service|y(a)?ml)$
+        exclude: >-
+          \.(policy|asc|txt|top|sls|jinja|toml|vim|py|muttrc|nft|md|spec|
+          list|sources|repo|socket|timer|service|y(a)?ml)$
         description: Lint Shellscripts
 
       - id: markdown-lint
@@ -81,7 +87,9 @@ repos:
         args: [test]
         pass_filenames: true
         # yamllint disable rule:line-length
-        files: ^(rpm_spec/template/template.spec|salt/.*|scripts/spec-(get|gen)\.sh)$
+        files: >-
+          ^(rpm_spec/template/template.spec|salt/.*|
+          scripts/spec-(get|gen)\.sh)$
         description: Check if RPM SPEC files are up to date
 
       - id: license-lint

salt/browser/create.sls

@@ -20,8 +20,10 @@ prefs:
 - maxmem: 2000
 features:
 - set:
+  # editorconfig-checker-disable
   - default-menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204
   - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204
+  # editorconfig-checker-enable
 - disable:
   - service.tracker
   - service.evolution-data-server
@@ -52,6 +54,8 @@ features:
   - service.tracker
   - service.evolution-data-server
 - set:
+  # editorconfig-checker-disable
   - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204
+  # editorconfig-checker-enable
 {%- endload %}
 {{ load(defaults) }}

salt/dom0/files/bin/qubes-kde-win-rules

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -25,9 +25,11 @@ writeconf(){
   key="$2"
   value="$3"
 
-  group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 | tr -d "[" | tr -d "]")"
+  group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 |
+    tr -d "[" | tr -d "]")"
   if test -z "${group_id}"; then
-    highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" | sort | tail -1)"
+    highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" |
+      sort | tail -1)"
     if test -n "${highest_id}"; then
       group_id="$((highest_id+1))"
     else
@@ -54,7 +56,8 @@ writeconf_group(){
   fi
 
   ## Regex: https://doc.qt.io/qt-6/qregularexpression.html
-  writeconf "$chosen_group" title "^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*"
+  writeconf "$chosen_group" title \
+    "^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*"
   writeconf "$chosen_group" titlematch 3
   writeconf "$chosen_group" wmclass "$chosen_group"
   writeconf "$chosen_group" wmclasscomplete false

salt/dom0/files/bin/qvm-backup-find-last

@@ -9,7 +9,8 @@ set -eu
 list_backups(){
   ## Hide stderr to hide remote login connection messages (banners etc).
   # shellcheck disable=SC2086
-  ${qrun_cmd} "${qube}" -- "${cmd} ${find_cmd} 2>/dev/null"
+  qvm-run --filter-escape-chars --no-color-output --no-color-stderr \
+    --pass-io "${qube}" -- "${cmd} ${find_cmd} 2>/dev/null"
 }
 
 list_last_backup(){
@@ -35,7 +36,6 @@ cmd="${3-}"
 
 find_pattern="qubes-backup-*"
 find_cmd="find \"${path}\" -maxdepth 1 -type f -name \"${find_pattern}\""
-qrun_cmd="qvm-run --filter-escape-chars --no-color-output --no-color-stderr --pass-io"
 
 last_backup="$(list_last_backup)"
 if test -z "${last_backup}"; then

salt/dom0/files/bin/qvm-pci-regain

@@ -20,7 +20,8 @@ set -eu
 usage(){
   echo "Usage: ${0##*/} --i-like-danger <DEVICE>"
   echo "Example: ${0##*/} --i-like-danger 0000:00:1b.0"
-  echo "Warning: It is strongly discouraged to reattach PCI devices to dom0, especially if they don't support resetting!"
+  echo "Warning: Strongly discouraged to reattach PCI devices to dom0"
+  echo "Warning:  especially if it doesn't support resetting!"
   exit 1
 }
 

salt/dom0/files/bin/qvm-port-forward

@@ -72,7 +72,10 @@ get_rule_handle(){
   qube="${1}"
   chain="${2}"
   rule="${3}"
-  run_qube "${qube}" "nft --handle --stateless list chain ip qubes ${chain} | tr -d '\"' | grep '^\s\+${rule} # handle ' | awk '{print \$NF}' | tr '\n' ' '" 2>/dev/null
+  run_qube "${qube}" -- \
+    "nft --handle --stateless list chain ip qubes ${chain} |
+    tr -d '\"' | grep '^\s\+${rule} # handle ' | awk '{print \$NF}' |
+    tr '\n' ' '" 2>/dev/null
 }
 
 delete_rule_handle(){
@@ -124,10 +127,15 @@ forward() {
   fi
 
   dnat_chain="custom-pf-${to_ip_escaped}"
-  dnat_rule="iifname ${dev} ip saddr ${lan_ip} ${proto} dport ${port} ct state established,related,new counter dnat to ${to_ip}"
+  dnat_rule="iifname ${dev} ip saddr ${lan_ip} ${proto} dport ${port} ct"
+  dnat_rule="${dnat_rule} state established,related,new counter dnat to"
+  dnat_rule="${dnat_rule} ${to_ip}"
   forward_chain="custom-forward"
-  forward_rule="iifname ${dev} ip saddr ${lan_ip} ip daddr ${to_ip} ${proto} dport ${port} ct state established,related,new counter accept"
-  full_rule="nft 'add chain ip qubes ${dnat_chain} { type nat hook prerouting priority filter +1; policy accept; }
+  forward_rule="iifname ${dev} ip saddr ${lan_ip} ip daddr ${to_ip} ${proto}"
+  forward_rule="${forward_rule} dport ${port} ct state"
+  forward_rule="${forward_rule} established,related,new counter accept"
+  dnat_policy="type nat hook prerouting priority filter +1; policy accept;"
+  full_rule="nft 'add chain ip qubes ${dnat_chain} { ${dnat_policy}
 add rule ip qubes ${dnat_chain} ${dnat_rule}
 add rule ip qubes ${forward_chain} ${forward_rule}'"
 
@@ -137,7 +145,8 @@ add rule ip qubes ${forward_chain} ${forward_rule}'"
     echo "info: ${from_qube}: deleting rules" >&2
     run_qube "${from_qube}" "rm -f ${hook}"
   else
-    echo "info: ${from_qube}: adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}" >&2
+    msg="adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}"
+    echo "info: ${from_qube}: ${msg}" >&2
     run_qube "${from_qube}" "${full_rule}"
 
     if test "${persistent}" = "1"; then
@@ -149,7 +158,9 @@ add rule ip qubes ${forward_chain} ${forward_rule}'"
 get_handle(){
   chain=\\\${1}
   rule=\\\${2}
-  nft --handle --stateless list chain ip qubes \\\${chain} | tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
+  nft --handle --stateless list chain ip qubes \\\${chain} | \\\
+    tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | \\\
+    awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
 }
 
 forward_handle=\\\$(get_handle ${forward_chain} \\\"${forward_rule}\\\")
@@ -169,7 +180,8 @@ fi
 ${full_rule}"
 
       create_net_dir "${from_qube}"
-      run_qube "${from_qube}" "echo \"${full_rule}\" | tee \"${hook}\" >/dev/null"
+      run_qube "${from_qube}" \
+        "echo \"${full_rule}\" | tee \"${hook}\" >/dev/null"
       run_qube "${from_qube}" "chmod +x ${hook}"
     fi
   fi
@@ -181,7 +193,8 @@ input() {
   hook="${hook_prefix}${to_ip}-${proto}-${port}.sh"
   create_net_dir "${qube}"
 
-  custom_input_rule="${proto} dport ${port} ip daddr ${to_ip} ct state new counter accept"
+  custom_input_rule="${proto} dport ${port} ip daddr ${to_ip} ct state new"
+  custom_input_rule="${custom_input_rule} counter accept"
   input_rule="nft add rule ip qubes custom-input ${custom_input_rule}"
 
   delete_rule "${qube}" "custom-input" "${custom_input_rule}"
@@ -196,7 +209,9 @@ input() {
 get_handle(){
   chain=\\\${1}
   rule=\\\${2}
-  nft --handle --stateless list chain ip qubes \\\${chain} | tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
+  nft --handle --stateless list chain ip qubes \\\${chain} | \\\
+    tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | \\\
+    awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
 }
 
 input_handle=\\\$(get_handle custom-input \\\"${custom_input_rule}\\\")
@@ -244,7 +259,7 @@ get_lan(){
 test_qvm_run(){
   qube="${1}"
   if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then
-    echo "error: ${qube}: service qubes.VMShell failed, use a different qube" >&2
+    echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2
     exit 1
   fi
 }
@@ -267,7 +282,9 @@ recurse_netvms() {
 }
 
 usage() {
-  echo "Usage: ${0##*/} --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent]
+  echo "Usage: ${0##*/} OPTIONS
+Option syntax:
+  --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent]
 Options:
   -a, --action ACTION        add or delete a rule (add, del)
   -q, --qube QUBE            qube name which holds the service to be exposed
@@ -280,7 +297,7 @@ Example:
   ${0##*/} --action del --qube work --port 22 --proto tcp
   ${0##*/} --action del --qube work --port 444 --proto udp
 Note: Defaults to temporary rules
-Warn: Use of '--persistent' with disposable netvm saves the rule in the disposable template" >&2
+Warn: Persistent rules of disposable netvm are saved to its template" >&2
   exit 1
 }
 
@@ -322,7 +339,9 @@ hook_dir="/rw/config/network-hooks.d"
 hook_prefix="${hook_dir}/90-port-forward-"
 persistent=""
 
-if ! OPTS=$(getopt -o h,a:q:p:n:s --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}"); then
+if ! OPTS=$(getopt -o h,a:q:p:n:s \
+  --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}")
+then
   echo "An error occurred while parsing options." >&2
   exit 1
 fi

salt/dom0/files/bin/qvm-screenshot

@@ -69,7 +69,8 @@ mkdir -p "${guivm_pictures_dir}" || exit 1
 
 current_date="$(date +"%Y-%m-%d-%H%M%S")"
 screenshot_basename="${current_date}.png"
-screenshot_file="${guivm_pictures_dir}/${screenshot_basename}"
+screenshot_file="${guivm_pictures_dir%*/}/${screenshot_basename}"
+qube_screenshot_file="${qube_pictures_dir}/${screenshot_basename}"
 screenshot_type_text=""
 screenshot_action_text=""
 screenshot_action_supplied=""
@@ -179,7 +180,8 @@ else
     screenshot_cmd="xfce4-screenshooter"
   fi
   if test -z "${screenshot_cmd}"; then
-    msg="screenshot programs not found: spectacle xfce4-screenshooter scrot maim"
+    msg="screenshot programs not found"
+    msg="${msg}: spectacle xfce4-screenshooter scrot maim"
     echo "[ERROR] ${msg}"
     case "${dialog_cmd}" in
       zenity) zenity --info --text "${msg}";;
@@ -217,7 +219,7 @@ case "${screenshot_type_text}" in
   *) echo "[ERROR] mode not selected"; exit 1;;
 esac
 
-if ! test -f "${guivm_pictures_dir}/${screenshot_basename}"; then
+if ! test -f "${screenshot_file}"; then
   msg="Screenshot was not saved in GuiVM"
   echo "[ERROR] ${msg}"
   case "${dialog_cmd}" in
@@ -228,7 +230,7 @@ if ! test -f "${guivm_pictures_dir}/${screenshot_basename}"; then
 fi
 
 if test "${screenshot_action_supplied}" != "1"; then
-  dialog_title="Saved to ${screenshot_basename}. What do you want to do with the screenshot?"
+  dialog_title="Saved to ${screenshot_file}. What do you want to do with it?"
   case "${dialog_cmd}" in
     zenity)
       screenshot_action_text="$(zenity --list --width=280 --height=210 \
@@ -314,10 +316,11 @@ if ! qvm-check -- "${qube}" >/dev/null 2>&1; then
 fi
 
 qvm-run "${qube}" -- "mkdir -p \"${qube_pictures_dir}\""
-qvm-run --pass-io "${qube}" -- "cat > \"${qube_pictures_dir}/${screenshot_basename}\"" < "${guivm_pictures_dir}/${screenshot_basename}"
+qvm-run --pass-io "${qube}" -- "cat > \"${qube_screenshot_file}\"" \
+  < "${screenshot_file}"
 
 if test ${file_move} = "1"; then
-  rm -f "${guivm_pictures_dir}/${screenshot_basename}"
+  rm -f "${screenshot_file}"
 fi
 
 if test "${file_manager}" = "1"; then

salt/dom0/files/bin/qvm-terminal

@@ -35,13 +35,13 @@ case "${1-}" in
     ## Try to run on focused window, if Dom0 is focused, it will prompt you to
     ## select a qube window.
     id="$(xdotool getwindowfocus)"
-    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')"
+    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')"
     if test -n "${qube}"; then
       exec qvm-run --service -- "${qube}" "qubes.StartApp+${service}"
     fi
     echo "Select a qube window ..."
     id="$(xdotool selectwindow)"
-    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')"
+    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')"
     if test -n "${qube}"; then
       qvm-run --service -- "${qube}" "qubes.StartApp+${service}"
     fi

salt/fedora-minimal/files/admin/bin/salt-patch.sh

@@ -11,6 +11,7 @@
 set -eu
 
 qube="${1}"
+dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False"
+
 qvm-run --user=root --pass-io --filter-escape-chars --no-color-output \
-  --no-color-stderr "${qube}" -- \
-  "dnf --quiet install --refresh --assumeyes --setopt=install_weak_deps=False python3-urllib3"
+  --no-color-stderr "${qube}" -- "${dnf_min_install} python3-urllib3"

salt/reader/create.sls

@@ -48,8 +48,10 @@ features:
 - enable:
   - appmenus-dispvm
 - set:
+  # editorconfig-checker-disable
   - default-menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
   - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
+  # editorconfig-checker-enable
 {%- endload %}
 {{ load(defaults) }}
 

salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie

@@ -8,7 +8,8 @@ set -eu
 conf="${HOME}/.bitcoin/conf.d/cookie.conf"
 
 if ! systemctl is-active bitcoind >/dev/null 2>&1; then
-  echo "systemd service 'bitcoind' is not active, remote RPC cannot add crendtials" >&2
+  echo "systemd service 'bitcoind' is inactive" >&2
+  echo "remote RPC can't add crendetials" >&2
   exit 1
 fi