Tidying

src/freedombone-app-zeronet

@@ -105,7 +105,7 @@ function remove_zeronet_blog {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog
     fi
     remove_completion_param install_zeronet_blog
-    sed -i '/zeronet blog/d' $COMPLETION_FILE
+    sed -i '/zeronet blog/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_mail {
@@ -113,7 +113,7 @@ function remove_zeronet_mail {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail
     fi
     remove_completion_param install_zeronet_mail
-    sed -i '/zeronet mail/d' $COMPLETION_FILE
+    sed -i '/zeronet mail/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_forum {
@@ -121,7 +121,7 @@ function remove_zeronet_forum {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk
     fi
     remove_completion_param install_zeronet_forum
-    sed -i '/zeronet forum/d' $COMPLETION_FILE
+    sed -i '/zeronet forum/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet {
@@ -133,10 +133,10 @@ function remove_zeronet {
     firewall_remove ${TRACKER_PORT}
     firewall_remove 1900 udp
 
-    ${PROJECT_NAME}-mesh-install -f zeronet --remove yes
+    "${PROJECT_NAME}-mesh-install" -f zeronet --remove yes
     remove_completion_param install_zeronet
     remove_completion_param configure_firewall_for_zeronet
-    sed -i '/zeronet/d' $COMPLETION_FILE
+    sed -i '/zeronet/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_zeronet {
@@ -161,14 +161,14 @@ function install_zeronet_blog {
 
     ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 246284728
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then
         echo $'Unable to create blog'
         exit 479
     fi
-    blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
-    blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    blog_address=$(grep "Site address" blog.txt | awk -F ':' '{print $2}')
+    blog_private_key=$(grep "Site private key" blog.txt | awk -F ':' '{print $2}')
     ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
     ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
 
@@ -197,24 +197,24 @@ function install_zeronet_blog {
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroBlog
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 47298462874
     git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
     set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT"
 
     echo $"ZeroNet Blog address:     $ZERONET_BLOG_ADDRESS"
     echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroBlog/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
-    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
+    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s/Blogging platform Demo/Blogging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_BLOG_ADDRESS" "$ZERONET_BLOG_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
@@ -223,11 +223,11 @@ function install_zeronet_blog {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog
+    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myblog"
 
     install_completed zeronet_blog
 }
@@ -244,14 +244,14 @@ function install_zeronet_mail {
 
     ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 4628462862
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then
         echo $'Unable to create mail'
         exit 479
     fi
-    mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
-    mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    mail_address=$(grep "Site address" mail.txt | awk -F ':' '{print $2}')
+    mail_private_key=$(grep "Site private key" mail.txt | awk -F ':' '{print $2}')
     ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
     ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
 
@@ -280,24 +280,24 @@ function install_zeronet_mail {
         echo $'ZeroMail repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroMail
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 246284682
     git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
     set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT"
 
     echo $"ZeroNet Mail address:     $ZERONET_MAIL_ADDRESS"
     echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroMail/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
-    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
+    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s/Mailging platform Demo/Mailging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_MAIL_ADDRESS" "$ZERONET_MAIL_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
@@ -306,11 +306,11 @@ function install_zeronet_mail {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail
+    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/mymail"
 
     install_completed zeronet_mail
 }
@@ -327,14 +327,14 @@ function install_zeronet_forum {
 
     ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 472984624628
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then
         echo $'Unable to create forum'
         exit 479
     fi
-    forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
-    forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    forum_address=$(grep "Site address" forum.txt | awk -F ':' '{print $2}')
+    forum_private_key=$(grep "Site private key" forum.txt | awk -F ':' '{print $2}')
     ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
     ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
 
@@ -368,13 +368,13 @@ function install_zeronet_forum {
 
     echo $"Forum address:     $ZERONET_FORUM_ADDRESS"
     echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroTalk/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i 's/Messaging Board Demo/Messaging Board/g' "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_FORUM_ADDRESS" "$ZERONET_FORUM_PRIVATE_KEY" --inner_path data/users/content.json
 
     # Add an avahi service
     function_check create_avahi_service
@@ -383,11 +383,11 @@ function install_zeronet_forum {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum
+    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myforum"
 
     install_completed zeronet_forum
 }
@@ -397,7 +397,7 @@ function install_zeronet_main {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f zeronet
+    "${PROJECT_NAME}-mesh-install" -f zeronet
     systemctl daemon-reload
     systemctl start tracker.service
     systemctl start zeronet.service
@@ -408,117 +408,118 @@ function install_zeronet_main {
 }
 
 function mesh_zeronet {
-    ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_REPO_MAIN=$(grep "ZERONET_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then
         ZERONET_REPO=$ZERONET_REPO_MAIN
     fi
-    if [ ! $ZERONET_REPO ]; then
+    if [ ! "$ZERONET_REPO" ]; then
         echo $'No ZeroNet repo was specified'
         exit 723539
     fi
 
-    ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_COMMIT_MAIN=$(grep "ZERONET_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then
         ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
     fi
-    if [ ! $ZERONET_COMMIT ]; then
+    if [ ! "$ZERONET_COMMIT" ]; then
         echo $'No ZeroNet commit was specified'
         exit 490439
     fi
 
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python python-msgpack python-gevent
     chroot "$rootdir" apt-get -yq install python-pip bittornado
     chroot "$rootdir" pip install msgpack-python --upgrade
 
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/zeronet/" -s /bin/false zeronet
 
     if [ -d /repos/zeronet ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/zeronet
-        cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
-        cd $rootdir$MESH_INSTALL_DIR/zeronet
+        mkdir "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cp -r -p /repos/zeronet/. "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2648246284
         git pull
     else
-        git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+        git clone "$ZERONET_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet"
     fi
 
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet" ]; then
         echo 'WARNING: Unable to clone zeronet'
         return
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet
-    git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
-    if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
-        echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2468276484682
+    git checkout "$ZERONET_COMMIT" -b "$ZERONET_COMMIT"
+    if ! grep -q "ZeroNet commit" "$COMPLETION_FILE"; then
+        echo "ZeroNet commit:$ZERONET_COMMIT" >> "$rootdir$COMPLETION_FILE"
     else
-        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
+        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" "$COMPLETION_FILE"
     fi
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 
     # Hack to ensure that the file access port is opened
     # This is because zeronet normally relies on an internet site
     # to do this, but on a purely local mesh the internet isn't available
-    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
+    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' "$rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py"
 
     ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
-    echo '[Unit]' > $ZERONET_DAEMON
-    echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
-    echo 'After=syslog.target' >> $ZERONET_DAEMON
-    echo 'After=network.target' >> $ZERONET_DAEMON
-    echo '[Service]' >> $ZERONET_DAEMON
-    echo 'Type=simple' >> $ZERONET_DAEMON
-    echo 'User=zeronet' >> $ZERONET_DAEMON
-    echo 'Group=zeronet' >> $ZERONET_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
-    echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo 'TimeoutSec=300' >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo '[Install]' >> $ZERONET_DAEMON
-    echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Zeronet Server';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=zeronet';
+      echo 'Group=zeronet';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet";
+      echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$ZERONET_DAEMON"
 
     TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
-    echo '[Unit]' > $TRACKER_DAEMON
-    echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
-    echo 'After=syslog.target' >> $TRACKER_DAEMON
-    echo 'After=network.target' >> $TRACKER_DAEMON
-    echo '[Service]' >> $TRACKER_DAEMON
-    echo 'Type=simple' >> $TRACKER_DAEMON
-    echo 'User=tracker' >> $TRACKER_DAEMON
-    echo 'Group=tracker' >> $TRACKER_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
-    echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo 'TimeoutSec=300' >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo '[Install]' >> $TRACKER_DAEMON
-    echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
-
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/tracker
-    fi
-    chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
+    { echo '[Unit]';
+      echo 'Description=Torrent Tracker';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=tracker';
+      echo 'Group=tracker';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker";
+      echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
+
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/tracker/" -s /bin/false tracker
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/tracker" ]; then
+        mkdir "$rootdir$MESH_INSTALL_DIR/tracker"
+    fi
+    chroot "$rootdir" chown -R tracker:tracker "$MESH_INSTALL_DIR/tracker"
 
     # publish regularly
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 
     chroot "$rootdir" systemctl enable tracker.service
@@ -526,95 +527,95 @@ function mesh_zeronet {
 }
 
 function mesh_zeronet_blog {
-    ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_BLOG_REPO=$(grep "ZERONET_BLOG_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
+    git clone "$ZERONET_BLOG_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" ]; then
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 247824628
+    git checkout "$ZERONET_BLOG_COMMIT" -b "$ZERONET_BLOG_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_mail {
-    ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_MAIL_REPO=$(grep "ZERONET_MAIL_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
+    git clone "$ZERONET_MAIL_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" ]; then
         echo $'ZeroMail repo could not be cloned'
         exit 78493
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 2467824628
+    git checkout "$ZERONET_MAIL_COMMIT" -b "$ZERONET_MAIL_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_forum {
-    ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_FORUM_REPO=$(grep "ZERONET_FORUM_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
+    git clone "$ZERONET_FORUM_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" ]; then
         echo $'ZeroTalk repo could not be cloned'
         exit 78252
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" || exit 246824628
+    git checkout "$ZERONET_FORUM_COMMIT" -b "$ZERONET_FORUM_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_id {
-    ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_ID_REPO=$(grep "ZERONET_ID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_ID_COMMIT=$(grep "ZERONET_ID_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
+    git clone "$ZERONET_ID_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" ]; then
         echo $'ZeroID repo could not be cloned'
         exit 37936
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" || exit 8723563244
+    git checkout "$ZERONET_ID_COMMIT" -b "$ZERONET_ID_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function install_zeronet {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_zeronet
         mesh_zeronet_blog
         mesh_zeronet_mail

src/freedombone-archive-mail

@@ -33,34 +33,34 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-archive-mail
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation"
 
 for d in /home/*/ ; do
     USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
     if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
         # for every user who has a mail directory
-        if [ -d /home/$USERNAME/Maildir ]; then
+        if [ -d "/home/$USERNAME/Maildir" ]; then
             MUTTRC=/home/$USERNAME/.muttrc
             # update archives
             python /usr/bin/cleanup-maildir --archive-folder="archive" --maildir-root="/home/$USERNAME/Maildir" archive ""
             # ensure the user has permissions on the archives
             for archive_dir in /home/$USERNAME/Maildir/archive-* ; do
-                chown -R $USERNAME:$USERNAME $archive_dir
+                chown -R "$USERNAME":"$USERNAME" "$archive_dir"
             done
             # add the archive to .muttrc if needed
-            if [ -f $MUTTRC ]; then
-                MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+            if [ -f "$MUTTRC" ]; then
+                MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
                 YR=$(date +"%Y")
                 PREV_YR=$((YR - 1))
                 BACKUP_DIRECTORY=archive-$YR
                 PREV_BACKUP_DIRECTORY=archive-$PREV_YR
                 if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then
                     if [[ $MUTT_MAILBOXES == *$PREV_BACKUP_DIRECTORY* ]]; then
-                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     else
-                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     fi
-                    chown $USERNAME:$USERNAME $MUTTRC
+                    chown "$USERNAME":"$USERNAME" "$MUTTRC"
                 fi
             fi
         fi

src/freedombone-backup-local

@@ -59,13 +59,13 @@ function please_wait {
 
 please_wait
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # include utils which allow function_check and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 clear
@@ -82,7 +82,7 @@ ADMIN_NAME=
 # Sites are suspended so that verification should work
 SUSPENDED_SITE=
 
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function make_backup_directory {
     # make a backup directory on the drive
@@ -100,7 +100,7 @@ function make_backup_directory {
 function check_storage_space_remaining {
     # Check space remaining on the usb drive
     used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}')
-    if [ $used_percent -gt 95 ]; then
+    if [ "$used_percent" -gt 95 ]; then
         echo $"Less than 5% of space remaining on backup drive"
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -114,105 +114,105 @@ function backup_users {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # Backup any gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # Backup any personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # Backup ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # Backup fin database if it exists
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # Backup emacs
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
-                backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "config/$USERNAME"
             fi
 
             # Backup user configs
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # Backup monkeysphere
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # Backup user local
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # Backup mutt
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # Backup email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive for $USERNAME"
-                if [ ! -d /root/tempbackupemail/$USERNAME ]; then
-                    mkdir -p /root/tempbackupemail/$USERNAME
+                if [ ! -d "/root/tempbackupemail/$USERNAME" ]; then
+                    mkdir -p "/root/tempbackupemail/$USERNAME"
                 fi
-                tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/tempbackupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_usb "/root/tempbackupemail/$USERNAME" "mail/$USERNAME"
             fi
 
             # Backup spamassassin
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # Backup procmail
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
@@ -231,11 +231,11 @@ function backup_directories {
     for dr in "${backup_dirs[@]}"
     do
         # if this directory exists then back it up to the given destination
-        source_directory=$(echo $dr | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-        if [ -d $source_directory ]; then
-            dest_directory=$(echo $dr | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        source_directory=$(echo "$dr" | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        if [ -d "$source_directory" ]; then
+            dest_directory=$(echo "$dr" | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
             echo $"Backing up $source_directory to $dest_directory"
-            backup_directory_to_usb $source_directory $dest_directory
+            backup_directory_to_usb "$source_directory" "$dest_directory"
         fi
 
         restart_site
@@ -243,8 +243,8 @@ function backup_directories {
 }
 
 function remove_backup_directory {
-    if [ $1 ]; then
-        if [[ $1 == "remove" ]]; then
+    if [ "$1" ]; then
+        if [[ "$1" == "remove" ]]; then
             if [ -d $USB_MOUNT/backup ]; then
                 rm -rf $USB_MOUNT/backup
                 echo $'Existing backup directory removed'
@@ -274,7 +274,7 @@ function backup_blocklist {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_usb $temp_backup_dir blocklist
@@ -287,8 +287,8 @@ function backup_configfiles {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
@@ -297,13 +297,13 @@ function backup_configfiles {
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
@@ -355,7 +355,8 @@ function backup_postgresql {
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
@@ -375,8 +376,8 @@ if [[ $1 == "remove" ]]; then
 fi
 
 gpg_agent_setup root
-backup_mount_drive $1 $2
-remove_backup_directory $remove_option
+backup_mount_drive "$1" "$2"
+remove_backup_directory "$remove_option"
 make_backup_directory
 check_storage_space_remaining
 backup_users

src/freedombone-backup-remote

@@ -43,20 +43,20 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # utilities needed for backup commands
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Temporary location for data to be backed up to other servers
 SERVER_DIRECTORY=/root/remotebackup
 
 # get the version of Go being used
-GO_VERSION=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go | grep 'GO_VERSION=' | head -n 1 | awk -F '=' '{print $2}')
+GO_VERSION=$(grep 'GO_VERSION=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go" | head -n 1 | awk -F '=' '{print $2}')
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
 ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
@@ -66,7 +66,7 @@ if [ ! -f /etc/ssl/private/backup.key ]; then
     ${PROJECT_NAME}-addcert -h backup --dhkey 2048
 fi
 
-if [ ! -f /home/${ADMIN_USERNAME}/backup.list ]; then
+if [ ! -f "/home/${ADMIN_USERNAME}/backup.list" ]; then
     exit 1
 fi
 
@@ -92,16 +92,16 @@ function suspend_site {
         return
     fi
     SUSPENDED_SITE="$1"
-    nginx_dissite $SUSPENDED_SITE
+    nginx_dissite "$SUSPENDED_SITE"
     systemctl reload nginx
 }
 
 function restart_site {
     # restarts a given website
-    if [ ! $SUSPENDED_SITE ]; then
+    if [ ! "$SUSPENDED_SITE" ]; then
         return
     fi
-    nginx_ensite $SUSPENDED_SITE
+    nginx_ensite "$SUSPENDED_SITE"
     systemctl reload nginx
     SUSPENDED_SITE=
 }
@@ -115,7 +115,7 @@ function backup_blocklist {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_friend $temp_backup_dir blocklist
@@ -128,8 +128,8 @@ function backup_configfiles {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
@@ -138,13 +138,13 @@ function backup_configfiles {
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
@@ -158,114 +158,114 @@ function backup_users {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # syncthing files
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
 
             # config files
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # monkeysphere files
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # fin files
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # local files
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # mutt settings
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # procmail settings
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
             # spamassassin settings
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive"
-                if [ ! -d /root/backupemail/$USERNAME ]; then
-                    mkdir -p /root/backupemail/$USERNAME
+                if [ ! -d "/root/backupemail/$USERNAME" ]; then
+                    mkdir -p "/root/backupemail/$USERNAME"
                 fi
-                tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/backupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_friend "/root/backupemail/$USERNAME" "mail/$USERNAME"
             fi
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
@@ -313,13 +313,13 @@ function backup_web_server {
 }
 
 function backup_admin_readme {
-    if [ -f /home/$ADMIN_USERNAME/README ]; then
+    if [ -f "/home/$ADMIN_USERNAME/README" ]; then
         echo $"Backing up README"
-        if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then
-            mkdir -p /home/$ADMIN_USERNAME/tempbackup
+        if [ ! -d "/home/$ADMIN_USERNAME/tempbackup" ]; then
+            mkdir -p "/home/$ADMIN_USERNAME/tempbackup"
         fi
-        cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup
-        backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme
+        cp -f "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/tempbackup"
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/tempbackup" readme
     fi
 }
 
@@ -330,12 +330,12 @@ function backup_mariadb {
             mkdir $temp_backup_dir
         fi
         keep_database_running
-        mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
+        mysqldump --password="$DATABASE_PASSWORD" mysql user > "$temp_backup_dir/mysql.sql"
         if [ ! -s $temp_backup_dir/mysql.sql ]; then
             echo $"Unable to backup MariaDB settings"
             rm -rf $temp_backup_dir
             # Send a warning email
-            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
             exit 653
         fi
         echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@@ -353,12 +353,13 @@ function backup_postgresql {
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
         exit 684365
     fi
     echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@@ -375,10 +376,10 @@ function get_key_share {
     # Get a share index based on the supplied domain name
     # This ensures that the same share is always given to the same domain
     sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN")
-    share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -)
+    share_index=$(echo $((0x${sharenumstr%% *} % no_of_shares)) | tr -d -)
 
     # get the filename
-    share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*)
+    share_files=("/home/$USERNAME/.gnupg_fragments/keyshare.asc.*")
     share_filename=${share_files[share_index]}
 
     echo "$share_filename"
@@ -391,35 +392,37 @@ function disperse_key_shares {
     REMOTE_PASSWORD=$4
     REMOTE_SERVER=$5
 
-    if [ -d /home/$USERNAME/.gnupg_fragments ]; then
-        if [ $REMOTE_DOMAIN ]; then
-            cd /home/$USERNAME/.gnupg_fragments
+    if [ -d "/home/$USERNAME/.gnupg_fragments" ]; then
+        if [ "$REMOTE_DOMAIN" ]; then
+            cd "/home/$USERNAME/.gnupg_fragments" || exit 34687246462
+            # shellcheck disable=SC2012
             no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
             if (( no_of_shares > 1 )); then
-                share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN")
+                share_filename=$(get_key_share "$no_of_shares" "$USERNAME" "$REMOTE_DOMAIN")
 
                 # create a temp directory containing the share
                 temp_key_share_dir=/home/$USERNAME/tempkey
                 temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME}
-                mkdir -p $temp_key_share_fragments
-                cp $share_filename $temp_key_share_fragments/
+                mkdir -p "$temp_key_share_fragments"
+                cp "$share_filename" "$temp_key_share_fragments/"
 
                 # copy the fragments directory to the remote server
                 /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
-                                 scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER
+                                 scp -r -P "$REMOTE_SSH_PORT" "$temp_key_share_fragments" "$REMOTE_SERVER"
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     # Send a warning email
                     echo "Key share to $REMOTE_SERVER failed" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 else
                     # Send a confirmation email
                     echo "Key ${share_filename} shared to $REMOTE_SERVER" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 fi
 
                 # remove the temp file/directory
-                shred -zu $temp_key_share_fragments/*
-                rm -rf $temp_key_share_dir
+                shred -zu "$temp_key_share_fragments/*"
+                rm -rf "$temp_key_share_dir"
             fi
         fi
     fi
@@ -449,13 +452,13 @@ if [[ $TEST_MODE == "no" ]]; then
 fi
 
 # For each remote server
-while read remote_server
+while read -r remote_server
 do
     # Get the server and its password
     # Format is:
     #   username@domain <port number> /home/username <ssh password>
     REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-    if [ $REMOTE_SERVER ]; then
+    if [ "$REMOTE_SERVER" ]; then
         REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}')
         REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
         REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
@@ -469,23 +472,22 @@ do
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER
+                disperse_key_shares "$USERNAME" "$REMOTE_DOMAIN" "$REMOTE_SSH_PORT" "$REMOTE_PASSWORD" "$REMOTE_SERVER"
             fi
         done
 
         if [[ $TEST_MODE == "yes" ]]; then
             echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER"
         fi
-        rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER
-        if [ ! "$?" = "0" ]; then
+        if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$SERVER_DIRECTORY/backup" "$REMOTE_SERVER"; then
             echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log
             # Send a warning email
-            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
         else
             echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log
         fi
     fi
 
-done < /home/${ADMIN_USERNAME}/backup.list
+done < "/home/${ADMIN_USERNAME}/backup.list"
 
 exit 0

src/freedombone-base-tripwire

@@ -37,7 +37,7 @@ function backup_remote_tripwire {
 }
 
 function remove_tripwire {
-    if ! grep -Fxq "tripwire" $COMPLETION_FILE; then
+    if ! grep -Fxq "tripwire" "$COMPLETION_FILE"; then
         return
     fi
     apt-get -yq remove --purge tripwire
@@ -45,7 +45,7 @@ function remove_tripwire {
         rm -rf /etc/tripwire
     fi
     rm /usr/bin/reset-tripwire
-    sed -i '/tripwire/d' $COMPLETION_FILE
+    sed -i '/tripwire/d' "$COMPLETION_FILE"
 }
 
 function install_tripwire {
@@ -60,35 +60,35 @@ function install_tripwire {
 
     apt-get -yq install tripwire qrencode
     apt-get -yq autoremove
-    cd /etc/tripwire
-
-    echo 'ROOT          =/usr/sbin' > /etc/tripwire/twcfg.txt
-    echo 'POLFILE       =/etc/tripwire/tw.pol' >> /etc/tripwire/twcfg.txt
-    echo 'DBFILE        =/var/lib/tripwire/$(HOSTNAME).twd' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTFILE    =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr' >> /etc/tripwire/twcfg.txt
-    echo 'SITEKEYFILE   =/etc/tripwire/$(HOSTNAME)-site.key' >> /etc/tripwire/twcfg.txt
-    echo 'LOCALKEYFILE  =/etc/tripwire/$(HOSTNAME)-local.key' >> /etc/tripwire/twcfg.txt
-    echo 'EDITOR        =/usr/bin/editor' >> /etc/tripwire/twcfg.txt
-    echo 'LATEPROMPTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'LOOSEDIRECTORYCHECKING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILNOVIOLATIONS =false' >> /etc/tripwire/twcfg.txt
-    echo 'EMAILREPORTLEVEL =3' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTLEVEL   =3' >> /etc/tripwire/twcfg.txt
-    echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILMETHOD    =SENDMAIL' >> /etc/tripwire/twcfg.txt
-    echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPHOST      =localhost' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPPORT      =25' >> /etc/tripwire/twcfg.txt
-    echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
-    echo 'MAILFROMADDRESS =tripwire@$(HOSTNAME)' >> /etc/tripwire/twcfg.txt
+    cd /etc/tripwire || exit 246852845
+
+    { echo 'ROOT          =/usr/sbin';
+      echo 'POLFILE       =/etc/tripwire/tw.pol';
+      echo "DBFILE        =/var/lib/tripwire/\$(HOSTNAME).twd";
+      echo "REPORTFILE    =/var/lib/tripwire/report/\$(HOSTNAME)-\$(DATE).twr";
+      echo "SITEKEYFILE   =/etc/tripwire/\$(HOSTNAME)-site.key";
+      echo "LOCALKEYFILE  =/etc/tripwire/\$(HOSTNAME)-local.key";
+      echo 'EDITOR        =/usr/bin/editor';
+      echo 'LATEPROMPTING =false';
+      echo 'LOOSEDIRECTORYCHECKING =false';
+      echo 'MAILNOVIOLATIONS =false';
+      echo 'EMAILREPORTLEVEL =3';
+      echo 'REPORTLEVEL   =3';
+      echo 'SYSLOGREPORTING =false';
+      echo 'MAILMETHOD    =SENDMAIL';
+      echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t';
+      echo 'SMTPHOST      =localhost';
+      echo 'SMTPPORT      =25';
+      echo 'TEMPDIRECTORY =/tmp';
+      echo "MAILFROMADDRESS =tripwire@\$(HOSTNAME)"; } > /etc/tripwire/twcfg.txt
 
     echo '
 
-       ' | twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key -S /etc/tripwire/${HOSTNAME}-site.key
+       ' | twadmin --generate-keys -L "/etc/tripwire/${HOSTNAME}-local.key" -S "/etc/tripwire/${HOSTNAME}-site.key"
 
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
 
     # make a script for easy resetting of the tripwire
     echo '#!/bin/sh' > /usr/bin/reset-tripwire
@@ -137,14 +137,14 @@ function install_tripwire {
     sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt
 
     # Avoid logging the changed database
-    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
+    sed -i "s|\$(TWETC)/tw.pol.*||g" /etc/tripwire/twpol.txt
     # site key name
-    sed -i 's|$(TWETC)/site.key|$(TWETC)/$(HOSTNAME)-site.key|g' /etc/tripwire/twpol.txt
+    sed -i "s|$(TWETC)/site.key|\$(TWETC)/\$(HOSTNAME)-site.key|g" /etc/tripwire/twpol.txt
 
     # create the policy
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
 
     mark_completed "${FUNCNAME[0]}"
 }

src/freedombone-client

@@ -55,11 +55,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
 fi
 
 # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
-UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
-SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
+UTILS_SSH="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh"
+SSH_CIPHERS=$(grep 'SSH_CIPHERS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_MACS=$(grep 'SSH_MACS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_KEX=$(grep 'SSH_KEX=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_HOST_KEY_ALGORITHMS=$(grep 'SSH_HOST_KEY_ALGORITHMS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
 
 # refresh gpg keys every few hours
 REFRESH_GPG_KEYS_HOURS=2
@@ -74,7 +74,7 @@ function global_rate_limit {
     fi
 
     sudo cp $SYSCTL_FILE ~/sysctl.conf
-    sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/sysctl.conf
     if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
         echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
     else
@@ -94,7 +94,7 @@ function refresh_gpg_keys {
         fi
     fi
     sudo cp /etc/crontab ~/temp_crontab
-    sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/temp_crontab
     if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then
         echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
         sudo cp ~/temp_crontab /etc/crontab
@@ -105,8 +105,9 @@ function refresh_gpg_keys {
 
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
 function ssh_remove_small_moduli {
-    sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
-    sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli
+    # shellcheck disable=SC2024
+    sudo awk '$5 > 2000' /etc/ssh/moduli > "/home/$CURR_USER/moduli"
+    sudo mv "/home/$CURR_USER/moduli" /etc/ssh/moduli
 }
 
 function configure_ssh_client {
@@ -124,7 +125,7 @@ function configure_ssh_client {
     sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
     if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
@@ -134,7 +135,7 @@ function configure_ssh_client {
     sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
     if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   Ciphers $SSH_CIPHERS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
@@ -142,17 +143,17 @@ function configure_ssh_client {
     sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
     if ! grep -q "MACs " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   MACs $SSH_MACS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
     fi
 
     # Create ssh keys
-    if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_ed25519" ]; then
         ssh-keygen -t ed25519 -o -a 100
     fi
-    if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_rsa" ]; then
         ssh-keygen -t rsa -b 2048 -o -a 100
     fi
 
@@ -170,20 +171,20 @@ function configure_ssh_client {
     fi
     if ! grep -q "# ${PROJECT_NAME} settings" ~/.ssh/config; then
         if ! grep -q 'ProxyCommand' ~/.ssh/config; then
-            echo "# ${PROJECT_NAME} settings start" >> ~/.ssh/config
-            echo 'Host *.onion' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
+            { echo "# ${PROJECT_NAME} settings start";
+              echo 'Host *.onion';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
 
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo "  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
             else
                 echo "  ProxyCommand $proxycmd" >> ~/.ssh/config
             fi
-            echo 'Host *' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            { echo 'Host *';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo '  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
             fi
             echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
@@ -194,8 +195,8 @@ function configure_ssh_client {
     echo $'Go to the Administrator Control Panel, select "Manage Users", '
     echo $'"Change user ssh public key" then "yes" and paste the following:'
     echo ''
-    echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub)
-    echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub)
+    cat "/home/$CURR_USER/.ssh/id_rsa.pub"
+    cat "/home/$CURR_USER/.ssh/id_ed25519.pub"
     echo ''
     echo $'Then go to "Security Settings", select "Allow ssh login with passwords"'
     echo $'and set it to "no".'
@@ -222,37 +223,37 @@ function setup_client_app_irc {
     else
         sudo pacman -S --noconfirm hexchat tor
     fi
-    if [ ! -d /home/$CURR_USER/.config/hexchat ]; then
-        mkdir -p /home/$CURR_USER/.config/hexchat
+    if [ ! -d "/home/$CURR_USER/.config/hexchat" ]; then
+        mkdir -p "/home/$CURR_USER/.config/hexchat"
     fi
-    echo 'net_proxy_host = 127.0.0.1' > /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_port = 9050' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_type = 3' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_use = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+    { echo 'net_proxy_host = 127.0.0.1';
+      echo 'net_proxy_port = 9050';
+      echo 'net_proxy_type = 3';
+      echo 'net_proxy_use = 0';
 
-    echo 'net_proxy_auth = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_pass = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_user = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'net_proxy_auth = 1';
+      echo 'net_proxy_pass = HexChat';
+      echo 'net_proxy_user = HexChat';
 
-    echo 'dcc_auto_chat = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_resume = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_send = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_hide_version = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'identd = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'dcc_auto_chat = 0';
+      echo 'dcc_auto_resume = 0';
+      echo 'dcc_auto_send = 0';
+      echo 'irc_hide_version = 1';
+      echo 'identd = 0';
 
-    echo 'away_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_part_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_quit_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'away_reason =';
+      echo 'irc_part_reason =';
+      echo 'irc_quit_reason =';
 
-    echo "irc_real_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_user_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick1 = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick2 = ${USER}_" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick3 = ${USER}__" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo "irc_real_name = ${USER}";
+      echo "irc_user_name = ${USER}";
+      echo "irc_nick1 = ${USER}";
+      echo "irc_nick2 = ${USER}_";
+      echo "irc_nick3 = ${USER}__";
 
-    echo 'completion_suffix = :' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'completion_suffix = :';
 
-    echo 'gui_slist_skip = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'gui_slist_skip = 1'; } > "/home/$CURR_USER/.config/hexchat/hexchat.conf"
 
     echo $'hexchat configured'
 }
@@ -272,8 +273,8 @@ function setup_client_app {
 
 function remove_known_hosts_entries {
     # remove any previous freedombone entries from known hosts
-    if [ -f /home/$CURR_USER/.ssh/known_hosts ]; then
-        sed -i "/${PROJECT_NAME}.local/d" /home/$CURR_USER/.ssh/known_hosts
+    if [ -f "/home/$CURR_USER/.ssh/known_hosts" ]; then
+        sed -i "/${PROJECT_NAME}.local/d" "/home/$CURR_USER/.ssh/known_hosts"
     fi
 }
 

src/freedombone-clientcert

@@ -59,34 +59,34 @@ function show_help {
 
 while [ $# -gt 1 ]
 do
-key="$1"
-
-case $key in
-    --help)
-    show_help
-    ;;
-    -u|--username)
+    key="$1"
+
+    case $key in
+        --help)
+            show_help
+            ;;
+        -u|--username)
+            shift
+            USERNAME="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
     shift
-    USERNAME="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     echo $'No username specified'
     exit 5748
 fi
 
-if [ ! -d /home/$USERNAME ]; then
+if [ ! -d "/home/$USERNAME" ]; then
     echo $"User $USERNAME not found"
     exit 76239
 fi
 
-if [ -d /home/$USERNAME/emailcert ]; then
+if [ -d "/home/$USERNAME/emailcert" ]; then
     echo $'Client certs were already for created'
     exit 2953
 fi
@@ -97,75 +97,71 @@ fi
 
 # Add a user password
 if ! grep -q "$USERNAME:{plain}" /etc/dovecot/passwd-file; then
-  echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
+    echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
 fi
 
 chmod 600 /etc/dovecot/passwd-file
 
 # create a user cert
-${PROJECT_NAME}-addcert -h $USERNAME --nodh ""
+"${PROJECT_NAME}-addcert" -h "$USERNAME" --nodh ""
 
-if [ ! -f /etc/ssl/private/$USERNAME.key ]; then
+if [ ! -f "/etc/ssl/private/$USERNAME.key" ]; then
     echo $'User certificates were not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 74835
 fi
 
 # create a certificate request
 openssl req -new -sha256 -subj \
         "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" \
-        -key /etc/ssl/private/$USERNAME.key \
-        -out /etc/ssl/requests/$USERNAME.csr
+        -key "/etc/ssl/private/$USERNAME.key" \
+        -out "/etc/ssl/requests/$USERNAME.csr"
 
-if [ ! -f /etc/ssl/requests/$USERNAME.csr ]; then
+if [ ! -f "/etc/ssl/requests/$USERNAME.csr" ]; then
     echo $'Certificate request was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 83520
 fi
 
 # sign the certificate request
-cd /etc/ssl
+cd /etc/ssl || exit 742742542
 openssl ca -config /etc/ssl/dovecot-ca.cnf \
-        -in /etc/ssl/requests/$USERNAME.csr \
-        -out /etc/ssl/certs/$USERNAME.cer
+        -in "/etc/ssl/requests/$USERNAME.csr" \
+        -out "/etc/ssl/certs/$USERNAME.cer"
 
-if [ ! -f /etc/ssl/certs/$USERNAME.cer ]; then
+if [ ! -f "/etc/ssl/certs/$USERNAME.cer" ]; then
     echo $'Authentication certificate was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 343569
 fi
 
 # move the cert to the user's home
-mkdir /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
-cp /etc/ssl/certs/dovecot.crt /home/$USERNAME/emailcert
-cp /etc/ssl/certs/ca-$HOSTNAME.crt /home/$USERNAME/emailcert
-mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer \
-        -out /home/$USERNAME/emailcert/$USERNAME.p12 \
-        -inkey /home/$USERNAME/emailcert/$USERNAME.key \
-        -certfile /home/$USERNAME/emailcert/ca-$HOSTNAME.crt \
+mkdir "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.cer" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/dovecot.crt" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/ca-$HOSTNAME.crt" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/private/$USERNAME.key" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.crt" "/home/$USERNAME/emailcert"
+openssl pkcs12 -export -in "/home/$USERNAME/emailcert/$USERNAME.cer" \
+        -out "/home/$USERNAME/emailcert/$USERNAME.p12" \
+        -inkey "/home/$USERNAME/emailcert/$USERNAME.key" \
+        -certfile "/home/$USERNAME/emailcert/ca-$HOSTNAME.crt" \
         -password pass:""
 
 # make an install script
-echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh
-echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv dovecot.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.key /etc/ssl/private" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo 'exit 0' >> /home/$USERNAME/emailcert/install.sh
+{ echo '#!/bin/bash';
+  echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.crt /etc/ssl/certs";
+  echo "sudo mv dovecot.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.key /etc/ssl/private";
+  echo 'exit 0'; } > "/home/$USERNAME/emailcert/install.sh"
 
 # set permissions for the user
-chmod -R 755 /home/$USERNAME/emailcert
-chown -R $USERNAME:$USERNAME /home/$USERNAME/emailcert
-chmod +x /home/$USERNAME/emailcert/install.sh
+chmod -R 755 "/home/$USERNAME/emailcert"
+chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
+chmod +x "/home/$USERNAME/emailcert/install.sh"
 
-shred -zu /etc/ssl/requests/$USERNAME.csr
+shred -zu "/etc/ssl/requests/$USERNAME.csr"
 
 echo $'Email authentication certificate created. You can obtain it on the client with:'
 echo ''

src/freedombone-config

@@ -43,7 +43,7 @@ export TEXTDOMAINDIR="/usr/share/locale"
 FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # file containing new password
 IMAGE_PASSWORD_FILE=/root/login.txt
@@ -118,18 +118,18 @@ function please_wait {
         echo -n ''
 }
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 function show_help {
@@ -157,23 +157,25 @@ function choose_email_address {
         while [ ${#MY_EMAIL_ADDRESS} -lt 5 ]
         do
             EMAIL_ADDRESS=$(grep 'MY_EMAIL_ADDRESS' temp.cfg | awk -F '=' '{print $2}')
-            if [ ! $EMAIL_ADDRESS ]; then
+            if [ ! "$EMAIL_ADDRESS" ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
             if [ ${#MY_EMAIL_ADDRESS} -lt 5 ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
 
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> $data
+                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> "$data"
             sel=$?
             case $sel in
-                0) MY_EMAIL_ADDRESS=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) MY_EMAIL_ADDRESS=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     fi
     save_configuration_values
@@ -183,23 +185,24 @@ function choose_social_instance_domain_name {
     DEFAULT_DOMAIN_DETAILS_COMPLETE=
     while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Instance domain" \
-                   --form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
+                   --form $"\\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
                    $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                    $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
-                   2> $data
+                   2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                 if [ ! $VALID_CODE ]; then
                     DEFAULT_DOMAIN_NAME=
@@ -208,24 +211,27 @@ function choose_social_instance_domain_name {
         else
             dialog --backtitle $"Freedombone Configuration" \
                    --inputbox $"Enter your instance domain name:" 10 45 \
-                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         fi
-        if [ $DEFAULT_DOMAIN_NAME ]; then
+        if [ "$DEFAULT_DOMAIN_NAME" ]; then
             TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                 DEFAULT_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
                 DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
             fi
         fi
+        rm -f "$data"
     done
     save_configuration_values
 }
@@ -242,8 +248,7 @@ function choose_default_domain_name {
         DEFAULT_DOMAIN_DETAILS_COMPLETE=
         while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Your main domain name" \
@@ -252,23 +257,26 @@ function choose_default_domain_name {
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
                        $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
-                       2> $data
+                       2> "$data"
                 sel=$?
                 case $sel in
-                    1) exit 1;;
-                    255) exit 1;;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
-                DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-                DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-                EMAIL_DOMAIN_CODE=$(cat $data | sed -n 3p)
-                XMPP_DOMAIN_CODE=$(cat $data | sed -n 4p)
-                if [ $DEFAULT_DOMAIN_NAME ]; then
+                DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+                DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+                EMAIL_DOMAIN_CODE=$(sed -n 3p < "$data")
+                XMPP_DOMAIN_CODE=$(sed -n 4p < "$data")
+                rm -f "$data"
+                if [ "$DEFAULT_DOMAIN_NAME" ]; then
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
                     fi
                 fi
-                if [ $EMAIL_DOMAIN_CODE ]; then
+                if [ "$EMAIL_DOMAIN_CODE" ]; then
                     validate_freedns_code "$EMAIL_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
@@ -277,7 +285,7 @@ function choose_default_domain_name {
                         write_config_param "EMAIL_DOMAIN_CODE" "$EMAIL_DOMAIN_CODE"
                     fi
                 fi
-                if [ $XMPP_DOMAIN_CODE ]; then
+                if [ "$XMPP_DOMAIN_CODE" ]; then
                     validate_freedns_code "$XMPP_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
@@ -289,18 +297,20 @@ function choose_default_domain_name {
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \
-                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
                 sel=$?
                 case $sel in
-                    0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                    1) exit 1;;
-                    255) exit 1;;
+                    0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
             fi
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                     DEFAULT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
@@ -313,8 +323,7 @@ function choose_default_domain_name {
 }
 
 function dynamic_dns_setup {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Choose Dynamic DNS provider:" 40 40 40 \
            1 dyn.com off \
@@ -349,13 +358,15 @@ function dynamic_dns_setup {
            30 strato.com off \
            31 freemyip.com off \
            32 cloudxns.net off \
-           33 none off 2> $data
+           33 none off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DDNS_PROVIDER="default@www.dyn.com";;
         2) DDNS_PROVIDER="default@freedns.afraid.org";;
         3) DDNS_PROVIDER="default@www.zoneedit.com";;
@@ -389,8 +400,10 @@ function dynamic_dns_setup {
         31) DDNS_PROVIDER="default@freemyip.com";;
         32) DDNS_PROVIDER="default@www.cloudxns.net";;
         33) DDNS_PROVIDER="none";;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     save_configuration_values
 
     valid_ddns_username=
@@ -403,50 +416,55 @@ function dynamic_dns_setup {
     else
         while [ ! $valid_ddns_username ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_username=$(cat $data)
+                0)  possible_username=$(cat "$data")
                     if [ "$possible_username" ]; then
                         if [ ${#possible_username} -gt 1 ]; then
-                            valid_ddns_username=$(cat $data)
-                            DDNS_USERNAME=$valid_ddns_username
+                            valid_ddns_username=$(cat "$data")
+                            DDNS_USERNAME="$valid_ddns_username"
+                            rm -f "$data"
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
         save_configuration_values
 
         while [ ! $valid_ddns_password ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --clear \
                    --insecure \
-                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_password=$(cat $data)
+                0)  possible_password=$(cat "$data")
                     if [ "$possible_password" ]; then
                         if [ ${#possible_password} -gt 1 ]; then
-                            valid_ddns_password=$(cat $data)
+                            valid_ddns_password=$(cat "$data")
                             DDNS_PASSWORD=$valid_ddns_password
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            if [ ${#DDNS_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            rm -f "$data"
+            if [ ${#DDNS_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40
                 DDNS_PASSWORD=""
             fi
@@ -458,10 +476,10 @@ function dynamic_dns_setup {
 function choose_dynamic_dns {
     DDNS_PROVIDER="none"
 
-    if [[ $SYSTEM_TYPE != "mesh"* && $ONION_ONLY == "no" ]]; then
+    if [[ "$SYSTEM_TYPE" != "mesh"* && "$ONION_ONLY" == "no" ]]; then
         dialog --title $"Dynamic DNS" \
                --backtitle $"Freedombone Configuration" \
-               --yesno $"\nConfigure a dynamic DNS service?\n\nIf it is already handled by your internet router then select 'no'." 10 50
+               --yesno $"\\nConfigure a dynamic DNS service?\\n\\nIf it is already handled by your internet router then select 'no'." 10 50
         sel=$?
         case $sel in
             0) dynamic_dns_setup;;
@@ -472,9 +490,8 @@ function choose_dynamic_dns {
 }
 
 function choose_debian_repo {
-    if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+    if [[ "$MINIMAL_INSTALL" == "no" ]]; then
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
                --radiolist $"Where to download Debian packages from:" 25 45 49 \
                1 $"Australia" off \
@@ -525,13 +542,15 @@ function choose_debian_repo {
                46 $"Turkey" off \
                47 $"Ukraine" off \
                48 $"United Kingdom" off \
-               49 $"United States" on 2> $data
+               49 $"United States" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) DEBIAN_REPO='ftp.au.debian.org';;
             2) DEBIAN_REPO='ftp.at.debian.org';;
             3) DEBIAN_REPO='ftp.by.debian.org';;
@@ -581,8 +600,10 @@ function choose_debian_repo {
             47) DEBIAN_REPO='ftp.ua.debian.org';;
             48) DEBIAN_REPO='ftp.uk.debian.org';;
             49) DEBIAN_REPO='ftp.us.debian.org';;
-            255) exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
         save_configuration_values
     else
         DEBIAN_REPO='ftp.de.debian.org'
@@ -591,28 +612,31 @@ function choose_debian_repo {
 
 function choose_rng {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        if [[ $INSTALLING_ON_BBB != "yes" ]]; then
+        data=$(mktemp 2>/dev/null)
+        if [[ "$INSTALLING_ON_BBB" != "yes" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --radiolist $"Type of Random Number Generator:" 10 40 2 \
                    1 Haveged on \
-                   2 OneRNG off 2> $data
+                   2 OneRNG off 2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            case $(cat $data) in
+            case $(cat "$data") in
                 2) HWRNG_TYPE="onerng"
                    dialog --title $"OneRNG Device" \
                           --msgbox $"Please ensure that the OneRNG device is disconnected. You can reconnect it later during the installation" 8 60
                    ;;
-                255) exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         else
             HWRNG_TYPE="beaglebone"
         fi
+        rm -f "$data"
         save_configuration_values
     fi
 }
@@ -621,9 +645,7 @@ function choose_social_key_management {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
         interactive_gpg
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        SOCIAL_KEY_STR=$"\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\n\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
+        SOCIAL_KEY_STR=$"\\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\\n\\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
         if [[ $(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" temp.cfg | awk -F '=' '{print $2}') == "yes" ]]; then
             dialog --title $"Social Key Management" \
                    --backtitle $"Freedombone Configuration" \
@@ -659,36 +681,36 @@ function choose_username {
             if [ ! $SELECTED_USERNAME ]; then
                 SELECTED_USERNAME=$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
             fi
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Username" \
-                   --inputbox $"Set your username for the system\n\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> $data
+                   --inputbox $"Set your username for the system\\n\\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> "$data"
             sel=$?
             case $sel in
-                0) possible_username=$(cat $data)
+                0) possible_username=$(cat "$data")
                    SELECTED_USERNAME=
-                   if [[ $possible_username != *' '* && $possible_username != *'/'* && $possible_username != *'\'* && $possible_username != *'*'* ]]; then
-                       if [ $possible_username ]; then
+                   if [[ "$possible_username" != *' '* && "$possible_username" != *'/'* && "$possible_username" != *'*'* ]]; then
+                       if [ "$possible_username" ]; then
                            if [ ${#possible_username} -gt 1 ]; then
-                               if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
-                                   MY_USERNAME=$(cat $data)
+                               if [[ "$possible_username" != "$GENERIC_IMAGE_USERNAME" ]]; then
+                                   MY_USERNAME=$(cat "$data")
                                    please_wait
                                    echo ''
                                    echo $'Creating user account'
                                    chmod 600 /etc/shadow
                                    chmod 600 /etc/gshadow
-                                   useradd -m -s /bin/bash $MY_USERNAME
+                                   useradd -m -s /bin/bash "$MY_USERNAME"
                                    chmod 0000 /etc/shadow
                                    chmod 0000 /etc/gshadow
-                                   if [ -d /home/$MY_USERNAME ]; then
-                                       echo "${MY_USERNAME}:$(printf `cat $IMAGE_PASSWORD_FILE`)" | chpasswd
+                                   if [ -d "/home/$MY_USERNAME" ]; then
+                                       echo "${MY_USERNAME}:$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" | chpasswd
                                        # Add the user as a sudoer - they will be the new admin user
                                        if ! grep -q "$MY_USERNAME  ALL=(ALL) ALL" /etc/sudoers; then
                                            echo "$MY_USERNAME  ALL=(ALL) ALL" >> /etc/sudoers
                                            # remove the generic image admin user from sudoers
                                            sed -i "s|${GENERIC_IMAGE_USERNAME}.*||g" /etc/sudoers
                                        fi
+                                       rm -f "$data"
                                        break
                                    fi
                                fi
@@ -696,13 +718,16 @@ function choose_username {
                        fi
                    fi
                    ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     else
         no_of_users=$(find /home/* -maxdepth 0 -type d | wc -l)
-        if [ $no_of_users -eq 1 ]; then
+        if [ "$no_of_users" -eq 1 ]; then
             # only a single user on the system
             MY_USERNAME=$(ls /home)
         else
@@ -741,13 +766,12 @@ function choose_full_name {
     valid_name=
     while [ ! $valid_name ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
-               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
         sel=$?
         case $sel in
-            0)  possible_name=$(cat $data)
+            0)  possible_name=$(cat "$data")
                 if [ "$possible_name" ]; then
                     if [ ${#possible_name} -gt 1 ]; then
                         valid_name="$possible_name"
@@ -756,9 +780,12 @@ function choose_full_name {
                     fi
                 fi
                 ;;
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
     done
     save_configuration_values
     please_wait
@@ -778,16 +805,17 @@ function choose_system_variant {
             varstate='on'
         fi
         varslist="$varslist $n $a $varstate"
-        n=$[n+1]
+        n=$((n+1))
     done
 
     variant_choice=$(dialog --stdout --backtitle $"Freedombone Configuration" \
                             --title $"Type of Installation" \
                             --radiolist $'Choose:' \
-                            27 40 20 $varslist)
+                            27 40 20 "$varslist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        variant_choice=$[variant_choice-1]
+        variant_choice=$((variant_choice-1))
         SYSTEM_TYPE=${available_variants_list[$variant_choice]}
         save_configuration_values
     fi
@@ -796,7 +824,7 @@ function choose_system_variant {
 function validate_freedns_code {
     freedns_code="$1"
 
-    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\n\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
+    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\\n\\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
 
     if [[ "$freedns_code" == *"."* || "$freedns_code" == "http"* || "$freedns_code" == *"wget "* || "$freedns_code" == *" "* ]]; then
         dialog --title $"Invalid FreeDNS Code" --msgbox "$FREEDNS_MESSAGE" 10 70
@@ -855,8 +883,7 @@ do
 done
 
 function interactive_select_language {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Select your language:" 26 40 24 \
            1 $"Afrikaans" off \
@@ -926,13 +953,15 @@ function interactive_select_language {
            65 $"Thai" off \
            66 $"Turkish" off \
            67 $"Ukrainian" off \
-           68 $"Vietnamese" off 2> $data
+           68 $"Vietnamese" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
         2) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
         3) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
@@ -1002,6 +1031,7 @@ function interactive_select_language {
         67) DEFAULT_LANGUAGE='uk_UA.UTF-8';;
         68) DEFAULT_LANGUAGE='vi_VN.UTF-8';;
     esac
+    rm -f "$data"
     save_configuration_values
 
     please_wait
@@ -1021,22 +1051,26 @@ function interactive_select_language {
 function select_user {
     SELECTED_USERNAME=
 
-    users_array=($(ls /home))
+    homedirs=$(ls /home)
+    # shellcheck disable=SC2206
+    users_array=($homedirs)
 
     delete=(git)
-    for del in ${delete[@]}
+    for del in "${delete[@]}"
     do
+        # shellcheck disable=SC2206
         users_array=(${users_array[@]/$del})
     done
 
     i=0
     W=()
     name=()
+    # shellcheck disable=SC2068
     for u in ${users_array[@]}
     do
         if [[ $(is_valid_user "$u") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$u")
+            W+=("$i" "$u")
             name+=("$u")
         fi
     done
@@ -1046,6 +1080,7 @@ function select_user {
     else
         user_index=$(dialog --backtitle $"Freedombone Configuration" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+        # shellcheck disable=SC2181
         if [ $? -eq 0 ]; then
             SELECTED_USERNAME="${name[$((user_index-1))]}"
         fi
@@ -1055,19 +1090,19 @@ function select_user {
 function interactive_config {
     # create a temporary copy of the configuration file
     # which can be used to pre-populate selections
-    if [ -f $CONFIGURATION_FILE ]; then
-        cp $CONFIGURATION_FILE temp.cfg
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cp "$CONFIGURATION_FILE" temp.cfg
     fi
 
     interactive_select_language
 
-    if [ $SOCIALINSTANCE ]; then
-        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
+    if [ "$SOCIALINSTANCE" ]; then
+        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
     else
-        if [[ $ONION_ONLY == "no" ]]; then
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        if [[ "$ONION_ONLY" == "no" ]]; then
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         else
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nWeb sites created will only be viewable within a Tor browser.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         fi
     fi
 
@@ -1079,7 +1114,7 @@ function interactive_config {
     choose_social_key_management
     choose_rng
     choose_debian_repo
-    ${PROJECT_NAME}-wifi --networksinteractive $WIFI_NETWORKS_FILE
+    "${PROJECT_NAME}-wifi" --networksinteractive "$WIFI_NETWORKS_FILE"
     choose_dynamic_dns
     choose_default_domain_name
     choose_email_address
@@ -1109,7 +1144,7 @@ function interactive_config {
     fi
 
     # This file indicates that the configuration happened successfully
-    touch $HOME/.${PROJECT_NAME}-interactive
+    touch "$HOME/.${PROJECT_NAME}-interactive"
 }
 
 function show_result {
@@ -1120,11 +1155,11 @@ function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $CONFIGURATION_FILE
+    cat "$CONFIGURATION_FILE"
     echo ''
 }
 
-if [ ! $CONFIGURATION_FILE ]; then
+if [ ! "$CONFIGURATION_FILE" ]; then
     CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 fi
 

src/freedombone-dhparam

@@ -141,38 +141,37 @@ function calc_dh {
     if [[ $FAST == 'yes' ]]; then
         DHGROUP=$(( ( RANDOM % 4 )  + 14 ))
         if [[ ${DHGROUP} == 14 ]]; then
-            echo "$BETTERCRYPTO_GROUP14" > ${1}
+            echo "$BETTERCRYPTO_GROUP14" > "${1}"
         else
             if [[ ${DHGROUP} == 15 ]]; then
-                echo "$BETTERCRYPTO_GROUP15" > ${1}
+                echo "$BETTERCRYPTO_GROUP15" > "${1}"
             else
                 if [[ ${DHGROUP} == 16 ]]; then
-                    echo "$BETTERCRYPTO_GROUP16" > ${1}
+                    echo "$BETTERCRYPTO_GROUP16" > "${1}"
                 else
                     if [[ ${DHGROUP} == 17 ]]; then
-                        echo "$BETTERCRYPTO_GROUP17" > ${1}
+                        echo "$BETTERCRYPTO_GROUP17" > "${1}"
                     else
-                        echo "$BETTERCRYPTO_GROUP18" > ${1}
+                        echo "$BETTERCRYPTO_GROUP18" > "${1}"
                     fi
                 fi
             fi
         fi
     else
-        openssl dhparam -check -text $KEYLENGTH -out ${1}
-        if [ ! "$?" = "0" ]; then
+        if ! openssl dhparam -check -text $KEYLENGTH -out "${1}"; then
             exit 3674
         fi
     fi
-    chmod 640 ${1}
+    chmod 640 "${1}"
 }
 
 function regenerate_dh_keys {
     for file in /etc/ssl/mycerts/*
     do
         if [[ -f $file ]]; then
-            filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
-            if [ -f $filename ]; then
-                calc_dh $filename
+            filename=/etc/ssl/certs/$(echo "$file" | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
+            if [ -f "$filename" ]; then
+                calc_dh "$filename"
                 echo $"Recalculated DH params for $filename"
             fi
         fi
@@ -202,7 +201,7 @@ do
         -o|--output)
             shift
             FAST='yes'
-            calc_dh ${1}
+            calc_dh "${1}"
             exit 0
             ;;
         --fast)
@@ -223,7 +222,7 @@ if [[ $RECALCULATE == "yes" || $RECALCULATE == "y" ]]; then
     exit 0
 fi
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5728
 fi
@@ -237,7 +236,7 @@ if [ ! -d /etc/ssl/mycerts ]; then
     mkdir -p /etc/ssl/mycerts
 fi
 
-calc_dh /etc/ssl/certs/$HOSTNAME.dhparam
+calc_dh "/etc/ssl/certs/$HOSTNAME.dhparam"
 
 systemctl reload nginx
 exit 0

src/freedombone-encrypt-mail

@@ -31,17 +31,17 @@
 USERNAME=$1
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+  source "$f"
 done
 
 ADMIN_USER=$(get_completion_param "Admin user")
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     USERNAME=$ADMIN_USER
 fi
 
@@ -49,23 +49,23 @@ MAIL_DIR=/home/$USERNAME/Maildir
 EMAIL_ADDRESS=$USERNAME@$HOSTNAME
 
 # Does this key exist?
-gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1
-if [ $? -gt 0 ]; then
+if ! gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1; then
     echo $"A GPG key for $EMAIL_ADDRESS could not be found!"
     exit 0
 fi
 
 # Find all files in the Maildir specified.
 echo $"Calling find"
-find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' $4|while read line; do
+find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' "$4"|while read -r line; do
     gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS"  "/tmp/msg_$USERNAME"
 
     # Check to see if there are differences between the existing
     # Maildir file and what was created by gpgit.pl
     diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;
+    # shellcheck disable=SC2181
     if [ $? -gt 0 ]; then
         # Preserve timestamps, set ownership.
-        chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"
+        chown "$USERNAME":"$USERNAME" "/tmp/msg_$USERNAME"
         chmod 600   "/tmp/msg_$USERNAME"
         touch   "/tmp/msg_$USERNAME" --reference="$line"
 

src/freedombone-format

@@ -33,7 +33,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-format
 export TEXTDOMAINDIR="/usr/share/locale"
 
-if [ ! $1 ]; then
+if [ ! "$1" ]; then
    echo $'Specify a drive, such as sdb, sdc, etc'
    exit 1
 fi
@@ -62,21 +62,18 @@ p
 a
 1
 w
-" | fdisk /dev/${USB_DRIVE_SHORT};mkfs.ext4 -L "$LABEL" /dev/${USB_DRIVE_SHORT}1
+" | fdisk "/dev/${USB_DRIVE_SHORT}";mkfs.ext4 -L "$LABEL" "/dev/${USB_DRIVE_SHORT}1"
 
 echo $"Formatting $USB_DRIVE as LUKS"
-cryptsetup -y -v luksFormat ${USB_DRIVE}
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup -y -v luksFormat "${USB_DRIVE}"; then
     echo $"Failed to format $USB_DRIVE as LUKS"
     exit 36823
 fi
-cryptsetup luksOpen ${USB_DRIVE} encrypted_usb
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup luksOpen "${USB_DRIVE}" encrypted_usb; then
     echo $"Failed to open LUKS formatted drive $USB_DRIVE"
     exit 37232
 fi
-mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"
-if [ ! "$?" = "0" ]; then
+if ! mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"; then
     cryptsetup luksClose encrypted_usb
     echo $'Format of drive $USB_DRIVE failed'
     exit 73218

src/freedombone-freedns

@@ -41,7 +41,7 @@ if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
     VERBOSE=1
 fi
 
-if [ ! -f $CONFIGURATION_FILE ]; then
+if [ ! -f "$CONFIGURATION_FILE" ]; then
     exit 0
 fi
 
@@ -52,28 +52,29 @@ function item_in_array {
 }
 
 detected_codes=()
-codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
+codelines=$(grep "_CODE=" "$CONFIGURATION_FILE" | uniq)
 while read -r line; do
     code=$(echo "$line" | awk -F '=' '{print $2}')
-    item_in_array "$code" "${detected_codes[@]}"
-    if [[ $? != 0 ]]; then
+    if ! item_in_array "$code" "${detected_codes[@]}"; then
         detected_codes+=("$code")
     fi
 done <<< "$codelines"
 
-if [ ! -d $HOME/.freedns-update ]; then
-    mkdir $HOME/.freedns-update
+if [ ! -d "$HOME/.freedns-update" ]; then
+    mkdir "$HOME/.freedns-update"
 fi
-cd $HOME/.freedns-update
+cd "$HOME/.freedns-update" || exit 2467824684
 for code in "${detected_codes[@]}"
 do
     if [ $VERBOSE ]; then
         echo $"command: $FREEDNS_WGET${code}="
+        # shellcheck disable=SC1066,SC1067
         $FREEDNS_WGET${code}=
     else
         if [ -f /tmp/freedns ]; then
             rm /tmp/freedns
         fi
+        # shellcheck disable=SC1066,SC1067,SC1007
         $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
     fi
 done

src/freedombone-ignore

@@ -79,37 +79,37 @@ if ! [[ $MYUSERNAME && $EMAIL_ADDRESS ]]; then
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
 
 # Ignore if subject line contains text
 if [ "$SUBJECT_TEXT" ]; then
-    if ! grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        echo "# Ignore rule for $SUBJECT_TEXT" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^Subject:.*$SUBJECT_TEXT" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+    if ! grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        { echo "# Ignore rule for $SUBJECT_TEXT";
+          echo ":0";
+          echo "  * ^Subject:.*$SUBJECT_TEXT";
+          echo "/dev/null";
+          echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 # ignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        echo "# Ignore rule for $EMAIL_ADDRESS" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^From:.*$EMAIL_ADDRESS" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        { echo "# Ignore rule for $EMAIL_ADDRESS";
+        echo ":0";
+        echo "  * ^From:.*$EMAIL_ADDRESS";
+        echo "/dev/null";
+        echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
 exit 0

src/freedombone-image

@@ -42,14 +42,14 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 #get the project repo
 PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 read_config_param PROJECT_REPO
 
@@ -96,7 +96,7 @@ CONFIG_FILENAME=
 DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # Optional ssh public key to allow
 SSH_PUBKEY="no"
@@ -175,38 +175,36 @@ function image_setup {
             sudo pacman -S --noconfirm qemu-static binfmt-qemu-static uboot-tools qemu parted
             sudo pacman -S --noconfirm dpkg-devtools bin86 arch-install-scripts qemu-arch-extra
             sudo pacman -S --noconfirm syncthing
-            mkdir $USERHOME/develop
-            if [ -d $USERHOME/develop/python-cliapp ]; then
-                sudo rm -rf $USERHOME/develop/python-cliapp
+            mkdir "$USERHOME/develop"
+            if [ -d "$USERHOME/develop/python-cliapp" ]; then
+                sudo rm -rf "$USERHOME/develop/python-cliapp"
             fi
-            git_clone $CLIAPP_REPO $USERHOME/develop/python-cliapp
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$CLIAPP_REPO" "$USERHOME/develop/python-cliapp"; then
                 echo $"Failed to clone python-cliapp"
                 return
             fi
-            if [ ! -d $USERHOME/develop/python-cliapp ]; then
+            if [ ! -d "$USERHOME/develop/python-cliapp" ]; then
                 echo $"Couldn't clone python-cliapp"
                 return
             fi
             sudo pacman -S --noconfirm python2-coverage python2-pytest-cov python2-sphinx
             sudo pacman -S --noconfirm autopep8 python2-pylint python2-yaml python2-xdg python2-pip
-            cd $USERHOME/develop/python-cliapp
+            cd "$USERHOME/develop/python-cliapp" || exit 7824526242
             git checkout $CLIAPP_COMMIT -b $CLIAPP_COMMIT
             sudo python2 setup.py install
             sudo pip2 install distro-info logging
-            if [ -d $USERHOME/develop/mbr ]; then
-                sudo rm -rf $USERHOME/develop/mbr
+            if [ -d "$USERHOME/develop/mbr" ]; then
+                sudo rm -rf "$USERHOME/develop/mbr"
             fi
-            git_clone $MBR_REPO $USERHOME/develop/mbr
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone $MBR_REPO "$USERHOME/develop/mbr"; then
                 echo $"Failed to clone mbr"
                 return
             fi
-            if [ ! -d $USERHOME/develop/mbr ]; then
+            if [ ! -d "$USERHOME/develop/mbr" ]; then
                 echo $"Couldn't clone mbr"
                 return
             fi
-            cd $USERHOME/develop/mbr
+            cd "$USERHOME/develop/mbr" || exit 2468724524
             git checkout $MBR_COMMIT -b $MBR_COMMIT
             makepkg --force --noconfirm
             if [ ! -f mbr-${MBR_VERSION}.tar.gz ]; then
@@ -214,11 +212,11 @@ function image_setup {
                 return
             fi
             tar -xzvf mbr-${MBR_VERSION}.tar.gz
-            if [ ! -d $USERHOME/develop/mbr/mbr-${MBR_VERSION} ]; then
+            if [ ! -d "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" ]; then
                 echo $"mbr tarball could not be extracted"
                 return
             fi
-            cd $USERHOME/develop/mbr/mbr-${MBR_VERSION}
+            cd "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" || exit 13584584
             cp ../*.patch .
             patch -p0 < *.patch
             ./configure
@@ -229,35 +227,34 @@ function image_setup {
                 return
             fi
             sudo cp /usr/local/sbin/install-mbr /sbin
-            if [ -d $USERHOME/develop/multipath-tools ]; then
-                sudo rm -rf $USERHOME/develop/multipath-tools
+            if [ -d "$USERHOME/develop/multipath-tools" ]; then
+                sudo rm -rf "$USERHOME/develop/multipath-tools"
             fi
-            git_clone $MULTIPATH_TOOLS_REPO $USERHOME/develop/multipath-tools
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$MULTIPATH_TOOLS_REPO" "$USERHOME/develop/multipath-tools"; then
                 echo $"Failed to clone multipath-tools"
                 return
             fi
-            if [ ! -d $USERHOME/develop/multipath-tools ]; then
+            if [ ! -d "$USERHOME/develop/multipath-tools" ]; then
                 echo $"Couldn't clone multipath-tools"
                 return
             fi
             sudo pacman -S --noconfirm device-mapper libaio liburcu fakeroot
-            cd $USERHOME/develop/multipath-tools
+            cd "$USERHOME/develop/multipath-tools" || exit 27462454
             makepkg --force --noconfirm
             makepkg -i --force --noconfirm
-            sudo wget https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION} -O /usr/share/debootstrap/scripts/debscript
-            sudo cp -f /usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
-            if [ ! -f /usr/share/debootstrap/scripts/${DEBIAN_VERSION} ]; then
+            sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
+            sudo cp -f "/usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
+            if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
                 echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
                 return
             fi
-            debian_script_hash=$(sha256sum /usr/share/debootstrap/scripts/${DEBIAN_VERSION} | awk -F ' ' '{print $1}')
+            debian_script_hash=$(sha256sum "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" | awk -F ' ' '{print $1}')
             expected_debian_script_hash='620fa84c7ef64d10349aed38fa9cc2e7f00a6fcd1bc425f33ca2b57cc946fd0c'
             if [[ "$debian_script_hash" != "$expected_debian_script_hash" ]]; then
                 echo $"Invalid hash for debootstrap ${DEBIAN_VERSION} script"
                 return
             fi
-            sudo chmod +x /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
+            sudo chmod +x "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
             ;;
         *)
             echo $'Unkown operating system'
@@ -271,26 +268,26 @@ function image_setup {
 function mesh_router_setup_script {
     # create a setup script for a mesh router
     mesh_script_filename=$1
-    echo "MY_USERNAME=${USERNAME}" > $mesh_script_filename
-    echo "DEFAULT_DOMAIN_NAME=${USERNAME}" >> $mesh_script_filename
-    echo 'SYSTEM_TYPE=mesh' >> $mesh_script_filename
-    echo 'INSTALLING_ON_BBB=no' >> $mesh_script_filename
-    echo 'USB_DRIVE=/dev/sda1' >> $mesh_script_filename
-    echo 'DDNS_PROVIDER=' >> $mesh_script_filename
-    echo 'DDNS_USERNAME=' >> $mesh_script_filename
-    echo 'DDNS_PASSWORD=' >> $mesh_script_filename
-    echo 'DEFAULT_LANGUAGE=en_GB.UTF-8' >> $mesh_script_filename
-    echo 'MY_EMAIL_ADDRESS=' >> $mesh_script_filename
-    echo 'ENABLE_BATMAN=yes' >> $mesh_script_filename
-    echo 'DEBIAN_REPO=' >> $mesh_script_filename
-    echo 'NAMESERVER1=' >> $mesh_script_filename
-    echo 'NAMESERVER2=' >> $mesh_script_filename
-    echo 'NAMESERVER3=' >> $mesh_script_filename
-    echo 'NAMESERVER4=' >> $mesh_script_filename
-    echo 'NAMESERVER5=' >> $mesh_script_filename
-    echo 'NAMESERVER6=' >> $mesh_script_filename
-    echo 'BATMAN_CELLID=any' >> $mesh_script_filename
-    echo 'WIFI_CHANNEL=9' >> $mesh_script_filename
+    { echo "MY_USERNAME=${USERNAME}";
+      echo "DEFAULT_DOMAIN_NAME=${USERNAME}";
+      echo 'SYSTEM_TYPE=mesh';
+      echo 'INSTALLING_ON_BBB=no';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'DDNS_PROVIDER=';
+      echo 'DDNS_USERNAME=';
+      echo 'DDNS_PASSWORD=';
+      echo 'DEFAULT_LANGUAGE=en_GB.UTF-8';
+      echo 'MY_EMAIL_ADDRESS=';
+      echo 'ENABLE_BATMAN=yes';
+      echo 'DEBIAN_REPO=';
+      echo 'NAMESERVER1=';
+      echo 'NAMESERVER2=';
+      echo 'NAMESERVER3=';
+      echo 'NAMESERVER4=';
+      echo 'NAMESERVER5=';
+      echo 'NAMESERVER6=';
+      echo 'BATMAN_CELLID=any';
+      echo 'WIFI_CHANNEL=9'; } > "$mesh_script_filename"
 }
 
 while [ $# -gt 1 ]
@@ -304,11 +301,11 @@ do
         -c|--config)
             shift
             CONFIG_FILENAME="$1"
-            if [ ! -f $CONFIG_FILENAME ]; then
+            if [ ! -f "$CONFIG_FILENAME" ]; then
                 echo $"Config file $CONFIG_FILENAME not found"
                 exit 3
             fi
-            DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+            DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
             ;;
         -t|--target|--board)
             shift
@@ -321,7 +318,7 @@ do
         -p|--password)
             shift
             PASSWORD="$1"
-            if [ ${#PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters"
                 exit 3628
             fi
@@ -415,7 +412,7 @@ do
             shift
             MIRROR="$1"
             ;;
-        --debianonly|--basic|--minimal)
+        --debianonly|--basic)
             shift
             DEBIAN_INSTALL_ONLY="$1"
             ;;
@@ -467,9 +464,9 @@ done
 
 if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then
     ${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL"
-    if [ -f $HOME/${PROJECT_NAME}.cfg ]; then
+    if [ -f "$HOME/${PROJECT_NAME}.cfg" ]; then
         CONFIG_FILENAME=$HOME/${PROJECT_NAME}.cfg
-        DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+        DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
     fi
 fi
 
@@ -480,34 +477,36 @@ fi
 
 if [ ! $PASSWORD ]; then
     # generate a random password
-    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${MINIMUM_PASSWORD_LENGTH})
+    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${MINIMUM_PASSWORD_LENGTH}")
 fi
 
 # Move any existing images into a build subdirectory
 image_types=( xz img sig vdi qcow2 )
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        if [ ! -d ${CURR_DIR}/build ]; then
-            mkdir ${CURR_DIR}/build
+        if [ ! -d "${CURR_DIR}/build" ]; then
+            mkdir "${CURR_DIR}/build"
         fi
-        mv -f ${CURR_DIR}/${PROJECT_NAME}*.${im} ${CURR_DIR}/build
+        mv -f "${CURR_DIR}/${PROJECT_NAME}*.${im}" "${CURR_DIR}/build"
     fi
 done
 
 # Delete anything which didn't move
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        rm -f ${CURR_DIR}/${PROJECT_NAME}*.${im}
+        rm -f "${CURR_DIR}/${PROJECT_NAME}*.${im}"
     fi
 done
 
 # Remove any existing login credentials file
-if [ -f ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt ]; then
-    rm ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+if [ -f "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt" ]; then
+    rm "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 fi
 
 if [ -d $TEMPBUILD_DIR ]; then
@@ -522,8 +521,8 @@ fi
 
 cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR
 rm -rf $TEMPBUILD_DIR/vendor
-chown -R $CURR_USER:$CURR_USER $TEMPBUILD_DIR
-cd $TEMPBUILD_DIR
+chown -R "$CURR_USER":"$CURR_USER" $TEMPBUILD_DIR
+cd $TEMPBUILD_DIR || exit 24729847
 
 if [[ $MINIMAL_INSTALL == "yes" ]]; then
     IMAGE_NAME=$'min'
@@ -565,8 +564,8 @@ if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; t
     IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
 fi
 
-cd $TEMPBUILD_DIR
-make $IMAGE_TYPE \
+cd $TEMPBUILD_DIR || exit 724245267
+make "$IMAGE_TYPE" \
      MYUSERNAME="$USERNAME" \
      MYPASSWORD="$PASSWORD" \
      ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \
@@ -603,6 +602,7 @@ make $IMAGE_TYPE \
      SOCIALINSTANCE="$SOCIALINSTANCE" \
      LOCAL_NAME="$LOCAL_NAME"
 
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $'Build failed'
     rm -rf $TEMPBUILD_DIR
@@ -615,7 +615,7 @@ if [[ $IMAGE_TYPE == "qemu"* ]]; then
 fi
 
 shopt -s nullglob
-imgfiles=(build/${PROJECT_NAME}*.${EXPECTED_EXTENSION})
+imgfiles=("build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}")
 if [ ${#imgfiles[@]} -eq 0 ]; then
     echo $'Image was not created'
     rm -rf $TEMPBUILD_DIR
@@ -625,17 +625,18 @@ fi
 # Move images from temporary directory to the current directory
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/
-        sudo chown ${CURR_USER}:${CURR_USER} ${CURR_DIR}/*.${im}
+        mv "build/${PROJECT_NAME}*.${im}" "${CURR_DIR}/"
+        sudo chown "${CURR_USER}":"${CURR_USER}" "${CURR_DIR}/*.${im}"
     fi
 done
 
 # Remove the temporary directory
 rm -rf ${TEMPBUILD_DIR}
 
-cd ${CURR_DIR}
+cd "${CURR_DIR}" || exit 2842845284
 
 clear
 if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then
@@ -676,13 +677,13 @@ ls -lh ${PROJECT_NAME}*.img ${PROJECT_NAME}*.sig ${PROJECT_NAME}*.xz ${PROJECT_N
 
 # Remove the mesh script after use
 if [[ $VARIANT == "mesh"* ]]; then
-    rm -f $CONFIG_FILENAME
+    rm -f "$CONFIG_FILENAME"
 fi
 
 # record the default login credentials for later use
 echo $"Username: $USERNAME
-Password: $PASSWORD" > ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
-chmod 600 ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+Password: $PASSWORD" > "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
+chmod 600 "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 
 if [[ $IMAGE_TYPE != "qemu"* ]]; then
     echo ''

src/freedombone-image-hardware-setup

@@ -34,12 +34,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
 enable_serial_console() {
     # By default, spawn a console on the serial port
     device="$1"
-    echo $"Adding a getty on the serial port"
+    echo "Adding a getty on the serial port"
     echo "T0:12345:respawn:/sbin/getty -L $device 115200 vt100" >> /etc/inittab
 }
 
 beaglebone_setup_boot() {
-    bbb_version=$1
 
     # Setup uEnv.txt
     if grep -q btrfs /etc/fstab ; then
@@ -47,12 +46,9 @@ beaglebone_setup_boot() {
     else
         fstype=ext4
     fi
-    if [ ! $bbb_version ]; then
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
-    else
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
-    fi
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/am335x-boneblack.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -103,7 +99,6 @@ beaglebone_flash() {
 }
 
 beaglebone_repack_kernel() {
-    bbb_version=$1
     # process installed kernel to create uImage, uInitrd, dtb
     # using flash-kernel would be a good approach, except it fails in the
     # cross build environment due to too many environment checks...
@@ -119,12 +114,10 @@ beaglebone_repack_kernel() {
     echo "info: repacking beaglebone kernel and initrd"
 
     bbb_dtb='am335x-boneblack'
-    if [ $bbb_version ]; then
-        bbb_dtb="am335x-boneblack-${bbb_version}"
-    fi
 
-    kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/${bbb_dtb}.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -143,23 +136,23 @@ beaglebone_repack_kernel() {
 
     mkdir /tmp/initrd-repack
 
-    (cd /tmp/initrd-repack ; \
-     zcat /boot/$initRd | cpio -i ; \
+    (cd /tmp/initrd-repack || exit 2468246 ; \
+     zcat "/boot/$initRd" | cpio -i ; \
      rm -f conf/param.conf ; \
      find . | cpio --quiet -o -H newc | \
-         gzip -9 > /boot/$initRd )
+         gzip -9 > "/boot/$initRd" )
 
     rm -rf /tmp/initrd-repack
 
-    (cd /boot ; \
-     cp ${bbb_dtb_file} dtb ; \
-     cat $vmlinuz dtb >> temp-kernel ; \
+    (cd /boot || exit 246824684 ; \
+     cp "${bbb_dtb_file}" dtb ; \
+     cat "$vmlinuz" dtb >> temp-kernel ; \
      mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
              -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
      rm -f temp-kernel ; \
      mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
              -n "Debian ramdisk ${version}" \
-             -d $initRd uInitrd )
+             -d "$initRd" uInitrd )
 }
 
 a20_setup_boot() {
@@ -171,8 +164,9 @@ a20_setup_boot() {
     else
         fstype=ext4
     fi
-    kernelVersion=$(ls /usr/lib/*/$dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/$dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -213,7 +207,7 @@ EOF
 
     # Copy all DTBs
     mkdir -p /boot/dtbs
-    cp /usr/lib/$kernelVersion/* /boot/dtbs
+    cp "/usr/lib/$kernelVersion/*" /boot/dtbs
 
     # extra boot modules
     echo "rtc_sunxi" >> /etc/initramfs-tools/modules
@@ -224,7 +218,7 @@ setup_flash_kernel() {
     if [ ! -d /etc/flash-kernel ] ; then
        mkdir /etc/flash-kernel
     fi
-    echo -n "$1" > /etc/flash-kernel/machine
+    echo "$1" > /etc/flash-kernel/machine
 
     command_line=""
     if [ -n "$2" ] ; then

src/freedombone-image-make

@@ -35,11 +35,11 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-make
 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup"
 
 #set -x # Enable debugging
 
@@ -103,7 +103,7 @@ a20_pkgs="linux-image-armmp-lpae u-boot-tools u-boot u-boot-sunxi"
 # Packages needed for self-hosted development
 dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
 
-echo Building $MACHINE $PROJECT_NAME for $ARCHITECTURE.
+echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
 
 case "$MACHINE" in
     beaglebone)
@@ -164,7 +164,7 @@ for p in $base_pkgs $extra_pkgs; do
 done
 
 # Make sure file is owned by current user, not root
-touch $(dirname $IMAGE)/${PROJECT_NAME}.log
+touch "$(dirname "$IMAGE")/${PROJECT_NAME}.log"
 
 if [ -x vendor/vmdebootstrap/vmdebootstrap ] ; then
     VMDEBOOTSTRAP=vendor/vmdebootstrap/vmdebootstrap
@@ -173,15 +173,15 @@ else
 fi
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
 echo $'Making customised customisation script'
-TEMP_CUSTOMISE=/etc/${PROJECT_NAME}/image-customise
-TEMP_CUSTOMISE2=/tmp/${PROJECT_NAME}-image-customise2
-TEMP_CUSTOMISE3=/tmp/${PROJECT_NAME}-image-customise3
-TEMP_CUSTOMISE4=/tmp/${PROJECT_NAME}-image-customise4
+TEMP_CUSTOMISE="/etc/${PROJECT_NAME}/image-customise"
+TEMP_CUSTOMISE2="/tmp/${PROJECT_NAME}-image-customise2"
+TEMP_CUSTOMISE3="/tmp/${PROJECT_NAME}-image-customise3"
+TEMP_CUSTOMISE4="/tmp/${PROJECT_NAME}-image-customise4"
 
 # cat all the things together
 combine_all_scripts $TEMP_CUSTOMISE2
@@ -191,43 +191,43 @@ if [ ! -f $TEMP_CUSTOMISE2 ]; then
 fi
 
 echo $'Changing values within customised customisation script'
-cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise $TEMP_CUSTOMISE3
-if [ $MYUSERNAME ]; then
-    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" $TEMP_CUSTOMISE3
+cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise" "$TEMP_CUSTOMISE3"
+if [ "$MYUSERNAME" ]; then
+    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" "$TEMP_CUSTOMISE3"
 fi
-if [ $MYPASSWORD ]; then
-    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" $TEMP_CUSTOMISE3
+if [ "$MYPASSWORD" ]; then
+    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" "$TEMP_CUSTOMISE3"
 fi
-sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" $TEMP_CUSTOMISE3
-sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
-sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
+sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
+sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
 if [ -f $TEMP_CUSTOMISE ]; then
@@ -256,19 +256,19 @@ sudo -H \
      SOURCE="$SOURCE" \
      CUSTOM_SETUP="$CUSTOM_SETUP" \
      $VMDEBOOTSTRAP \
-     --log $(dirname $IMAGE)/${PROJECT_NAME}.log \
+     --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
      --log-level debug \
-     --size $IMAGE_SIZE \
-     --image $IMAGE.img \
+     --size "$IMAGE_SIZE" \
+     --image "$IMAGE.img" \
      --hostname ${PROJECT_NAME} \
      --verbose \
-     --mirror $BUILD_MIRROR \
+     --mirror "$BUILD_MIRROR" \
      --customize "$TEMP_CUSTOMISE" \
      --lock-root-password \
-     --arch $ARCHITECTURE \
-     --distribution $SUITE \
-     $extra_opts \
-     $pkgopts
+     --arch "$ARCHITECTURE" \
+     --distribution "$SUITE" \
+     "$extra_opts" \
+     "$pkgopts"
 
 echo $'Removing customised customisation script'
 sudo shred -zu $TEMP_CUSTOMISE

src/freedombone-image-vmdebootstrap

@@ -36,7 +36,7 @@ VMDEBOOTSTRAP_BRANCH='bashrc/freedombone'
 
 mkdir -p vendor
 if [ -d vendor/vmdebootstrap ] ; then
-    (cd vendor/vmdebootstrap; git checkout .; git pull)
+    (cd vendor/vmdebootstrap || exit 246824624; git checkout .; git pull)
 else
     git clone $VMDEBOOTSTRAP_REPO vendor/vmdebootstrap
 fi
@@ -103,5 +103,5 @@ EOF
     sudo mv /tmp/ubuntu.csv /usr/share/distro-info/
 fi
 
-cd vendor/vmdebootstrap
+cd vendor/vmdebootstrap || exit 2648726446
 git checkout $VMDEBOOTSTRAP_BRANCH

src/freedombone-keydrive

@@ -87,17 +87,17 @@ do
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 69350
 fi
 
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"Home directory for $MY_USERNAME not found. This user may not exist on the system"
     exit 72378
 fi
 
-if [ ! -b $USB_DRIVE ]; then
+if [ ! -b "$USB_DRIVE" ]; then
     echo $'Please attach a USB drive'
     exit 65743
 fi
@@ -113,18 +113,15 @@ cryptsetup luksClose encrypted_usb
 
 # optionally format the drive
 if [[ $FORMAT == "yes" ]]; then
-    ${PROJECT_NAME}-format ${USB_DRIVE::-1}
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-format" "${USB_DRIVE::-1}"; then
         exit 36823
     fi
 fi
 
-cryptsetup luksOpen $USB_DRIVE encrypted_usb
-if [ "$?" = "0" ]; then
+if cryptsetup luksOpen "$USB_DRIVE" encrypted_usb; then
     USB_DRIVE=/dev/mapper/encrypted_usb
 fi
-mount $USB_DRIVE $USB_MOUNT
-if [ ! "$?" = "0" ]; then
+if ! mount $USB_DRIVE $USB_MOUNT; then
     echo $"There was a problem mounting the USB drive to $USB_MOUNT"
     rm -rf $USB_MOUNT
     exit 78543
@@ -132,7 +129,7 @@ fi
 
 # optionally create a master drive which contains the full GPG keyring
 if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
-    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+    if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
         echo $"No .gnupg directory was found for $MY_USERNAME"
         umount -f $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -149,7 +146,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
 
     gpgerrstr=$'error'
-    gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
+    gpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_ID")
     if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg key'
         echo "$gpgkey"
@@ -157,7 +154,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     fi
     echo ''
     echo $'Enter your gpg private key passphrase:'
-    gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
+    gpgprivkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_ID")
     if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg key'
         echo "$gpgprivkey"
@@ -168,13 +165,13 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     # Dummy password to get around not being able to create a key without passphrase
     BACKUP_DUMMY_PASSWORD='backup'
 
-    backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
+    backupgpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_BACKUP_ID")
     if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg backup key'
         echo "$backupgpgkey"
         exit 735282
     fi
-    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
+    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_BACKUP_ID")
     if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg backup key'
         echo "$backupgpgprivkey"
@@ -187,7 +184,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
     echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
 
-    cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+    cp -rf "/home/$MY_USERNAME/.gnupg" $USB_MOUNT
 
     if [ -d /etc/letsencrypt ]; then
         cp -rf /etc/letsencrypt $USB_MOUNT
@@ -220,25 +217,25 @@ fi
 FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
 
 # make a directory to contain the fragments
-if [ ! -d $FRAGMENTS_DIR ]; then
-    mkdir -p $FRAGMENTS_DIR
+if [ ! -d "$FRAGMENTS_DIR" ]; then
+    mkdir -p "$FRAGMENTS_DIR"
     echo $"Made directory $FRAGMENTS_DIR"
 fi
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $"There was a problem making the directory $FRAGMENTS_DIR"
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 6843
 fi
 
-cd $FRAGMENTS_DIR
-no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$FRAGMENTS_DIR" || exit 13389478368
+# shellcheck disable=SC2012
+if ! no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_usb_shares=0
 fi
 if (( no_of_usb_shares > 0 )); then
     echo $"A key fragment already exists on the drive for the user $MY_USERNAME"
-    cd ~/
+    cd ~/ || exit 34678264583
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 58945
@@ -247,43 +244,44 @@ fi
 # copy a random fragment to the drive
 LOCAL_FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 
-if [ ! -d $LOCAL_FRAGMENTS_DIR ]; then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
+if [ ! -d "$LOCAL_FRAGMENTS_DIR" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
 fi
 
-cd $LOCAL_FRAGMENTS_DIR
-no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$LOCAL_FRAGMENTS_DIR" || exit 7822452644
+# shellcheck disable=SC2012
+if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_local_shares=0
 fi
 if (( no_of_local_shares < 3 )); then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
-    cd $LOCAL_FRAGMENTS_DIR
-    no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-    if [ ! "$?" = "0" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
+    cd "$LOCAL_FRAGMENTS_DIR" || exit 724524242
+    # shellcheck disable=SC2012
+    if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
         no_of_local_shares=0
     fi
 fi
 
 if (( no_of_local_shares < 3 )); then
     echo $"Not enough key fragments available ${no_of_local_shares}"
-    cd ~/
+    cd ~/ || exit 7245267457
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 63386
 fi
 
-share_files=($LOCAL_FRAGMENTS_DIR/keyshare.asc.*)
+share_files=("$LOCAL_FRAGMENTS_DIR/keyshare.asc.*")
 SHARE_FILENAME=${share_files[RANDOM % ${#share_files[@]}]}
 
-cp -f $SHARE_FILENAME $FRAGMENTS_DIR
-cd $FRAGMENTS_DIR
+cp -f "$SHARE_FILENAME" "$FRAGMENTS_DIR"
+cd "$FRAGMENTS_DIR" || exit 2543244726
+# shellcheck disable=SC2012
 no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
 echo $"Number of fragments on the drive: ${no_of_usb_shares}"
 if (( no_of_usb_shares > 1 )); then
     echo $"Too many key fragments exist in $FRAGMENTS_DIR"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || 357836582645
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
@@ -291,14 +289,14 @@ fi
 if (( no_of_usb_shares <= 0 )); then
     echo $"There was a problem copying the key fragment to $USB_DRIVE"
     echo $"Files found: ${no_of_usb_shares}"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || exit 743452452
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
 fi
 
-cd ~/
+cd ~/ || exit 245672457
 umount -f $USB_MOUNT
 rm -rf $USB_MOUNT
 echo $"Key fragment copied to $USB_DRIVE. You may now remove the drive."

src/freedombone-logging

@@ -42,28 +42,28 @@ REMOVE_FILES_COMMAND='rm -rf'
 
 source /usr/local/bin/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 APPS_AVAILABLE=()
 
 function logging_get_app_names {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-        if grep -q "logging_on_" ${filename}; then
-            if grep -q "logging_off_" ${filename}; then
+        if grep -q "logging_on_" "${filename}"; then
+            if grep -q "logging_off_" "${filename}"; then
                 APPS_AVAILABLE+=("${app_name}")
             fi
         fi
@@ -76,7 +76,7 @@ function turn_logging_on {
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning on logging for ${a}"
-        logging_on_${a}
+        "logging_on_${a}"
     done
 }
 
@@ -86,7 +86,7 @@ function turn_logging_off {
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning off logging for ${a}"
-        logging_off_${a}
+        "logging_off_${a}"
     done
 }
 
@@ -162,14 +162,14 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
         fi
         for filename in /etc/nginx/sites-available/* ; do
             filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
-            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename
-            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename
+            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
+            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
         done
         sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         if [ ! -d /var/log/exim4 ]; then
@@ -211,16 +211,16 @@ else
     fi
     if [ -d /etc/nginx ]; then
         for filename in /etc/nginx/sites-available/* ; do
-            sed -i 's|access_log.*|access_log /dev/null;|g' $filename
-            sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename
-            sed -i 's|error_log.*|error_log /dev/null;|g' $filename
+            sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
+            sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
+            sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
         done
         sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
         $REMOVE_FILES_COMMAND /var/log/nginx/*
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs

src/freedombone-mesh-batman

@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="/root/${PROJECT_NAME}-completed.txt"
 
 # hotspot passphrase must be 5 characters or longer
 HOTSPOT_PASSPHRASE="${PROJECT_NAME}"
@@ -40,28 +40,29 @@ source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
 mesh_protocol_init
 update_wifi_adaptors
 
-if [ ! $IFACE ]; then
+if [ ! "$IFACE" ]; then
     echo $'No wlan adaptor'
     exit 0
 fi
 
 if [ -e /etc/default/batctl ]; then
+    # shellcheck disable=SC1091
     . /etc/default/batctl
 fi
 
 function status {
     batctl o
 
-    if grep -q "bmx6" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_CURRENT_PROTOCOL"; then
         bmx6 -c show=originators
     fi
-    if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_CURRENT_PROTOCOL"; then
         bmx7 -c show=originators
     fi
 }
 
 function stop {
-    if [ ! -f $MESH_CURRENT_PROTOCOL ]; then
+    if [ ! -f "$MESH_CURRENT_PROTOCOL" ]; then
         return
     fi
 
@@ -82,31 +83,31 @@ function stop {
     systemctl disable dnsmasq
 
     if [ "$EIFACE" ]; then
-        brctl delif $BRIDGE bat0
-        ifconfig $BRIDGE down || true
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        brctl delif "$BRIDGE" bat0
+        ifconfig "$BRIDGE" down || true
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             systemctl stop hostapd
-            brctl delif $BRIDGE $EIFACE
-            ifconfig $EIFACE down -promisc
+            brctl delif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" down -promisc
         fi
-        brctl delbr $BRIDGE
+        brctl delbr "$BRIDGE"
     fi
 
     ifconfig bat0 down -promisc
 
-    batctl if del $IFACE
-    ifconfig $IFACE mtu 1500
-    ifconfig $IFACE down
-    iwconfig $IFACE mode managed
+    batctl if del "$IFACE"
+    ifconfig "$IFACE" mtu 1500
+    ifconfig "$IFACE" down
+    iwconfig "$IFACE" mode managed
 
-    if [ $IFACE_SECONDARY ]; then
+    if [ "$IFACE_SECONDARY" ]; then
         systemctl stop hostapd
         systemctl disable hostapd
-        batctl if del $IFACE_SECONDARY
-        ifconfig $IFACE_SECONDARY mtu 1500
-        ifconfig $IFACE_SECONDARY down
-        iwconfig $IFACE_SECONDARY mode managed
+        batctl if del "$IFACE_SECONDARY"
+        ifconfig "$IFACE_SECONDARY" mtu 1500
+        ifconfig "$IFACE_SECONDARY" down
+        iwconfig "$IFACE_SECONDARY" mode managed
     fi
 
     rmmod batman-adv
@@ -115,53 +116,53 @@ function stop {
 
     systemctl restart network-manager
 
-    if [ -f $MESH_CURRENT_PROTOCOL ]; then
-        rm $MESH_CURRENT_PROTOCOL
+    if [ -f "$MESH_CURRENT_PROTOCOL" ]; then
+        rm "$MESH_CURRENT_PROTOCOL"
     fi
 }
 
 function verify {
     tempfile="$(mktemp)"
-    batctl o > $tempfile
-    if grep -q "disabled" $tempfile; then
+    batctl o > "$tempfile"
+    if grep -q "disabled" "$tempfile"; then
         echo $'B.A.T.M.A.N. not enabled'
-        rm $tempfile
+        rm "$tempfile"
         stop
         exit 726835
     fi
     echo $'B.A.T.M.A.N. is running'
-    rm $tempfile
+    rm "$tempfile"
 }
 
 function add_wifi_interface {
     ifname=$1
     ifssid=$WIFI_SSID
-    if [ $2 ]; then
+    if [ "$2" ]; then
         ifssid=$2
     fi
     ifmode=ad-hoc
-    if [ $3 ]; then
+    if [ "$3" ]; then
         ifmode=$3
     fi
     ifchannel=$CHANNEL
-    if [ $4 ]; then
+    if [ "$4" ]; then
         ifchannel=$4
     fi
 
-    ifconfig $ifname down
-    ifconfig $ifname mtu 1532
+    ifconfig "$ifname" down
+    ifconfig "$ifname" mtu 1532
     peermac=$(assign_peer_address)
-    if [ ! $peermac ]; then
+    if [ ! "$peermac" ]; then
         echo $"Unable to obtain MAC address for $peermac on $ifname"
         return
     fi
-    ifconfig $ifname hw ether $peermac
+    ifconfig "$ifname" hw ether "$peermac"
     echo $"$ifname assigned MAC address $peermac"
-    iwconfig $ifname enc off
-    iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel
+    iwconfig "$ifname" enc off
+    iwconfig "$ifname" mode "$ifmode" essid "$ifssid" channel "$ifchannel"
 
-    batctl if add $ifname
-    ifconfig $ifname up
+    batctl if add "$ifname"
+    ifconfig "$ifname" up
 }
 
 function start {
@@ -188,11 +189,11 @@ function start {
     global_rate_limit
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
     secondary_wifi_available=
-    if [ $IFACE_SECONDARY ]; then
-        if [[ $IFACE != $IFACE_SECONDARY ]]; then
+    if [ "$IFACE_SECONDARY" ]; then
+        if [[ "$IFACE" != "$IFACE_SECONDARY" ]]; then
             if [ -d /etc/hostapd ]; then
                 if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then
                     secondary_wifi_available=1
@@ -215,23 +216,23 @@ function start {
     sed -i "s|ExecStart=.*|ExecStart=/usr/local/bin/babeld ${IFACE}|g" /etc/systemd/system/babel.service
     systemctl daemon-reload
 
-    add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL
+    add_wifi_interface "$IFACE" "$WIFI_SSID" ad-hoc "$CHANNEL"
 
     # NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself
 
     ifconfig bat0 up promisc
 
-    brctl addbr $BRIDGE
-    brctl addif $BRIDGE bat0
+    brctl addbr "$BRIDGE"
+    brctl addif "$BRIDGE" bat0
     ifconfig bat0 0.0.0.0
     ethernet_connected='0'
     if [ "$EIFACE" ] ; then
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             echo $'Trying ethernet bridge to the internet'
-            brctl addif $BRIDGE $EIFACE
-            ifconfig $EIFACE 0.0.0.0
-            ifconfig $EIFACE up promisc
+            brctl addif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" 0.0.0.0
+            ifconfig "$EIFACE" up promisc
             echo $'End of ethernet bridge'
 
             sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service
@@ -243,8 +244,8 @@ function start {
             echo $"$EIFACE is not connected"
         fi
     fi
-    ifconfig $BRIDGE up
-    dhclient $BRIDGE
+    ifconfig "$BRIDGE" up
+    dhclient "$BRIDGE"
 
     enable_mesh_seconary_wifi
 
@@ -257,34 +258,34 @@ function start {
 
     systemctl restart nginx
 
-    if [ ! -f $MESH_DEFAULT_PROTOCOL ]; then
-        echo 'bmx6' > $MESH_DEFAULT_PROTOCOL
+    if [ ! -f "$MESH_DEFAULT_PROTOCOL" ]; then
+        echo 'bmx6' > "$MESH_DEFAULT_PROTOCOL"
     fi
 
-    if grep -q "bmx6" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx6
         systemctl restart bmx6
         sed -i 's|<type>.*|<type>_bmx6._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "bmx7" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx7
         systemctl restart bmx7
         sed -i 's|<type>.*|<type>_bmx7._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "olsr" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/olsr2.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "olsr" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart "/etc/systemd/system/olsr2.service" | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable olsr2
         systemctl restart olsr2
         sed -i 's|<type>.*|<type>_olsr2._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "babel" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/babel.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "babel" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart /etc/systemd/system/babel.service | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable babel
         systemctl restart babel
@@ -295,7 +296,7 @@ function start {
 
     verify
 
-    echo "$(cat $MESH_DEFAULT_PROTOCOL)" > $MESH_CURRENT_PROTOCOL
+    cat "$MESH_DEFAULT_PROTOCOL" > "$MESH_CURRENT_PROTOCOL"
 }
 
 function monitor {
@@ -329,21 +330,21 @@ function monitor {
     echo ''
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
-    ifconfig $IFACE down
-    ifconfig $IFACE mtu 1532
-    ifconfig $IFACE hw ether $(assign_peer_address)
-    iwconfig $IFACE enc off
-    iwconfig $IFACE mode monitor channel $CHANNEL
+    ifconfig "$IFACE" down
+    ifconfig "$IFACE" mtu 1532
+    ifconfig "$IFACE" hw ether "$(assign_peer_address)"
+    iwconfig "$IFACE" enc off
+    iwconfig "$IFACE" mode monitor channel "$CHANNEL"
     sleep 1
-    iwconfig $IFACE ap $CELLID
+    iwconfig "$IFACE" ap "$CELLID"
 
     modprobe batman-adv
-    batctl if add $IFACE
-    ifconfig $IFACE up
+    batctl if add "$IFACE"
+    ifconfig "$IFACE" up
 
-    horst -i $IFACE
+    horst -i "$IFACE"
 
     clear
     echo ''
@@ -354,7 +355,7 @@ function monitor {
 }
 
 if ! grep -q "$IFACE" /proc/net/dev; then
-    echo 'Interface $IFACE was not found'
+    echo "Interface \$IFACE was not found"
     stop
     exit 1
 fi
@@ -377,7 +378,7 @@ case "$1" in
         start
         ;;
     ping)
-        batctl ping $2
+        batctl ping "$2"
         ;;
     data)
         watch -n1 "batctl s | grep mgmt | grep bytes"
@@ -387,7 +388,7 @@ case "$1" in
         ;;
     *)
         echo "error: invalid parameter $1"
-        echo 'usage: $0 {start|stop|restart|status|ping|ls|list}'
+        echo "usage: \$0 {start|stop|restart|status|ping|ls|list}"
         exit 2
         ;;
 esac

src/freedombone-mesh-blog

@@ -42,17 +42,17 @@ BLOG_EDITOR='pluma'
 DEFAULT_BLOG_TITLE=$"Freedombone Blog"
 
 function remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function ipfs_publish {
     DIR_TO_CHECK=/home/$USER/Public
-    if [ ! -d $DIR_TO_CHECK ]; then
+    if [ ! -d "$DIR_TO_CHECK" ]; then
         return
     fi
 
@@ -60,13 +60,13 @@ function ipfs_publish {
     echo $'Publishing to IPFS. This may take some time...'
 
     OLD_STAT_FILE=/home/$USER/.old_stat.txt
-    NEW_STAT=$(stat -t $DIR_TO_CHECK)
-    echo $($IPFS_COMMAND add -rq /home/$USER/Public | tail -n 1) > $IPFS_PUBLIC
-    echo "$NEW_STAT" > $OLD_STAT_FILE
+    NEW_STAT=$(stat -t "$DIR_TO_CHECK")
+    $IPFS_COMMAND add -rq "/home/$USER/Public" | tail -n 1 > "$IPFS_PUBLIC"
+    echo "$NEW_STAT" > "$OLD_STAT_FILE"
 
-    if [ -f $IPFS_PUBLIC ]; then
-        IPFS_PUBLIC_ID=$(cat $IPFS_PUBLIC)
-        $IPFS_COMMAND name publish /ipfs/$IPFS_PUBLIC_ID
+    if [ -f "$IPFS_PUBLIC" ]; then
+        IPFS_PUBLIC_ID=$(cat "$IPFS_PUBLIC")
+        $IPFS_COMMAND name publish "/ipfs/$IPFS_PUBLIC_ID"
     fi
 }
 
@@ -75,7 +75,7 @@ function regenerate_blog {
     echo ''
     echo $'Regenerating blog...'
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 246872648
     if grep -q "SITENAME=u'${DEFAULT_BLOG_TITLE}'" $BLOG_PATH/pelicanconf.py; then
         TOX_NICK=$(toxid --showuser)
         BLOG_TITLE=$"${TOX_NICK}'s Blog"
@@ -83,7 +83,7 @@ function regenerate_blog {
     fi
     make html
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 23682468
     remove_bad_blog_links
 
     ipfs_publish
@@ -97,19 +97,19 @@ function view_blog {
 function new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
-    echo $'Title: Blog Post Title' > ~/.new-blog-entry
-    echo $"Date: ${DATESTR}" >> ~/.new-blog-entry
-    echo $"Author: $(toxid --showuser)" >> ~/.new-blog-entry
-    echo $'Category: default' >> ~/.new-blog-entry
-    echo $'Tags: blog, tag' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'Add your text here' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ' >> ~/.new-blog-entry
-    echo $'then link to it with:' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'![My image]({filename}images/myimage.jpg)' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
+    { echo $'Title: Blog Post Title';
+      echo $"Date: ${DATESTR}";
+      echo $"Author: $(toxid --showuser)";
+      echo $'Category: default';
+      echo $'Tags: blog, tag';
+      echo  '';
+      echo $'Add your text here';
+      echo  '';
+      echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ';
+      echo $'then link to it with:';
+      echo  '';
+      echo $'![My image]({filename}images/myimage.jpg)';
+      echo  ''; } > ~/.new-blog-entry
 
     $BLOG_EDITOR ~/.new-blog-entry
 
@@ -119,26 +119,26 @@ function new_blog {
     if grep -q $"Blog Post Title" ~/.new-blog-entry; then
         return
     fi
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
-        echo '0' > $CURRENT_BLOG_INDEX
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
+        echo '0' > "$CURRENT_BLOG_INDEX"
     fi
 
     # move to the content directory
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
-    mv ~/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
+    mv ~/.new-blog-entry "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
-    echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+    echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
 
     regenerate_blog
 }
 
 function edit_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
@@ -149,23 +149,23 @@ function edit_blog {
 }
 
 function delete_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
         return
     fi
 
-    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
+    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
         rm $LAST_BLOG_ENTRY
-        if [ $CURRENT_INDEX -gt 0 ]; then
+        if [ "$CURRENT_INDEX" -gt 0 ]; then
             CURRENT_INDEX=$PREVIOUS_INDEX
-            echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+            echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
         else
-            rm -f $CURRENT_BLOG_INDEX
+            rm -f "$CURRENT_BLOG_INDEX"
         fi
         regenerate_blog
     fi
@@ -180,8 +180,8 @@ function change_theme {
 
     n=1
     curr_theme_index=
-    if [ -f /home/$USER/.blog-theme-index ]; then
-        curr_theme_index=$(cat /home/$USER/.blog-theme-index)
+    if [ -f "/home/$USER/.blog-theme-index" ]; then
+        curr_theme_index=$(cat "/home/$USER/.blog-theme-index")
     fi
     if [ -f /tmp/.blog-themes ]; then
         rm /tmp/.blog-themes
@@ -189,10 +189,11 @@ function change_theme {
     for a in "${THEMES[@]}"
     do
         echo "$n $a" >> /tmp/.blog-themes
-        n=$[n+1]
+        n=$((n+1))
     done
 
     CHOSEN_THEME_INDEX=$(
+    # shellcheck disable=SC2002
     cat /tmp/.blog-themes | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
@@ -204,15 +205,15 @@ function change_theme {
            --column=$'Index' --column=$'Theme' \
            --print-column=1 --hide-column=1 --width=300 --height=400)
     rm /tmp/.blog-themes
-    if [ ! $CHOSEN_THEME_INDEX ]; then
+    if [ ! "$CHOSEN_THEME_INDEX" ]; then
         exit 1
     fi
 
-    echo "$CHOSEN_THEME_INDEX" > /home/$USER/.blog-theme-index
+    echo "$CHOSEN_THEME_INDEX" > "/home/$USER/.blog-theme-index"
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
-    cd cd $BLOG_PATH/themes/$CHOSEN_THEME
+    cd "$BLOG_PATH/themes/$CHOSEN_THEME" || exit 346746824
     remove_bad_blog_links
     if grep -q "THEME=" $BLOG_PATH/pelicanconf.py; then
         sed -i "s|THEME=.*|THEME='themes/${CHOSEN_THEME}'|g" $BLOG_PATH/pelicanconf.py

src/freedombone-mesh-connect

@@ -54,7 +54,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 246872464
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -147,12 +148,12 @@ function mesh_setup_vpn {
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
 
     # create an archive of the vpn client files
-    cd /home/$MY_USERNAME
+    cd /home/$MY_USERNAME || exit 346825628354
     tar -czvf vpn.tar.gz stunnel* client.ovpn
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
 
     if [ -f vpn.tar.gz ]; then
-        zenity --info --title $"Generate VPN client keys" --text $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
+        zenity --info --title $"Generate VPN client keys" --text $"\\nNew VPN client keys have been generated in the /home/fbone directory.\\n\\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\\n\\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
     fi
 }
 
@@ -190,7 +191,7 @@ function connect_to_mesh {
                     sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
 
                     clear
-                    cd ~/
+                    cd ~/ || exit 234628422874
                     sudo stunnel stunnel-client.conf
                     sudo openvpn client.ovpn
                 fi

src/freedombone-mesh-install

@@ -108,26 +108,26 @@ function mesh_avahi {
     fi
 
     # Add a mesh routing protocol service
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/routing.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/routing.service
-    echo '<service-group>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <name replace-wildcards="yes">%h routing</name>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '    <type>_bmx6._tcp</type>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  </service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '</service-group>' >> $rootdir/etc/avahi/services/routing.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h routing</name>';
+      echo '  <service>';
+      echo '    <type>_bmx6._tcp</type>';
+      echo '  </service>';
+      echo '</service-group>'; } > "$rootdir/etc/avahi/services/routing.service"
 
     # keep the daemon running
     WATCHDOG_SCRIPT_NAME="keepon"
-    echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '';
+    echo '# keep avahi daemon running';
+    echo "AVAHI_RUNNING=\$(pgrep avahi-daemon > /dev/null && echo Running)";
+    echo "if [ ! \$AVAHI_RUNNING ]; then";
+    echo '  systemctl start avahi-daemon';
+    echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+    echo "  echo \" Avahi daemon restarted\" >> \$LOGFILE";
+    echo 'fi'; } >> "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+    chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 function install_batman_remove {
@@ -154,23 +154,23 @@ function install_batman {
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     $CHROOT_PREFIX systemctl enable batman
 }
 
@@ -178,79 +178,79 @@ function mesh_firewall {
     FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
-    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-
-    echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-
-    echo '# OLSR2/MANET' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-
-    echo '# Babel' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    { echo '#!/bin/bash';
+      echo 'iptables -P INPUT ACCEPT';
+      echo 'ip6tables -P INPUT ACCEPT';
+      echo 'iptables -F';
+      echo 'ip6tables -F';
+      echo 'iptables -t nat -F';
+      echo 'ip6tables -t nat -F';
+      echo 'iptables -X';
+      echo 'ip6tables -X';
+      echo 'iptables -P INPUT DROP';
+      echo 'ip6tables -P INPUT DROP';
+      echo 'iptables -A INPUT -i lo -j ACCEPT';
+      echo 'ip6tables -A INPUT -i lo -j ACCEPT';
+      echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo '';
+      echo '# Make sure incoming tcp connections are SYN packets';
+      echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo '';
+      echo '# Drop packets with incoming fragments';
+      echo 'iptables -A INPUT -f -j DROP';
+      echo 'ip6tables -A INPUT -f -j DROP';
+      echo '';
+      echo '# Drop bogons';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo '';
+      echo '# Incoming malformed NULL packets:';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo '';
+      echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+
+      echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
+
+      echo '# OLSR2/MANET';
+      echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT';
+
+      echo '# Babel';
+      echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT'; } > "$MESH_FIREWALL_SCRIPT"
     chmod +x $MESH_FIREWALL_SCRIPT
 
-    echo '[Unit]' > $FIREWALL_FILENAME
-    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Service]' >> $FIREWALL_FILENAME
-    echo 'Type=oneshot' >> $FIREWALL_FILENAME
-    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
-    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Install]' >> $FIREWALL_FILENAME
-    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
+    { echo '[Unit]';
+      echo 'Description=Mesh Firewall';
+      echo '';
+      echo '[Service]';
+      echo 'Type=oneshot';
+      echo 'ExecStart=/usr/bin/mesh-firewall';
+      echo 'RemainAfterExit=no';
+      echo '';
+      echo 'TimeoutSec=30';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $FIREWALL_FILENAME
     chmod +x $FIREWALL_FILENAME
     $CHROOT_PREFIX systemctl enable meshfirewall
 }
@@ -290,7 +290,7 @@ do
         -r|--rootdir)
             shift
             rootdir="$1"
-            CHROOT_PREFIX='chroot "${rootdir}"'
+            CHROOT_PREFIX="chroot \"\${rootdir}\""
             ;;
         -w|--wifi|--interface)
             shift

src/freedombone-mesh-invite

@@ -35,13 +35,13 @@ invite=$(sudo -- bash -c 'su -c "sbot invite.create 1" - scuttlebot' | awk -F '"
 
 if [ ${#invite} -lt 10 ]; then
    dialog --title $"Create Invite" \
-          --msgbox $"\nThe invite could not be created" 7 70
+          --msgbox $"\\nThe invite could not be created" 7 70
    exit 1
 fi
 
 echo "$invite" | xclip -selection c
 
 dialog --title $"Create Invite" \
-       --msgbox $"\nThe invite has been copied to the clipboard.\n\nYou can paste it with CTRL+v" 9 70
+       --msgbox $"\\nThe invite has been copied to the clipboard.\\n\\nYou can paste it with CTRL+v" 9 70
 
 exit 0

src/freedombone-mesh-reset

@@ -43,12 +43,12 @@ if ! zenity --question --title=$'New Identity' --text=$"Do you want to reset you
     sudo pkill midori
     sudo pkill patchwork
     sudo rm -f $MESH_INSTALL_COMPLETED
-    sudo ${PROJECT_NAME}-image-mesh $USER new
+    sudo "${PROJECT_NAME}-image-mesh" "$USER" new
 
     sudo batman start
 
-    if [ -f $HOME/mesh-desktop.sh ]; then
-        $HOME/mesh-desktop.sh
+    if [ -f "$HOME/mesh-desktop.sh" ]; then
+        "$HOME/mesh-desktop.sh"
     else
         zenity --info --title=$"New Identity" --text=$"You now have a new identity" --width=200
     fi

src/freedombone-mesh-routing

@@ -31,34 +31,34 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-mesh-routing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi"
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh"
 
 function mesh_stop_daemon {
     daemon_name=$1
 
     clear
     echo ''
-    echo $"Stopping $1..."
-    sudo systemctl stop $1
-    echo $"Disabling $1..."
-    sudo systemctl disable $1
+    echo $"Stopping ${daemon_name}..."
+    sudo systemctl stop "${daemon_name}"
+    echo $"Disabling ${daemon_name}..."
+    sudo systemctl disable "${daemon_name}"
 }
 
 clear
 echo ''
 echo $'Scanning for BMX6 protocol...'
-bmx6_peers=$(avahi-browse -at | grep routing | grep bmx6 | wc -l)
+bmx6_peers=$(avahi-browse -at | grep routing | grep -c bmx6)
 
 clear
 echo ''
 echo $'Scanning for OLSR2 protocol...'
-olsr2_peers=$(avahi-browse -at | grep routing | grep olsr2 | wc -l)
+olsr2_peers=$(avahi-browse -at | grep routing | grep -c olsr2)
 
 clear
 echo ''
 echo $'Scanning for Babel protocol...'
-babel_peers=$(avahi-browse -at | grep routing | grep babel | wc -l)
+babel_peers=$(avahi-browse -at | grep routing | grep -c babel)
 
 clear
 
@@ -71,28 +71,28 @@ case $sel in
 esac
 
 temp_script=$HOME/.change_routing
-echo '#!/bin/bash' > $temp_script
-echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL" >> $temp_script
-echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL" >> $temp_script
-echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service" >> $temp_script
-echo 'systemctl restart avahi-daemon' >> $temp_script
-echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')" >> $temp_script
-echo 'network=fd66:66:66' >> $temp_script
-echo 'search_ipv6=$(ifconfig $1 | grep $network)' >> $temp_script
-echo 'if [ $search_ipv6 ]; then' >> $temp_script
-echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')" >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'else' >> $temp_script
-echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )' >> $temp_script
-echo '    a=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    b=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    c=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    result=$network:$a:$b:$c:$d:$e' >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'fi' >> $temp_script
-chmod +x $temp_script
+{ echo '#!/bin/bash';
+  echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL";
+  echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL";
+  echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service";
+  echo 'systemctl restart avahi-daemon';
+  echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')";
+  echo 'network=fd66:66:66';
+  echo "search_ipv6=\$(ifconfig \$1 | grep \$network)";
+  echo "if [ \$search_ipv6 ]; then";
+  echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'else';
+  echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )';
+  echo "    a=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    b=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    c=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    d=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    e=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    result=\$network:\$a:\$b:\$c:\$d:\$e";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'fi'; } > "$temp_script"
+chmod +x "$temp_script"
 
 clear
 echo ''
@@ -100,7 +100,7 @@ echo $'Authentication to change mesh protocol'
 echo ''
 
 case $data in
-    1)  sudo $temp_script 'bmx6'
+    1)  sudo "$temp_script" 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
         mesh_stop_daemon 'babel'
@@ -111,7 +111,7 @@ case $data in
         echo $'Starting BMX6...'
         sudo systemctl start bmx6
         ;;
-    2)  sudo $temp_script 'olsr2'
+    2)  sudo "$temp_script" 'olsr2'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'babel'
@@ -122,7 +122,7 @@ case $data in
         echo $'Starting OLSR2...'
         sudo systemctl start olsr2
         ;;
-    3)  sudo $temp_script 'babel'
+    3)  sudo "$temp_script" 'babel'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
@@ -135,6 +135,6 @@ case $data in
         ;;
 esac
 
-rm $temp_script
+rm "$temp_script"
 
 exit 0

src/freedombone-mesh-visit-site

@@ -51,7 +51,7 @@ fi
 
 USERS_FILE_LINES=$(wc -l $USERS_FILE | awk -F ' ' '{print $1}')
 
-if [ $USERS_FILE_LINES -gt 200 ]; then
+if [ "$USERS_FILE_LINES" -gt 200 ]; then
     # If there are more than a Dunbar number of peers then ask for the peer name or ID
     data=$(zenity --entry --title="Visit IPFS site" --text="Enter the username or Tox ID for the site you wish to visit")
     sel=$?
@@ -62,7 +62,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
         if ! grep -q "$TOX_USERNAME_OR_ID" $USERS_FILE; then
                     TOX_ID="$TOX_USERNAME_OR_ID"
         else
-                    TOX_ID=$(cat "$USERS_FILE" | grep "$TOX_USERNAME_OR_ID" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
+                    TOX_ID=$(grep "$TOX_USERNAME_OR_ID" "$USERS_FILE" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
         fi
 
         if [ ${#TOX_ID} -gt 5 ]; then
@@ -70,7 +70,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
             zenity --info --title $"Visit a site" --text $"An IPFS site was not found for the user '$TOX_USERNAME_OR_ID'" --width 500
             exit 3
                     fi
-                    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+                    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
                     pkill $BROWSER
                     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 
@@ -85,7 +85,8 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
 else
     # If there are a relatively small number of users then choose from a list
     TOX_ID=$(
-    cat $USERS_FILE | \
+    # shellcheck disable=SC2002
+    cat "$USERS_FILE" | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
             print $i;
@@ -95,10 +96,10 @@ else
            --title='Visit the site of another user' \
            --column='Username' --column='Tox ID' \
            --print-column=2 --hide-column=2 --width=300 --height=400)
-    if [ ! $TOX_ID ]; then
+    if [ ! "$TOX_ID" ]; then
         exit 0
     fi
-    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
     pkill $BROWSER
     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 

src/freedombone-pass

@@ -60,7 +60,7 @@ function get_backup_key_id {
     MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
     if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
         echo $"Error: gpg backup key was not found"
-        return 58213
+        exit 58213
     fi
 }
 
@@ -99,7 +99,7 @@ function pad_string {
     pass_string="$1"
     str_length=${#pass_string}
     total_padding=$((128 - str_length))
-    leading_padding=$((1 + RANDOM % $total_padding))
+    leading_padding=$((1 + RANDOM % total_padding))
     trailing_padding=$((total_padding - leading_padding))
     leading=$(printf "%-${leading_padding}s")
     trailing=$(printf "%-${trailing_padding}s")
@@ -118,8 +118,7 @@ function run_tests {
         echo $'Incorrect padded length'
         exit 78352
     fi
-    ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-pass" -u root -a tests -p "$pass"; then
         echo $'Unable to encrypt password'
         exit 72725
     fi
@@ -142,8 +141,8 @@ function clear_passwords {
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
         if [[ "$USERNAME" != 'root' ]]; then
-            shred -zu /root/.passwords/$USERNAME/*
-            rm -rf /root/.passwords/$USERNAME
+            shred -zu "/root/.passwords/$USERNAME/*"
+            rm -rf "/root/.passwords/$USERNAME"
         fi
     done
     if [ ! -f $NO_PASSWORD_STORE_FILE ]; then
@@ -156,34 +155,34 @@ function clear_passwords {
 function export_to_keepass {
     filename="$1"
 
-    echo '<database>' > $filename
-    echo '  <group>' >> $filename
-    echo "    <title>${PROJECT_NAME}</title>" >> $filename
-    echo '    <icon>48</icon>' >> $filename
+    { echo '<database>';
+      echo '  <group>';
+      echo "    <title>${PROJECT_NAME}</title>";
+      echo '    <icon>48</icon>'; } > "$filename"
 
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
-        echo '    <group>' >> $filename
-        echo "      <title>$USERNAME</title>" >> $filename
-        echo '      <icon>0</icon>' >> $filename
+        { echo '    <group>';
+          echo "      <title>$USERNAME</title>";
+          echo '      <icon>0</icon>'; } >> "$filename"
         for a in /root/.passwords/$USERNAME/* ; do
-            APP_NAME=$(basename $a)
-            app_password=$(${PROJECT_NAME}-pass -u $USERNAME -a $APP_NAME)
-            echo '      <entry>' >> $filename
-            echo "        <title>$APP_NAME</title>" >> $filename
-            echo "        <username>$USERNAME</username>" >> $filename
-            echo "        <password>$app_password</password>" >> $filename
-            echo '        <url/>' >> $filename
-            echo '        <comment/>' >> $filename
-            echo '        <icon>0</icon>' >> $filename
-            echo '        <expire>Never</expire>' >> $filename
-            echo '      </entry>' >> $filename
+            APP_NAME=$(basename "$a")
+            app_password=$("${PROJECT_NAME}-pass" -u "$USERNAME" -a "$APP_NAME")
+            { echo '      <entry>';
+              echo "        <title>$APP_NAME</title>";
+              echo "        <username>$USERNAME</username>";
+              echo "        <password>$app_password</password>";
+              echo '        <url/>';
+              echo '        <comment/>';
+              echo '        <icon>0</icon>';
+              echo '        <expire>Never</expire>';
+              echo '      </entry>'; } >> "$filename"
         done
-        echo '    </group>' >> $filename
+        echo '    </group>' >> "$filename"
     done
 
-    echo '  </group>' >> $filename
-    echo '</database>' >> $filename
+    echo '  </group>' >> "$filename"
+    echo '</database>' >> "$filename"
 
     echo $"Exported $filename"
 }
@@ -245,9 +244,9 @@ do
     shift
 done
 
-if [ ${REMOVE_USERNAME} ]; then
-    if [ -d ~/.passwords/${REMOVE_USERNAME} ]; then
-        rm -rf ~/.passwords/${REMOVE_USERNAME}
+if [ "${REMOVE_USERNAME}" ]; then
+    if [ -d "${HOME}/.passwords/${REMOVE_USERNAME}" ]; then
+        rm -rf "${HOME}/.passwords/${REMOVE_USERNAME}"
     fi
     exit 0
 fi
@@ -271,43 +270,43 @@ if [ $TESTS ]; then
     exit 0
 fi
 
-if [ $EXPORT_FILENAME ]; then
-    export_to_keepass $EXPORT_FILENAME
+if [ "$EXPORT_FILENAME" ]; then
+    export_to_keepass "$EXPORT_FILENAME"
     exit 0
 fi
 
-if [ ! $CURR_USERNAME ]; then
+if [ ! "$CURR_USERNAME" ]; then
     echo $'Error: No username given'
     exit 1
 fi
 
-if [ ! -d /home/$CURR_USERNAME ]; then
+if [ ! -d "/home/$CURR_USERNAME" ]; then
     if [[ "$CURR_USERNAME" != "root" ]]; then
         echo $"Error: User $CURR_USERNAME does not exist"
         exit 2
     fi
 fi
 
-if [ ${REMOVE_APP} ]; then
-    if [ -d ~/.passwords/${CURR_USERNAME}/${REMOVE_APP} ]; then
-        shred -zu ~/.passwords/${CURR_USERNAME}/${REMOVE_APP}
+if [ "${REMOVE_APP}" ]; then
+    if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
+        shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
     fi
     exit 0
 fi
 
-if [ ! $CURR_APP ]; then
+if [ ! "$CURR_APP" ]; then
     echo $'Error: No app name given'
     exit 3
 fi
 
 if [ ${#CURR_PASSWORD} -eq 0 ]; then
     # retrieve password
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         echo ""
         exit 4
     else
-        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
+        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP")
         remove_padding "${pass}"
     fi
 else
@@ -318,12 +317,12 @@ else
             exit 0
         fi
     fi
-    if [ ! -d ~/.passwords/$CURR_USERNAME ]; then
-        mkdir -p ~/.passwords/$CURR_USERNAME
+    if [ ! -d "${HOME}/.passwords/$CURR_USERNAME" ]; then
+        mkdir -p "${HOME}/.passwords/$CURR_USERNAME"
     fi
     # padding helps to ensure than nothing can be learned from the length of the cyphertext
-    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP"
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         exit 5
     fi

src/freedombone-pin-cert

@@ -43,20 +43,20 @@ function pin_all_certs {
         return
     fi
 
-    cd $WEBSITES_DIRECTORY
-    for file in `dir -d *` ; do
-        if grep -q "Public-Key-Pins" $file; then
+    cd $WEBSITES_DIRECTORY || exit 2468724684
+    for file in $(dir -d "*") ; do
+        if grep -q "Public-Key-Pins" "$file"; then
             DOMAIN_NAME=$file
             KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
-            if [ -f $KEY_FILENAME ]; then
+            if [ -f "$KEY_FILENAME" ]; then
                 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
-                if [ -f $BACKUP_KEY_FILENAME ]; then
-                    KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-                    BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                if [ -f "$BACKUP_KEY_FILENAME" ]; then
+                    KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                    BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';"
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
+                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$file"
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
                     fi
                 fi
@@ -65,7 +65,7 @@ function pin_all_certs {
     done
 }
 
-if [[ $1 == "all" ]]; then
+if [[ "$1" == "all" ]]; then
     pin_all_certs
     systemctl restart nginx
     exit 0
@@ -77,7 +77,7 @@ KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
 SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME}
 
-if [ ! ${DOMAIN_NAME} ]; then
+if [ ! "${DOMAIN_NAME}" ]; then
     exit 0
 fi
 
@@ -86,8 +86,8 @@ if [ ! -f "$SITE_FILENAME" ]; then
 fi
 
 if [[ $REMOVE == "remove" ]]; then
-    if grep -q "Public-Key-Pins" $SITE_FILENAME; then
-        sed -i "/Public-Key-Pins/d" $SITE_FILENAME
+    if grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+        sed -i "/Public-Key-Pins/d" "$SITE_FILENAME"
         echo $"Removed pinning for ${DOMAIN_NAME}"
         systemctl restart nginx
     fi
@@ -104,8 +104,8 @@ if [ ! -f "$BACKUP_KEY_FILENAME" ]; then
     exit 2
 fi
 
-KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
 
 if [ ${#KEY_HASH} -lt 5 ]; then
     echo 'Pin hash unexpectedly short'
@@ -118,15 +118,15 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
 fi
 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
+if ! grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" "$SITE_FILENAME"
 else
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
+    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$SITE_FILENAME"
 fi
 
 systemctl restart nginx
 
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
+if ! grep -q "add_header Public-Key-Pins" "$SITE_FILENAME"; then
     echo $'Pinning failed'
 fi
 

src/freedombone-powerline

@@ -56,23 +56,23 @@ __powerline() {
   readonly WHITE_BRIGHT=15
 
   # Font effects
-  readonly DIM="\[$(tput dim)\]"
-  readonly REVERSE="\[$(tput rev)\]"
-  readonly RESET="\[$(tput sgr0)\]"
-  readonly BOLD="\[$(tput bold)\]"
+  readonly DIM="\\[$(tput dim)\\]"
+  readonly REVERSE="\\[$(tput rev)\\]"
+  readonly RESET="\\[$(tput sgr0)\\]"
+  readonly BOLD="\\[$(tput bold)\\]"
 
   # Generate terminal colour codes
   # $1 is an int (a colour) and $2 must be 'fg' or 'bg'
   __colour() {
     case "$2" in
       'fg'*)
-        echo "\[$(tput setaf "$1")\]"
+        echo "\\[$(tput setaf "$1")\\]"
         ;;
       'bg'*)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
       *)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
     esac
   }
@@ -288,7 +288,7 @@ __powerline() {
       if [ ! -z "${text+x}" ]; then
         text+="@"
       fi
-      text+="\h"
+      text+="\\h"
     fi
 
     if [ ! -z ${text+x} ]; then

src/freedombone-recoverkey

@@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 FRIENDS_SERVERS_LIST=
@@ -78,69 +78,71 @@ do
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 3578
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
+FRAGMENTS_DIR="/home/$MY_USERNAME/.gnupg_fragments"
 
 # if no remote backup list was given then assume recover from USB
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     interactive_gpg_from_usb
     exit 0
 fi
 
 # obtain shares/fragments from remote locations
-if [ $FRIENDS_SERVERS_LIST ]; then
+if [ "$FRIENDS_SERVERS_LIST" ]; then
     # For each remote server
-    while read remote_server
+    while read -r remote_server
     do
         # Get the server and its password
         # Format is:
         #   username@domain:/home/username <port number> <ssh password>
         REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-        if [ $REMOTE_SERVER ]; then
+        if [ "$REMOTE_SERVER" ]; then
             REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
             REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
 
             # create a directory if it doesn't exist
-            if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
-                mkdir -p /home/$MY_USERNAME/.gnupg_fragments
+            if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
+                mkdir -p "/home/$MY_USERNAME/.gnupg_fragments"
             fi
 
             echo -n $"Starting key retrieval from $REMOTE_SERVER..."
-            /usr/bin/sshpass -p $REMOTE_PASSWORD \
-                             scp -r -P $REMOTE_SSH_PORT $REMOTE_SERVER/.gnupg_fragments/* /home/$MY_USERNAME/.gnupg_fragments
+            /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
+                             scp -r -P "$REMOTE_SSH_PORT" "$REMOTE_SERVER/.gnupg_fragments/*" "/home/$MY_USERNAME/.gnupg_fragments"
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $'FAILED'
             else
                 echo $'Ok'
             fi
         fi
-    done < $FRIENDS_SERVERS_LIST
+    done < "$FRIENDS_SERVERS_LIST"
 fi
 
 # was a directory created?
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $'No fragments have been recovered, so the key cannot be recovered'
     exit 7483
 fi
 
 # was anything downloaded?
-cd $FRAGMENTS_DIR
+cd "$FRAGMENTS_DIR" || exit 24682468
+# shellcheck disable=SC2012
 no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
 if (( no_of_shares == 0 )); then
     echo $'No key fragments were retrieved'
@@ -148,14 +150,14 @@ if (( no_of_shares == 0 )); then
 fi
 
 # set permissions on the fragments
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg_fragments
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg_fragments"
 
 # decrypt the file
 KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-cd $FRAGMENTS_DIR
-gfcombine $KEYS_FILE.*
+cd "$FRAGMENTS_DIR" || exit 482746874624
+gfcombine "$KEYS_FILE.*"
 
-if [ ! -f $KEYS_FILE ]; then
+if [ ! -f "$KEYS_FILE" ]; then
     echo $'Unable to decrypt key. This may mean that not enough fragments are available'
     exit 6283
 fi
@@ -163,15 +165,14 @@ fi
 echo $'Key fragments recombined'
 
 # import the gpg key
-gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
     echo $'Unable to import gpg key'
-    shred -zu $KEYS_FILE
+    shred -zu "$KEYS_FILE"
     exit 3682
 fi
-shred -zu $KEYS_FILE
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
-chmod -R 600 /home/$MY_USERNAME/.gnupg
+shred -zu "$KEYS_FILE"
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
+chmod -R 600 "/home/$MY_USERNAME/.gnupg"
 
 echo $'GPG key was recovered'
 

src/freedombone-remote

@@ -35,7 +35,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # User to create the list for
 MY_USERNAME=$USER
@@ -44,7 +44,7 @@ MY_USERNAME=$USER
 FRIENDS_SERVERS_LIST=
 
 # Minimum password length in characters
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # How many remote locations were specified
 entering_remote_backups_ctr=0
@@ -117,24 +117,24 @@ do
 done
 
 function interactive_config_remote_backups {
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo $'Please specify a username with the -u option'
         exit 7356
     fi
 
-    if [ ! /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"The user /home/$MY_USERNAME does not exist on the system"
         exit 3689
     fi
 
-    if [ ! $FRIENDS_SERVERS_LIST ]; then
+    if [ ! "$FRIENDS_SERVERS_LIST" ]; then
         FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
     fi
 
     # clear any existing list
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        rm -f $FRIENDS_SERVERS_LIST
-        touch $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        rm -f "$FRIENDS_SERVERS_LIST"
+        touch "$FRIENDS_SERVERS_LIST"
     fi
     # number of entries made
     entering_remote_backups_ctr=1
@@ -148,57 +148,57 @@ function interactive_config_remote_backups {
     remote_ssh_reciprocal_password=""
     while [[ $entering_remote_backups_done == "no" ]]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $RECIPROCAL == "yes" ]]; then
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server\n\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
+                   --form "\\nPlease specify the SSH login details for the remote server\\n\\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
                    "Reciprocal Username:" 5 1 "$remote_ssh_reciprocal_username" 5 23 20 100 \
                    "Reciprocal Password:" 6 1 "$remote_ssh_reciprocal_password" 6 23 20 100 \
-                   2> $data
+                   2> "$data"
         else
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server" 15 50 4 \
+                   --form "\\nPlease specify the SSH login details for the remote server" 15 50 4 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
-                   2> $data
+                   2> "$data"
         fi
         sel=$?
         case $sel in
             1) entering_remote_backups_done="yes";;
             255) entering_remote_backups_done="yes";;
         esac
-        remote_ssh_username=$(cat $data | sed -n 1p)
-        remote_ssh_domain=$(cat $data | sed -n 2p)
-        remote_ssh_port=$(cat $data | sed -n 3p)
-        remote_ssh_password=$(cat $data | sed -n 4p)
-        remote_ssh_reciprocal_username=$(cat $data | sed -n 5p)
-        remote_ssh_reciprocal_password=$(cat $data | sed -n 6p)
+        remote_ssh_username=$(sed -n 1p < "$data")
+        remote_ssh_domain=$(sed -n 2p < "$data")
+        remote_ssh_port=$(sed -n 3p < "$data")
+        remote_ssh_password=$(sed -n 4p < "$data")
+        remote_ssh_reciprocal_username=$(sed -n 5p < "$data")
+        remote_ssh_reciprocal_password=$(sed -n 6p < "$data")
+        rm -f "$data"
         if [[ $remote_ssh_username != "" && \
                     $remote_ssh_domain != "" && \
                     $remote_ssh_port != "" && \
                     $remote_ssh_password != "" ]]; then
 
-            if [ ${#remote_ssh_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#remote_ssh_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title "Password quality check" --msgbox "The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
             else
 
                 if [[ $RECIPROCAL == "yes" ]]; then
                     if [[ $remote_ssh_reciprocal_username != "" && \
                                 $remote_ssh_reciprocal_password != "" ]]; then
-                        if [ ${#remote_ssh_reciprocal_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+                        if [ ${#remote_ssh_reciprocal_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                             dialog --title "Password quality check" --msgbox "The reciprocal password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
                         else
-                            echo ${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash | newusers
-                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                            echo "${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash" | newusers
+                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                             remote_ssh_username=""
                             remote_ssh_domain=""
                             remote_ssh_port=""
@@ -208,7 +208,7 @@ function interactive_config_remote_backups {
                             entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                         fi
                     else
-                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                         remote_ssh_username=""
                         remote_ssh_domain=""
                         remote_ssh_port=""
@@ -218,7 +218,7 @@ function interactive_config_remote_backups {
                         entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                     fi
                 else
-                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                     remote_ssh_username=""
                     remote_ssh_domain=""
                     remote_ssh_port=""
@@ -231,18 +231,18 @@ function interactive_config_remote_backups {
             entering_remote_backups_done="yes"
         fi
     done
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        chown $MY_USERNAME:$MY_USERNAME $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        chown "$MY_USERNAME":"$MY_USERNAME" "$FRIENDS_SERVERS_LIST"
     fi
 }
 
 function show_result {
     clear
-    if (( $entering_remote_backups_ctr < 2 )); then
+    if (( "$entering_remote_backups_ctr" < 2 )); then
         echo $'No remote backup locations were specified'
         exit 0
     fi
-    if [ ! -f $FRIENDS_SERVERS_LIST ]; then
+    if [ ! -f "$FRIENDS_SERVERS_LIST" ]; then
         echo $"No remote backups list found: $FRIENDS_SERVERS_LIST"
         exit 7358
     fi
@@ -251,11 +251,11 @@ function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $FRIENDS_SERVERS_LIST
+    cat "$FRIENDS_SERVERS_LIST"
     echo ''
 }
 
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
 fi
 

src/freedombone-renew-cert

@@ -59,8 +59,7 @@ function renew_letsencrypt {
         echo $"Renewing Let's Encrypt certificate"
     fi
 
-    ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH; then
         echo $"Unable to add Let's encrypt certificate"
         exit 6328
     fi
@@ -195,7 +194,7 @@ esac
 shift
 done
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5748
 fi
@@ -206,7 +205,7 @@ if ! which openssl > /dev/null ;then
 fi
 
 # check that the web site exists
-if [ ! -f /etc/nginx/sites-available/$HOSTNAME ]; then
+if [ ! -f "/etc/nginx/sites-available/$HOSTNAME" ]; then
     echo $"/etc/nginx/sites-available/$HOSTNAME does not exist"
     exit 7598
 fi

src/freedombone-repair-database

@@ -29,16 +29,16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 export TEXTDOMAIN=${PROJECT_NAME}-repair-databases
 export TEXTDOMAINDIR="/usr/share/locale"
 
 # The database to be repaired
-DATABASE=$1
+DATABASE="$1"
 
-ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
 ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
 
 # Frequency - daily/weekly
@@ -62,36 +62,36 @@ TEMPFILE=/root/repair-database-$DATABASE
 
 umask 0077
 
-if [ $2 ]; then
-    BACKUP_TYPE=$2
+if [ "$2" ]; then
+    BACKUP_TYPE="$2"
 fi
 
 # check the database
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # Attempt to repair the database if it contains errors
 if grep -q "Error" "$TEMPFILE"; then
-    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair $DATABASE
+    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair "$DATABASE"
 else
     # No errors were found, so exit
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE"
     exit 0
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 # Check the database again
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # If it still contains errors then restore from backup
 if grep -q "Error" "$TEMPFILE"; then
-    mysql -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE -o < /var/backups/${DATABASE}_${BACKUP_TYPE}.sql
+    mysql -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" -o < "/var/backups/${DATABASE}_${BACKUP_TYPE}.sql"
 
     # Send a warning email
-    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" $ADMIN_EMAIL_ADDRESS
-    rm -f $TEMPFILE
+    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" "$ADMIN_EMAIL_ADDRESS"
+    rm -f "$TEMPFILE"
 
     exit 1
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 exit 0

src/freedombone-restore-local

@@ -31,7 +31,7 @@
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 MONGODB_APPS_FILE=$HOME/.mongodbapps
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 
 # whether to restore everything or just a specific application
@@ -67,10 +67,10 @@ please_wait
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 clear
@@ -83,7 +83,7 @@ ADMIN_NAME=
 
 read_config_param USB_DRIVE
 
-if [ -f $COMPLETION_FILE ]; then
+if [ -f "$COMPLETION_FILE" ]; then
     ADMIN_USERNAME=$(get_completion_param "Admin user")
 fi
 
@@ -98,7 +98,7 @@ function check_backup_exists {
 
 function check_admin_user {
     echo $"Checking that admin user exists"
-    if [ ! -d /home/$ADMIN_USERNAME ]; then
+    if [ ! -d "/home/$ADMIN_USERNAME" ]; then
         echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
         set_user_permissions
         backup_unmount_drive
@@ -108,7 +108,7 @@ function check_admin_user {
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
@@ -185,12 +185,11 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 859034853
             fi
         fi
@@ -210,12 +209,11 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 62121
             fi
         fi
@@ -274,6 +272,7 @@ function restore_mariadb {
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@@ -283,6 +282,7 @@ function restore_mariadb {
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
@@ -292,9 +292,9 @@ function restore_mariadb {
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         fi
         rm -rf $temp_restore_dir
     fi
@@ -328,6 +328,7 @@ function restore_postgresql {
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
@@ -337,6 +338,7 @@ function restore_postgresql {
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
@@ -346,8 +348,8 @@ function restore_postgresql {
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf $temp_restore_dir
     fi
@@ -411,30 +413,30 @@ function restore_mutt_settings {
             fi
 
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f $temp_restore_dir/.muttrc ]; then
-                        cp -f $temp_restore_dir/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f $temp_restore_dir/Muttrc ]; then
                         cp -f $temp_restore_dir/Muttrc /etc/Muttrc
@@ -442,6 +444,7 @@ function restore_mutt_settings {
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -463,20 +466,21 @@ function restore_gpg {
         for d in $USB_MOUNT/backup/gnupg/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_usb $temp_restore_dir gnupg/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -484,10 +488,9 @@ function restore_gpg {
                     exit 276
                 fi
                 rm -rf $temp_restore_dir
-                gpg_set_permissions $USERNAME
+                gpg_set_permissions "$USERNAME"
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         set_user_permissions
                         backup_unmount_drive
                         exit 283
@@ -509,18 +512,19 @@ function restore_procmail {
         for d in $USB_MOUNT/backup/procmail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_usb $temp_restore_dir procmail/$USERNAME
+                restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
                 if [ -d $temp_restore_dir ]; then
-                    if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                    if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                     else
-                        cp -f $temp_restore_dir/.procmailrc /home/$USERNAME/.procmailrc
+                        cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
@@ -544,21 +548,22 @@ function restore_spamassassin {
         for d in $USB_MOUNT/backup/spamassassin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring spamassassin settings for $USERNAME"
                     temp_restore_dir=/root/tempspamassassin
-                    restore_directory_from_usb $temp_restore_dir spamassassin/$USERNAME
-                    if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                        cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                    restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
+                    if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                        cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                     else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                        cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                        cp -rf "$temp_restore_dir/*" "/home/$USERNAME/.spamassassin/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
@@ -583,19 +588,20 @@ function restore_admin_readme {
 
         # Make a backup of the original README file
         # incase old passwords need to be used
-        if [ -f /home/$ADMIN_USERNAME/README ]; then
-            if [ ! -f /home/$ADMIN_USERNAME/README_original ]; then
-                cp /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/README_original
+        if [ -f "/home/$ADMIN_USERNAME/README" ]; then
+            if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
+                cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
             fi
         fi
 
         temp_restore_dir=/root/tempreadme
         restore_directory_from_usb $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             set_user_permissions
@@ -616,20 +622,21 @@ function restore_user_ssh_keys {
         for d in $USB_MOUNT/backup/ssh/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_usb $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -652,20 +659,21 @@ function restore_user_config {
         for d in $USB_MOUNT/backup/config/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_usb $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -688,20 +696,21 @@ function restore_user_monkeysphere {
         for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_usb $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -716,8 +725,8 @@ function restore_user_monkeysphere {
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     fi
 }
@@ -732,20 +741,21 @@ function restore_user_fin {
         for d in $USB_MOUNT/backup/fin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_usb $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -768,20 +778,21 @@ function restore_user_local {
         for d in $USB_MOUNT/backup/local/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_usb $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -809,6 +820,7 @@ function restore_certs {
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -853,24 +865,25 @@ function restore_personal_settings {
         for d in $USB_MOUNT/backup/personal/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring personal settings for $USERNAME"
                     temp_restore_dir=/root/temppersonal
-                    restore_directory_from_usb $temp_restore_dir personal/$USERNAME
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                    restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                        mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                        mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                     else
-                        if [ ! -d /home/$USERNAME/personal ]; then
-                            mkdir /home/$USERNAME/personal
+                        if [ ! -d "/home/$USERNAME/personal" ]; then
+                            mkdir "/home/$USERNAME/personal"
                         fi
-                        cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                        cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         set_user_permissions
                         backup_unmount_drive
@@ -898,6 +911,7 @@ function restore_mailing_list {
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -917,20 +931,21 @@ function restore_email {
         for d in $USB_MOUNT/backup/mail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_usb $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     set_user_permissions
                     backup_unmount_drive
@@ -943,16 +958,16 @@ function restore_email {
 }
 
 function get_restore_app {
-    if [ ${1} ]; then
-        if [ ! -d /home/${1} ]; then
-            RESTORE_APP=${1}
+    if [ "${1}" ]; then
+        if [ ! -d "/home/${1}" ]; then
+            RESTORE_APP="${1}"
             echo $"Restore $RESTORE_APP"
         fi
     fi
 }
 
-get_restore_app ${2}
-backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
+get_restore_app "${2}"
+backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
 check_backup_exists
 check_admin_user
 copy_gpg_keys
@@ -979,7 +994,7 @@ restore_certs
 restore_personal_settings
 restore_mailing_list
 restore_email
-restore_apps local $RESTORE_APP
+restore_apps local "$RESTORE_APP"
 set_user_permissions
 update_default_domain
 backup_unmount_drive

src/freedombone-restore-remote

@@ -37,19 +37,19 @@ BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-SERVER_NAME=$1
+SERVER_NAME="$1"
 
 # whether to restore everything or just a specific application
 RESTORE_APP='all'
 
-if [ ${2} ]; then
-    RESTORE_APP=${2}
+if [ "${2}" ]; then
+    RESTORE_APP="${2}"
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
@@ -60,46 +60,45 @@ SERVER_DIRECTORY=/root/remoterestore
 
 BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
 
-if [ ! $SERVER_NAME ]; then
+if [ ! "$SERVER_NAME" ]; then
     echo $'restorefromfriend [server]'
     exit 1
 fi
 
-if [ ! -f $BACKUP_LIST ]; then
+if [ ! -f "$BACKUP_LIST" ]; then
     echo $"No friends list found at $BACKUP_LIST"
     exit 2
 fi
 
-if ! grep -q "$SERVER_NAME" $BACKUP_LIST; then
+if ! grep -q "$SERVER_NAME" "$BACKUP_LIST"; then
     echo $"Server not found within the friends list"
     exit 3
 fi
 
-REMOTE_SERVER=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $1}')
-REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $2}')
-REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $3}')
-REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $4}')
+REMOTE_SERVER=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $1}')
+REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $2}')
+REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $3}')
+REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $4}')
 REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
 
 NOW=$(date +"%Y-%m-%d %H:%M:%S")
 
 echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
-rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $REMOTE_SERVER/backup $SERVER_DIRECTORY
-if [ ! "$?" = "0" ]; then
+if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$REMOTE_SERVER/backup" "$SERVER_DIRECTORY"; then
     echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
     # Send a warning email
-    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" $ADMIN_EMAIL_ADDRESS
+    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" "$ADMIN_EMAIL_ADDRESS"
     exit 790
 else
     echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
 fi
 
 # MariaDB password
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
@@ -110,7 +109,7 @@ function restore_blocklist {
         fi
     fi
 
-    if [ -d $USB_MOUNT/backup/blocklist ]; then
+    if [ -d "$USB_MOUNT/backup/blocklist" ]; then
         echo $"Restoring blocklist"
         temp_restore_dir=/root/tempblocklist
         restore_directory_from_friend $temp_restore_dir blocklist
@@ -173,9 +172,8 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 7835335
@@ -196,9 +194,8 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 62121
@@ -242,6 +239,7 @@ function restore_mariadb {
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@@ -251,6 +249,7 @@ function restore_mariadb {
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
@@ -258,7 +257,7 @@ function restore_mariadb {
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
         fi
         rm -rf ${temp_restore_dir}
@@ -293,15 +292,17 @@ function restore_postgresql {
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
-                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
+                db_pass=$("${PROJECT_NAME}-pass" -u root -a postgresql)
                 if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
                 else
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
@@ -309,7 +310,7 @@ function restore_postgresql {
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf ${temp_restore_dir}
     fi
@@ -367,31 +368,31 @@ function restore_mutt_settings {
         fi
 
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mutt/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_friend ${temp_restore_dir} "mutt/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f ${temp_restore_dir}/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "${temp_restore_dir}/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f ${temp_restore_dir}/Muttrc ]; then
                         cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
@@ -399,6 +400,7 @@ function restore_mutt_settings {
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
@@ -417,29 +419,29 @@ function restore_gpg {
     for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/gnupg/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_friend ${temp_restore_dir} gnupg/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "gnupg/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/.gnupg" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
+                    cp -r "${temp_restore_dir}/*" "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
                 fi
                 rm -rf ${temp_restore_dir}
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         exit 283
                     fi
                     gpg_set_permissions root
@@ -458,18 +460,19 @@ function restore_procmail {
     for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/procmail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_friend ${temp_restore_dir} procmail/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "procmail/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                 else
-                    cp -f ${temp_restore_dir}/.procmailrc /home/$USERNAME/.procmailrc
+                    cp -f "${temp_restore_dir}/.procmailrc" "/home/$USERNAME/.procmailrc"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
@@ -489,21 +492,22 @@ function restore_spamassassin {
     for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/spamassassin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring spamassassin settings for $USERNAME"
                 temp_restore_dir=/root/tempspamassassin
-                restore_directory_from_friend $temp_restore_dir spamassassin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "spamassassin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                    cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                    cp -rf $temp_restore_dir/* "/home/$USERNAME/.spamassassin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 276
@@ -524,11 +528,12 @@ function restore_admin_readme {
         echo $"Restoring README"
         temp_restore_dir=/root/tempreadme
         restore_directory_from_friend $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
@@ -546,21 +551,22 @@ function restore_ssh_keys {
     for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/ssh/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_friend $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -580,21 +586,22 @@ function restore_user_config {
     for d in $SERVER_DIRECTORY/backup/config/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/config/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_friend $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -614,21 +621,22 @@ function restore_user_monkeysphere {
     for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/monkeysphere/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_friend $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -641,8 +649,8 @@ function restore_user_monkeysphere {
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     done
 }
@@ -656,21 +664,22 @@ function restore_user_fin {
     for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/fin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_friend $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -690,21 +699,22 @@ function restore_user_local {
     for d in $SERVER_DIRECTORY/backup/local/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/local/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_friend $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -729,6 +739,7 @@ function restore_certs {
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 276
         fi
@@ -770,24 +781,25 @@ function restore_personal_settings {
     for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/personal/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring personal settings for $USERNAME"
                 temp_restore_dir=/root/temppersonal
-                restore_directory_from_friend $temp_restore_dir personal/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                restore_directory_from_friend $temp_restore_dir "personal/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                 else
-                    if [ ! -d /home/$USERNAME/personal ]; then
-                        mkdir /home/$USERNAME/personal
+                    if [ ! -d "/home/$USERNAME/personal" ]; then
+                        mkdir "/home/$USERNAME/personal"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 18437643
                 fi
@@ -812,6 +824,7 @@ function restore_mailing_list {
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 526
         fi
@@ -828,21 +841,22 @@ function restore_email {
     for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_friend $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_friend $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 927
                 fi
@@ -854,7 +868,7 @@ function restore_email {
 
 # Social key management
 # Recover any key fragments and reconstruct the gpg key
-${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
+${PROJECT_NAME}-recoverkey -u "${ADMIN_USERNAME}" -l "$BACKUP_LIST"
 
 copy_gpg_keys
 gpg_agent_setup root

src/freedombone-rmemail

@@ -70,11 +70,11 @@ if ! [[ $MYUSERNAME && $EMAILADDRESS ]]; then
     show_help
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
 PM=/home/$MYUSERNAME/.procmailrc
 
-if grep -q "Email rule for $EMAILADDRESS ->" $PM; then
-    sed -i "/# Email rule for $EMAILADDRESS ->.*/,/# End of rule/d" $PM
+if grep -q "Email rule for $EMAILADDRESS ->" "$PM"; then
+    sed -i "/# Email rule for $EMAILADDRESS ->.*/,/# End of rule/d" "$PM"
 fi
 
 exit 0

src/freedombone-rmlist

@@ -77,15 +77,15 @@ if ! [[ $MYUSERNAME && $MAILINGLIST ]]; then
 fi
 
 MUTTRC=/home/$MYUSERNAME/.muttrc
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
 if [[ $MUTT_MAILBOXES == *$MAILINGLIST* ]]; then
-    sed -i "s| =$MAILINGLIST||g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    sed -i "s| =$MAILINGLIST||g" "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
-if [ $LIST_ADDRESS ]; then
-    if ! grep -q "unsubscribe $LIST_ADDRESS" $MUTTRC; then
-        sed -i "s|subscribe $LIST_ADDRESS|unsubscribe $LIST_ADDRESS|g" $MUTTRC
+if [ "$LIST_ADDRESS" ]; then
+    if ! grep -q "unsubscribe $LIST_ADDRESS" "$MUTTRC"; then
+        sed -i "s|subscribe $LIST_ADDRESS|unsubscribe $LIST_ADDRESS|g" "$MUTTRC"
     fi
 fi
 

src/freedombone-rmuser

@@ -36,16 +36,16 @@ export TEXTDOMAINDIR="/usr/share/locale"
 
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 read_config_param MY_USERNAME
@@ -53,7 +53,7 @@ read_config_param MY_USERNAME
 REMOVE_USERNAME=$1
 REMOVE_OPTIONS="$2"
 
-if [ ! $REMOVE_USERNAME ]; then
+if [ ! "$REMOVE_USERNAME" ]; then
     echo $'Please specify a username to remove'
     exit 1
 fi
@@ -68,35 +68,35 @@ if [[ $(is_valid_user "$REMOVE_USERNAME") == "0" ]]; then
     exit 3
 fi
 
-if [ ! -d /home/$REMOVE_USERNAME ]; then
+if [ ! -d "/home/$REMOVE_USERNAME" ]; then
     echo $"Home directory does not exist for $REMOVE_USERNAME"
     exit 4
 fi
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $"$COMPLETION_FILE not found"
     exit 5
 fi
 
-if ! grep -q "Admin user" $COMPLETION_FILE; then
+if ! grep -q "Admin user" "$COMPLETION_FILE"; then
     echo $"No admin user specified in $COMPLETION_FILE"
     exit 6
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
-if [ ! $ADMIN_USERNAME ]; then
+if [ ! "$ADMIN_USERNAME" ]; then
     echo $"No admin username specified in $COMPLETION_FILE"
     exit 7
 fi
 
-if [[ $REMOVE_USERNAME == $ADMIN_USERNAME ]]; then
+if [[ "$REMOVE_USERNAME" == "$ADMIN_USERNAME" ]]; then
     echo $"The administrator user cannot be removed"
     exit 8
 fi
 
 if [[ "$REMOVE_OPTIONS" != '-f' && "$REMOVE_OPTIONS" != '-y' && "$REMOVE_OPTIONS" != '--force' ]]; then
     echo $'>>> REMOVE USER <<<'
-    read -p $"Do you really wish to remove the user '$REMOVE_USERNAME' (y/n) ?" yn
+    read -r -p $"Do you really wish to remove the user '$REMOVE_USERNAME' (y/n) ?" yn
     if [[ $yn != 'y' && $yn != 'Y' && $yn != 'yes' && $yn != 'Yes' && $yn != 'YES' ]]; then
         echo $"User $REMOVE_USERNAME was not removed"
         exit 9
@@ -107,18 +107,18 @@ fi
 
 if [ -f /etc/nginx/.htpasswd ]; then
     if grep -q "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
-        htpasswd -D /etc/nginx/.htpasswd $REMOVE_USERNAME
+        htpasswd -D /etc/nginx/.htpasswd "$REMOVE_USERNAME"
     fi
 fi
 
 # remove gpg keys
-if [ -d /home/$REMOVE_USERNAME/.gnupg ]; then
-    shred -zu /home/$REMOVE_USERNAME/.gnupg/*
+if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
+    shred -zu "/home/$REMOVE_USERNAME/.gnupg/*"
 fi
 
 # remove ssh keys
-if [ -d /home/$REMOVE_USERNAME/.ssh ]; then
-    shred -zu /home/$REMOVE_USERNAME/.ssh/*
+if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
+    shred -zu "/home/$REMOVE_USERNAME/.ssh/*"
 fi
 
 echo $'Detecting installed apps...'
@@ -126,25 +126,25 @@ detect_apps
 get_apps_installed_names
 for app_name in "${APPS_INSTALLED_NAMES[@]}"
 do
-    if [[ $(function_exists remove_user_${app_name}) == "1" ]]; then
+    if [[ $(function_exists "remove_user_${app_name}") == "1" ]]; then
         echo $"Removing user from ${app_name}"
-        app_load_variables ${app_name}
-        remove_user_${app_name} "$REMOVE_USERNAME"
-        if grep -q "${app_name}_${REMOVE_USERNAME}" $APP_USERS_FILE; then
-            sed -i "/${app_name}_${REMOVE_USERNAME}/d" $APP_USERS_FILE
+        app_load_variables "${app_name}"
+        "remove_user_${app_name}" "$REMOVE_USERNAME"
+        if grep -q "${app_name}_${REMOVE_USERNAME}" "$APP_USERS_FILE"; then
+            sed -i "/${app_name}_${REMOVE_USERNAME}/d" "$APP_USERS_FILE"
         fi
     fi
 done
 
 chmod 600 /etc/shadow
 chmod 600 /etc/gshadow
-userdel -r $REMOVE_USERNAME
-groupdel $REMOVE_USERNAME
+userdel -r "$REMOVE_USERNAME"
+groupdel "$REMOVE_USERNAME"
 chmod 0000 /etc/shadow
 chmod 0000 /etc/gshadow
 
-if [ -d /home/$REMOVE_USERNAME ]; then
-    rm -rf /home/$REMOVE_USERNAME
+if [ -d "/home/$REMOVE_USERNAME" ]; then
+    rm -rf "/home/${REMOVE_USERNAME:?}"
 fi
 
 echo $"User $REMOVE_USERNAME was removed"

src/freedombone-splitkey

@@ -90,37 +90,37 @@ esac
 shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
     echo $'No gpg key found'
     exit 5393
 fi
 
-if [ $PASSWORD_FILE ]; then
-    if [ ! -f $PASSWORD_FILE ]; then
+if [ "$PASSWORD_FILE" ]; then
+    if [ ! -f "$PASSWORD_FILE" ]; then
         echo $'Password file not found'
         exit 62952
     fi
 fi
 
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
-if [ -d $FRAGMENTS_DIR ]; then
+if [ -d "$FRAGMENTS_DIR" ]; then
     exit 0
 fi
 
 # get the gpg key ID
-if [ ! $MY_EMAIL_ADDRESS ]; then
+if [ ! "$MY_EMAIL_ADDRESS" ]; then
     MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
 fi
 
-KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
+KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - "$MY_USERNAME" | sed -n '2p' | sed 's/^[ \t]*//')
 if [ ${#KEYID} -lt 4 ]; then
     echo $"gpg key for $MY_EMAIL_ADDRESS was not found"
     exit 3682
@@ -133,72 +133,70 @@ if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
 fi
 
 # create the key file
-mkdir -p $FRAGMENTS_DIR
-chown $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
-KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-gpg --output $FRAGMENTS_DIR/pubkey.txt --armor --export $KEYID
-if [ ! "$?" = "0" ]; then
+mkdir -p "$FRAGMENTS_DIR"
+chown "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
+KEYS_FILE="$FRAGMENTS_DIR/keyshare.asc"
+if ! gpg --output "$FRAGMENTS_DIR/pubkey.txt" --armor --export "$KEYID"; then
     echo $"Unable to extract public key for $KEYID"
     exit 7835
 fi
-if [ ! $PASSWORD_FILE ]; then
-    gpg --output $FRAGMENTS_DIR/privkey.txt \
-        --armor --export-secret-key $KEYID
+if [ ! "$PASSWORD_FILE" ]; then
+    gpg --output "$FRAGMENTS_DIR/privkey.txt" \
+        --armor --export-secret-key "$KEYID"
 else
-    echo "$(printf `cat $PASSWORD_FILE`)" | \
+    # shellcheck disable=SC2005
+    echo "$(printf "%s" "$(cat "$PASSWORD_FILE")")" | \
         gpg --batch --passphrase-fd 0 \
-        --output $FRAGMENTS_DIR/privkey.txt \
-        --armor --export-secret-key $KEYID
+        --output "$FRAGMENTS_DIR/privkey.txt" \
+        --armor --export-secret-key "$KEYID"
 fi
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract private key for $KEYID"
     exit 7823
 fi
-gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
-    --armor --export $MY_BACKUP_KEY_ID
-if [ ! "$?" = "0" ]; then
-    shred -zu $FRAGMENTS_DIR/privkey.txt
+if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
+    --armor --export "$MY_BACKUP_KEY_ID"; then
+    shred -zu "$FRAGMENTS_DIR/privkey.txt"
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
     exit 62928
 fi
 echo "$BACKUP_DUMMY_PASSWORD" | \
-    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
         --batch --passphrase-fd 0 \
-        --armor --export-secret-key $MY_BACKUP_KEY_ID
-if [ ! "$?" = "0" ]; then
-    shred -zu $FRAGMENTS_DIR/privkey.txt
+        --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
+    shred -zu "$FRAGMENTS_DIR/privkey.txt"
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
     exit 13783
 fi
 
 # Ensure there aren't any permissions problems when running cat
-chmod +r $FRAGMENTS_DIR/privkey.txt
-chmod +r $FRAGMENTS_DIR/backup_privkey.txt
-
-cat $FRAGMENTS_DIR/pubkey.txt \
-    $FRAGMENTS_DIR/privkey.txt \
-    $FRAGMENTS_DIR/backup_pubkey.txt \
-    $FRAGMENTS_DIR/backup_privkey.txt > $KEYS_FILE
-shred -zu $FRAGMENTS_DIR/privkey.txt
-shred -zu $FRAGMENTS_DIR/pubkey.txt
-shred -zu $FRAGMENTS_DIR/backup_privkey.txt
-shred -zu $FRAGMENTS_DIR/backup_pubkey.txt
+chmod +r "$FRAGMENTS_DIR/privkey.txt"
+chmod +r "$FRAGMENTS_DIR/backup_privkey.txt"
+
+cat "$FRAGMENTS_DIR/pubkey.txt" \
+    "$FRAGMENTS_DIR/privkey.txt" \
+    "$FRAGMENTS_DIR/backup_pubkey.txt" \
+    "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
+shred -zu "$FRAGMENTS_DIR/privkey.txt"
+shred -zu "$FRAGMENTS_DIR/pubkey.txt"
+shred -zu "$FRAGMENTS_DIR/backup_privkey.txt"
+shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt"
 
 KEY_SHARES=$((KEY_FRAGMENTS * 2))
-gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gfsplit -n "$KEY_FRAGMENTS" -m "$KEY_SHARES $KEYS_FILE"; then
     echo $"Unable to split the gpg key"
-    rm -rf $FRAGMENTS_DIR
-    if [ -f $KEYS_FILE ]; then
-        shred -zu $KEYS_FILE
+    rm -rf "$FRAGMENTS_DIR"
+    if [ -f "$KEYS_FILE" ]; then
+        shred -zu "$KEYS_FILE"
     fi
     exit 63028
 fi
-shred -zu $KEYS_FILE
+shred -zu "$KEYS_FILE"
 
 # set permissions
-chown -R $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
-chmod -R 600 $FRAGMENTS_DIR
+chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
+chmod -R 600 "$FRAGMENTS_DIR"
 
 echo $"$KEY_SHARES key shares created"
 

src/freedombone-syncthing

@@ -36,10 +36,10 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=$PROJECT_NAME-syncthing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # File which keeps track of what has already been installed
@@ -68,13 +68,14 @@ function new_syncthing_id {
     for i in {1..8}
     do
         v=""
+        # shellcheck disable=SC2034
         for j in {1..2}
         do
-            v2=`echo "obase=16;$RANDOM" | bc`
+            v2=$(echo "obase=16;$RANDOM" | bc)
             v=$v$v2
         done
         v=$(echo "$v" | cut -c1-7)
-        if [[ ${i} < 8 ]]; then
+        if [ "${i}" -lt 8 ]; then
             v=$v"-"
         fi
         echo -n "$v"
@@ -83,11 +84,11 @@ function new_syncthing_id {
 }
 
 function create_syncthing_config {
-    if grep -q "syncthing ID" $COMPLETION_FILE; then
+    if grep -q "syncthing ID" "$COMPLETION_FILE"; then
         SYNCTHING_ID=$(get_completion_param "syncthing ID")
     else
         if [ -f $SYNCTHING_CONFIG_FILE ]; then
-            SYNCTHING_ID=$(cat $SYNCTHING_CONFIG_FILE | grep "device id=" | head -n 1 | awk -F '"' '{print $2}')
+            SYNCTHING_ID=$(grep "device id=" "$SYNCTHING_CONFIG_FILE" | head -n 1 | awk -F '"' '{print $2}')
         else
             SYNCTHING_ID=$(new_syncthing_id)
         fi
@@ -109,7 +110,7 @@ function create_syncthing_config {
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             echo "    <folder id=\"$USERNAME\" path=\"/home/$USERNAME/Sync/\" ro=\"false\" rescanIntervalS=\"60\" ignorePerms=\"false\" autoNormalize=\"true\">" >> $SYNCTHING_CONFIG_FILE
             # include any specified device IDs for this user
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 echo "" > $TEMP_IDS_FILE
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
@@ -121,23 +122,23 @@ function create_syncthing_config {
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
                 rm $TEMP_IDS_FILE
             fi
-            echo "        <device id=\"$SYNCTHING_ID\"></device>" >> $SYNCTHING_CONFIG_FILE
-            echo '        <minDiskFreePct>1</minDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <versioning></versioning>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <copiers>0</copiers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullers>0</pullers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <hashers>0</hashers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <order>random</order>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <ignoreDelete>false</ignoreDelete>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <scanProgressIntervalS>0</scanProgressIntervalS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullerSleepS>0</pullerSleepS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullerPauseS>0</pullerPauseS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <maxConflicts>10</maxConflicts>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <disableSparseFiles>false</disableSparseFiles>' >> $SYNCTHING_CONFIG_FILE
-            echo '    </folder>' >> $SYNCTHING_CONFIG_FILE
+            { echo "        <device id=\"$SYNCTHING_ID\"></device>";
+              echo '        <minDiskFreePct>1</minDiskFreePct>';
+              echo '        <versioning></versioning>';
+              echo '        <copiers>0</copiers>';
+              echo '        <pullers>0</pullers>';
+              echo '        <hashers>0</hashers>';
+              echo '        <order>random</order>';
+              echo '        <ignoreDelete>false</ignoreDelete>';
+              echo '        <scanProgressIntervalS>0</scanProgressIntervalS>';
+              echo '        <pullerSleepS>0</pullerSleepS>';
+              echo '        <pullerPauseS>0</pullerPauseS>';
+              echo '        <maxConflicts>10</maxConflicts>';
+              echo '        <disableSparseFiles>false</disableSparseFiles>';
+              echo '    </folder>'; } >> "$SYNCTHING_CONFIG_FILE"
         fi
     done
 
@@ -147,7 +148,7 @@ function create_syncthing_config {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
@@ -158,96 +159,95 @@ function create_syncthing_config {
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
         fi
     done
     rm $TEMP_IDS_FILE
-    echo "        <device id=\"$SYNCTHING_ID\"></device>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <minDiskFreePct>1</minDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <versioning></versioning>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <copiers>0</copiers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullers>0</pullers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <hashers>0</hashers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <order>random</order>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <ignoreDelete>false</ignoreDelete>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <scanProgressIntervalS>0</scanProgressIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullerSleepS>0</pullerSleepS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullerPauseS>0</pullerPauseS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxConflicts>10</maxConflicts>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <disableSparseFiles>false</disableSparseFiles>' >> $SYNCTHING_CONFIG_FILE
-    echo '    </folder>' >> $SYNCTHING_CONFIG_FILE
+    { echo "        <device id=\"$SYNCTHING_ID\"></device>";
+      echo '        <minDiskFreePct>1</minDiskFreePct>';
+      echo '        <versioning></versioning>';
+      echo '        <copiers>0</copiers>';
+      echo '        <pullers>0</pullers>';
+      echo '        <hashers>0</hashers>';
+      echo '        <order>random</order>';
+      echo '        <ignoreDelete>false</ignoreDelete>';
+      echo '        <scanProgressIntervalS>0</scanProgressIntervalS>';
+      echo '        <pullerSleepS>0</pullerSleepS>';
+      echo '        <pullerPauseS>0</pullerPauseS>';
+      echo '        <maxConflicts>10</maxConflicts>';
+      echo '        <disableSparseFiles>false</disableSparseFiles>';
+      echo '    </folder>';
 
-
-    echo "    <device id=\"$SYNCTHING_ID\" name=\"${PROJECT_NAME}\" compression=\"metadata\" introducer=\"false\">" >> $SYNCTHING_CONFIG_FILE
-    echo '        <address>dynamic</address>' >> $SYNCTHING_CONFIG_FILE
-    echo '    </device>' >> $SYNCTHING_CONFIG_FILE
+      echo "    <device id=\"$SYNCTHING_ID\" name=\"${PROJECT_NAME}\" compression=\"metadata\" introducer=\"false\">";
+      echo '        <address>dynamic</address>';
+      echo '    </device>'; } >> "$SYNCTHING_CONFIG_FILE"
 
     echo "" > $TEMP_IDS_FILE
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                         if [ ${#line2} -gt 10 ]; then
                             if ! grep -q "$line2" $TEMP_IDS_FILE; then
-                                echo "    <device id=\"$line2\" name=\"${USERNAME}\" compression=\"metadata\" introducer=\"false\">" >> $SYNCTHING_CONFIG_FILE
+                                echo "    <device id=\"$line2\" name=\"${USERNAME}\" compression=\"metadata\" introducer=\"false\">" >> "$SYNCTHING_CONFIG_FILE"
                                 echo '        <address>dynamic</address>' >> $SYNCTHING_CONFIG_FILE
                                 echo '    </device>' >> $SYNCTHING_CONFIG_FILE
                                 echo "$line2" >> $TEMP_IDS_FILE
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
         fi
     done
     rm $TEMP_IDS_FILE
 
-    echo '    <options>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <listenAddress>tcp://0.0.0.0:$SYNCTHING_PORT</listenAddress>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <globalAnnounceServer>default</globalAnnounceServer>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <globalAnnounceEnabled>true</globalAnnounceEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnounceEnabled>true</localAnnounceEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnouncePort>21027</localAnnouncePort>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <relayServer>dynamic+$SYNCTHING_RELAY_SERVER</relayServer>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxSendKbps>0</maxSendKbps>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxRecvKbps>0</maxRecvKbps>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <reconnectionIntervalS>60</reconnectionIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <relaysEnabled>true</relaysEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <relayReconnectIntervalM>10</relayReconnectIntervalM>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <startBrowser>true</startBrowser>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpEnabled>true</upnpEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpLeaseMinutes>60</upnpLeaseMinutes>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpRenewalMinutes>30</upnpRenewalMinutes>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpTimeoutSeconds>10</upnpTimeoutSeconds>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urAccepted>-1</urAccepted>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urUniqueID></urUniqueID>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urURL>https://data.syncthing.net/newdata</urURL>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urPostInsecurely>false</urPostInsecurely>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urInitialDelayS>1800</urInitialDelayS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <restartOnWakeup>true</restartOnWakeup>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <keepTemporariesH>24</keepTemporariesH>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <cacheIgnoredFiles>true</cacheIgnoredFiles>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <progressUpdateIntervalS>5</progressUpdateIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <symlinksEnabled>true</symlinksEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <limitBandwidthInLan>false</limitBandwidthInLan>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <minHomeDiskFreePct>1</minHomeDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <releasesURL>$SYNCTHING_RELEASES</releasesURL>" >> $SYNCTHING_CONFIG_FILE
-    echo '    </options>' >> $SYNCTHING_CONFIG_FILE
-    echo '</configuration>' >> $SYNCTHING_CONFIG_FILE
+    { echo '    <options>';
+      echo "        <listenAddress>tcp://0.0.0.0:$SYNCTHING_PORT</listenAddress>";
+      echo '        <globalAnnounceServer>default</globalAnnounceServer>';
+      echo '        <globalAnnounceEnabled>true</globalAnnounceEnabled>';
+      echo '        <localAnnounceEnabled>true</localAnnounceEnabled>';
+      echo '        <localAnnouncePort>21027</localAnnouncePort>';
+      echo '        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>';
+      echo "        <relayServer>dynamic+$SYNCTHING_RELAY_SERVER</relayServer>";
+      echo '        <maxSendKbps>0</maxSendKbps>';
+      echo '        <maxRecvKbps>0</maxRecvKbps>';
+      echo '        <reconnectionIntervalS>60</reconnectionIntervalS>';
+      echo '        <relaysEnabled>true</relaysEnabled>';
+      echo '        <relayReconnectIntervalM>10</relayReconnectIntervalM>';
+      echo '        <startBrowser>true</startBrowser>';
+      echo '        <upnpEnabled>true</upnpEnabled>';
+      echo '        <upnpLeaseMinutes>60</upnpLeaseMinutes>';
+      echo '        <upnpRenewalMinutes>30</upnpRenewalMinutes>';
+      echo '        <upnpTimeoutSeconds>10</upnpTimeoutSeconds>';
+      echo '        <urAccepted>-1</urAccepted>';
+      echo '        <urUniqueID></urUniqueID>';
+      echo '        <urURL>https://data.syncthing.net/newdata</urURL>';
+      echo '        <urPostInsecurely>false</urPostInsecurely>';
+      echo '        <urInitialDelayS>1800</urInitialDelayS>';
+      echo '        <restartOnWakeup>true</restartOnWakeup>';
+      echo '        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>';
+      echo '        <keepTemporariesH>24</keepTemporariesH>';
+      echo '        <cacheIgnoredFiles>true</cacheIgnoredFiles>';
+      echo '        <progressUpdateIntervalS>5</progressUpdateIntervalS>';
+      echo '        <symlinksEnabled>true</symlinksEnabled>';
+      echo '        <limitBandwidthInLan>false</limitBandwidthInLan>';
+      echo '        <minHomeDiskFreePct>1</minHomeDiskFreePct>';
+      echo "        <releasesURL>$SYNCTHING_RELEASES</releasesURL>";
+      echo '    </options>';
+      echo '</configuration>'; } >> "$SYNCTHING_CONFIG_FILE"
 
     # give each user account a file containing the device id for this server
     # This allows it to appear within the user control panel
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            echo "$SYNCTHING_ID" > /home/$USERNAME/.syncthing-server-id
-            chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+            echo "$SYNCTHING_ID" > "/home/$USERNAME/.syncthing-server-id"
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
         fi
     done
 }
@@ -266,7 +266,7 @@ function user_devices_changed {
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ ! -f /home/$USERNAME/.syncthing-server-id ]; then
+        if [ ! -f "/home/$USERNAME/.syncthing-server-id" ]; then
             CHANGED=1
             return
         fi
@@ -275,11 +275,11 @@ function user_devices_changed {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_UPDATE_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_UPDATE_FILE" ]; then
                 CHANGED=1
             fi
 
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     if [[ $line != *"#"* && $line != *"*"* && $line != *'/'*  && $line == *"-"* ]]; then
                         if [ ${#line} -gt 10 ]; then
@@ -288,15 +288,15 @@ function user_devices_changed {
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
 
             # Permissions on user Sync directories
-            if [ -d /home/$USERNAME/Sync ]; then
-                chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+            if [ -d "/home/$USERNAME/Sync" ]; then
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/Sync"
             fi
-            if [ -d /home/$USERNAME/SyncShared ]; then
-                chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+            if [ -d "/home/$USERNAME/SyncShared" ]; then
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/SyncShared"
             fi
         fi
     done
@@ -305,11 +305,11 @@ function user_devices_changed {
 function syncthing_set_permissions {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -d /home/$USERNAME/Sync ]; then
-            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+        if [ -d "/home/$USERNAME/Sync" ]; then
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/Sync"
         fi
-        if [ -d /home/$USERNAME/SyncShared ]; then
-            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+        if [ -d "/home/$USERNAME/SyncShared" ]; then
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/SyncShared"
         fi
     done
 }

src/freedombone-template

@@ -85,9 +85,9 @@ do
         -a|--app|--appname)
             shift
             app_name="$1"
-            app_name_lower=$(echo ${app_name} | tr '[:upper:]' '[:lower:]')
+            app_name_lower=$(echo "${app_name}" | tr '[:upper:]' '[:lower:]')
             app_name=$app_name_lower
-            app_name_upper=$(echo ${app_name} | tr '[:lower:]' '[:upper:]')
+            app_name_upper=$(echo "${app_name}" | tr '[:lower:]' '[:upper:]')
             ;;
         -r|--repo)
             shift
@@ -226,14 +226,14 @@ fi
 echo ''
 echo "${app_name_upper}_DOMAIN_NAME="
 echo "${app_name_upper}_CODE="
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo "${app_name_upper}_PORT=$app_port"
 fi
 echo "${app_name_upper}_ONION_PORT=$(( ( RANDOM % 1000 )  + 9010 ))"
 echo "${app_name_upper}_REPO=\"${app_repo}\""
 echo "${app_name_upper}_COMMIT='${app_repo_commit}'"
 if [ $app_daemon ]; then
-    if [ ! $app_port_internal ]; then
+    if [ ! "$app_port_internal" ]; then
         echo "${app_name_upper}_PORT_INTERNAL=TODO"
     else
         echo "${app_name_upper}_PORT_INTERNAL=$app_port_internal"
@@ -255,14 +255,14 @@ echo "    echo -n ''"
 echo '}'
 echo ''
 echo "function remove_user_${app_name} {"
-echo '    remove_username="$1"'
+echo "    remove_username=\"\$1\""
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$remove_username --rmapp ${app_name}"
 echo '}'
 echo ''
 echo "function add_user_${app_name} {"
-echo '    new_username="$1"'
-echo '    new_user_password="$2"'
+echo "    new_username=\"\$1\""
+echo "    new_user_password=\"\$2\""
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$new_username -a ${app_name} -p \"\$new_user_password\""
 echo "    echo '0'"
@@ -270,11 +270,11 @@ echo '}'
 echo ''
 echo "function install_interactive_${app_name} {"
 if [ ! $app_onion_only ]; then
-    echo '    if [ ! $ONION_ONLY ]; then'
+    echo "    if [ ! \$ONION_ONLY ]; then"
     echo "        ONION_ONLY='no'"
     echo '    fi'
     echo ''
-    echo '    if [[ $ONION_ONLY != "no" ]]; then'
+    echo "    if [[ \$ONION_ONLY != \"no\" ]]; then"
     echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
     echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
     echo '    else'
@@ -287,8 +287,8 @@ echo '    APP_INSTALLED=1'
 echo '}'
 echo ''
 echo "function change_password_${app_name} {"
-echo '    curr_username="$1"'
-echo '    new_user_password="$2"'
+echo "    curr_username=\"\$1\""
+echo "    new_user_password=\"\$2\""
 echo ''
 echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
 echo ''
@@ -298,8 +298,8 @@ echo '}'
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* ]]; then
     echo ''
     echo "function ${app_name}_create_database {"
-    echo '    if [ -f $IMAGE_PASSWORD_FILE ]; then'
-    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf `cat $IMAGE_PASSWORD_FILE`)\""
+    echo "    if [ -f \$IMAGE_PASSWORD_FILE ]; then"
+    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf \"%d\" \"\$(cat \"$IMAGE_PASSWORD_FILE\")\")\""
     echo '    else'
     echo "        if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then"
     echo "            ${app_name_upper}_ADMIN_PASSWORD=\"\$(create_password \${MINIMUM_PASSWORD_LENGTH})\""
@@ -329,26 +329,29 @@ echo ''
 echo "function configure_interactive_${app_name} {"
 echo '    while true'
 echo '    do'
-echo '        data=$(tempfile 2>/dev/null)'
-echo '        trap "rm -f $data" 0 1 2 5 15'
+echo "        data=\$(mktemp 2>/dev/null)"
 echo "        dialog --backtitle \$\"Freedombone Control Panel\" \\"
 echo "               --title \$\"${app_name}\" \\"
 echo "               --radiolist \$\"Choose an operation:\" 16 70 3 \\"
-echo '               1 $"Option 1" off \'
-echo '               2 $"Option 2" off \'
-echo '               3 $"Exit" on 2> $data'
+echo "               1 \$\"Option 1\" off \\"
+echo "               2 \$\"Option 2\" off \\"
+echo "               3 \$\"Exit\" on 2> \"\$data\""
 echo '        sel=$?'
-echo '        case $sel in'
-echo '            1) return;;'
-echo '            255) return;;'
+echo "        case \$sel in"
+echo "            1) rm -f \"\$data\""
+echo '               return;;'
+echo "            255) rm -f \"\$data\""
+echo '                 return;;'
 echo '        esac'
-echo '        case $(cat $data) in'
+echo "        case \$(cat \"\$data\") in"
 echo '            1) # call some function for option 1'
 echo '               ;;'
 echo '            2) # call some function for option 2'
 echo '               ;;'
-echo '            3) break;;'
+echo "            3) rm -f \"\$data\""
+echo '               break;;'
 echo '        esac'
+echo "        rm -f \"\$data\""
 echo '    done'
 echo '}'
 echo ''
@@ -363,7 +366,7 @@ echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name
 echo '    fi'
 echo ''
 echo '    # update to the next commit'
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    set_repo_commit /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
     echo "    chown -R www-data:www-data /var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
@@ -378,7 +381,7 @@ echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
@@ -387,7 +390,7 @@ echo ''
 echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
 echo ''
 echo "    dest_directory=${app_name}"
-echo '    backup_directory_to_usb $source_directory $dest_directory'
+echo "    backup_directory_to_usb \$source_directory \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_usb ${app_name}"
@@ -408,7 +411,7 @@ echo '    fi'
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "        ${app_name}_dir=${app_dir}"
@@ -418,8 +421,8 @@ if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
@@ -428,13 +431,13 @@ if [[ "$database_type" == "postgres"* ]]; then
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_usb \$temp_restore_dir ${app_name}"
-echo '        if [ -d $temp_restore_dir ]; then'
+echo "        if [ -d \$temp_restore_dir ]; then"
 echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
 echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
 echo '            else'
@@ -444,7 +447,7 @@ echo '                fi'
 echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
 echo '            fi'
 echo "            chown -R www-data:www-data \$${app_name}_dir"
-echo '            rm -rf $temp_restore_dir'
+echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo '    fi'
@@ -456,7 +459,7 @@ echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
@@ -465,7 +468,7 @@ echo ''
 echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
 echo ''
 echo "    dest_directory=${app_name}"
-echo '    backup_directory_to_friend $source_directory $dest_directory'
+echo "    backup_directory_to_friend \$source_directory \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_friend ${app_name}"
@@ -486,7 +489,7 @@ echo '    fi'
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "        ${app_name}_dir=${app_dir}"
@@ -496,8 +499,8 @@ if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database_from_friend ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
@@ -506,13 +509,13 @@ if [[ "$database_type" == "postgres"* ]]; then
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database_from_friend ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_friend \$temp_restore_dir ${app_name}"
-echo '        if [ -d $temp_restore_dir ]; then'
+echo "        if [ -d \$temp_restore_dir ]; then"
 echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
 echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
 echo '            else'
@@ -522,7 +525,7 @@ echo '                fi'
 echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
 echo '            fi'
 echo "            chown -R www-data:www-data \$${app_name}_dir"
-echo '            rm -rf $temp_restore_dir'
+echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo '    fi'
@@ -564,7 +567,7 @@ echo '    fi'
 echo "    remove_app ${app_name}"
 echo "    remove_completion_param install_${app_name}"
 echo "    sed -i '/${app_name}/d' \$COMPLETION_FILE"
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo ''
     echo "    firewall_remove ${app_port} tcp"
 fi
@@ -597,7 +600,7 @@ echo '    fi'
 echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
 echo "        if [ -d /repos/${app_name} ]; then"
 echo "            mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "            cp -r -p /repos/${app_name}/. /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
     echo "            cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
@@ -606,14 +609,14 @@ else
 fi
 echo '            git pull'
 echo '        else'
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "            git_clone \$${app_name_upper}_REPO /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
     echo "            git_clone \$${app_name_upper}_REPO ${app_dir}"
 fi
 echo '        fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
 else
     echo "        if [ ! -d ${app_dir} ]; then"
@@ -623,7 +626,7 @@ echo '            exit 87525'
 echo '        fi'
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
     echo "    cd ${app_dir}"
@@ -646,7 +649,7 @@ echo ''
 echo "    ${app_name}_nginx_site=/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
 
 if [ $app_onion_only ]; then
-    echo '    if [[ $ONION_ONLY == "no" ]]; then'
+    echo "    if [[ \"\$ONION_ONLY\" == \"no\" ]]; then"
     if [[ "$app_php" == 'yes' ]]; then
         echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.php\""
     else
@@ -675,7 +678,7 @@ if [ $app_onion_only ]; then
     echo "        echo '' >> \$${app_name}_nginx_site"
     if [[ "$app_php" == 'yes' ]]; then
         echo "        echo '  index index.php;' >> \$${app_name}_nginx_site"
-        echo "        echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+        echo "        echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
         echo "        echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
         echo "        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
         echo "        echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
@@ -717,7 +720,7 @@ echo "    echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$
 echo "    echo '' >> \$${app_name}_nginx_site"
 if [[ "$app_php" == 'yes' ]]; then
     echo "    echo '  index index.php;' >> \$${app_name}_nginx_site"
-    echo "    echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+    echo "    echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
     echo "    echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
     echo "    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
     echo "    echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
@@ -753,7 +756,7 @@ if [ $app_daemon ]; then
     echo "    echo 'Type=simple' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'User=${app_name}' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'Group=${app_name}' >> /etc/systemd/system/${app_name}.service"
-    if [ ! $app_dir ]; then
+    if [ ! "$app_dir" ]; then
         echo "    echo 'WorkingDirectory=TODO' >> /etc/systemd/system/${app_name}.service"
     else
         echo "    echo 'WorkingDirectory=${app_dir}' >> /etc/systemd/system/${app_name}.service"
@@ -765,7 +768,7 @@ if [ $app_daemon ]; then
     echo "    echo '[Install]' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/${app_name}.service"
     echo "    systemctl enable ${app_name}"
-    if [ $app_dir ]; then
+    if [ "$app_dir" ]; then
         echo "    chown -R ${app_name}:${app_name} ${app_dir}"
     fi
     echo "    systemctl start ${app_name}"
@@ -785,7 +788,7 @@ echo '    systemctl restart nginx'
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$MY_USERNAME -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
 echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo ''
     echo "    firewall_add ${app_name} ${app_port} tcp"
 fi

src/freedombone-tests

@@ -56,8 +56,8 @@ function test_app_function_type {
     filename=$1
     fn_type=$2
     app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-    app_function=$(cat "${filename}" | grep "function ${fn_type}_${app_name} {" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
-    if [ ! ${app_function} ]; then
+    app_function=$(grep "function ${fn_type}_${app_name} {" "${filename}" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
+    if [ ! "${app_function}" ]; then
         echo $"Application ${app_name} does not contain a function called '${fn_type}_${app_name}'"
         echo ''
         echo "See ${filename}"
@@ -69,7 +69,7 @@ function test_app_functions {
     if [ $RUN_STIG ]; then
         return
     fi
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     # check that these functions exist
     interface_functions=( install remove backup_local backup_remote restore_local restore_remote upgrade reconfigure )
@@ -80,7 +80,7 @@ function test_app_functions {
         # for each expected interface function
         for f in "${interface_functions[@]}"
         do
-            test_app_function_type ${filename} $f
+            test_app_function_type ${filename} "$f"
         done
     done
 }
@@ -91,12 +91,12 @@ function test_unique_onion_ports {
     fi
 
     # test that some services are not assigned the same onion port
-    FILES=src/${PROJECT_NAME}-app-*
-    ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
-    unique_ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
+    FILES="src/${PROJECT_NAME}-app-*"
+    ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
+    unique_ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
     if [[ "$ports" != "$unique_ports" ]]; then
         echo $'Some onion ports are clashing'
-        grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq
+        grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq
         exit 637252
     fi
 }
@@ -110,7 +110,7 @@ function stig_log_msg {
     NORMAL=$(tput sgr0)
     MSG="$2"
 
-    if [ $ESTATUS -eq 0 ];then
+    if [ "$ESTATUS" -eq 0 ];then
         printf "%s %s"  "$GREEN$BOLD[ PASS ]$NORMAL" "$MSG"
         echo
     else
@@ -123,19 +123,20 @@ function stig_spinner {
 
     local pid=$1
     local delay=0.1
+    # shellcheck disable=SC2143
     while [ "$(ps -a | awk '{print $1}' | grep "$pid")" ];
     do
         sleep $delay
     done
-    printf " \b"
-    wait $1
+    printf " \\b"
+    wait "$1"
 }
 
 function disallow_package {
     package_name=$1
 
     if service --status-all | grep "+.*${package_name}";then
-        apt-get -yq remove --purge ${package_name}
+        apt-get -yq remove --purge "${package_name}"
         apt -yq autoremove
     fi
 }
@@ -164,7 +165,7 @@ function test_stig {
     CATCOLOR=1
     SETLANG="en"
 
-    source $STIG_TESTS_DIR/output.sh
+    source "$STIG_TESTS_DIR/output.sh"
 
     ##RHEL-06-000001
     ##The system must use a separate file system for /tmp.
@@ -249,6 +250,7 @@ function test_stig {
     ##RHEL-06-000033
     ##The /etc/shadow file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -258,6 +260,7 @@ function test_stig {
     ##RHEL-06-000034
     ##The /etc/shadow file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -267,6 +270,7 @@ function test_stig {
     ##RHEL-06-000035
     ##The /etc/shadow file must have mode 0000.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $1}' | grep "^----------$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -276,6 +280,7 @@ function test_stig {
     ##RHEL-06-000036
     ##The /etc/gshadow file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -285,6 +290,7 @@ function test_stig {
     ##RHEL-06-000037
     ##The /etc/gshadow file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -294,6 +300,7 @@ function test_stig {
     ##RHEL-06-000038
     ##The /etc/gshadow file must have mode 0000.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $1}' | grep "^----------$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -303,6 +310,7 @@ function test_stig {
     ##RHEL-06-000039
     ##The /etc/passwd file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/passwd | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -312,6 +320,7 @@ function test_stig {
     ##RHEL-06-000040
     ##The /etc/passwd file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/passwd | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -330,6 +339,7 @@ function test_stig {
     ##RHEL-06-000042
     ##The /etc/group file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/group | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -339,6 +349,7 @@ function test_stig {
     ##RHEL-06-000043
     ##The /etc/group file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/group | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -1202,7 +1213,7 @@ function test_stig {
     if [ $SHOW_ALL_TESTS ]; then
         show_passes_fails=1
     else
-        if [ $FAILS -gt 0 ]; then
+        if [ "$FAILS" -gt 0 ]; then
             show_passes_fails=1
         fi
     fi
@@ -1211,7 +1222,7 @@ function test_stig {
         echo ''
         echo $"Passes: $PASSES"
         echo $"Fails:  $FAILS"
-        if [ $FAILS -gt 0 ]; then
+        if [ "$FAILS" -gt 0 ]; then
             exit 792353
         fi
     fi
@@ -1239,7 +1250,7 @@ do
     shift
 done
 
-if [ ! $RUN_STIG ]; then
+if [ ! "$RUN_STIG" ]; then
     echo $'Running tests'
 fi
 

src/freedombone-unignore

@@ -79,20 +79,20 @@ if ! [[ $MYUSERNAME && $EMAIL_ADDRESS ]]; then
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
 PM=/home/$MYUSERNAME/.procmailrc
 
 # unignore if subject line contains text
-if [ $SUBJECT_TEXT ]; then
-    if grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        sed -i "/# Ignore rule for $SUBJECT_TEXT/,/# End of ignore rule/d" $PM
+if [ "$SUBJECT_TEXT" ]; then
+    if grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        sed -i "/# Ignore rule for $SUBJECT_TEXT/,/# End of ignore rule/d" "$PM"
     fi
 fi
 
 # unignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        sed -i "/# Ignore rule for $EMAIL_ADDRESS/,/# End of ignore rule/d" $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        sed -i "/# Ignore rule for $EMAIL_ADDRESS/,/# End of ignore rule/d" "$PM"
     fi
 fi
 

src/freedombone-upgrade

@@ -42,10 +42,10 @@ CURRENT_BRANCH=master
 # clear temporary files
 rm -rf /tmp/*
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 read_config_param PROJECT_REPO
@@ -68,14 +68,14 @@ fi
 
 #update-ca-certificates
 
-if [ ! -d $PROJECT_DIR ]; then
-    git_clone $PROJECT_REPO $PROJECT_DIR
+if [ ! -d "$PROJECT_DIR" ]; then
+    git_clone "$PROJECT_REPO" "$PROJECT_DIR"
 fi
 
-if [ -d $PROJECT_DIR ]; then
-    if [ -f $CONFIGURATION_FILE ]; then
-        cd $PROJECT_DIR
-        rm -rf $PROJECT_DIR/locale/*
+if [ -d "$PROJECT_DIR" ]; then
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cd "$PROJECT_DIR" || exit 246823484
+        rm -rf "$PROJECT_DIR/locale/*"
         if [[ "$CURRENT_BRANCH" == *"master" ]]; then
             git_pull $PROJECT_REPO
         else
@@ -88,8 +88,7 @@ if [ -d $PROJECT_DIR ]; then
             chmod -R +r /usr/share/${PROJECT_NAME}
         fi
 
-        ${PROJECT_NAME} -c $CONFIGURATION_FILE
-        if [ ! "$?" = "0" ]; then
+        if ! ${PROJECT_NAME} -c "$CONFIGURATION_FILE"; then
             exit 453536
         fi
 

src/freedombone-usb-canary

@@ -30,12 +30,12 @@
 
 PROJECT_NAME=freedombone
 
-UPTIME=$(cat /proc/uptime | awk -F '.' '{print $1}')
-if [ $UPTIME -gt 120 ]; then
-    ADMIN_USER=$(cat /root/${PROJECT_NAME}-completed.txt | grep 'Admin user' | awk -F ':' '{print $2}')
+UPTIME=$(awk -F '.' '{print $1}' < "/proc/uptime")
+if [ "$UPTIME" -gt 120 ]; then
+    ADMIN_USER=$(grep 'Admin user' /root/${PROJECT_NAME}-completed.txt | awk -F ':' '{print $2}')
     MY_EMAIL_ADDRESS=${ADMIN_USER}@$(cat /etc/hostname)
-    echo "USB device connected on ${DEVPATH}" | mail -s "${PROJECT_NAME} USB canary" ${MY_EMAIL_ADDRESS}
+    echo "USB device connected on ${DEVPATH}" | mail -s "${PROJECT_NAME} USB canary" "${MY_EMAIL_ADDRESS}"
     echo "${ACTION}" > /tmp/usb-canary
     echo "${MY_EMAIL_ADDRESS}" >> /tmp/usb-canary
-    echo "$(date)" >> /tmp/usb-canary
+    date >> /tmp/usb-canary
 fi

src/meshavahi

@@ -71,17 +71,17 @@ function ipfs_publish {
     # include some subdirectories
     for dir in $DIR_TO_CHECK/*/
     do
-        REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir)"
+        REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir")"
         NEW_STAT="$REALLY_NEW_STAT"
 
         for dir2 in "$dir"/*/
         do
-            REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir2)"
+            REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir2")"
             NEW_STAT="$REALLY_NEW_STAT"
 
             for dir3 in "$dir2"/*/
             do
-                REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir3)"
+                REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir3")"
                 NEW_STAT="$REALLY_NEW_STAT"
             done
         done
@@ -101,7 +101,7 @@ function ipfs_publish {
 
 function ipfs_bootstrap {
     # TODO switch to ipv6
-    cat $TEMPFILE_BASE | grep "ipfs_id\|hostname =\|address =\|port =\|txt =" > $TEMPFILE
+    grep "ipfs_id\\|hostname =\\|address =\\|port =\\|txt =" "$TEMPFILE_BASE" > "$TEMPFILE"
 
     state=0
     address=""
@@ -126,13 +126,13 @@ function ipfs_bootstrap {
         fi
         if [ ${state} -eq "2" ]; then
             if [[ $line == *"address ="* ]]; then
-                address=$(echo $line | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
+                address=$(echo "$line" | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
                 state=3
             fi
         fi
         if [ ${state} -eq "1" ]; then
             if [[ $line == *"hostname ="* ]]; then
-                peer=$(echo $line | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
+                peer=$(echo "$line" | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
                 state=2
             fi
         fi
@@ -144,7 +144,7 @@ function ipfs_bootstrap {
     # Create a list of user sites, in alphabetical order by Tox nick
     if [ -d /home/$MY_USERNAME/Desktop ]; then
         if [ -f ${IPFS_USERS_FILE}.new ]; then
-            sites_list=$(cat ${IPFS_USERS_FILE}.new | sort -d)
+            sites_list=$(sort -d < "${IPFS_USERS_FILE}.new")
             echo "${sites_list}" > ${IPFS_USERS_FILE}
             chown $MY_USERNAME:$MY_USERNAME ${IPFS_USERS_FILE}
             rm ${IPFS_USERS_FILE}.new
@@ -155,7 +155,7 @@ function ipfs_bootstrap {
 function detect_new_tox_users {
     CURRENT_USERS_FILE=$1
 
-    if [ ! -f $CURRENT_USERS_FILE ]; then
+    if [ ! -f "$CURRENT_USERS_FILE" ]; then
         return
     fi
 
@@ -170,10 +170,11 @@ function detect_new_tox_users {
             if [[ $line != "Failed*" && $line != "data "* && $line != "Anon "* && $line != "anon "* && $line != "anonymous "* && $line != "Anonymous "* ]]; then
                 if ! grep -q "$line" $PREV_TOX_USERS_FILE; then
                     # get the nick of the user
-                    toxidstr=$(echo "$line" | awk -F ' ' '{print $(NF)}')
-                    toxuser=$(echo "$line" | sed "s| $toxidstr||g")
+                    toxidstr=$(awk -F ' ' '{print $(NF)}' < "$line")
+                    toxuser=$(sed "s| $toxidstr||g" < "$line")
 
                     if [ -r "/home/$MESH_USERNAME/.dbus/Xdbus" ]; then
+                        # shellcheck disable=SC1090
                         . "/home/$MESH_USERNAME/.dbus/Xdbus"
                     fi
                     export DISPLAY=:0.0
@@ -186,28 +187,28 @@ function detect_new_tox_users {
     fi
 
     # Store the previous tox users list
-    cp -f $CURRENT_USERS_FILE $PREV_TOX_USERS_FILE
+    cp -f "$CURRENT_USERS_FILE" "$PREV_TOX_USERS_FILE"
 }
 
 function detect_tox_users {
     # don't show the first peer field
-    lstox | awk -F ' ' '{$1=""; print $0}' | sed -e 's/^[[:space:]]*//' | sort -d > $TEMPFILE
+    lstox | awk -F ' ' '{$1=""; print $0}' | sed -e 's/^[[:space:]]*//' | sort -d > "$TEMPFILE"
 
-    detect_new_tox_users $TEMPFILE
+    detect_new_tox_users "$TEMPFILE"
 }
 
 function avahi_extract_info {
     # Create a list of bootstrap nodes
-    avahi-browse -atr > $TEMPFILE_BASE
-    cat $TEMPFILE_BASE | grep "hostname =\|address =\|port =" > $TEMPFILE
-    if [ ! -f $TEMPFILE ]; then
+    avahi-browse -atr > "$TEMPFILE_BASE"
+    grep "hostname =\\|address =\\|port =" "$TEMPFILE_BASE" > "$TEMPFILE"
+    if [ ! -f "$TEMPFILE" ]; then
         exit 1
     fi
 }
 
 function avahi_remove_info {
-    rm -f $TEMPFILE_BASE
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE_BASE"
+    rm -f "$TEMPFILE"
 }
 
 if [ ! -d /etc/avahi ]; then