From b099d7378dcc8b04398dc86a72ac00279563f29d Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <nmeyerha@amzn.com>
Date: Tue, 11 Jan 2022 12:44:06 -0800
Subject: [PATCH 1/3] Re-order some CI steps

With GitHub's recent change to enforce stronger hash algorithms,
Circle CI was unable to clone the project repository.  By installing
our dependencies earlier in the workflow, we are able to ensure that
the AL2 git and ssh clients are used, which do support the newer
algorithms.

Details in this discussion on the Circle CI forums:
https://discuss.circleci.com/t/discussion-and-resolution-for-error-youre-using-an-rsa-key-with-sha-1-which-is-no-longer-allowed/42572
---
 .circleci/config.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 5192b99..ec8b743 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -9,12 +9,12 @@ jobs:
     docker:
       - image: public.ecr.aws/amazonlinux/amazonlinux:2
     steps:
-      - checkout
       - run:
           name: "Install dependencies"
           command: |
             yum -y install python-pip git
             pip install flake8
+      - checkout
       - run:
           name: "flake8"
           command: "git grep -l '^#!/usr/bin/env python' | xargs flake8 ebsnvme-id"
@@ -23,11 +23,11 @@ jobs:
     docker:
       - image: public.ecr.aws/amazonlinux/amazonlinux:2
     steps:
-      - checkout
       - run:
           name: "Install dependencies"
           command: |
-            yum -y install rpm-build python
+            yum -y install rpm-build python git
+      - checkout
       - run:
           name: "rpmbuild"
           command: "rpmbuild --define \"_sourcedir $PWD\" -bb amazon-ec2-utils.spec"

From cd3f42782467dcb7f35f88fbe98a67404197046b Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <nmeyerha@amzn.com>
Date: Tue, 11 Jan 2022 13:49:55 -0800
Subject: [PATCH 2/3] CircleCI: run shellcheck

---
 .circleci/config.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index ec8b743..5dde1c8 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -5,6 +5,17 @@ version: 2.1
 # Define a job to be invoked later in a workflow.
 # See: https://circleci.com/docs/2.0/configuration-reference/#jobs
 jobs:
+  shellcheck:
+    docker:
+      - image: public.ecr.aws/debian/debian:11
+    steps:
+      - run:
+          name: "Install dependencies"
+          command: "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install shellcheck git ssh-client"
+      - checkout
+      - run:
+          name: "shellcheck"
+          command: "shellcheck -s bash -S warning ec2-metadata ec2nvme-nsid ec2udev-vbd ec2udev-vcpu"
   code-checks-al2:
     docker:
       - image: public.ecr.aws/amazonlinux/amazonlinux:2
@@ -37,5 +48,6 @@ jobs:
 workflows:
   ci-workflow:
     jobs:
+      - shellcheck
       - code-checks-al2
       - build-al2-rpm

From 6417dae19b85ada987dfadac9b9fc97a200ca770 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <nmeyerha@amzn.com>
Date: Tue, 11 Jan 2022 14:02:05 -0800
Subject: [PATCH 3/3] ec2-metadata: fix several shellcheck issues

Shellcheck reported a number of warnings about unquoted references.
The specific issues were harmless given the context, but adding quotes
helps with consistency.

Additionally, shellcheck identified that the '-h' command line option
was defined twice (for --local-hostname and --help).  Drop one of
these references.
---
 ec2-metadata | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ec2-metadata b/ec2-metadata
index 30249d1..a8c8cc5 100755
--- a/ec2-metadata
+++ b/ec2-metadata
@@ -58,7 +58,8 @@ function set_imds_token()
 # param1 = query
 function get_meta()
 {
-	local imds_out=$(curl -s -q -H "X-aws-ec2-metadata-token:${IMDS_TOKEN}" -f ${METADATA_BASEURL}/latest/${1})
+	local imds_out
+	imds_out=$(curl -s -q -H "X-aws-ec2-metadata-token:${IMDS_TOKEN}" -f ${METADATA_BASEURL}/latest/${1})
 	echo -n "${imds_out}"
 }
 
@@ -81,7 +82,7 @@ function print_block-device-mapping()
 	x=$(get_meta meta-data/block-device-mapping/)
 	if [ -n "${x}" ]; then
 		for i in $x; do
-			echo -e '\t' $i: $(get_meta meta-data/block-device-mapping/$i)
+		    echo -e '\t' $i: "$(get_meta meta-data/block-device-mapping/$i)"
 		done
 	else
 		echo not available
@@ -102,7 +103,7 @@ function print_public-keys()
 			format=$(get_meta meta-data/public-keys/$index/)
 			echo format:$format
 			echo 'key:(begins from next line)'
-			echo $(get_meta meta-data/public-keys/$index/$format)
+			echo "$(get_meta meta-data/public-keys/$index/$format)"
 		done
 	else
 		echo not available
@@ -116,7 +117,7 @@ function print_tags()
 	x=$(get_meta meta-data/tags/instance/)
 	if [ -n "${x}" ]; then
 		for i in $x; do
-			echo -e '\t' $i: $(get_meta meta-data/tags/instance/$i)
+			echo -e '\t' $i: "$(get_meta meta-data/tags/instance/$i)"
 		done
 	else
 		echo not available
@@ -198,7 +199,7 @@ while [ "$1" != "" ]; do
 																 ;;
 	-g | --tags )                  print_tags
 																 ;;
-	-h | --help )                  print_help
+	     --help )                  print_help
 								 exit
 																 ;;
 	--all )                        print_all