Tidying

src/freedombone-app-syncthing

@@ -66,12 +66,12 @@ function syncthing_create_ids_file {
 
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
     if [ ! -f $SYNCTHING_CONFIG_FILE ]; then
-        echo $'# Your syncthing configuration file' > $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
-        echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID" >> $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
-        echo '# Paste the IDs of your devices below' >> $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
+        { echo $'# Your syncthing configuration file';
+          echo '#';
+          echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID";
+          echo '#';
+          echo '# Paste the IDs of your devices below';
+          echo '#'; } > $SYNCTHING_CONFIG_FILE
     fi
 }
 
@@ -94,12 +94,13 @@ function syncthing_show_id {
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
     dialog --title $"Device ID for ${PROJECT_NAME}" \
            --backtitle $"Freedombone User Control Panel" \
-           --msgbox $"In a desktop terminal press shift and select the ID below,\nthen right click and copy.\n\nWithin Connectbot select Menu/Copy and then highlight the ID below\n\n$SYNCTHING_ID\n\nAlternatively press Enter to display a QR code which can be scanned." 13 78
+           --msgbox $"In a desktop terminal press shift and select the ID below,\\nthen right click and copy.\\n\\nWithin Connectbot select Menu/Copy and then highlight the ID below\\n\\n$SYNCTHING_ID\\n\\nAlternatively press Enter to display a QR code which can be scanned." 13 78
     clear
     echo $'Your Syncthing ID code'
     echo ''
     echo -n "$SYNCTHING_ID" | qrencode -t UTF8
     echo ''
+    # shellcheck disable=SC2034
     read -n1 -rsp $"Press any key to continue..." key
 }
 
@@ -110,21 +111,24 @@ function syncthing_add_id {
 
     syncthing_create_ids_file
 
-    data=$(tempfile 2>/dev/null)
+    data=$(mktemp 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Add a Syncthing device ID" \
            --form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
            $"Device ID:" 1 1 "" 1 26 80 80 \
            $"Description (optional):" 2 1 "" 2 26 80 80 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
-    SYNCTHING_DESCRIPTION=$(cat $data | sed -n 2p)
+    SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+    SYNCTHING_DESCRIPTION=$(sed -n 2p < "$data")
+    rm -f "$data"
 
     if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
         return
@@ -164,19 +168,21 @@ function syncthing_remove_id {
 
     syncthing_create_ids_file
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Remove a Syncthing device ID" \
            --form $"Paste the device ID which is to be removed below" 8 80 1 \
            $"Device ID:" 1 1 "" 1 14 80 80 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
+    SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+    rm -f "$data"
 
     if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
         return
@@ -212,8 +218,7 @@ function run_client_syncthing {
 
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"File Synchronization" \
                --radiolist $"Choose an operation:" 12 70 6 \
@@ -221,19 +226,23 @@ function run_client_syncthing {
                2 $"Add an ID for another machine or device" off \
                3 $"Remove an ID for another machine or device" off \
                4 $"Manually edit device IDs" off \
-               5 $"Back to main menu" on 2> $data
+               5 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) syncthing_show_id;;
             2) syncthing_add_id;;
             3) syncthing_remove_id;;
             4) syncthing_manual_edit;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -260,21 +269,21 @@ function backup_local_syncthing {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
         fi
@@ -288,7 +297,7 @@ function restore_local_syncthing {
     fi
 
     temp_restore_dir=/root/tempsyncthing
-    if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
+    if [ -d "$USB_MOUNT/backup/syncthingconfig" ]; then
         echo $"Restoring syncthing configuration"
         function_check restore_directory_from_usb
         restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
@@ -297,9 +306,7 @@ function restore_local_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
-
-        if [ ! "$?" = "0" ]; then
+        if ! cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/; then
             set_user_permissions
             backup_unmount_drive
             systemctl start syncthing
@@ -309,7 +316,7 @@ function restore_local_syncthing {
         rm -rf ${temp_restore_dir}config
     fi
 
-    if [ -d $USB_MOUNT/backup/syncthingshared ]; then
+    if [ -d "$USB_MOUNT/backup/syncthingshared" ]; then
         echo $"Restoring syncthing shared files"
         restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
         #cp -r ${temp_restore_dir}shared/* /
@@ -321,28 +328,29 @@ function restore_local_syncthing {
         rm -rf ${temp_restore_dir}shared
     fi
 
-    if [ -d $USB_MOUNT/backup/syncthing ]; then
+    if [ -d "$USB_MOUNT/backup/syncthing" ]; then
         for d in $USB_MOUNT/backup/syncthing/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring syncthing files for $USERNAME"
-                restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
+                restore_directory_from_usb "${temp_restore_dir}" "syncthing/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/Sync" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/Sync" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/Sync ]; then
-                        mkdir /home/$USERNAME/Sync
+                    if [ ! -d "/home/$USERNAME/Sync" ]; then
+                        mkdir "/home/$USERNAME/Sync"
                     fi
                     if [ -d /root/Sync ]; then
-                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        cp -r /root/Sync/* "/home/$USERNAME/Sync/"
                         rm -rf /root/Sync
                     else
-                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                        cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     set_user_permissions
@@ -354,13 +362,13 @@ function restore_local_syncthing {
                 rm -rf ${temp_restore_dir}
 
                 # restore device IDs from config settings
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
                 fi
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
                 fi
             fi
         done
@@ -389,21 +397,21 @@ function backup_remote_syncthing {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
         fi
@@ -416,7 +424,7 @@ function restore_remote_syncthing {
         systemctl stop cron
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthingconfig" ]; then
         echo $"Restoring syncthing configuration"
         temp_restore_dir=/root/tempsyncthingconfig
         function_check restore_directory_from_friend
@@ -425,8 +433,7 @@ function restore_remote_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
-        if [ ! "$?" = "0" ]; then
+        if ! cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/; then
             systemctl start syncthing
             systemctl start cron
             exit 6833
@@ -434,7 +441,7 @@ function restore_remote_syncthing {
         rm -rf $temp_restore_dir
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthingshared" ]; then
         echo $"Restoring syncthing shared files"
         temp_restore_dir=/root/tempsyncthingshared
         function_check restore_directory_from_friend
@@ -446,30 +453,31 @@ function restore_remote_syncthing {
         rm -rf ${temp_restore_dir}
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthing" ]; then
         for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring syncthing files for $USERNAME"
                 temp_restore_dir=/root/tempsyncthing
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir" "syncthing/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/Sync" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/Sync" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/Sync ]; then
-                        mkdir /home/$USERNAME/Sync
+                    if [ ! -d "/home/$USERNAME/Sync" ]; then
+                        mkdir "/home/$USERNAME/Sync"
                     fi
                     if [ -d /root/Sync ]; then
-                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        cp -r /root/Sync/* "/home/$USERNAME/Sync/"
                         rm -rf /root/Sync
                     else
-                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                        cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     systemctl start syncthing
@@ -479,13 +487,13 @@ function restore_remote_syncthing {
                 rm -rf $temp_restore_dir
 
                 # restore device IDs from config settings
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
                 fi
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
                 fi
                 echo $"Restore of syncthing files for $USERNAME complete"
             fi

src/freedombone-app-tahoelafs

@@ -72,52 +72,52 @@ function add_user_tahoelafs {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a tahoelafs -p "$new_user_password"
     if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "'/${new_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
+    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${new_username}"
     echo '0'
 }
 
 function remove_user_tahoelafs {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp tahoelafs
     if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/${remove_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
 }
 
 function change_password_tahoelafs {
     change_username="$1"
     change_password="$2"
-    ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
+    "${PROJECT_NAME}-pass" -u "$change_username" -a tahoelafs -p "$change_password"
     if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/tahoe-${change_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
+    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${change_username}"
 }
 
 function add_tahoelafs_storage_node_interactive {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Add Tahoe-LAFS storage node" \
-           --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
+           --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
            $"Hostname:" 1 1 "" 1 14 53 40 \
            $"Public Key:" 2 1 "" 2 14 53 255 \
            $"Nickname:" 3 1 "" 3 14 53 255 \
            $"FURL:" 4 1 "" 4 14 53 255 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
-    storage_hostname=$(cat $data | sed -n 1p)
-    public_key="$(cat $data | sed -n 2p)"
-    nick=$(cat $data | sed -n 3p)
-    furl=$(cat $data | sed -n 4p)
+    storage_hostname=$(sed -n 1p < "$data")
+    public_key=$(sed -n 2p < "$data")
+    nick=$(sed -n 3p < "$data")
+    furl=$(sed -n 4p < "$data")
+    rm -f "$data"
 
     if [ ${#public_key} -eq 0 ]; then
         return
@@ -142,23 +142,26 @@ function edit_tahoelafs_shares {
     read_config_param TAHOELAFS_SHARES_HAPPY
     read_config_param TAHOELAFS_SHARES_TOTAL
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Tahoe-LAFS shares" \
-           --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
+           --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
            $"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \
            $"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \
            $"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    tl_needed="$(cat $data | sed -n 1p)"
-    tl_happy="$(cat $data | sed -n 2p)"
-    tl_total="$(cat $data | sed -n 3p)"
+    tl_needed=$(sed -n 1p < "$data")
+    tl_happy=$(sed -n 2p < "$data")
+    tl_total=$(sed -n 3p < "$data")
+    rm -f "$data"
+
     if [ ${#tl_needed} -gt 0 ]; then
         TAHOELAFS_SHARES_NEEDED=${tl_needed}
     fi
@@ -185,88 +188,90 @@ function edit_tahoelafs_shares {
 }
 
 function configure_interactive_tahoelafs {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Tahoe-LAFS" \
            --radiolist $"The least authority is always the best" 11 50 5 \
            1 "Add a storage node" off \
            2 "Manually edit storage nodes" off \
            3 "Shares settings" off \
-           4 "Back to main menu" on 2> $data
+           4 "Back to main menu" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) add_tahoelafs_storage_node_interactive;;
         2) edit_tahoelafs_nodes;;
         3) edit_tahoelafs_shares;;
     esac
+    rm -f "$data"
 }
 
 function tahoelafs_setup_client_config {
-    config_file=$1
+    config_file="$1"
     nick="$2"
 
-    echo '[node]' > $config_file
-    echo "nickname = $nick" >> $config_file
-    echo 'reveal-IP-address = false' >> $config_file
-    echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1" >> $config_file
-    echo 'web.static = public_html' >> $config_file
-    echo 'tub.port = disabled' >> $config_file
-    echo 'tub.location = disabled' >> $config_file
-    echo '' >> $config_file
-    echo '[client]' >> $config_file
-    echo 'introducer.furl =' >> $config_file
-    echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
-    echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
-    echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
-    echo '' >> $config_file
-    echo '[storage]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo 'reserved_space = 3G' >> $config_file
-    echo '' >> $config_file
-    echo '[helper]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo '' >> $config_file
-    echo '[connections]' >> $config_file
-    echo 'tcp = tor' >> $config_file
+    { echo '[node]';
+      echo "nickname = $nick";
+      echo 'reveal-IP-address = false';
+      echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1";
+      echo 'web.static = public_html';
+      echo 'tub.port = disabled';
+      echo 'tub.location = disabled';
+      echo '';
+      echo '[client]';
+      echo 'introducer.furl =';
+      echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+      echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+      echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+      echo '';
+      echo '[storage]';
+      echo 'enabled = false';
+      echo 'reserved_space = 3G';
+      echo '';
+      echo '[helper]';
+      echo 'enabled = false';
+      echo '';
+      echo '[connections]';
+      echo 'tcp = tor'; } > "$config_file"
 }
 
 function tahoelafs_setup_storage_config {
-    config_file=$1
+    config_file="$1"
     nick="$2"
 
-    echo '[node]' > $config_file
-    echo "nickname = $nick" >> $config_file
-    echo 'reveal-IP-address = false' >> $config_file
-    echo 'web.port =' >> $config_file
-    echo 'web.static = public_html' >> $config_file
-    echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1" >> $config_file
-    echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}" >> $config_file
-    echo '' >> $config_file
-    echo '[client]' >> $config_file
-    echo 'introducer.furl =' >> $config_file
-    echo 'helper.furl =' >> $config_file
-    echo '' >> $config_file
-    echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
-    echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
-    echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
-    echo '' >> $config_file
-    echo '[storage]' >> $config_file
-    echo 'enabled = true' >> $config_file
-    echo 'reserved_space = 3G' >> $config_file
-    echo 'expire.enabled = true' >> $config_file
-    echo 'expire.mode = age' >> $config_file
-    echo 'expire.override_lease_duration = 3 months' >> $config_file
-    echo '' >> $config_file
-    echo '[helper]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo '' >> $config_file
-    echo '[connections]' >> $config_file
-    echo 'tcp = tor' >> $config_file
+    { echo '[node]';
+      echo "nickname = $nick";
+      echo 'reveal-IP-address = false';
+      echo 'web.port =';
+      echo 'web.static = public_html';
+      echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1";
+      echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}";
+      echo '';
+      echo '[client]';
+      echo 'introducer.furl =';
+      echo 'helper.furl =';
+      echo '';
+      echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+      echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+      echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+      echo '';
+      echo '[storage]';
+      echo 'enabled = true';
+      echo 'reserved_space = 3G';
+      echo 'expire.enabled = true';
+      echo 'expire.mode = age';
+      echo 'expire.override_lease_duration = 3 months';
+      echo '';
+      echo '[helper]';
+      echo 'enabled = false';
+      echo '';
+      echo '[connections]';
+      echo 'tcp = tor'; } > "$config_file"
 
     chown -R tahoelafs:debian-tor $TAHOE_DIR
 }
@@ -304,6 +309,7 @@ function restore_local_tahoelafs {
     else
         cp -r $temp_restore_dir/* $TAHOE_DIR/
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         if [ -d ${TAHOE_DIR}-old ]; then
             mv ${TAHOE_DIR}-old $TAHOE_DIR
@@ -346,14 +352,15 @@ function restore_remote_tahoelafs {
     else
         cp -r $temp_restore_dir/* $TAHOE_DIR/
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
-        if [ -d ${$TAHOE_DIR}-old ]; then
-            mv ${TAHOE_DIR}-old $TAHOE_DIR
+        if [ -d "${TAHOE_DIR}-old" ]; then
+            mv "${TAHOE_DIR}-old" $TAHOE_DIR
         fi
         exit 623925
     fi
-    if [ -d ${$TAHOE_DIR}-old ]; then
-        rm -rf ${$TAHOE_DIR}-old
+    if [ -d "${TAHOE_DIR}-old" ]; then
+        rm -rf "${TAHOE_DIR}-old"
     fi
     rm -rf $temp_restore_dir
     chown -R tahoelafs:debian-tor $TAHOE_DIR
@@ -398,7 +405,7 @@ function remove_tahoelafs {
     remove_completion_param install_tahoelafs
     function_check remove_onion_service
     remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
-    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
+    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} "$(get_tahoelafs_nick)"
     sed -i '/HidServAuth /d' /etc/tor/torrc
 
     groupdel -f tahoelafs
@@ -437,23 +444,23 @@ function create_tahoelafs_stealth_node {
         exit 682362
     fi
 
-    if [ ! -f ${node_dir}/tahoe.cfg ]; then
+    if [ ! -f "${node_dir}/tahoe.cfg" ]; then
         su -c "mkdir ${node_dir}" - tahoelafs
         su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs
-        tahoelafs_setup_storage_config ${node_dir}/tahoe.cfg ${node_nick}
+        tahoelafs_setup_storage_config "${node_dir}/tahoe.cfg" "${node_nick}"
     fi
 
-    if [ ! -f ${client_dir}/tahoe.cfg ]; then
+    if [ ! -f "${client_dir}/tahoe.cfg" ]; then
         su -c "mkdir ${client_dir}" - tahoelafs
         su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs
-        tahoelafs_setup_client_config ${client_dir}/tahoe.cfg ${client_nick}
+        tahoelafs_setup_client_config "${client_dir}/tahoe.cfg" "${client_nick}"
     fi
 }
 
 function create_tahoelafs_introducer {
     introducer_dir="$1"
 
-    if [ -f ${introducer_dir}/tahoe.cfg ]; then
+    if [ -f "${introducer_dir}/tahoe.cfg" ]; then
         return
     fi
 
@@ -470,7 +477,7 @@ function create_tahoelafs_storage_node {
         return
     fi
 
-    if [ -f ${node_dir}/tahoe.cfg ]; then
+    if [ -f "${node_dir}/tahoe.cfg" ]; then
         return
     fi
 
@@ -487,15 +494,15 @@ function create_tahoelafs_client {
         return
     fi
 
-    if [ -f ${client_dir}/tahoe.cfg ]; then
+    if [ -f "${client_dir}/tahoe.cfg" ]; then
         return
     fi
 
     su -c "mkdir ${client_dir}" - tahoelafs
     su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs
-    sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' $client_dir/tahoe.cfg
-    sed -i 's|tub.port =.*|tub.port = disabled|g' $client_dir/tahoe.cfg
-    sed -i 's|tub.location =.*|tub.location = disabled|g' $client_dir/tahoe.cfg
+    sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' "$client_dir/tahoe.cfg"
+    sed -i 's|tub.port =.*|tub.port = disabled|g' "$client_dir/tahoe.cfg"
+    sed -i 's|tub.location =.*|tub.location = disabled|g' "$client_dir/tahoe.cfg"
 }
 
 function get_tahoelafs_furl {
@@ -510,11 +517,11 @@ function get_tahoelafs_nick {
 }
 
 function get_tahoelafs_storage_hostname {
-    echo "$(cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname)"
+    cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname
 }
 
 function get_tahoelafs_public_key {
-    echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
+    grep 'v0-' "$TAHOE_DIR/storage/node.pubkey" | sed 's|pub-||g'
 }
 
 function add_tahoelafs_server {
@@ -549,10 +556,10 @@ function add_tahoelafs_server {
         fi
         echo '# storage' >> ${tahoelafs_storage_file}
     fi
-    echo "  ${public_key}:" >> ${tahoelafs_storage_file}
-    echo "    ann:" >> ${tahoelafs_storage_file}
-    echo "      nickname: ${nick}" >> ${tahoelafs_storage_file}
-    echo "      anonymous-storage-FURL: ${furl}" >> ${tahoelafs_storage_file}
+    { echo "  ${public_key}:";
+      echo "    ann:";
+      echo "      nickname: ${nick}";
+      echo "      anonymous-storage-FURL: ${furl}"; } >> "${tahoelafs_storage_file}"
     chown tahoelafs:debian-tor ${tahoelafs_storage_file}
 
     if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then
@@ -566,27 +573,27 @@ function create_tahoelafs_daemon {
     TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service
     echo "Creating daemon: $TAHOELAFS_DAEMON_FILE"
 
-    echo '[Unit]' > $TAHOELAFS_DAEMON_FILE
-    echo "Description=Tahoe-LAFS ${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE
-    echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE
-    echo '' >> $TAHOELAFS_DAEMON_FILE
-    echo '[Service]' >> $TAHOELAFS_DAEMON_FILE
-    echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
-    echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
-    echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
-    echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
-    echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
-    echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
-    echo '' >> $TAHOELAFS_DAEMON_FILE
-    echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
-    systemctl enable tahoelafs-${daemon_name}
+    { echo '[Unit]';
+      echo "Description=Tahoe-LAFS ${daemon_name}";
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=tahoelafs";
+      echo "Group=debian-tor";
+      echo "WorkingDirectory=${TAHOE_DIR}";
+      echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}";
+      echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TAHOELAFS_DAEMON_FILE"
+    systemctl enable "tahoelafs-${daemon_name}"
     systemctl daemon-reload
-    systemctl start tahoelafs-${daemon_name}
+    systemctl start "tahoelafs-${daemon_name}"
 }
 
 function create_tahoelafs_web {
@@ -596,44 +603,44 @@ function create_tahoelafs_web {
     TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login'
 
     tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs
-    echo 'server {' > $tahoelafs_nginx_site
-    echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;" >> $tahoelafs_nginx_site
-    echo "    server_name $TAHOELAFS_ONION_HOSTNAME;" >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
+      echo "    server_name $TAHOELAFS_ONION_HOSTNAME;";
+      echo ''; } > "$tahoelafs_nginx_site"
     function_check nginx_disable_sniffing
     nginx_disable_sniffing tahoelafs
-    echo '' >> $tahoelafs_nginx_site
-    echo '  # Logs' >> $tahoelafs_nginx_site
-    echo '  access_log /dev/null;' >> $tahoelafs_nginx_site
-    echo '  error_log /dev/null;' >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
-    echo '  # Root' >> $tahoelafs_nginx_site
-    echo "  root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
-    echo '  location / {' >> $tahoelafs_nginx_site
-    echo "    auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site
-    echo '    auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/tahoelafs/htdocs;";
+      echo '';
+      echo '  location / {';
+      echo "    auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";";
+      echo '    auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;'; } >> "$tahoelafs_nginx_site"
     function_check nginx_limits
     nginx_limits tahoelafs '15m'
-    echo '    rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header Host $http_host;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-NginX-Proxy true;' >> $tahoelafs_nginx_site
-    echo "    proxy_pass http://localhost:${TAHOELAFS_PORT};" >> $tahoelafs_nginx_site
-    echo '    proxy_redirect off;' >> $tahoelafs_nginx_site
-    echo '  }' >> $tahoelafs_nginx_site
-    echo '}' >> $tahoelafs_nginx_site
-
-    TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
+    { echo "    rewrite /(.*) /\$1 break;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$http_host;";
+      echo '    proxy_set_header X-NginX-Proxy true;';
+      echo "    proxy_pass http://localhost:${TAHOELAFS_PORT};";
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> "$tahoelafs_nginx_site"
+
+    TAHOELAFS_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
     if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
         touch /etc/nginx/.htpasswd-tahoelafs
     fi
     if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/${MY_USERNAME}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
+    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${MY_USERNAME}"
 
     function_check nginx_ensite
     nginx_ensite tahoelafs
@@ -641,7 +648,7 @@ function create_tahoelafs_web {
 }
 
 function install_tahoelafs {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         return
     fi
 
@@ -692,7 +699,7 @@ function install_tahoelafs {
     # create an onion address for client node
     TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
 
-    create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
+    create_tahoelafs_stealth_node "$TAHOE_DIR/storage" "$TAHOE_DIR/client" "${node_nick}" "${client_nick}"
 
     # start the storage node
     su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs

src/freedombone-app-tox

@@ -74,12 +74,12 @@ function logging_off_tox {
 function remove_user_tox {
     remove_username="$1"
 
-    if [ -d /home/$remove_username/.config/tox ]; then
-        if [ -d /home/$remove_username/.config/tox/chatlogs ]; then
-            shred -zu /home/$remove_username/.config/tox/chatlogs/*
-            rm -rf /home/$remove_username/.config/tox/chatlogs
+    if [ -d "/home/$remove_username/.config/tox" ]; then
+        if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
+            shred -zu "/home/$remove_username/.config/tox/chatlogs/*"
+            rm -rf "/home/$remove_username/.config/tox/chatlogs"
         fi
-        shred -zu /home/$remove_username/.config/tox/*
+        shred -zu "/home/$remove_username/.config/tox/*"
     fi
 }
 
@@ -87,27 +87,27 @@ function add_user_tox {
     new_username="$1"
 
     # Note: password isn't used
-    new_user_password="$2"
+    #new_user_password="$2"
 
     USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox
-    if [ ! -f $USER_TOX_FILE ]; then
-        mkdir -p /home/${new_username}/.config/tox
-        chown -R ${new_username}:${new_username} /home/${new_username}/.config
-        su -c "toxid -u ${new_username} -n data" - $new_username
-        su -c "toxid --setuser ${new_username}" - $new_username
+    if [ ! -f "$USER_TOX_FILE" ]; then
+        mkdir -p "/home/${new_username}/.config/tox"
+        chown -R "${new_username}":"${new_username}" "/home/${new_username}/.config"
+        su -c "toxid -u ${new_username} -n data" - "$new_username"
+        su -c "toxid --setuser ${new_username}" - "$new_username"
     fi
 }
 
 function run_client_tox {
     # create a tox user
     USER_TOX_FILE=/home/${USER}/.config/tox/data.tox
-    if [ ! -f $USER_TOX_FILE ]; then
-        mkdir -p /home/${USER}/.config/tox
-        chown -R ${USER}:${USER} /home/${USER}/.config
-        toxid -u ${USER} -n data
-        toxid --setuser ${USER}
+    if [ ! -f "$USER_TOX_FILE" ]; then
+        mkdir -p "/home/${USER}/.config/tox"
+        chown -R "${USER}":"${USER}" "/home/${USER}/.config"
+        toxid -u "${USER}" -n data
+        toxid --setuser "${USER}"
     fi
-    toxic -f $USER_TOX_FILE --force-tcp --SOCKS5-proxy 127.0.0.1 9050
+    toxic -f "$USER_TOX_FILE" --force-tcp --SOCKS5-proxy 127.0.0.1 9050
 }
 
 function install_interactive_tox {
@@ -121,16 +121,17 @@ function configure_interactive_tox {
     fi
     bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE)
     dialog --title $"Tox Bootstrap Node ID" \
-           --msgbox $"\n$bootstrap_id\n\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
+           --msgbox $"\\n$bootstrap_id\\n\\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
 }
 
 function mesh_tox_qtox {
-    if [ ! ${rootdir}$INSTALL_DIR ]; then
+    # shellcheck disable=SC2154
+    if [ ! "${rootdir}$INSTALL_DIR" ]; then
         INSTALL_DIR=${rootdir}/root/build
     fi
 
-    if [ ! -d ${rootdir}$INSTALL_DIR ]; then
-        mkdir -p ${rootdir}$INSTALL_DIR
+    if [ ! -d "${rootdir}$INSTALL_DIR" ]; then
+        mkdir -p "${rootdir}$INSTALL_DIR"
     fi
 
     chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
@@ -149,30 +150,30 @@ function mesh_tox_qtox {
     chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
 
     if [ -d /repos/qtox ]; then
-        mkdir ${rootdir}$INSTALL_DIR/qtox
-        cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
-        cd ${rootdir}$INSTALL_DIR/qtox
+        mkdir "${rootdir}$INSTALL_DIR/qtox"
+        cp -r -p /repos/qtox/. "${rootdir}$INSTALL_DIR/qtox"
+        cd "${rootdir}$INSTALL_DIR/qtox" || exit 264826826
         git pull
     else
-        git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
+        git clone "$QTOX_REPO" "${rootdir}$INSTALL_DIR/qtox"
     fi
 
-    if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
+    if [ ! -d "${rootdir}$INSTALL_DIR/qtox" ]; then
         exit 72428
     fi
-    cd ${rootdir}${INSTALL_DIR}/qtox
+    cd "${rootdir}${INSTALL_DIR}/qtox" || exit 235745728
     git checkout $QTOX_COMMIT -b $QTOX_COMMIT
-    chroot ${rootdir} /bin/bash -x <<EOF
+    chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/qtox
 export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
 cmake .
 make
 make install
 EOF
-    if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then
+    if [ ! -f "${rootdir}/usr/local/bin/qtox" ]; then
         exit 75784
     fi
-    cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox
+    cp "${rootdir}/usr/local/bin/qtox" "${rootdir}/usr/bin/qtox"
 }
 
 function reconfigure_tox {
@@ -181,9 +182,9 @@ function reconfigure_tox {
 
 function upgrade_tox {
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
-    if [[ $(commit_has_changed $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
-        cd $INSTALL_DIR/toxcore
+    set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
+    if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
+        cd "$INSTALL_DIR/toxcore" || exit 53683563
         sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
         autoreconf -i
         ./configure --enable-daemon
@@ -194,9 +195,9 @@ function upgrade_tox {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
-    if [[ $(commit_has_changed $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
-        cd $INSTALL_DIR/toxic
+    set_repo_commit "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
+    if [[ $(commit_has_changed "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
+        cd "$INSTALL_DIR/toxic" || exit 4684618
         make
         make install
     fi
@@ -221,12 +222,11 @@ function backup_local_tox {
 }
 
 function restore_local_tox {
-    if [ -d $USB_MOUNT/backup/tox ]; then
+    if [ -d "$USB_MOUNT/backup/tox" ]; then
         echo $"Restoring Tox node settings"
         function_check restore_directory_from_usb
         #restore_directory_from_usb / tox
-        restore_directory_from_usb /var/lib/tox-bootstrapd tox
-        if [ ! "$?" = "0" ]; then
+        if ! restore_directory_from_usb /var/lib/tox-bootstrapd tox; then
             function_check set_user_permissions
             set_user_permissions
             function_check backup_unmount_drive
@@ -234,8 +234,7 @@ function restore_local_tox {
             exit 6393
         fi
         cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
-        systemctl restart tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
+        if ! systemctl restart tox-bootstrapd.service; then
             systemctl status tox-bootstrapd.service
             function_check set_user_permissions
             set_user_permissions
@@ -259,17 +258,15 @@ function backup_remote_tox {
 }
 
 function restore_remote_tox {
-    if [ -d $SERVER_DIRECTORY/backup/tox ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/tox" ]; then
         echo $"Restoring Tox node settings"
         function_check restore_directory_from_friend
         #restore_directory_from_friend / tox
-        restore_directory_from_friend /var/lib/tox-bootstrapd tox
-        if [ ! "$?" = "0" ]; then
+        if ! restore_directory_from_friend /var/lib/tox-bootstrapd tox; then
             exit 93653
         fi
         cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
-        systemctl restart tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
+        if ! systemctl restart tox-bootstrapd.service; then
             systemctl status tox-bootstrapd.service
             exit 59369
         fi
@@ -283,8 +280,7 @@ function remove_tox_node {
     function_check remove_onion_service
     remove_onion_service tox ${TOX_PORT}
 
-    ${PROJECT_NAME}-mesh-install -f tox_node --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f tox_node --remove yes; then
         echo $'Failed to remove tox node'
         exit 763836
     fi
@@ -293,21 +289,20 @@ function remove_tox_node {
 }
 
 function remove_tox_avahi {
-    cd $INSTALL_DIR/toxid
+    cd "$INSTALL_DIR/toxid" || exit 82456275
     make uninstall
-    rm -rf $INSTALL_DIR/toxid
-    sed -i '/tox_avahi/d' $COMPLETION_FILE
+    rm -rf "$INSTALL_DIR/toxid"
+    sed -i '/tox_avahi/d' "$COMPLETION_FILE"
 }
 
 function remove_tox_client {
-    ${PROJECT_NAME}-mesh-install -f tox_client --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f tox_client --remove yes; then
         echo $'Could not remove Tox client'
         exit 737253
     fi
-    sed -i '/install_tox_client/d' $COMPLETION_FILE
-    sed -i '/Tox /d' $COMPLETION_FILE
-    sed -i '/Toxic /d' $COMPLETION_FILE
+    sed -i '/install_tox_client/d' "$COMPLETION_FILE"
+    sed -i '/Tox /d' "$COMPLETION_FILE"
+    sed -i '/Toxic /d' "$COMPLETION_FILE"
 }
 
 function remove_tox {
@@ -317,7 +312,7 @@ function remove_tox {
 }
 
 function configure_firewall_for_tox {
-    if [ ! $INSTALLING_MESH ]; then
+    if [ ! "$INSTALLING_MESH" ]; then
         if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
             return
         fi
@@ -331,16 +326,16 @@ function configure_firewall_for_tox {
         return
     fi
 
-    TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+    TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
     if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
         TOX_PORT=$TOX_PORT_MAIN
     fi
-    if [ ! $TOX_PORT ]; then
+    if [ ! "$TOX_PORT" ]; then
         echo $'No Tox port was specified'
         exit 32856
     fi
 
-    firewall_add Tox ${TOX_PORT}
+    firewall_add Tox "${TOX_PORT}"
     mark_completed "${FUNCNAME[0]}"
 }
 
@@ -355,24 +350,23 @@ function tox_avahi {
     fi
 
     # install a command to obtain the Tox ID
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 131497953
 
     if [ -d /repos/toxid ]; then
-        mkdir $INSTALL_DIR/toxid
-        cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
-        cd $INSTALL_DIR/toxid
+        mkdir "$INSTALL_DIR/toxid"
+        cp -r -p /repos/toxid/. "$INSTALL_DIR/toxid"
+        cd "$INSTALL_DIR/toxid" || exit 468276424526
         git pull
     else
         function_check git_clone
-        git_clone $TOXID_REPO $INSTALL_DIR/toxid
+        git_clone "$TOXID_REPO" "$INSTALL_DIR/toxid"
     fi
 
-    if [ ! -d $INSTALL_DIR/toxid ]; then
+    if [ ! -d "$INSTALL_DIR/toxid" ]; then
         exit 63921
     fi
-    cd $INSTALL_DIR/toxid
-    make
-    if [ ! "$?" = "0" ]; then
+    cd "$INSTALL_DIR/toxid" || exit 4782462846
+    if ! make; then
         exit 58432
     fi
     make install
@@ -399,13 +393,13 @@ function install_tox_node {
     mesh_tox_node
 
     # onion address for bootstrapping
-    TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
+    add_onion_service tox "${TOX_PORT}" "${TOX_PORT}"
 
     systemctl restart tox-bootstrapd.service
 
     sleep 3
 
-    TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
+    TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
     if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
         echo $'Could not obtain the tox node public key'
         exit 6529
@@ -435,58 +429,58 @@ function install_tox_client {
 
 function mesh_tox_node {
     # obtain commits from the main file
-    TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
         TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
     fi
-    if [ ! $TOXCORE_COMMIT ]; then
+    if [ ! "$TOXCORE_COMMIT" ]; then
         echo $'No Tox commit was specified'
         exit 76325
     fi
 
-    TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXID_REPO_MAIN=$(grep "TOXID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
         TOXID_REPO=$TOXID_REPO_MAIN
     fi
-    if [ ! $TOXID_REPO ]; then
+    if [ ! "$TOXID_REPO" ]; then
         echo $'No ToxID repo was specified'
         exit 78252
     fi
 
-    TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+    TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
     if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
         TOX_PORT=$TOX_PORT_MAIN
     fi
-    if [ ! $TOX_PORT ]; then
+    if [ ! "$TOX_PORT" ]; then
         echo $'No Tox port was specified'
         exit 32856
     fi
 
-    TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXCORE_REPO_MAIN=$(grep "TOXCORE_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
         TOXCORE_REPO=$TOXCORE_REPO_MAIN
     fi
-    if [ ! $TOXCORE_REPO ]; then
+    if [ ! "$TOXCORE_REPO" ]; then
         echo $'No Tox repo was specified'
         exit 16865
     fi
 
-    if [ ! $TOXCORE_COMMIT ]; then
+    if [ ! "$TOXCORE_COMMIT" ]; then
         echo $'No Tox commit was specified'
         exit 76325
     fi
 
-    if [ ! $TOXCORE_REPO ]; then
+    if [ ! "$TOXCORE_REPO" ]; then
         echo $'No Tox repo was specified'
         exit 16865
     fi
 
-    if [ $rootdir ]; then
-        chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
-        chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
-        chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
-        chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
-        chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
+    if [ "$rootdir" ]; then
+        chroot "${rootdir}" apt-get -yq install build-essential libtool autotools-dev
+        chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
+        chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
+        chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
+        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
     else
         apt-get -yq install build-essential libtool autotools-dev
         apt-get -yq install automake checkinstall check git yasm
@@ -495,27 +489,26 @@ function mesh_tox_node {
         apt-get -yq install libopus-dev libvpx-dev
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        mkdir -p ${rootdir}${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        mkdir -p "${rootdir}${INSTALL_DIR}"
     fi
-    if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
+    if [ ! -d "${rootdir}${INSTALL_DIR}/toxcore" ]; then
         if [ -d /repos/toxcore ]; then
-            mkdir ${rootdir}${INSTALL_DIR}/toxcore
-            cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
-            cd ${rootdir}${INSTALL_DIR}/toxcore
+            mkdir "${rootdir}${INSTALL_DIR}/toxcore"
+            cp -r -p /repos/toxcore/. "${rootdir}${INSTALL_DIR}/toxcore"
+            cd "${rootdir}${INSTALL_DIR}/toxcore" || exit 2468246284
             git pull
         else
-            git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
-            if [ ! "$?" = "0" ]; then
-                exit 429252
+            if ! git clone "${TOXCORE_REPO}" "${rootdir}${INSTALL_DIR}/toxcore"; then
+                exit 4292521
             fi
         fi
     fi
-    cd ${rootdir}$INSTALL_DIR/toxcore
-    git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT
+    cd "${rootdir}$INSTALL_DIR/toxcore" || exit 46824624
+    git checkout "$TOXCORE_COMMIT" -b "$TOXCORE_COMMIT"
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /bin/bash -x <<EOF
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
 autoreconf -i
 ./configure --enable-daemon
@@ -532,28 +525,28 @@ make install
 EOF
     fi
 
-    cp $rootdir/usr/local/lib/libtoxcore* $rootdir/usr/lib/
-    cp ${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/
-    sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} systemctl enable tox-bootstrapd.service
+    cp "$rootdir/usr/local/lib/libtoxcore*" "$rootdir/usr/lib/"
+    cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
+    sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" systemctl enable tox-bootstrapd.service
     else
         systemctl enable tox-bootstrapd.service
     fi
 
     SECONDS=0
-    if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
+    if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
         duration=$SECONDS
-        echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+        echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
         echo $'Unable to make toxcore'
         exit 73835
     fi
     duration=$SECONDS
-    echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+    echo $"Toxcore compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
-        chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
+        chroot "${rootdir}" /bin/chmod 700 /var/lib/tox-bootstrapd
     else
         chmod 600 /etc/shadow
         chmod 600 /etc/gshadow
@@ -564,87 +557,89 @@ EOF
     fi
 
     # remove Maildir
-    if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
-        rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
+    if [ -d "$rootdir/var/lib/tox-bootstrapd/Maildir" ]; then
+        rm -rf "$rootdir/var/lib/tox-bootstrapd/Maildir"
     fi
 
     # create configuration file
     TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
-    echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
-    echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
+    { echo "port = $TOX_PORT";
+      echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"';
+      echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"';
+      echo 'enable_ipv6 = true';
+      echo 'enable_ipv4_fallback = true';
+      echo 'enable_lan_discovery = true';
+      echo 'enable_tcp_relay = true';
+      echo "tcp_relay_ports = [443, 3389, $TOX_PORT]";
+      echo 'enable_motd = true';
+      echo 'motd = "tox-bootstrapd"'; } > "$TOX_BOOTSTRAP_CONFIG"
 
     if [ $TOX_NODES ]; then
-        echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
+        echo 'bootstrap_nodes = (' >> "$TOX_BOOTSTRAP_CONFIG"
         toxcount=0
         while [ "x${TOX_NODES[toxcount]}" != "x" ]
         do
-            toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
-            toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
-            toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
-            toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
-            toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
-            echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
+            # shellcheck disable=SC2102
+            nodes_str=$(echo $TOX_NODES[toxcount])
+            toxval_ipv4=$(awk "$nodes_str" -F ',' '{print $1}')
+            toxval_ipv6=$(awk "$nodes_str" -F ',' '{print $2}')
+            toxval_port=$(awk "$nodes_str" -F ',' '{print $3}')
+            toxval_pubkey=$(awk "$nodes_str" -F ',' '{print $4}')
+            toxval_maintainer=$(awk "$nodes_str" -F ',' '{print $5}')
+            echo "{ // $toxval_maintainer" >> "$TOX_BOOTSTRAP_CONFIG"
             if [[ $toxval_ipv6 != 'NONE' ]]; then
-                echo "  address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
+                echo "  address = \"$toxval_ipv6\"" >> "$TOX_BOOTSTRAP_CONFIG"
             else
-                echo "  address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
+                echo "  address = \"$toxval_ipv4\"" >> "$TOX_BOOTSTRAP_CONFIG"
             fi
-            echo "  port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
-            echo "  public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
-            toxcount=$(( $toxcount + 1 ))
+            echo "  port = $toxval_port" >> "$TOX_BOOTSTRAP_CONFIG"
+            echo "  public_key = \"$toxval_pubkey\"" >> "$TOX_BOOTSTRAP_CONFIG"
+            toxcount=$((toxcount + 1))
             if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
-                echo "}," >> $TOX_BOOTSTRAP_CONFIG
+                echo "}," >> "$TOX_BOOTSTRAP_CONFIG"
             else
-                echo "}" >> $TOX_BOOTSTRAP_CONFIG
+                echo "}" >> "$TOX_BOOTSTRAP_CONFIG"
             fi
         done
-        echo ')' >> $TOX_BOOTSTRAP_CONFIG
+        echo ')' >> "$TOX_BOOTSTRAP_CONFIG"
     fi
 
-    if [ -f $rootdir/var/lib/tox-bootstrapd/keys ]; then
-        chmod 700 $rootdir/var/lib/tox-bootstrapd/keys
+    if [ -f "$rootdir/var/lib/tox-bootstrapd/keys" ]; then
+        chmod 700 "$rootdir/var/lib/tox-bootstrapd/keys"
     fi
 }
 
 function mesh_tox_avahi {
-    if [ ! -d $rootdir/etc/avahi ]; then
+    if [ ! -d "$rootdir/etc/avahi" ]; then
         echo $'tox_avahi: avahi is not installed'
         exit 87359
     fi
 
-    if [ ! $TOXID_REPO ]; then
+    if [ ! "$TOXID_REPO" ]; then
         echo $'No ToxID repo was specified'
         exit 78252
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        mkdir -p ${rootdir}${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        mkdir -p "${rootdir}${INSTALL_DIR}"
     fi
 
     if [ -d /repos/toxid ]; then
-        mkdir ${rootdir}${INSTALL_DIR}/toxid
-        cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
-        cd ${rootdir}${INSTALL_DIR}/toxid
+        mkdir "${rootdir}${INSTALL_DIR}/toxid"
+        cp -r -p /repos/toxid/. "${rootdir}${INSTALL_DIR}/toxid"
+        cd "${rootdir}${INSTALL_DIR}/toxid" || exit 2468246
         git pull
     else
-        git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+        git clone "${TOXID_REPO}" "${rootdir}${INSTALL_DIR}/toxid"
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
+    if [ ! -d "${rootdir}${INSTALL_DIR}/toxid" ]; then
         echo $'Unable to clone toxid repo'
         exit 768352
     fi
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /bin/bash -x <<EOF
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxid
 make
 make install
@@ -657,45 +652,46 @@ make install
 EOF
     fi
 
-    if [ ! -f $rootdir/usr/local/bin/toxid ]; then
+    if [ ! -f "$rootdir/usr/local/bin/toxid" ]; then
         echo $'toxid not found'
         exit 74370
     fi
-    if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then
+    if [ ! -f "$rootdir/usr/local/bin/toxavahi" ]; then
         exit 3621729
     fi
 
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/cro        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 }
 
 function mesh_tox_client {
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     # obtain commits from the main file
-    TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    TOXIC_COMMIT_MAIN=$(grep "TOXIC_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
         TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
     fi
 
-    TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXIC_REPO_MAIN=$(grep "TOXIC_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
         TOXIC_REPO=$TOXIC_REPO_MAIN
     fi
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
-        chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        chroot ${rootdir} apt-get -yq install libqrencode-dev
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
+        chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
+        chroot "${rootdir}" apt-get -yq install libqrencode-dev
     else
         apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
@@ -704,57 +700,57 @@ function mesh_tox_client {
 
     TEMP_SCRIPT_NAME=fbtmp728353.sh
     TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
-    echo '#!/bin/bash' > $TEMP_SCRIPT
-    echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
-    echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
-    echo "    mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "    cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo '    git pull' >> $TEMP_SCRIPT
-    echo 'else' >> $TEMP_SCRIPT
-    echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo 'fi' >> $TEMP_SCRIPT
-    echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
-    echo 'make' >> $TEMP_SCRIPT
-    echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
-    echo '    exit 1' >> $TEMP_SCRIPT
-    echo 'fi' >> $TEMP_SCRIPT
-    echo 'make install' >> $TEMP_SCRIPT
-    echo 'exit 0' >> $TEMP_SCRIPT
+    { echo '#!/bin/bash';
+      echo "mkdir -p $INSTALL_DIR";
+      echo 'if [ -d /repos/toxic ]; then';
+      echo "    mkdir $INSTALL_DIR/toxic";
+      echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic";
+      echo "    cd $INSTALL_DIR/toxic";
+      echo '    git pull';
+      echo 'else';
+      echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic";
+      echo 'fi';
+      echo "cd $INSTALL_DIR/toxic";
+      echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
+      echo 'make';
+      echo 'if [ ! "$?" = "0" ]; then';
+      echo '    exit 1';
+      echo 'fi';
+      echo 'make install';
+      echo 'exit 0'; } > "$TEMP_SCRIPT"
     chmod +x $TEMP_SCRIPT
-    cp $TEMP_SCRIPT $rootdir/root/
+    cp "$TEMP_SCRIPT" "$rootdir/root/"
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     SECONDS=0
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /root/$TEMP_SCRIPT_NAME
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" "/root/$TEMP_SCRIPT_NAME"
     else
         /root/$TEMP_SCRIPT_NAME
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         cat -n /root/fbtmp728353.sh
         duration=$SECONDS
-        echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+        echo $"Toxic client compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
         echo $'Unable to make tox client'
         rm $TEMP_SCRIPT
         exit 74872
     fi
     rm $TEMP_SCRIPT
-    if [ ! -f $rootdir$TOXIC_FILE ]; then
+    if [ ! -f "$rootdir$TOXIC_FILE" ]; then
         echo $"Tox client was not installed to $TOXIC_FILE"
         exit 63278
     fi
     duration=$SECONDS
-    echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+    echo $"Toxic client compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
 }
 
 function enable_tox_repo {
-    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
-
+    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > "$rootdir/etc/apt/sources.list.d/tox.list"
 
-    cat >> $rootdir/root/gettoxkey.sh <<EOF
+    cat >> "$rootdir/root/gettoxkey.sh" <<EOF
 #!/bin/bash
 wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
 apt-key add /root/tox.key
@@ -769,30 +765,30 @@ EOF
 function install_tox {
     configure_firewall_for_tox
 
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_tox_node
         mesh_tox_avahi
         mesh_tox_client
     else
         avoid_tor_restart=
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
             if [[ $ONION_ONLY != 'no' ]]; then
                 avoid_tor_restart=1
             fi
         fi
 
         if [ $avoid_tor_restart ]; then
-            ${PROJECT_NAME}-logging on --onion
+            "${PROJECT_NAME}-logging" on --onion
         else
-            ${PROJECT_NAME}-logging on
+            "${PROJECT_NAME}-logging" on
         fi
 
         install_tox_node
 
         if [ $avoid_tor_restart ]; then
-            ${PROJECT_NAME}-logging off --onion
+            "${PROJECT_NAME}-logging" off --onion
         else
-            ${PROJECT_NAME}-logging off
+            "${PROJECT_NAME}-logging" off
         fi
 
         tox_avahi

src/freedombone-app-turtl

@@ -68,22 +68,24 @@ function logging_off_turtl {
 }
 
 function change_password_turtl {
-    change_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    change_username="$1"
+#    new_user_password="$2"
 }
 
 function remove_user_turtl {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_turtl {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
 function install_interactive_turtl {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -128,7 +130,7 @@ function configure_interactive_turtl_signups {
     dialog --title $"Allow new turtl signups" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
     sel=$?
     case $sel in
         0)
@@ -146,15 +148,14 @@ function configure_interactive_turtl_signups {
 }
 
 function configure_interactive_turtl_storage {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change storage limit" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>$data
+           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
     sel=$?
     case $sel in
         0)
-            STORAGE=$(<$data)
+            STORAGE=$(<"$data")
             if [ ${#STORAGE} -gt 0 ]; then
                 TURTL_STORAGE_LIMIT_MB=$STORAGE
                 sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
@@ -164,27 +165,31 @@ function configure_interactive_turtl_storage {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_turtl {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"turtl app settings" \
            --radiolist $"Choose an operation:" 12 70 3 \
            1 $"Enable/disable new user registrations" off \
            2 $"Change storage limit" off \
-           3 $"Exit" on 2> $data
+           3 $"Exit" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) configure_interactive_turtl_signups;;
         2) configure_interactive_turtl_storage;;
-        3) return;;
+        3) rm -f "$data"
+           return;;
     esac
+    rm -f "$data"
 }
 
 function reconfigure_turtl {
@@ -255,7 +260,7 @@ function restore_local_turtl {
         else
             cp -r ${temp_restore_dir}/* /etc/turtl/
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -273,6 +278,7 @@ function restore_local_turtl {
             cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -318,6 +324,7 @@ function restore_remote_turtl {
             cp -r ${temp_restore_dir}/* /etc/turtl/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             if [ -d /etc/turtl_previous ]; then
                 mv /etc/turtl_previous $TURTL_BASE_DIR
@@ -338,6 +345,7 @@ function restore_remote_turtl {
             cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             exit 26783
@@ -358,7 +366,7 @@ function remove_turtl {
     remove_rethinkdb
     remove_app turtl
     remove_completion_param install_turtl
-    sed -i '/turtl/d' $COMPLETION_FILE
+    sed -i '/turtl/d' "$COMPLETION_FILE"
     nginx_dissite $TURTL_DOMAIN_NAME
     if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
         rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@@ -444,18 +452,18 @@ __ENDCONFIG__
         exit 6238234
     fi
 
-    echo '[Unit]' > /etc/systemd/system/turtl.service
-    echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
-    echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
-    echo 'Requires=network.target' >> /etc/systemd/system/turtl.service
-    echo 'Requires=rethinkdb.service' >> /etc/systemd/system/turtl.service
-    echo 'After=network.target' >> /etc/systemd/system/turtl.service
-    echo 'After=rethinkdb.service' >> /etc/systemd/system/turtl.service
-    echo '' >> /etc/systemd/system/turtl.service
-    echo '[Service]' >> /etc/systemd/system/turtl.service
-    echo 'Type=simple' >> /etc/systemd/system/turtl.service
-    echo 'User=turtl' >> /etc/systemd/system/turtl.service
-    echo "WorkingDirectory=$TURTL_BASE_DIR/api/" >> /etc/systemd/system/turtl.service
+    { echo '[Unit]';
+      echo 'Description=Note taking service';
+      echo 'Documentation=http://turtl.it';
+      echo 'Requires=network.target';
+      echo 'Requires=rethinkdb.service';
+      echo 'After=network.target';
+      echo 'After=rethinkdb.service';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=turtl';
+      echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service
 
     if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
         echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
@@ -466,9 +474,9 @@ __ENDCONFIG__
             echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
         fi
     fi
-    echo '' >> /etc/systemd/system/turtl.service
-    echo '[Install]' >> /etc/systemd/system/turtl.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turtl.service
+    { echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
     chmod +x /etc/systemd/system/turtl.service
 
     chown -R turtl:turtl $TURTL_BASE_DIR
@@ -484,7 +492,7 @@ function install_turtl_api {
     if [ ! -d $TURTL_BASE_DIR ]; then
         mkdir -p $TURTL_BASE_DIR
     fi
-    cd $TURTL_BASE_DIR
+    cd "$TURTL_BASE_DIR" || exit 745726542
     mkdir cd $TURTL_BASE_DIR/data
     check_architecture=$(uname -a)
 
@@ -600,21 +608,21 @@ __ENDCONFIG__
     chown -R rethinkdb:rethinkdb /var/lib/rethinkdb
 
     # install turtl API
-    cd $TURTL_BASE_DIR/
+    cd "$TURTL_BASE_DIR/" || exit 6428462
 
     if [ -d /repos/turtl ]; then
         mkdir $TURTL_BASE_DIR/api
         cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
-        cd $TURTL_BASE_DIR/api
+        cd "$TURTL_BASE_DIR/api" || exit 57141845
         git pull
     else
         git clone $TURTL_REPO $TURTL_BASE_DIR/api
     fi
 
-    cd $TURTL_BASE_DIR/api
+    cd "$TURTL_BASE_DIR/api" || exit 35814614
     git checkout $TURTL_COMMIT -b $TURTL_COMMIT
     set_completion_param "turtl commit" "$TURTL_COMMIT"
-    cd $TURTL_BASE_DIR/quicklisp/local-projects
+    cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
     git clone git://github.com/orthecreedence/cl-hash-util
     if [[ "$check_architecture" != *"arm"* ]]; then
         if [[ "$check_architecture" == *"64"* ]]; then
@@ -657,54 +665,54 @@ function install_turtl_nginx {
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $TURTL_DOMAIN_NAME
-        echo 'server {' >> $turtl_nginx_site
-        echo '  listen 443 ssl;' >> $turtl_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $turtl_nginx_site
-        echo "  server_name ${TURTL_DOMAIN_NAME};" >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  # Security' >> $turtl_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name ${TURTL_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } >> "$turtl_nginx_site"
         function_check nginx_ssl
         nginx_ssl $TURTL_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $TURTL_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  # Logs' >> $turtl_nginx_site
-        echo '  access_log /dev/null;' >> $turtl_nginx_site
-        echo '  error_log /dev/null;' >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  location / {' >> $turtl_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  location / {'; } >> "$turtl_nginx_site"
         function_check nginx_limits
         nginx_limits $TURTL_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
-        echo '    proxy_set_header  Host $host;' >> $turtl_nginx_site
-        echo '    proxy_buffering   off;' >> $turtl_nginx_site
-        echo '  }' >> $turtl_nginx_site
-        echo '}' >> $turtl_nginx_site
+        { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
+          echo "    proxy_set_header  Host \$host;";
+          echo '    proxy_buffering   off;';
+          echo '  }';
+          echo '}'; } >> "$turtl_nginx_site"
     else
         echo -n '' > $turtl_nginx_site
     fi
-    echo 'server {' >> $turtl_nginx_site
-    echo "  listen 127.0.0.1:${TURTL_ONION_PORT};" >> $turtl_nginx_site
-    echo "  server_name ${TURTL_ONION_HOSTNAME};" >> $turtl_nginx_site
-    echo '' >> $turtl_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:${TURTL_ONION_PORT};";
+      echo "  server_name ${TURTL_ONION_HOSTNAME};";
+      echo ''; } >> $turtl_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $TURTL_DOMAIN_NAME
-    echo '' >> $turtl_nginx_site
-    echo '  # Logs' >> $turtl_nginx_site
-    echo '  access_log /dev/null;' >> $turtl_nginx_site
-    echo '  error_log /dev/null;' >> $turtl_nginx_site
-    echo '' >> $turtl_nginx_site
-    echo '  location / {' >> $turtl_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  location / {'; } >> $turtl_nginx_site
     function_check nginx_limits
     nginx_limits $TURTL_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
-    echo '    proxy_set_header  Host $host;' >> $turtl_nginx_site
-    echo '    proxy_buffering   off;' >> $turtl_nginx_site
-    echo '  }' >> $turtl_nginx_site
-    echo '}' >> $turtl_nginx_site
+    { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
+      echo "    proxy_set_header  Host \$host;";
+      echo '    proxy_buffering   off;';
+      echo '  }';
+      echo '}'; } >> $turtl_nginx_site
 
     function_check add_ddns_domain
     add_ddns_domain $TURTL_DOMAIN_NAME

src/freedombone-app-vim

@@ -62,27 +62,27 @@ function backup_local_vim {
             echo $"Backing up Vim config for $USERNAME"
 
             # create a temporary directory
-            if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                mkdir /home/$USERNAME/$VIM_TEMP_DIR
+            if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # copy config files into the directory
-            if [ -f /home/$USERNAME/.vimrc ]; then
-                cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.vimrc" ]; then
+                cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
-            if [ -f /home/$USERNAME/.viminfo ]; then
-                cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.viminfo" ]; then
+                cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # backup the directory
             function_check backup_directory_to_usb
-            backup_directory_to_usb /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+            backup_directory_to_usb "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
 
             # remove temporary directory
-            if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
             fi
         fi
     done
@@ -90,24 +90,25 @@ function backup_local_vim {
 
 function restore_local_vim {
     temp_restore_dir=/root/tempvim
-    if [ -d $USB_MOUNT/backup/vim ]; then
+    if [ -d "$USB_MOUNT/backup/vim" ]; then
         for d in $USB_MOUNT/backup/vim/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Vim config for $USERNAME"
                 function_check restore_directory_from_usb
-                restore_directory_from_usb $temp_restore_dir vim/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+                restore_directory_from_usb "$temp_restore_dir" "vim/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                        mkdir /home/$USERNAME/$VIM_TEMP_DIR
+                    if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                        mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -116,14 +117,14 @@ function restore_local_vim {
                     backup_unmount_drive
                     exit 664
                 fi
-                cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
-                if [ -f /home/$USERNAME/.viminfo ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+                cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+                if [ -f "/home/$USERNAME/.viminfo" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
                 fi
-                if [ -f /home/$USERNAME/.vimrc ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+                if [ -f "/home/$USERNAME/.vimrc" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
                 fi
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
                 rm -rf $temp_restore_dir
             fi
         done
@@ -137,27 +138,27 @@ function backup_remote_vim {
             echo $"Backing up Vim config for $USERNAME"
 
             # create a temporary directory
-            if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                mkdir /home/$USERNAME/$VIM_TEMP_DIR
+            if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # copy config files into the directory
-            if [ -f /home/$USERNAME/.vimrc ]; then
-                cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.vimrc" ]; then
+                cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
-            if [ -f /home/$USERNAME/.viminfo ]; then
-                cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.viminfo" ]; then
+                cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # backup the directory
             function_check backup_directory_to_friend
-            backup_directory_to_friend /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+            backup_directory_to_friend "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
 
             # remove temporary directory
-            if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
             fi
         fi
     done
@@ -165,24 +166,25 @@ function backup_remote_vim {
 
 function restore_remote_vim {
     temp_restore_dir=/root/tempvim
-    if [ -d $USB_MOUNT/backup/vim ]; then
+    if [ -d "$USB_MOUNT/backup/vim" ]; then
         for d in $USB_MOUNT/backup/vim/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Vim config for $USERNAME"
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir vim/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir vim/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                        mkdir /home/$USERNAME/$VIM_TEMP_DIR
+                    if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                        mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -191,14 +193,14 @@ function restore_remote_vim {
                     backup_unmount_drive
                     exit 664
                 fi
-                cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
-                if [ -f /home/$USERNAME/.viminfo ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+                cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+                if [ -f "/home/$USERNAME/.viminfo" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
                 fi
-                if [ -f /home/$USERNAME/.vimrc ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+                if [ -f "/home/$USERNAME/.vimrc" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
                 fi
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
                 rm -rf $temp_restore_dir
             fi
         done
@@ -210,7 +212,7 @@ function remove_vim {
     # This may change with Debian Stretch
     # apt-get -yq remove --purge vim
     update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_vim/d' $COMPLETION_FILE
+    sed -i '/install_vim/d' "$COMPLETION_FILE"
 
     # remove Vim as the mutt email editor
     if [ -f /etc/Muttrc ]; then
@@ -220,9 +222,9 @@ function remove_vim {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
@@ -244,11 +246,11 @@ function install_vim {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        echo "set editor=\"$VIM_MUTT_EDITOR\"" >> /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        echo "set editor=\"$VIM_MUTT_EDITOR\"" >> "/home/$USERNAME/.muttrc"
                     else
-                        sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" /home/$USERNAME/.muttrc
+                        sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi

src/freedombone-app-vpn

@@ -82,23 +82,24 @@ function install_interactive_vpn {
     VPN_DETAILS_COMPLETE=
     while [ ! $VPN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}')
-        if [ $currtlsport ]; then
+        if [ "$currtlsport" ]; then
             VPN_TLS_PORT=$currtlsport
         fi
         dialog --backtitle $"Freedombone Configuration" \
                --title $"VPN Configuration" \
-               --form $"\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
+               --form $"\\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
                $"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        tlsport=$(cat $data | sed -n 1p)
+        tlsport=$(sed -n 1p < "$data")
         if [ ${#tlsport} -gt 1 ]; then
             if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then
                 VPN_TLS_PORT="$tlsport"
@@ -106,27 +107,27 @@ function install_interactive_vpn {
                 write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
             fi
         fi
+        rm -f "$data"
     done
     clear
     APP_INSTALLED=1
 }
 
 function vpn_change_tls_port {
-    if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then
+    if ! grep -q "VPN-TLS" "$FIREWALL_CONFIG"; then
         EXISTING_VPN_TLS_PORT=443
     else
-        EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}')
+        EXISTING_VPN_TLS_PORT=$(grep "VPN-TLS" "$FIREWALL_CONFIG" | awk -F '=' '{print $2}')
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"VPN Configuration" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data
+           --inputbox $'Change TLS port' 10 50 "$EXISTING_VPN_TLS_PORT" 2>"$data"
     sel=$?
     case $sel in
         0)
-            tlsport=$(<$data)
+            tlsport=$(<"$data")
             if [ ${#tlsport} -gt 0 ]; then
                 if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then
                     clear
@@ -137,22 +138,22 @@ function vpn_change_tls_port {
 
                     for d in /home/*/ ; do
                         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-                        if [ -f /home/$USERNAME/stunnel-client.conf ]; then
-                            cp /etc/stunnel/stunnel-client.conf /home/$USERNAME/stunnel-client.conf
-                            chown $USERNAME:$USERNAME /home/$USERNAME/stunnel-client.conf
+                        if [ -f "/home/$USERNAME/stunnel-client.conf" ]; then
+                            cp "/etc/stunnel/stunnel-client.conf" "/home/$USERNAME/stunnel-client.conf"
+                            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel-client.conf"
                         fi
                     done
 
-                    if [ $VPN_TLS_PORT -eq 443 ]; then
+                    if [ "$VPN_TLS_PORT" -eq 443 ]; then
                         if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
-                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
+                            firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
                         fi
                         systemctl stop nginx
                         systemctl disable nginx
                     else
                         if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
-                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
-                            firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
+                            firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
+                            firewall_add VPN-TLS "${VPN_TLS_PORT}" tcp
                         fi
                         systemctl enable nginx
                         systemctl restart nginx
@@ -160,7 +161,7 @@ function vpn_change_tls_port {
 
                     systemctl restart stunnel
 
-                    if [ $VPN_TLS_PORT -eq 443 ]; then
+                    if [ "$VPN_TLS_PORT" -eq 443 ]; then
                         dialog --title $"VPN Configuration" \
                                --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
                     else
@@ -171,52 +172,56 @@ function vpn_change_tls_port {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function vpn_regenerate_client_keys {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Regenerate VPN keys for a user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'username' 10 50 2>$data
+           --inputbox $'username' 10 50 2>"$data"
     sel=$?
     case $sel in
         0)
-            USERNAME=$(<$data)
+            USERNAME=$(<"$data")
             if [ ${#USERNAME} -gt 0 ]; then
-                if [ -d /home/$USERNAME ]; then
+                if [ -d "/home/$USERNAME" ]; then
                     clear
-                    create_user_vpn_key $USERNAME
+                    create_user_vpn_key "$USERNAME"
                     dialog --title $"Regenerate VPN keys for a user" \
                            --msgbox $"VPN keys were regenerated for $USERNAME" 6 60
                 fi
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_vpn {
     read_config_param VPN_TLS_PORT
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"VPN Configuration" \
                --radiolist $"Choose an operation:" 13 70 3 \
                1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
                2 $"Regenerate keys for a user" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) vpn_change_tls_port;;
             2) vpn_regenerate_client_keys;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -231,8 +236,8 @@ function upgrade_vpn {
 function backup_local_vpn {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
         fi
     done
 
@@ -252,9 +257,9 @@ function restore_local_vpn {
 
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
-                cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
-                chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+            if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+                cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
             fi
         done
     fi
@@ -265,13 +270,13 @@ function restore_local_vpn {
         rm -rf ${temp_restore_dir}
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /home/$USERNAME/stunnel.pem ]; then
-                cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+            if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+                cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
             fi
-            if [ -f /home/$USERNAME/stunnel.p12 ]; then
-                cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+            if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+                cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
             fi
         done
     fi
@@ -280,8 +285,8 @@ function restore_local_vpn {
 function backup_remote_vpn {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
         fi
     done
 
@@ -301,9 +306,9 @@ function restore_remote_vpn {
 
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
-                cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
-                chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+            if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+                cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
             fi
         done
     fi
@@ -314,13 +319,13 @@ function restore_remote_vpn {
         rm -rf ${temp_restore_dir}
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /home/$USERNAME/stunnel.pem ]; then
-                cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+            if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+                cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
             fi
-            if [ -f /home/$USERNAME/stunnel.p12 ]; then
-                cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+            if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+                cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
             fi
         done
     fi
@@ -332,8 +337,8 @@ function remove_vpn {
     rm /etc/systemd/system/stunnel.service
 
     systemctl stop openvpn
-    if [ $VPN_TLS_PORT -ne 443 ]; then
-        firewall_remove VPN-TLS $VPN_TLS_PORT
+    if [ "$VPN_TLS_PORT" -ne 443 ]; then
+        firewall_remove VPN-TLS "$VPN_TLS_PORT"
     else
         systemctl enable nginx
         systemctl restart nginx
@@ -354,10 +359,10 @@ function remove_vpn {
     # remove any client keys
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
         fi
-        rm /home/$USERNAME/stunnel*
+        rm "/home/$USERNAME/stunnel*"
     done
     userdel -f vpn
     groupdel -f vpn
@@ -370,107 +375,108 @@ function remove_vpn {
 function create_user_vpn_key {
     username=$1
 
-    if [ ! -d /home/$username ]; then
+    if [ ! -d "/home/$username" ]; then
         return
     fi
 
     echo $"Creating VPN key for $username"
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 4728468246
 
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.crt
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.crt"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.key
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.key"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.csr
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.csr"
     fi
 
     sed -i 's| --interact||g' build-key
     ./build-key "$username"
 
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
         echo $'VPN user cert not generated'
         exit 783528
     fi
-    user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt)
+    user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
     if [ ${#user_cert} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.crt
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt"
         echo $'User cert generation failed'
         exit 634659
     fi
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
         echo $'VPN user key not generated'
         exit 682523
     fi
-    user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key)
+    user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
     if [ ${#user_key} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.key
+        cat "/etc/openvpn/easy-rsa/keys/$username.key"
         echo $'User key generation failed'
         exit 285838
     fi
 
     user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
 
-    echo 'client' > $user_vpn_cert_file
-    echo 'dev tun' >> $user_vpn_cert_file
-    echo 'proto tcp' >> $user_vpn_cert_file
-    echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
-    echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
-    echo 'resolv-retry infinite' >> $user_vpn_cert_file
-    echo 'nobind' >> $user_vpn_cert_file
-    echo 'tun-mtu 1500' >> $user_vpn_cert_file
-    echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
-    echo 'mssfix 1450' >> $user_vpn_cert_file
-    echo 'persist-key' >> $user_vpn_cert_file
-    echo 'persist-tun' >> $user_vpn_cert_file
-    echo 'auth-nocache' >> $user_vpn_cert_file
-    echo 'remote-cert-tls server' >> $user_vpn_cert_file
-    echo 'comp-lzo' >> $user_vpn_cert_file
-    echo 'verb 3' >> $user_vpn_cert_file
-    echo '' >> $user_vpn_cert_file
-
-    echo '<ca>' >> $user_vpn_cert_file
-    cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
-    echo '</ca>' >> $user_vpn_cert_file
-
-    echo '<cert>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file
-    echo '</cert>' >> $user_vpn_cert_file
-
-    echo '<key>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file
-    echo '</key>' >> $user_vpn_cert_file
-
-    chown $username:$username $user_vpn_cert_file
+    { echo 'client';
+      echo 'dev tun';
+      echo 'proto tcp';
+      echo "remote localhost $STUNNEL_PORT";
+      echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
+      echo 'resolv-retry infinite';
+      echo 'nobind';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'auth-nocache';
+      echo 'remote-cert-tls server';
+      echo 'comp-lzo';
+      echo 'verb 3';
+      echo ''; } > "$user_vpn_cert_file"
+
+    {
+        echo '<ca>';
+        cat /etc/openvpn/ca.crt;
+        echo '</ca>';
+
+        echo '<cert>';
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt;"
+        echo '</cert>';
+
+        echo '<key>';
+        cat "/etc/openvpn/easy-rsa/keys/$username.key;"
+        echo '</key>'; } >> "$user_vpn_cert_file"
+
+    chown "$username":"$username" "$user_vpn_cert_file"
 
     # keep a backup
-    cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn
+    cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
-    shred -zu /etc/openvpn/easy-rsa/keys/$username.key
+    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
 
     echo $"VPN key created at $user_vpn_cert_file"
 }
 
 function add_user_vpn {
     new_username="$1"
-    new_user_password="$2"
+#    new_user_password="$2"
 
-    create_user_vpn_key $new_username
+    create_user_vpn_key "$new_username"
     if [ -f /etc/stunnel/stunnel.pem ]; then
-        cp /etc/stunnel/stunnel.pem /home/$new_username/stunnel.pem
-        chown $new_username:$new_username /home/$new_username/stunnel.pem
+        cp /etc/stunnel/stunnel.pem "/home/$new_username/stunnel.pem"
+        chown "$new_username":"$new_username" "/home/$new_username/stunnel.pem"
     fi
     if [ -f /etc/stunnel/stunnel.p12 ]; then
-        cp /etc/stunnel/stunnel.p12 /home/$new_username/stunnel.p12
-        chown $new_username:$new_username /home/$new_username/stunnel.p12
+        cp /etc/stunnel/stunnel.p12 "/home/$new_username/stunnel.p12"
+        chown "$new_username":"$new_username" "/home/$new_username/stunnel.p12"
     fi
-    cp /etc/stunnel/stunnel-client.conf /home/$new_username/stunnel-client.conf
-    chown $new_username:$new_username /home/$new_username/stunnel-client.conf
+    cp /etc/stunnel/stunnel-client.conf "/home/$new_username/stunnel-client.conf"
+    chown "$new_username":"$new_username" "/home/$new_username/stunnel-client.conf"
 }
 
 function remove_user_vpn {
@@ -516,15 +522,16 @@ function generate_stunnel_keys {
     fi
     chmod 640 /etc/stunnel/stunnel.p12
 
-    cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
-    cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
-    chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
+    cp /etc/stunnel/stunnel.pem "/home/$MY_USERNAME/stunnel.pem"
+    cp /etc/stunnel/stunnel.p12 "/home/$MY_USERNAME/stunnel.p12"
+    chown "$MY_USERNAME":"$MY_USERNAME" "$prefix/home/$MY_USERNAME/stunnel*"
 }
 
 function install_stunnel {
     prefix=
     prefixchroot=
-    if [ $rootdir ]; then
+    # shellcheck disable=SC2154
+    if [ "$rootdir" ]; then
         prefix=$rootdir
         prefixchroot="chroot $rootdir"
         VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -532,53 +539,53 @@ function install_stunnel {
 
     $prefixchroot apt-get -yq install stunnel4
 
-    if [ ! $prefix ]; then
-        cd /etc/stunnel
+    if [ ! "$prefix" ]; then
+        cd /etc/stunnel || exit 46284624
         generate_stunnel_keys
     fi
 
-    echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf
-    echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
-    echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf
-    echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
-    echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
-
-    sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
-
-    echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf
-    echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf
-    echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
-    echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
-    echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
-    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
-
-    echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
-    echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo '' >> $prefix/etc/systemd/system/stunnel.service
-    echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo '' >> $prefix/etc/systemd/system/stunnel.service
-    echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service
-
-    if [ ! $prefix ]; then
+    { echo 'chroot = /var/lib/stunnel4';
+      echo 'pid = /stunnel4.pid';
+      echo 'setuid = stunnel4';
+      echo 'setgid = stunnel4';
+      echo 'socket = l:TCP_NODELAY=1';
+      echo 'socket = r:TCP_NODELAY=1';
+      echo 'cert = /etc/stunnel/stunnel.pem';
+      echo '[openvpn]';
+      echo "accept = $VPN_TLS_PORT";
+      echo 'connect = localhost:1194';
+      echo 'cert = /etc/stunnel/stunnel.pem';
+      echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel.conf"
+
+    sed -i 's|ENABLED=.*|ENABLED=1|g' "$prefix/etc/default/stunnel4"
+
+    { echo '[openvpn]';
+      echo 'client = yes';
+      echo "accept = $STUNNEL_PORT";
+      echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT";
+      echo 'cert = stunnel.pem';
+      echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel-client.conf"
+
+    { echo '[Unit]';
+      echo 'Description=SSL tunnel for network daemons';
+      echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html';
+      echo 'DefaultDependencies=no';
+      echo 'After=network.target';
+      echo 'After=syslog.target';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target';
+      echo 'Alias=stunnel.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=forking';
+      echo 'RuntimeDirectory=stunnel';
+      echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf';
+      echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf';
+      echo 'ExecStop=/usr/bin/killall -9 stunnel';
+      echo 'RemainAfterExit=yes'; } > "$prefix/etc/systemd/system/stunnel.service"
+
+    if [ ! "$prefix" ]; then
         if [ $VPN_TLS_PORT -eq 443 ]; then
             systemctl stop nginx
             systemctl disable nginx
@@ -591,15 +598,15 @@ function install_stunnel {
         systemctl daemon-reload
         systemctl start stunnel
 
-        cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
+        cp /etc/stunnel/stunnel-client.conf "/home/$MY_USERNAME/stunnel-client.conf"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/stunnel*"
     fi
 }
 
 function vpn_generate_keys {
     # generate host keys
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
-        ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
+        "${PROJECT_NAME}-dhparam" -o /etc/openvpn/dh2048.pem
     fi
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
         echo $'vpn dhparams were not generated'
@@ -607,7 +614,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 5628756256
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -651,13 +659,13 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
 
-    create_user_vpn_key ${MY_USERNAME}
+    create_user_vpn_key "${MY_USERNAME}"
 }
 
 function install_vpn {
     prefix=
     prefixchroot=
-    if [ $rootdir ]; then
+    if [ "$rootdir" ]; then
         prefix=$rootdir
         prefixchroot="chroot $rootdir"
         VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -668,50 +676,50 @@ function install_vpn {
     $prefixchroot useradd -r -s /bin/false -g vpn vpn
 
     # server configuration
-    echo 'port 1194' > $prefix/etc/openvpn/server.conf
-    echo 'proto tcp' >> $prefix/etc/openvpn/server.conf
-    echo 'dev tun' >> $prefix/etc/openvpn/server.conf
-    echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf
-    echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf
-    echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf
-    echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf
-    echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf
-    echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf
-    echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf
-    echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf
-    echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf
-    echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf
-    echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf
-    echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf
-    echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf
-    echo 'persist-key' >> $prefix/etc/openvpn/server.conf
-    echo 'persist-tun' >> $prefix/etc/openvpn/server.conf
-    echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf
-    echo 'verb 3' >> $prefix/etc/openvpn/server.conf
-    echo '' >> $prefix/etc/openvpn/server.conf
-
-    if [ ! $prefix ]; then
+    { echo 'port 1194';
+      echo 'proto tcp';
+      echo 'dev tun';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'ca /etc/openvpn/ca.crt';
+      echo 'cert /etc/openvpn/server.crt';
+      echo 'key /etc/openvpn/server.key';
+      echo 'dh /etc/openvpn/dh2048.pem';
+      echo 'server 10.8.0.0 255.255.255.0';
+      echo 'push "redirect-gateway def1 bypass-dhcp"';
+      echo "push \"dhcp-option DNS 85.214.73.63\"";
+      echo "push \"dhcp-option DNS 213.73.91.35\"";
+      echo 'keepalive 5 30';
+      echo 'comp-lzo';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'status /dev/null';
+      echo 'verb 3';
+      echo ''; } > "$prefix/etc/openvpn/server.conf"
+
+    if [ ! "$prefix" ]; then
         echo 1 > /proc/sys/net/ipv4/ip_forward
     fi
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf
+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' "$prefix/etc/sysctl.conf"
 
-    cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn
-    if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then
-        mkdir $prefix/etc/openvpn/easy-rsa/keys
+    cp -r "$prefix/usr/share/easy-rsa/" "$prefix/etc/openvpn"
+    if [ ! -d "$prefix/etc/openvpn/easy-rsa/keys" ]; then
+        mkdir "$prefix/etc/openvpn/easy-rsa/keys"
     fi
 
     # keys configuration
-    sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
-
-    if [ ! $prefix ]; then
+    sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+
+    if [ ! "$prefix" ]; then
         vpn_generate_keys
         firewall_enable_vpn
 
@@ -724,7 +732,7 @@ function install_vpn {
 
     install_stunnel
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         systemctl restart openvpn
     fi