Tidying

src/freedombone-app-zeronet

         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog
     fi
     remove_completion_param install_zeronet_blog
-    sed -i '/zeronet blog/d' $COMPLETION_FILE
+    sed -i '/zeronet blog/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_mail {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail
     fi
     remove_completion_param install_zeronet_mail
-    sed -i '/zeronet mail/d' $COMPLETION_FILE
+    sed -i '/zeronet mail/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_forum {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk
     fi
     remove_completion_param install_zeronet_forum
-    sed -i '/zeronet forum/d' $COMPLETION_FILE
+    sed -i '/zeronet forum/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet {
     firewall_remove ${TRACKER_PORT}
     firewall_remove 1900 udp
 
-    ${PROJECT_NAME}-mesh-install -f zeronet --remove yes
+    "${PROJECT_NAME}-mesh-install" -f zeronet --remove yes
     remove_completion_param install_zeronet
     remove_completion_param configure_firewall_for_zeronet
-    sed -i '/zeronet/d' $COMPLETION_FILE
+    sed -i '/zeronet/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_zeronet {
 
     ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 246284728
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then
         echo $'Unable to create blog'
         exit 479
     fi
-    blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
-    blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    blog_address=$(grep "Site address" blog.txt | awk -F ':' '{print $2}')
+    blog_private_key=$(grep "Site private key" blog.txt | awk -F ':' '{print $2}')
     ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
     ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
 
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroBlog
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 47298462874
     git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
     set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT"
 
     echo $"ZeroNet Blog address:     $ZERONET_BLOG_ADDRESS"
     echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroBlog/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
-    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
+    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s/Blogging platform Demo/Blogging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_BLOG_ADDRESS" "$ZERONET_BLOG_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog
+    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myblog"
 
     install_completed zeronet_blog
 }
 
     ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 4628462862
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then
         echo $'Unable to create mail'
         exit 479
     fi
-    mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
-    mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    mail_address=$(grep "Site address" mail.txt | awk -F ':' '{print $2}')
+    mail_private_key=$(grep "Site private key" mail.txt | awk -F ':' '{print $2}')
     ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
     ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
 
         echo $'ZeroMail repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroMail
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 246284682
     git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
     set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT"
 
     echo $"ZeroNet Mail address:     $ZERONET_MAIL_ADDRESS"
     echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroMail/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
-    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
+    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s/Mailging platform Demo/Mailging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_MAIL_ADDRESS" "$ZERONET_MAIL_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail
+    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/mymail"
 
     install_completed zeronet_mail
 }
 
     ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 472984624628
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then
         echo $'Unable to create forum'
         exit 479
     fi
-    forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
-    forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    forum_address=$(grep "Site address" forum.txt | awk -F ':' '{print $2}')
+    forum_private_key=$(grep "Site private key" forum.txt | awk -F ':' '{print $2}')
     ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
     ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
 
 
     echo $"Forum address:     $ZERONET_FORUM_ADDRESS"
     echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroTalk/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i 's/Messaging Board Demo/Messaging Board/g' "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_FORUM_ADDRESS" "$ZERONET_FORUM_PRIVATE_KEY" --inner_path data/users/content.json
 
     # Add an avahi service
     function_check create_avahi_service
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum
+    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myforum"
 
     install_completed zeronet_forum
 }
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f zeronet
+    "${PROJECT_NAME}-mesh-install" -f zeronet
     systemctl daemon-reload
     systemctl start tracker.service
     systemctl start zeronet.service
 }
 
 function mesh_zeronet {
-    ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_REPO_MAIN=$(grep "ZERONET_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then
         ZERONET_REPO=$ZERONET_REPO_MAIN
     fi
-    if [ ! $ZERONET_REPO ]; then
+    if [ ! "$ZERONET_REPO" ]; then
         echo $'No ZeroNet repo was specified'
         exit 723539
     fi
 
-    ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_COMMIT_MAIN=$(grep "ZERONET_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then
         ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
     fi
-    if [ ! $ZERONET_COMMIT ]; then
+    if [ ! "$ZERONET_COMMIT" ]; then
         echo $'No ZeroNet commit was specified'
         exit 490439
     fi
 
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python python-msgpack python-gevent
     chroot "$rootdir" apt-get -yq install python-pip bittornado
     chroot "$rootdir" pip install msgpack-python --upgrade
 
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/zeronet/" -s /bin/false zeronet
 
     if [ -d /repos/zeronet ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/zeronet
-        cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
-        cd $rootdir$MESH_INSTALL_DIR/zeronet
+        mkdir "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cp -r -p /repos/zeronet/. "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2648246284
         git pull
     else
-        git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+        git clone "$ZERONET_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet"
     fi
 
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet" ]; then
         echo 'WARNING: Unable to clone zeronet'
         return
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet
-    git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
-    if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
-        echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2468276484682
+    git checkout "$ZERONET_COMMIT" -b "$ZERONET_COMMIT"
+    if ! grep -q "ZeroNet commit" "$COMPLETION_FILE"; then
+        echo "ZeroNet commit:$ZERONET_COMMIT" >> "$rootdir$COMPLETION_FILE"
     else
-        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
+        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" "$COMPLETION_FILE"
     fi
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 
     # Hack to ensure that the file access port is opened
     # This is because zeronet normally relies on an internet site
     # to do this, but on a purely local mesh the internet isn't available
-    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
+    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' "$rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py"
 
     ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
-    echo '[Unit]' > $ZERONET_DAEMON
-    echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
-    echo 'After=syslog.target' >> $ZERONET_DAEMON
-    echo 'After=network.target' >> $ZERONET_DAEMON
-    echo '[Service]' >> $ZERONET_DAEMON
-    echo 'Type=simple' >> $ZERONET_DAEMON
-    echo 'User=zeronet' >> $ZERONET_DAEMON
-    echo 'Group=zeronet' >> $ZERONET_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
-    echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo 'TimeoutSec=300' >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo '[Install]' >> $ZERONET_DAEMON
-    echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Zeronet Server';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=zeronet';
+      echo 'Group=zeronet';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet";
+      echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$ZERONET_DAEMON"
 
     TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
-    echo '[Unit]' > $TRACKER_DAEMON
-    echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
-    echo 'After=syslog.target' >> $TRACKER_DAEMON
-    echo 'After=network.target' >> $TRACKER_DAEMON
-    echo '[Service]' >> $TRACKER_DAEMON
-    echo 'Type=simple' >> $TRACKER_DAEMON
-    echo 'User=tracker' >> $TRACKER_DAEMON
-    echo 'Group=tracker' >> $TRACKER_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
-    echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo 'TimeoutSec=300' >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo '[Install]' >> $TRACKER_DAEMON
-    echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
-
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/tracker
-    fi
-    chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
+    { echo '[Unit]';
+      echo 'Description=Torrent Tracker';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=tracker';
+      echo 'Group=tracker';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker";
+      echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
+
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/tracker/" -s /bin/false tracker
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/tracker" ]; then
+        mkdir "$rootdir$MESH_INSTALL_DIR/tracker"
+    fi
+    chroot "$rootdir" chown -R tracker:tracker "$MESH_INSTALL_DIR/tracker"
 
     # publish regularly
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 
     chroot "$rootdir" systemctl enable tracker.service
 }
 
 function mesh_zeronet_blog {
-    ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_BLOG_REPO=$(grep "ZERONET_BLOG_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
+    git clone "$ZERONET_BLOG_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" ]; then
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 247824628
+    git checkout "$ZERONET_BLOG_COMMIT" -b "$ZERONET_BLOG_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_mail {
-    ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_MAIL_REPO=$(grep "ZERONET_MAIL_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
+    git clone "$ZERONET_MAIL_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" ]; then
         echo $'ZeroMail repo could not be cloned'
         exit 78493
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 2467824628
+    git checkout "$ZERONET_MAIL_COMMIT" -b "$ZERONET_MAIL_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_forum {
-    ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_FORUM_REPO=$(grep "ZERONET_FORUM_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
+    git clone "$ZERONET_FORUM_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" ]; then
         echo $'ZeroTalk repo could not be cloned'
         exit 78252
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" || exit 246824628
+    git checkout "$ZERONET_FORUM_COMMIT" -b "$ZERONET_FORUM_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_id {
-    ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_ID_REPO=$(grep "ZERONET_ID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_ID_COMMIT=$(grep "ZERONET_ID_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
+    git clone "$ZERONET_ID_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" ]; then
         echo $'ZeroID repo could not be cloned'
         exit 37936
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" || exit 8723563244
+    git checkout "$ZERONET_ID_COMMIT" -b "$ZERONET_ID_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function install_zeronet {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_zeronet
         mesh_zeronet_blog
         mesh_zeronet_mail

src/freedombone-archive-mail

 export TEXTDOMAIN=${PROJECT_NAME}-archive-mail
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation"
 
 for d in /home/*/ ; do
     USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
     if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
         # for every user who has a mail directory
-        if [ -d /home/$USERNAME/Maildir ]; then
+        if [ -d "/home/$USERNAME/Maildir" ]; then
             MUTTRC=/home/$USERNAME/.muttrc
             # update archives
             python /usr/bin/cleanup-maildir --archive-folder="archive" --maildir-root="/home/$USERNAME/Maildir" archive ""
             # ensure the user has permissions on the archives
             for archive_dir in /home/$USERNAME/Maildir/archive-* ; do
-                chown -R $USERNAME:$USERNAME $archive_dir
+                chown -R "$USERNAME":"$USERNAME" "$archive_dir"
             done
             # add the archive to .muttrc if needed
-            if [ -f $MUTTRC ]; then
-                MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+            if [ -f "$MUTTRC" ]; then
+                MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
                 YR=$(date +"%Y")
                 PREV_YR=$((YR - 1))
                 BACKUP_DIRECTORY=archive-$YR
                 PREV_BACKUP_DIRECTORY=archive-$PREV_YR
                 if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then
                     if [[ $MUTT_MAILBOXES == *$PREV_BACKUP_DIRECTORY* ]]; then
-                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     else
-                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     fi
-                    chown $USERNAME:$USERNAME $MUTTRC
+                    chown "$USERNAME":"$USERNAME" "$MUTTRC"
                 fi
             fi
         fi

src/freedombone-backup-local

 
 please_wait
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # include utils which allow function_check and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 clear
 # Sites are suspended so that verification should work
 SUSPENDED_SITE=
 
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function make_backup_directory {
     # make a backup directory on the drive
 function check_storage_space_remaining {
     # Check space remaining on the usb drive
     used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}')
-    if [ $used_percent -gt 95 ]; then
+    if [ "$used_percent" -gt 95 ]; then
         echo $"Less than 5% of space remaining on backup drive"
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # Backup any gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # Backup any personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # Backup ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # Backup fin database if it exists
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # Backup emacs
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
-                backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "config/$USERNAME"
             fi
 
             # Backup user configs
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # Backup monkeysphere
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # Backup user local
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # Backup mutt
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # Backup email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive for $USERNAME"
-                if [ ! -d /root/tempbackupemail/$USERNAME ]; then
-                    mkdir -p /root/tempbackupemail/$USERNAME
+                if [ ! -d "/root/tempbackupemail/$USERNAME" ]; then
+                    mkdir -p "/root/tempbackupemail/$USERNAME"
                 fi
-                tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/tempbackupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_usb "/root/tempbackupemail/$USERNAME" "mail/$USERNAME"
             fi
 
             # Backup spamassassin
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # Backup procmail
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
     for dr in "${backup_dirs[@]}"
     do
         # if this directory exists then back it up to the given destination
-        source_directory=$(echo $dr | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-        if [ -d $source_directory ]; then
-            dest_directory=$(echo $dr | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        source_directory=$(echo "$dr" | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        if [ -d "$source_directory" ]; then
+            dest_directory=$(echo "$dr" | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
             echo $"Backing up $source_directory to $dest_directory"
-            backup_directory_to_usb $source_directory $dest_directory
+            backup_directory_to_usb "$source_directory" "$dest_directory"
         fi
 
         restart_site
 }
 
 function remove_backup_directory {
-    if [ $1 ]; then
-        if [[ $1 == "remove" ]]; then
+    if [ "$1" ]; then
+        if [[ "$1" == "remove" ]]; then
             if [ -d $USB_MOUNT/backup ]; then
                 rm -rf $USB_MOUNT/backup
                 echo $'Existing backup directory removed'
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_usb $temp_backup_dir blocklist
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
 fi
 
 gpg_agent_setup root
-backup_mount_drive $1 $2
-remove_backup_directory $remove_option
+backup_mount_drive "$1" "$2"
+remove_backup_directory "$remove_option"
 make_backup_directory
 check_storage_space_remaining
 backup_users

src/freedombone-backup-remote

     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # utilities needed for backup commands
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Temporary location for data to be backed up to other servers
 SERVER_DIRECTORY=/root/remotebackup
 
 # get the version of Go being used
-GO_VERSION=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go | grep 'GO_VERSION=' | head -n 1 | awk -F '=' '{print $2}')
+GO_VERSION=$(grep 'GO_VERSION=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go" | head -n 1 | awk -F '=' '{print $2}')
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
 ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
     ${PROJECT_NAME}-addcert -h backup --dhkey 2048
 fi
 
-if [ ! -f /home/${ADMIN_USERNAME}/backup.list ]; then
+if [ ! -f "/home/${ADMIN_USERNAME}/backup.list" ]; then
     exit 1
 fi
 
         return
     fi
     SUSPENDED_SITE="$1"
-    nginx_dissite $SUSPENDED_SITE
+    nginx_dissite "$SUSPENDED_SITE"
     systemctl reload nginx
 }
 
 function restart_site {
     # restarts a given website
-    if [ ! $SUSPENDED_SITE ]; then
+    if [ ! "$SUSPENDED_SITE" ]; then
         return
     fi
-    nginx_ensite $SUSPENDED_SITE
+    nginx_ensite "$SUSPENDED_SITE"
     systemctl reload nginx
     SUSPENDED_SITE=
 }
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_friend $temp_backup_dir blocklist
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # syncthing files
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
 
             # config files
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # monkeysphere files
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # fin files
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # local files
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # mutt settings
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # procmail settings
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
             # spamassassin settings
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive"
-                if [ ! -d /root/backupemail/$USERNAME ]; then
-                    mkdir -p /root/backupemail/$USERNAME
+                if [ ! -d "/root/backupemail/$USERNAME" ]; then
+                    mkdir -p "/root/backupemail/$USERNAME"
                 fi
-                tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/backupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_friend "/root/backupemail/$USERNAME" "mail/$USERNAME"
             fi
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
 }
 
 function backup_admin_readme {
-    if [ -f /home/$ADMIN_USERNAME/README ]; then
+    if [ -f "/home/$ADMIN_USERNAME/README" ]; then
         echo $"Backing up README"
-        if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then
-            mkdir -p /home/$ADMIN_USERNAME/tempbackup
+        if [ ! -d "/home/$ADMIN_USERNAME/tempbackup" ]; then
+            mkdir -p "/home/$ADMIN_USERNAME/tempbackup"
         fi
-        cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup
-        backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme
+        cp -f "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/tempbackup"
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/tempbackup" readme
     fi
 }
 
             mkdir $temp_backup_dir
         fi
         keep_database_running
-        mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
+        mysqldump --password="$DATABASE_PASSWORD" mysql user > "$temp_backup_dir/mysql.sql"
         if [ ! -s $temp_backup_dir/mysql.sql ]; then
             echo $"Unable to backup MariaDB settings"
             rm -rf $temp_backup_dir
             # Send a warning email
-            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
             exit 653
         fi
         echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
         exit 684365
     fi
     echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
     # Get a share index based on the supplied domain name
     # This ensures that the same share is always given to the same domain
     sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN")
-    share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -)
+    share_index=$(echo $((0x${sharenumstr%% *} % no_of_shares)) | tr -d -)
 
     # get the filename
-    share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*)
+    share_files=("/home/$USERNAME/.gnupg_fragments/keyshare.asc.*")
     share_filename=${share_files[share_index]}
 
     echo "$share_filename"
     REMOTE_PASSWORD=$4
     REMOTE_SERVER=$5
 
-    if [ -d /home/$USERNAME/.gnupg_fragments ]; then
-        if [ $REMOTE_DOMAIN ]; then
-            cd /home/$USERNAME/.gnupg_fragments
+    if [ -d "/home/$USERNAME/.gnupg_fragments" ]; then
+        if [ "$REMOTE_DOMAIN" ]; then
+            cd "/home/$USERNAME/.gnupg_fragments" || exit 34687246462
+            # shellcheck disable=SC2012
             no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
             if (( no_of_shares > 1 )); then
-                share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN")
+                share_filename=$(get_key_share "$no_of_shares" "$USERNAME" "$REMOTE_DOMAIN")
 
                 # create a temp directory containing the share
                 temp_key_share_dir=/home/$USERNAME/tempkey
                 temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME}
-                mkdir -p $temp_key_share_fragments
-                cp $share_filename $temp_key_share_fragments/
+                mkdir -p "$temp_key_share_fragments"
+                cp "$share_filename" "$temp_key_share_fragments/"
 
                 # copy the fragments directory to the remote server
                 /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
-                                 scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER
+                                 scp -r -P "$REMOTE_SSH_PORT" "$temp_key_share_fragments" "$REMOTE_SERVER"
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     # Send a warning email
                     echo "Key share to $REMOTE_SERVER failed" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 else
                     # Send a confirmation email
                     echo "Key ${share_filename} shared to $REMOTE_SERVER" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 fi
 
                 # remove the temp file/directory
-                shred -zu $temp_key_share_fragments/*
-                rm -rf $temp_key_share_dir
+                shred -zu "$temp_key_share_fragments/*"
+                rm -rf "$temp_key_share_dir"
             fi
         fi
     fi
 fi
 
 # For each remote server
-while read remote_server
+while read -r remote_server
 do
     # Get the server and its password
     # Format is:
     #   username@domain <port number> /home/username <ssh password>
     REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-    if [ $REMOTE_SERVER ]; then
+    if [ "$REMOTE_SERVER" ]; then
         REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}')
         REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
         REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER
+                disperse_key_shares "$USERNAME" "$REMOTE_DOMAIN" "$REMOTE_SSH_PORT" "$REMOTE_PASSWORD" "$REMOTE_SERVER"
             fi
         done
 
         if [[ $TEST_MODE == "yes" ]]; then
             echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER"
         fi
-        rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER
-        if [ ! "$?" = "0" ]; then
+        if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$SERVER_DIRECTORY/backup" "$REMOTE_SERVER"; then
             echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log
             # Send a warning email
-            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
         else
             echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log
         fi
     fi
 
-done < /home/${ADMIN_USERNAME}/backup.list
+done < "/home/${ADMIN_USERNAME}/backup.list"
 
 exit 0

src/freedombone-base-tripwire

 }
 
 function remove_tripwire {
-    if ! grep -Fxq "tripwire" $COMPLETION_FILE; then
+    if ! grep -Fxq "tripwire" "$COMPLETION_FILE"; then
         return
     fi
     apt-get -yq remove --purge tripwire
         rm -rf /etc/tripwire
     fi
     rm /usr/bin/reset-tripwire
-    sed -i '/tripwire/d' $COMPLETION_FILE
+    sed -i '/tripwire/d' "$COMPLETION_FILE"
 }
 
 function install_tripwire {
 
     apt-get -yq install tripwire qrencode
     apt-get -yq autoremove
-    cd /etc/tripwire
-
-    echo 'ROOT          =/usr/sbin' > /etc/tripwire/twcfg.txt
-    echo 'POLFILE       =/etc/tripwire/tw.pol' >> /etc/tripwire/twcfg.txt
-    echo 'DBFILE        =/var/lib/tripwire/$(HOSTNAME).twd' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTFILE    =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr' >> /etc/tripwire/twcfg.txt
-    echo 'SITEKEYFILE   =/etc/tripwire/$(HOSTNAME)-site.key' >> /etc/tripwire/twcfg.txt
-    echo 'LOCALKEYFILE  =/etc/tripwire/$(HOSTNAME)-local.key' >> /etc/tripwire/twcfg.txt
-    echo 'EDITOR        =/usr/bin/editor' >> /etc/tripwire/twcfg.txt
-    echo 'LATEPROMPTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'LOOSEDIRECTORYCHECKING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILNOVIOLATIONS =false' >> /etc/tripwire/twcfg.txt
-    echo 'EMAILREPORTLEVEL =3' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTLEVEL   =3' >> /etc/tripwire/twcfg.txt
-    echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILMETHOD    =SENDMAIL' >> /etc/tripwire/twcfg.txt
-    echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPHOST      =localhost' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPPORT      =25' >> /etc/tripwire/twcfg.txt
-    echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
-    echo 'MAILFROMADDRESS =tripwire@$(HOSTNAME)' >> /etc/tripwire/twcfg.txt
+    cd /etc/tripwire || exit 246852845
+
+    { echo 'ROOT          =/usr/sbin';
+      echo 'POLFILE       =/etc/tripwire/tw.pol';
+      echo "DBFILE        =/var/lib/tripwire/\$(HOSTNAME).twd";
+      echo "REPORTFILE    =/var/lib/tripwire/report/\$(HOSTNAME)-\$(DATE).twr";
+      echo "SITEKEYFILE   =/etc/tripwire/\$(HOSTNAME)-site.key";
+      echo "LOCALKEYFILE  =/etc/tripwire/\$(HOSTNAME)-local.key";
+      echo 'EDITOR        =/usr/bin/editor';
+      echo 'LATEPROMPTING =false';
+      echo 'LOOSEDIRECTORYCHECKING =false';
+      echo 'MAILNOVIOLATIONS =false';
+      echo 'EMAILREPORTLEVEL =3';
+      echo 'REPORTLEVEL   =3';
+      echo 'SYSLOGREPORTING =false';
+      echo 'MAILMETHOD    =SENDMAIL';
+      echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t';
+      echo 'SMTPHOST      =localhost';
+      echo 'SMTPPORT      =25';
+      echo 'TEMPDIRECTORY =/tmp';
+      echo "MAILFROMADDRESS =tripwire@\$(HOSTNAME)"; } > /etc/tripwire/twcfg.txt
 
     echo '
 
-       ' | twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key -S /etc/tripwire/${HOSTNAME}-site.key
+       ' | twadmin --generate-keys -L "/etc/tripwire/${HOSTNAME}-local.key" -S "/etc/tripwire/${HOSTNAME}-site.key"
 
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
 
     # make a script for easy resetting of the tripwire
     echo '#!/bin/sh' > /usr/bin/reset-tripwire
     sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt
 
     # Avoid logging the changed database
-    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
+    sed -i "s|\$(TWETC)/tw.pol.*||g" /etc/tripwire/twpol.txt
     # site key name
-    sed -i 's|$(TWETC)/site.key|$(TWETC)/$(HOSTNAME)-site.key|g' /etc/tripwire/twpol.txt
+    sed -i "s|$(TWETC)/site.key|\$(TWETC)/\$(HOSTNAME)-site.key|g" /etc/tripwire/twpol.txt
 
     # create the policy
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
 
     mark_completed "${FUNCNAME[0]}"
 }

src/freedombone-client

 fi
 
 # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
-UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
-SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
+UTILS_SSH="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh"
+SSH_CIPHERS=$(grep 'SSH_CIPHERS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_MACS=$(grep 'SSH_MACS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_KEX=$(grep 'SSH_KEX=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_HOST_KEY_ALGORITHMS=$(grep 'SSH_HOST_KEY_ALGORITHMS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
 
 # refresh gpg keys every few hours
 REFRESH_GPG_KEYS_HOURS=2
     fi
 
     sudo cp $SYSCTL_FILE ~/sysctl.conf
-    sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/sysctl.conf
     if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
         echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
     else
         fi
     fi
     sudo cp /etc/crontab ~/temp_crontab
-    sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/temp_crontab
     if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then
         echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
         sudo cp ~/temp_crontab /etc/crontab
 
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
 function ssh_remove_small_moduli {
-    sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
-    sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli
+    # shellcheck disable=SC2024
+    sudo awk '$5 > 2000' /etc/ssh/moduli > "/home/$CURR_USER/moduli"
+    sudo mv "/home/$CURR_USER/moduli" /etc/ssh/moduli
 }
 
 function configure_ssh_client {
     sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
     if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
     sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
     if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   Ciphers $SSH_CIPHERS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
     sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
     if ! grep -q "MACs " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   MACs $SSH_MACS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
     fi
 
     # Create ssh keys
-    if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_ed25519" ]; then
         ssh-keygen -t ed25519 -o -a 100
     fi
-    if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_rsa" ]; then
         ssh-keygen -t rsa -b 2048 -o -a 100
     fi
 
     fi
     if ! grep -q "# ${PROJECT_NAME} settings" ~/.ssh/config; then
         if ! grep -q 'ProxyCommand' ~/.ssh/config; then
-            echo "# ${PROJECT_NAME} settings start" >> ~/.ssh/config
-            echo 'Host *.onion' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
+            { echo "# ${PROJECT_NAME} settings start";
+              echo 'Host *.onion';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
 
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo "  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
             else
                 echo "  ProxyCommand $proxycmd" >> ~/.ssh/config
             fi
-            echo 'Host *' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            { echo 'Host *';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo '  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
             fi
             echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
     echo $'Go to the Administrator Control Panel, select "Manage Users", '
     echo $'"Change user ssh public key" then "yes" and paste the following:'
     echo ''
-    echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub)
-    echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub)
+    cat "/home/$CURR_USER/.ssh/id_rsa.pub"
+    cat "/home/$CURR_USER/.ssh/id_ed25519.pub"
     echo ''
     echo $'Then go to "Security Settings", select "Allow ssh login with passwords"'
     echo $'and set it to "no".'
     else
         sudo pacman -S --noconfirm hexchat tor
     fi
-    if [ ! -d /home/$CURR_USER/.config/hexchat ]; then
-        mkdir -p /home/$CURR_USER/.config/hexchat
+    if [ ! -d "/home/$CURR_USER/.config/hexchat" ]; then
+        mkdir -p "/home/$CURR_USER/.config/hexchat"
     fi
-    echo 'net_proxy_host = 127.0.0.1' > /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_port = 9050' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_type = 3' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_use = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+    { echo 'net_proxy_host = 127.0.0.1';
+      echo 'net_proxy_port = 9050';
+      echo 'net_proxy_type = 3';
+      echo 'net_proxy_use = 0';
 
-    echo 'net_proxy_auth = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_pass = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_user = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'net_proxy_auth = 1';
+      echo 'net_proxy_pass = HexChat';
+      echo 'net_proxy_user = HexChat';
 
-    echo 'dcc_auto_chat = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_resume = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_send = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_hide_version = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'identd = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'dcc_auto_chat = 0';
+      echo 'dcc_auto_resume = 0';
+      echo 'dcc_auto_send = 0';
+      echo 'irc_hide_version = 1';
+      echo 'identd = 0';
 
-    echo 'away_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_part_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_quit_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'away_reason =';
+      echo 'irc_part_reason =';
+      echo 'irc_quit_reason =';
 
-    echo "irc_real_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_user_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick1 = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick2 = ${USER}_" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick3 = ${USER}__" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo "irc_real_name = ${USER}";
+      echo "irc_user_name = ${USER}";
+      echo "irc_nick1 = ${USER}";
+      echo "irc_nick2 = ${USER}_";
+      echo "irc_nick3 = ${USER}__";
 
-    echo 'completion_suffix = :' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'completion_suffix = :';
 
-    echo 'gui_slist_skip = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'gui_slist_skip = 1'; } > "/home/$CURR_USER/.config/hexchat/hexchat.conf"
 
     echo $'hexchat configured'
 }
 
 function remove_known_hosts_entries {
     # remove any previous freedombone entries from known hosts
-    if [ -f /home/$CURR_USER/.ssh/known_hosts ]; then
-        sed -i "/${PROJECT_NAME}.local/d" /home/$CURR_USER/.ssh/known_hosts
+    if [ -f "/home/$CURR_USER/.ssh/known_hosts" ]; then
+        sed -i "/${PROJECT_NAME}.local/d" "/home/$CURR_USER/.ssh/known_hosts"
     fi
 }
 

src/freedombone-clientcert

 
 while [ $# -gt 1 ]
 do
-key="$1"
-
-case $key in
-    --help)
-    show_help
-    ;;
-    -u|--username)
+    key="$1"
+
+    case $key in
+        --help)
+            show_help
+            ;;
+        -u|--username)
+            shift
+            USERNAME="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
     shift
-    USERNAME="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     echo $'No username specified'
     exit 5748
 fi
 
-if [ ! -d /home/$USERNAME ]; then
+if [ ! -d "/home/$USERNAME" ]; then
     echo $"User $USERNAME not found"
     exit 76239
 fi
 
-if [ -d /home/$USERNAME/emailcert ]; then
+if [ -d "/home/$USERNAME/emailcert" ]; then
     echo $'Client certs were already for created'
     exit 2953
 fi
 
 # Add a user password
 if ! grep -q "$USERNAME:{plain}" /etc/dovecot/passwd-file; then
-  echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
+    echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
 fi
 
 chmod 600 /etc/dovecot/passwd-file
 
 # create a user cert
-${PROJECT_NAME}-addcert -h $USERNAME --nodh ""
+"${PROJECT_NAME}-addcert" -h "$USERNAME" --nodh ""
 
-if [ ! -f /etc/ssl/private/$USERNAME.key ]; then
+if [ ! -f "/etc/ssl/private/$USERNAME.key" ]; then
     echo $'User certificates were not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 74835
 fi
 
 # create a certificate request
 openssl req -new -sha256 -subj \
         "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" \
-        -key /etc/ssl/private/$USERNAME.key \
-        -out /etc/ssl/requests/$USERNAME.csr
+        -key "/etc/ssl/private/$USERNAME.key" \
+        -out "/etc/ssl/requests/$USERNAME.csr"
 
-if [ ! -f /etc/ssl/requests/$USERNAME.csr ]; then
+if [ ! -f "/etc/ssl/requests/$USERNAME.csr" ]; then
     echo $'Certificate request was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 83520
 fi
 
 # sign the certificate request
-cd /etc/ssl
+cd /etc/ssl || exit 742742542
 openssl ca -config /etc/ssl/dovecot-ca.cnf \
-        -in /etc/ssl/requests/$USERNAME.csr \
-        -out /etc/ssl/certs/$USERNAME.cer
+        -in "/etc/ssl/requests/$USERNAME.csr" \
+        -out "/etc/ssl/certs/$USERNAME.cer"
 
-if [ ! -f /etc/ssl/certs/$USERNAME.cer ]; then
+if [ ! -f "/etc/ssl/certs/$USERNAME.cer" ]; then
     echo $'Authentication certificate was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 343569
 fi
 
 # move the cert to the user's home
-mkdir /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
-cp /etc/ssl/certs/dovecot.crt /home/$USERNAME/emailcert
-cp /etc/ssl/certs/ca-$HOSTNAME.crt /home/$USERNAME/emailcert
-mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer \
-        -out /home/$USERNAME/emailcert/$USERNAME.p12 \
-        -inkey /home/$USERNAME/emailcert/$USERNAME.key \
-        -certfile /home/$USERNAME/emailcert/ca-$HOSTNAME.crt \
+mkdir "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.cer" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/dovecot.crt" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/ca-$HOSTNAME.crt" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/private/$USERNAME.key" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.crt" "/home/$USERNAME/emailcert"
+openssl pkcs12 -export -in "/home/$USERNAME/emailcert/$USERNAME.cer" \
+        -out "/home/$USERNAME/emailcert/$USERNAME.p12" \
+        -inkey "/home/$USERNAME/emailcert/$USERNAME.key" \
+        -certfile "/home/$USERNAME/emailcert/ca-$HOSTNAME.crt" \
         -password pass:""
 
 # make an install script
-echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh
-echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv dovecot.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.key /etc/ssl/private" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo 'exit 0' >> /home/$USERNAME/emailcert/install.sh
+{ echo '#!/bin/bash';
+  echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.crt /etc/ssl/certs";
+  echo "sudo mv dovecot.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.key /etc/ssl/private";
+  echo 'exit 0'; } > "/home/$USERNAME/emailcert/install.sh"
 
 # set permissions for the user
-chmod -R 755 /home/$USERNAME/emailcert
-chown -R $USERNAME:$USERNAME /home/$USERNAME/emailcert
-chmod +x /home/$USERNAME/emailcert/install.sh
+chmod -R 755 "/home/$USERNAME/emailcert"
+chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
+chmod +x "/home/$USERNAME/emailcert/install.sh"
 
-shred -zu /etc/ssl/requests/$USERNAME.csr
+shred -zu "/etc/ssl/requests/$USERNAME.csr"
 
 echo $'Email authentication certificate created. You can obtain it on the client with:'
 echo ''

src/freedombone-config

 FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # file containing new password
 IMAGE_PASSWORD_FILE=/root/login.txt
         echo -n ''
 }
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 function show_help {
         while [ ${#MY_EMAIL_ADDRESS} -lt 5 ]
         do
             EMAIL_ADDRESS=$(grep 'MY_EMAIL_ADDRESS' temp.cfg | awk -F '=' '{print $2}')
-            if [ ! $EMAIL_ADDRESS ]; then
+            if [ ! "$EMAIL_ADDRESS" ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
             if [ ${#MY_EMAIL_ADDRESS} -lt 5 ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
 
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> $data
+                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> "$data"
             sel=$?
             case $sel in
-                0) MY_EMAIL_ADDRESS=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) MY_EMAIL_ADDRESS=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     fi
     save_configuration_values
     DEFAULT_DOMAIN_DETAILS_COMPLETE=
     while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Instance domain" \
-                   --form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
+                   --form $"\\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
                    $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                    $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
-                   2> $data
+                   2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                 if [ ! $VALID_CODE ]; then
                     DEFAULT_DOMAIN_NAME=
         else
             dialog --backtitle $"Freedombone Configuration" \
                    --inputbox $"Enter your instance domain name:" 10 45 \
-                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         fi
-        if [ $DEFAULT_DOMAIN_NAME ]; then
+        if [ "$DEFAULT_DOMAIN_NAME" ]; then
             TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                 DEFAULT_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
                 DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
             fi
         fi
+        rm -f "$data"
     done
     save_configuration_values
 }
         DEFAULT_DOMAIN_DETAILS_COMPLETE=
         while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Your main domain name" \
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
                        $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
-                       2> $data
+                       2> "$data"
                 sel=$?
                 case $sel in
-                    1) exit 1;;
-                    255) exit 1;;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
-                DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-                DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-                EMAIL_DOMAIN_CODE=$(cat $data | sed -n 3p)
-                XMPP_DOMAIN_CODE=$(cat $data | sed -n 4p)
-                if [ $DEFAULT_DOMAIN_NAME ]; then
+                DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+                DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+                EMAIL_DOMAIN_CODE=$(sed -n 3p < "$data")
+                XMPP_DOMAIN_CODE=$(sed -n 4p < "$data")
+                rm -f "$data"
+                if [ "$DEFAULT_DOMAIN_NAME" ]; then
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
                     fi
                 fi
-                if [ $EMAIL_DOMAIN_CODE ]; then
+                if [ "$EMAIL_DOMAIN_CODE" ]; then
                     validate_freedns_code "$EMAIL_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
                         write_config_param "EMAIL_DOMAIN_CODE" "$EMAIL_DOMAIN_CODE"
                     fi
                 fi
-                if [ $XMPP_DOMAIN_CODE ]; then
+                if [ "$XMPP_DOMAIN_CODE" ]; then
                     validate_freedns_code "$XMPP_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \
-                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
                 sel=$?
                 case $sel in
-                    0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                    1) exit 1;;
-                    255) exit 1;;
+                    0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
             fi
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                     DEFAULT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
 }
 
 function dynamic_dns_setup {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Choose Dynamic DNS provider:" 40 40 40 \
            1 dyn.com off \
            30 strato.com off \
            31 freemyip.com off \
            32 cloudxns.net off \
-           33 none off 2> $data
+           33 none off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DDNS_PROVIDER="default@www.dyn.com";;
         2) DDNS_PROVIDER="default@freedns.afraid.org";;
         3) DDNS_PROVIDER="default@www.zoneedit.com";;
         31) DDNS_PROVIDER="default@freemyip.com";;
         32) DDNS_PROVIDER="default@www.cloudxns.net";;
         33) DDNS_PROVIDER="none";;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     save_configuration_values
 
     valid_ddns_username=
     else
         while [ ! $valid_ddns_username ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_username=$(cat $data)
+                0)  possible_username=$(cat "$data")
                     if [ "$possible_username" ]; then
                         if [ ${#possible_username} -gt 1 ]; then
-                            valid_ddns_username=$(cat $data)
-                            DDNS_USERNAME=$valid_ddns_username
+                            valid_ddns_username=$(cat "$data")
+                            DDNS_USERNAME="$valid_ddns_username"
+                            rm -f "$data"
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
         save_configuration_values
 
         while [ ! $valid_ddns_password ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --clear \
                    --insecure \
-                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_password=$(cat $data)
+                0)  possible_password=$(cat "$data")
                     if [ "$possible_password" ]; then
                         if [ ${#possible_password} -gt 1 ]; then
-                            valid_ddns_password=$(cat $data)
+                            valid_ddns_password=$(cat "$data")
                             DDNS_PASSWORD=$valid_ddns_password
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            if [ ${#DDNS_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            rm -f "$data"
+            if [ ${#DDNS_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40
                 DDNS_PASSWORD=""
             fi
 function choose_dynamic_dns {
     DDNS_PROVIDER="none"
 
-    if [[ $SYSTEM_TYPE != "mesh"* && $ONION_ONLY == "no" ]]; then
+    if [[ "$SYSTEM_TYPE" != "mesh"* && "$ONION_ONLY" == "no" ]]; then
         dialog --title $"Dynamic DNS" \
                --backtitle $"Freedombone Configuration" \
-               --yesno $"\nConfigure a dynamic DNS service?\n\nIf it is already handled by your internet router then select 'no'." 10 50
+               --yesno $"\\nConfigure a dynamic DNS service?\\n\\nIf it is already handled by your internet router then select 'no'." 10 50
         sel=$?
         case $sel in
             0) dynamic_dns_setup;;
 }
 
 function choose_debian_repo {
-    if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+    if [[ "$MINIMAL_INSTALL" == "no" ]]; then
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
                --radiolist $"Where to download Debian packages from:" 25 45 49 \
                1 $"Australia" off \
                46 $"Turkey" off \
                47 $"Ukraine" off \
                48 $"United Kingdom" off \
-               49 $"United States" on 2> $data
+               49 $"United States" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) DEBIAN_REPO='ftp.au.debian.org';;
             2) DEBIAN_REPO='ftp.at.debian.org';;
             3) DEBIAN_REPO='ftp.by.debian.org';;
             47) DEBIAN_REPO='ftp.ua.debian.org';;
             48) DEBIAN_REPO='ftp.uk.debian.org';;
             49) DEBIAN_REPO='ftp.us.debian.org';;
-            255) exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
         save_configuration_values
     else
         DEBIAN_REPO='ftp.de.debian.org'
 
 function choose_rng {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        if [[ $INSTALLING_ON_BBB != "yes" ]]; then
+        data=$(mktemp 2>/dev/null)
+        if [[ "$INSTALLING_ON_BBB" != "yes" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --radiolist $"Type of Random Number Generator:" 10 40 2 \
                    1 Haveged on \
-                   2 OneRNG off 2> $data
+                   2 OneRNG off 2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            case $(cat $data) in
+            case $(cat "$data") in
                 2) HWRNG_TYPE="onerng"
                    dialog --title $"OneRNG Device" \
                           --msgbox $"Please ensure that the OneRNG device is disconnected. You can reconnect it later during the installation" 8 60
                    ;;
-                255) exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         else
             HWRNG_TYPE="beaglebone"
         fi
+        rm -f "$data"
         save_configuration_values
     fi
 }
     if [[ $MINIMAL_INSTALL == "no" ]]; then
         interactive_gpg
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        SOCIAL_KEY_STR=$"\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\n\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
+        SOCIAL_KEY_STR=$"\\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\\n\\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
         if [[ $(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" temp.cfg | awk -F '=' '{print $2}') == "yes" ]]; then
             dialog --title $"Social Key Management" \
                    --backtitle $"Freedombone Configuration" \
             if [ ! $SELECTED_USERNAME ]; then
                 SELECTED_USERNAME=$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
             fi
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Username" \
-                   --inputbox $"Set your username for the system\n\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> $data
+                   --inputbox $"Set your username for the system\\n\\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> "$data"
             sel=$?
             case $sel in
-                0) possible_username=$(cat $data)
+                0) possible_username=$(cat "$data")
                    SELECTED_USERNAME=
-                   if [[ $possible_username != *' '* && $possible_username != *'/'* && $possible_username != *'\'* && $possible_username != *'*'* ]]; then
-                       if [ $possible_username ]; then
+                   if [[ "$possible_username" != *' '* && "$possible_username" != *'/'* && "$possible_username" != *'*'* ]]; then
+                       if [ "$possible_username" ]; then
                            if [ ${#possible_username} -gt 1 ]; then
-                               if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
-                                   MY_USERNAME=$(cat $data)
+                               if [[ "$possible_username" != "$GENERIC_IMAGE_USERNAME" ]]; then
+                                   MY_USERNAME=$(cat "$data")
                                    please_wait
                                    echo ''
                                    echo $'Creating user account'
                                    chmod 600 /etc/shadow
                                    chmod 600 /etc/gshadow
-                                   useradd -m -s /bin/bash $MY_USERNAME
+                                   useradd -m -s /bin/bash "$MY_USERNAME"
                                    chmod 0000 /etc/shadow
                                    chmod 0000 /etc/gshadow
-                                   if [ -d /home/$MY_USERNAME ]; then
-                                       echo "${MY_USERNAME}:$(printf `cat $IMAGE_PASSWORD_FILE`)" | chpasswd
+                                   if [ -d "/home/$MY_USERNAME" ]; then
+                                       echo "${MY_USERNAME}:$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" | chpasswd
                                        # Add the user as a sudoer - they will be the new admin user
                                        if ! grep -q "$MY_USERNAME  ALL=(ALL) ALL" /etc/sudoers; then
                                            echo "$MY_USERNAME  ALL=(ALL) ALL" >> /etc/sudoers
                                            # remove the generic image admin user from sudoers
                                            sed -i "s|${GENERIC_IMAGE_USERNAME}.*||g" /etc/sudoers
                                        fi
+                                       rm -f "$data"
                                        break
                                    fi
                                fi
                        fi
                    fi
                    ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     else
         no_of_users=$(find /home/* -maxdepth 0 -type d | wc -l)
-        if [ $no_of_users -eq 1 ]; then
+        if [ "$no_of_users" -eq 1 ]; then
             # only a single user on the system
             MY_USERNAME=$(ls /home)
         else
     valid_name=
     while [ ! $valid_name ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
-               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
         sel=$?
         case $sel in
-            0)  possible_name=$(cat $data)
+            0)  possible_name=$(cat "$data")
                 if [ "$possible_name" ]; then
                     if [ ${#possible_name} -gt 1 ]; then
                         valid_name="$possible_name"
                     fi
                 fi
                 ;;
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
     done
     save_configuration_values
     please_wait
             varstate='on'
         fi
         varslist="$varslist $n $a $varstate"
-        n=$[n+1]
+        n=$((n+1))
     done
 
     variant_choice=$(dialog --stdout --backtitle $"Freedombone Configuration" \
                             --title $"Type of Installation" \
                             --radiolist $'Choose:' \
-                            27 40 20 $varslist)
+                            27 40 20 "$varslist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        variant_choice=$[variant_choice-1]
+        variant_choice=$((variant_choice-1))
         SYSTEM_TYPE=${available_variants_list[$variant_choice]}
         save_configuration_values
     fi
 function validate_freedns_code {
     freedns_code="$1"
 
-    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\n\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
+    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\\n\\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
 
     if [[ "$freedns_code" == *"."* || "$freedns_code" == "http"* || "$freedns_code" == *"wget "* || "$freedns_code" == *" "* ]]; then
         dialog --title $"Invalid FreeDNS Code" --msgbox "$FREEDNS_MESSAGE" 10 70
 done
 
 function interactive_select_language {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Select your language:" 26 40 24 \
            1 $"Afrikaans" off \
            65 $"Thai" off \
            66 $"Turkish" off \
            67 $"Ukrainian" off \
-           68 $"Vietnamese" off 2> $data
+           68 $"Vietnamese" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
         2) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
         3) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
         67) DEFAULT_LANGUAGE='uk_UA.UTF-8';;
         68) DEFAULT_LANGUAGE='vi_VN.UTF-8';;
     esac
+    rm -f "$data"
     save_configuration_values
 
     please_wait
 function select_user {
     SELECTED_USERNAME=
 
-    users_array=($(ls /home))
+    homedirs=$(ls /home)
+    # shellcheck disable=SC2206
+    users_array=($homedirs)
 
     delete=(git)
-    for del in ${delete[@]}
+    for del in "${delete[@]}"
     do
+        # shellcheck disable=SC2206
         users_array=(${users_array[@]/$del})
     done
 
     i=0
     W=()
     name=()
+    # shellcheck disable=SC2068
     for u in ${users_array[@]}
     do
         if [[ $(is_valid_user "$u") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$u")
+            W+=("$i" "$u")
             name+=("$u")
         fi
     done
     else
         user_index=$(dialog --backtitle $"Freedombone Configuration" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+        # shellcheck disable=SC2181
         if [ $? -eq 0 ]; then
             SELECTED_USERNAME="${name[$((user_index-1))]}"
         fi
 function interactive_config {
     # create a temporary copy of the configuration file
     # which can be used to pre-populate selections
-    if [ -f $CONFIGURATION_FILE ]; then
-        cp $CONFIGURATION_FILE temp.cfg
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cp "$CONFIGURATION_FILE" temp.cfg
     fi
 
     interactive_select_language
 
-    if [ $SOCIALINSTANCE ]; then
-        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
+    if [ "$SOCIALINSTANCE" ]; then
+        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
     else
-        if [[ $ONION_ONLY == "no" ]]; then
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        if [[ "$ONION_ONLY" == "no" ]]; then
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         else
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nWeb sites created will only be viewable within a Tor browser.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         fi
     fi
 
     choose_social_key_management
     choose_rng
     choose_debian_repo
-    ${PROJECT_NAME}-wifi --networksinteractive $WIFI_NETWORKS_FILE
+    "${PROJECT_NAME}-wifi" --networksinteractive "$WIFI_NETWORKS_FILE"
     choose_dynamic_dns
     choose_default_domain_name
     choose_email_address
     fi
 
     # This file indicates that the configuration happened successfully
-    touch $HOME/.${PROJECT_NAME}-interactive
+    touch "$HOME/.${PROJECT_NAME}-interactive"
 }
 
 function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $CONFIGURATION_FILE
+    cat "$CONFIGURATION_FILE"
     echo ''
 }
 
-if [ ! $CONFIGURATION_FILE ]; then
+if [ ! "$CONFIGURATION_FILE" ]; then
     CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 fi
 

src/freedombone-dhparam

     if [[ $FAST == 'yes' ]]; then
         DHGROUP=$(( ( RANDOM % 4 )  + 14 ))
         if [[ ${DHGROUP} == 14 ]]; then
-            echo "$BETTERCRYPTO_GROUP14" > ${1}
+            echo "$BETTERCRYPTO_GROUP14" > "${1}"
         else
             if [[ ${DHGROUP} == 15 ]]; then
-                echo "$BETTERCRYPTO_GROUP15" > ${1}
+                echo "$BETTERCRYPTO_GROUP15" > "${1}"
             else
                 if [[ ${DHGROUP} == 16 ]]; then
-                    echo "$BETTERCRYPTO_GROUP16" > ${1}
+                    echo "$BETTERCRYPTO_GROUP16" > "${1}"
                 else
                     if [[ ${DHGROUP} == 17 ]]; then
-                        echo "$BETTERCRYPTO_GROUP17" > ${1}
+                        echo "$BETTERCRYPTO_GROUP17" > "${1}"
                     else
-                        echo "$BETTERCRYPTO_GROUP18" > ${1}
+                        echo "$BETTERCRYPTO_GROUP18" > "${1}"
                     fi
                 fi
             fi
         fi
     else
-        openssl dhparam -check -text $KEYLENGTH -out ${1}
-        if [ ! "$?" = "0" ]; then
+        if ! openssl dhparam -check -text $KEYLENGTH -out "${1}"; then
             exit 3674
         fi
     fi
-    chmod 640 ${1}
+    chmod 640 "${1}"
 }
 
 function regenerate_dh_keys {
     for file in /etc/ssl/mycerts/*
     do
         if [[ -f $file ]]; then
-            filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
-            if [ -f $filename ]; then
-                calc_dh $filename
+            filename=/etc/ssl/certs/$(echo "$file" | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
+            if [ -f "$filename" ]; then
+                calc_dh "$filename"
                 echo $"Recalculated DH params for $filename"
             fi
         fi
         -o|--output)
             shift
             FAST='yes'
-            calc_dh ${1}
+            calc_dh "${1}"
             exit 0
             ;;
         --fast)
     exit 0
 fi
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5728
 fi
     mkdir -p /etc/ssl/mycerts
 fi
 
-calc_dh /etc/ssl/certs/$HOSTNAME.dhparam
+calc_dh "/etc/ssl/certs/$HOSTNAME.dhparam"
 
 systemctl reload nginx
 exit 0

src/freedombone-encrypt-mail

 USERNAME=$1
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+  source "$f"
 done
 
 ADMIN_USER=$(get_completion_param "Admin user")
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     USERNAME=$ADMIN_USER
 fi
 
 EMAIL_ADDRESS=$USERNAME@$HOSTNAME
 
 # Does this key exist?
-gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1
-if [ $? -gt 0 ]; then
+if ! gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1; then
     echo $"A GPG key for $EMAIL_ADDRESS could not be found!"
     exit 0
 fi
 
 # Find all files in the Maildir specified.
 echo $"Calling find"
-find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' $4|while read line; do
+find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' "$4"|while read -r line; do
     gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS"  "/tmp/msg_$USERNAME"
 
     # Check to see if there are differences between the existing
     # Maildir file and what was created by gpgit.pl
     diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;
+    # shellcheck disable=SC2181
     if [ $? -gt 0 ]; then
         # Preserve timestamps, set ownership.
-        chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"
+        chown "$USERNAME":"$USERNAME" "/tmp/msg_$USERNAME"
         chmod 600   "/tmp/msg_$USERNAME"
         touch   "/tmp/msg_$USERNAME" --reference="$line"
 

src/freedombone-format

 export TEXTDOMAIN=${PROJECT_NAME}-format
 export TEXTDOMAINDIR="/usr/share/locale"
 
-if [ ! $1 ]; then
+if [ ! "$1" ]; then
    echo $'Specify a drive, such as sdb, sdc, etc'
    exit 1
 fi
 a
 1
 w
-" | fdisk /dev/${USB_DRIVE_SHORT};mkfs.ext4 -L "$LABEL" /dev/${USB_DRIVE_SHORT}1
+" | fdisk "/dev/${USB_DRIVE_SHORT}";mkfs.ext4 -L "$LABEL" "/dev/${USB_DRIVE_SHORT}1"
 
 echo $"Formatting $USB_DRIVE as LUKS"
-cryptsetup -y -v luksFormat ${USB_DRIVE}
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup -y -v luksFormat "${USB_DRIVE}"; then
     echo $"Failed to format $USB_DRIVE as LUKS"
     exit 36823
 fi
-cryptsetup luksOpen ${USB_DRIVE} encrypted_usb
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup luksOpen "${USB_DRIVE}" encrypted_usb; then
     echo $"Failed to open LUKS formatted drive $USB_DRIVE"
     exit 37232
 fi
-mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"
-if [ ! "$?" = "0" ]; then
+if ! mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"; then
     cryptsetup luksClose encrypted_usb
     echo $'Format of drive $USB_DRIVE failed'
     exit 73218

src/freedombone-freedns

     VERBOSE=1
 fi
 
-if [ ! -f $CONFIGURATION_FILE ]; then
+if [ ! -f "$CONFIGURATION_FILE" ]; then
     exit 0
 fi
 
 }
 
 detected_codes=()
-codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
+codelines=$(grep "_CODE=" "$CONFIGURATION_FILE" | uniq)
 while read -r line; do
     code=$(echo "$line" | awk -F '=' '{print $2}')
-    item_in_array "$code" "${detected_codes[@]}"
-    if [[ $? != 0 ]]; then
+    if ! item_in_array "$code" "${detected_codes[@]}"; then
         detected_codes+=("$code")
     fi
 done <<< "$codelines"
 
-if [ ! -d $HOME/.freedns-update ]; then
-    mkdir $HOME/.freedns-update
+if [ ! -d "$HOME/.freedns-update" ]; then
+    mkdir "$HOME/.freedns-update"
 fi
-cd $HOME/.freedns-update
+cd "$HOME/.freedns-update" || exit 2467824684
 for code in "${detected_codes[@]}"
 do
     if [ $VERBOSE ]; then
         echo $"command: $FREEDNS_WGET${code}="
+        # shellcheck disable=SC1066,SC1067
         $FREEDNS_WGET${code}=
     else
         if [ -f /tmp/freedns ]; then
             rm /tmp/freedns
         fi
+        # shellcheck disable=SC1066,SC1067,SC1007
         $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
     fi
 done

src/freedombone-ignore

     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
 
 # Ignore if subject line contains text
 if [ "$SUBJECT_TEXT" ]; then
-    if ! grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        echo "# Ignore rule for $SUBJECT_TEXT" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^Subject:.*$SUBJECT_TEXT" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+    if ! grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        { echo "# Ignore rule for $SUBJECT_TEXT";
+          echo ":0";
+          echo "  * ^Subject:.*$SUBJECT_TEXT";
+          echo "/dev/null";
+          echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 # ignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        echo "# Ignore rule for $EMAIL_ADDRESS" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^From:.*$EMAIL_ADDRESS" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        { echo "# Ignore rule for $EMAIL_ADDRESS";
+        echo ":0";
+        echo "  * ^From:.*$EMAIL_ADDRESS";
+        echo "/dev/null";
+        echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
 exit 0

src/freedombone-image

     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 #get the project repo
 PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 read_config_param PROJECT_REPO
 
 DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # Optional ssh public key to allow
 SSH_PUBKEY="no"
             sudo pacman -S --noconfirm qemu-static binfmt-qemu-static uboot-tools qemu parted
             sudo pacman -S --noconfirm dpkg-devtools bin86 arch-install-scripts qemu-arch-extra
             sudo pacman -S --noconfirm syncthing
-            mkdir $USERHOME/develop
-            if [ -d $USERHOME/develop/python-cliapp ]; then
-                sudo rm -rf $USERHOME/develop/python-cliapp
+            mkdir "$USERHOME/develop"
+            if [ -d "$USERHOME/develop/python-cliapp" ]; then
+                sudo rm -rf "$USERHOME/develop/python-cliapp"
             fi
-            git_clone $CLIAPP_REPO $USERHOME/develop/python-cliapp
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$CLIAPP_REPO" "$USERHOME/develop/python-cliapp"; then
                 echo $"Failed to clone python-cliapp"
                 return
             fi
-            if [ ! -d $USERHOME/develop/python-cliapp ]; then
+            if [ ! -d "$USERHOME/develop/python-cliapp" ]; then
                 echo $"Couldn't clone python-cliapp"
                 return
             fi
             sudo pacman -S --noconfirm python2-coverage python2-pytest-cov python2-sphinx
             sudo pacman -S --noconfirm autopep8 python2-pylint python2-yaml python2-xdg python2-pip
-            cd $USERHOME/develop/python-cliapp
+            cd "$USERHOME/develop/python-cliapp" || exit 7824526242
             git checkout $CLIAPP_COMMIT -b $CLIAPP_COMMIT
             sudo python2 setup.py install
             sudo pip2 install distro-info logging
-            if [ -d $USERHOME/develop/mbr ]; then
-                sudo rm -rf $USERHOME/develop/mbr
+            if [ -d "$USERHOME/develop/mbr" ]; then
+                sudo rm -rf "$USERHOME/develop/mbr"
             fi
-            git_clone $MBR_REPO $USERHOME/develop/mbr
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone $MBR_REPO "$USERHOME/develop/mbr"; then
                 echo $"Failed to clone mbr"
                 return
             fi
-            if [ ! -d $USERHOME/develop/mbr ]; then
+            if [ ! -d "$USERHOME/develop/mbr" ]; then
                 echo $"Couldn't clone mbr"
                 return
             fi
-            cd $USERHOME/develop/mbr
+            cd "$USERHOME/develop/mbr" || exit 2468724524
             git checkout $MBR_COMMIT -b $MBR_COMMIT
             makepkg --force --noconfirm
             if [ ! -f mbr-${MBR_VERSION}.tar.gz ]; then
                 return
             fi
             tar -xzvf mbr-${MBR_VERSION}.tar.gz
-            if [ ! -d $USERHOME/develop/mbr/mbr-${MBR_VERSION} ]; then
+            if [ ! -d "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" ]; then
                 echo $"mbr tarball could not be extracted"
                 return
             fi
-            cd $USERHOME/develop/mbr/mbr-${MBR_VERSION}
+            cd "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" || exit 13584584
             cp ../*.patch .
             patch -p0 < *.patch
             ./configure
                 return
             fi
             sudo cp /usr/local/sbin/install-mbr /sbin
-            if [ -d $USERHOME/develop/multipath-tools ]; then
-                sudo rm -rf $USERHOME/develop/multipath-tools
+            if [ -d "$USERHOME/develop/multipath-tools" ]; then
+                sudo rm -rf "$USERHOME/develop/multipath-tools"
             fi
-            git_clone $MULTIPATH_TOOLS_REPO $USERHOME/develop/multipath-tools
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$MULTIPATH_TOOLS_REPO" "$USERHOME/develop/multipath-tools"; then
                 echo $"Failed to clone multipath-tools"
                 return
             fi
-            if [ ! -d $USERHOME/develop/multipath-tools ]; then
+            if [ ! -d "$USERHOME/develop/multipath-tools" ]; then
                 echo $"Couldn't clone multipath-tools"
                 return
             fi
             sudo pacman -S --noconfirm device-mapper libaio liburcu fakeroot
-            cd $USERHOME/develop/multipath-tools
+            cd "$USERHOME/develop/multipath-tools" || exit 27462454
             makepkg --force --noconfirm
             makepkg -i --force --noconfirm
-            sudo wget https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION} -O /usr/share/debootstrap/scripts/debscript
-            sudo cp -f /usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
-            if [ ! -f /usr/share/debootstrap/scripts/${DEBIAN_VERSION} ]; then
+            sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
+            sudo cp -f "/usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
+            if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
                 echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
                 return
             fi
-            debian_script_hash=$(sha256sum /usr/share/debootstrap/scripts/${DEBIAN_VERSION} | awk -F ' ' '{print $1}')
+            debian_script_hash=$(sha256sum "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" | awk -F ' ' '{print $1}')
             expected_debian_script_hash='620fa84c7ef64d10349aed38fa9cc2e7f00a6fcd1bc425f33ca2b57cc946fd0c'
             if [[ "$debian_script_hash" != "$expected_debian_script_hash" ]]; then
                 echo $"Invalid hash for debootstrap ${DEBIAN_VERSION} script"
                 return
             fi
-            sudo chmod +x /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
+            sudo chmod +x "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
             ;;
         *)
             echo $'Unkown operating system'
 function mesh_router_setup_script {
     # create a setup script for a mesh router
     mesh_script_filename=$1
-    echo "MY_USERNAME=${USERNAME}" > $mesh_script_filename
-    echo "DEFAULT_DOMAIN_NAME=${USERNAME}" >> $mesh_script_filename
-    echo 'SYSTEM_TYPE=mesh' >> $mesh_script_filename
-    echo 'INSTALLING_ON_BBB=no' >> $mesh_script_filename
-    echo 'USB_DRIVE=/dev/sda1' >> $mesh_script_filename
-    echo 'DDNS_PROVIDER=' >> $mesh_script_filename
-    echo 'DDNS_USERNAME=' >> $mesh_script_filename
-    echo 'DDNS_PASSWORD=' >> $mesh_script_filename
-    echo 'DEFAULT_LANGUAGE=en_GB.UTF-8' >> $mesh_script_filename
-    echo 'MY_EMAIL_ADDRESS=' >> $mesh_script_filename
-    echo 'ENABLE_BATMAN=yes' >> $mesh_script_filename
-    echo 'DEBIAN_REPO=' >> $mesh_script_filename
-    echo 'NAMESERVER1=' >> $mesh_script_filename
-    echo 'NAMESERVER2=' >> $mesh_script_filename
-    echo 'NAMESERVER3=' >> $mesh_script_filename
-    echo 'NAMESERVER4=' >> $mesh_script_filename
-    echo 'NAMESERVER5=' >> $mesh_script_filename
-    echo 'NAMESERVER6=' >> $mesh_script_filename
-    echo 'BATMAN_CELLID=any' >> $mesh_script_filename
-    echo 'WIFI_CHANNEL=9' >> $mesh_script_filename
+    { echo "MY_USERNAME=${USERNAME}";
+      echo "DEFAULT_DOMAIN_NAME=${USERNAME}";
+      echo 'SYSTEM_TYPE=mesh';
+      echo 'INSTALLING_ON_BBB=no';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'DDNS_PROVIDER=';
+      echo 'DDNS_USERNAME=';
+      echo 'DDNS_PASSWORD=';
+      echo 'DEFAULT_LANGUAGE=en_GB.UTF-8';
+      echo 'MY_EMAIL_ADDRESS=';
+      echo 'ENABLE_BATMAN=yes';
+      echo 'DEBIAN_REPO=';
+      echo 'NAMESERVER1=';
+      echo 'NAMESERVER2=';
+      echo 'NAMESERVER3=';
+      echo 'NAMESERVER4=';
+      echo 'NAMESERVER5=';
+      echo 'NAMESERVER6=';
+      echo 'BATMAN_CELLID=any';
+      echo 'WIFI_CHANNEL=9'; } > "$mesh_script_filename"
 }
 
 while [ $# -gt 1 ]
         -c|--config)
             shift
             CONFIG_FILENAME="$1"
-            if [ ! -f $CONFIG_FILENAME ]; then
+            if [ ! -f "$CONFIG_FILENAME" ]; then
                 echo $"Config file $CONFIG_FILENAME not found"
                 exit 3
             fi
-            DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+            DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
             ;;
         -t|--target|--board)
             shift
         -p|--password)
             shift
             PASSWORD="$1"
-            if [ ${#PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters"
                 exit 3628
             fi
             shift
             MIRROR="$1"
             ;;
-        --debianonly|--basic|--minimal)
+        --debianonly|--basic)
             shift
             DEBIAN_INSTALL_ONLY="$1"
             ;;
 
 if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then
     ${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL"
-    if [ -f $HOME/${PROJECT_NAME}.cfg ]; then
+    if [ -f "$HOME/${PROJECT_NAME}.cfg" ]; then
         CONFIG_FILENAME=$HOME/${PROJECT_NAME}.cfg
-        DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+        DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
     fi
 fi
 
 
 if [ ! $PASSWORD ]; then
     # generate a random password
-    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${MINIMUM_PASSWORD_LENGTH})
+    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${MINIMUM_PASSWORD_LENGTH}")
 fi
 
 # Move any existing images into a build subdirectory
 image_types=( xz img sig vdi qcow2 )
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        if [ ! -d ${CURR_DIR}/build ]; then
-            mkdir ${CURR_DIR}/build
+        if [ ! -d "${CURR_DIR}/build" ]; then
+            mkdir "${CURR_DIR}/build"
         fi
-        mv -f ${CURR_DIR}/${PROJECT_NAME}*.${im} ${CURR_DIR}/build
+        mv -f "${CURR_DIR}/${PROJECT_NAME}*.${im}" "${CURR_DIR}/build"
     fi
 done
 
 # Delete anything which didn't move
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        rm -f ${CURR_DIR}/${PROJECT_NAME}*.${im}
+        rm -f "${CURR_DIR}/${PROJECT_NAME}*.${im}"
     fi
 done
 
 # Remove any existing login credentials file
-if [ -f ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt ]; then
-    rm ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+if [ -f "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt" ]; then
+    rm "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 fi
 
 if [ -d $TEMPBUILD_DIR ]; then
 
 cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR
 rm -rf $TEMPBUILD_DIR/vendor
-chown -R $CURR_USER:$CURR_USER $TEMPBUILD_DIR
-cd $TEMPBUILD_DIR
+chown -R "$CURR_USER":"$CURR_USER" $TEMPBUILD_DIR
+cd $TEMPBUILD_DIR || exit 24729847
 
 if [[ $MINIMAL_INSTALL == "yes" ]]; then
     IMAGE_NAME=$'min'
     IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
 fi
 
-cd $TEMPBUILD_DIR
-make $IMAGE_TYPE \
+cd $TEMPBUILD_DIR || exit 724245267
+make "$IMAGE_TYPE" \
      MYUSERNAME="$USERNAME" \
      MYPASSWORD="$PASSWORD" \
      ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \
      SOCIALINSTANCE="$SOCIALINSTANCE" \
      LOCAL_NAME="$LOCAL_NAME"
 
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $'Build failed'
     rm -rf $TEMPBUILD_DIR
 fi
 
 shopt -s nullglob
-imgfiles=(build/${PROJECT_NAME}*.${EXPECTED_EXTENSION})
+imgfiles=("build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}")
 if [ ${#imgfiles[@]} -eq 0 ]; then
     echo $'Image was not created'
     rm -rf $TEMPBUILD_DIR
 # Move images from temporary directory to the current directory
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/
-        sudo chown ${CURR_USER}:${CURR_USER} ${CURR_DIR}/*.${im}
+        mv "build/${PROJECT_NAME}*.${im}" "${CURR_DIR}/"
+        sudo chown "${CURR_USER}":"${CURR_USER}" "${CURR_DIR}/*.${im}"
     fi
 done
 
 # Remove the temporary directory
 rm -rf ${TEMPBUILD_DIR}
 
-cd ${CURR_DIR}
+cd "${CURR_DIR}" || exit 2842845284
 
 clear
 if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then
 
 # Remove the mesh script after use
 if [[ $VARIANT == "mesh"* ]]; then
-    rm -f $CONFIG_FILENAME
+    rm -f "$CONFIG_FILENAME"
 fi
 
 # record the default login credentials for later use
 echo $"Username: $USERNAME
-Password: $PASSWORD" > ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
-chmod 600 ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+Password: $PASSWORD" > "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
+chmod 600 "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 
 if [[ $IMAGE_TYPE != "qemu"* ]]; then
     echo ''

src/freedombone-image-hardware-setup

 enable_serial_console() {
     # By default, spawn a console on the serial port
     device="$1"
-    echo $"Adding a getty on the serial port"
+    echo "Adding a getty on the serial port"
     echo "T0:12345:respawn:/sbin/getty -L $device 115200 vt100" >> /etc/inittab
 }
 
 beaglebone_setup_boot() {
-    bbb_version=$1
 
     # Setup uEnv.txt
     if grep -q btrfs /etc/fstab ; then
     else
         fstype=ext4
     fi
-    if [ ! $bbb_version ]; then
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
-    else
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
-    fi
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/am335x-boneblack.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
 }
 
 beaglebone_repack_kernel() {
-    bbb_version=$1
     # process installed kernel to create uImage, uInitrd, dtb
     # using flash-kernel would be a good approach, except it fails in the
     # cross build environment due to too many environment checks...
     echo "info: repacking beaglebone kernel and initrd"
 
     bbb_dtb='am335x-boneblack'
-    if [ $bbb_version ]; then
-        bbb_dtb="am335x-boneblack-${bbb_version}"
-    fi
 
-    kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/${bbb_dtb}.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
 
     mkdir /tmp/initrd-repack
 
-    (cd /tmp/initrd-repack ; \
-     zcat /boot/$initRd | cpio -i ; \
+    (cd /tmp/initrd-repack || exit 2468246 ; \
+     zcat "/boot/$initRd" | cpio -i ; \
      rm -f conf/param.conf ; \
      find . | cpio --quiet -o -H newc | \
-         gzip -9 > /boot/$initRd )
+         gzip -9 > "/boot/$initRd" )
 
     rm -rf /tmp/initrd-repack
 
-    (cd /boot ; \
-     cp ${bbb_dtb_file} dtb ; \
-     cat $vmlinuz dtb >> temp-kernel ; \
+    (cd /boot || exit 246824684 ; \
+     cp "${bbb_dtb_file}" dtb ; \
+     cat "$vmlinuz" dtb >> temp-kernel ; \
      mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
              -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
      rm -f temp-kernel ; \
      mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
              -n "Debian ramdisk ${version}" \
-             -d $initRd uInitrd )
+             -d "$initRd" uInitrd )
 }
 
 a20_setup_boot() {
     else
         fstype=ext4
     fi
-    kernelVersion=$(ls /usr/lib/*/$dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/$dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
 
     # Copy all DTBs
     mkdir -p /boot/dtbs
-    cp /usr/lib/$kernelVersion/* /boot/dtbs
+    cp "/usr/lib/$kernelVersion/*" /boot/dtbs
 
     # extra boot modules
     echo "rtc_sunxi" >> /etc/initramfs-tools/modules
     if [ ! -d /etc/flash-kernel ] ; then
        mkdir /etc/flash-kernel
     fi
-    echo -n "$1" > /etc/flash-kernel/machine
+    echo "$1" > /etc/flash-kernel/machine
 
     command_line=""
     if [ -n "$2" ] ; then

src/freedombone-image-make

 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup"
 
 #set -x # Enable debugging
 
 # Packages needed for self-hosted development
 dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
 
-echo Building $MACHINE $PROJECT_NAME for $ARCHITECTURE.
+echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
 
 case "$MACHINE" in
     beaglebone)
 done
 
 # Make sure file is owned by current user, not root
-touch $(dirname $IMAGE)/${PROJECT_NAME}.log
+touch "$(dirname "$IMAGE")/${PROJECT_NAME}.log"
 
 if [ -x vendor/vmdebootstrap/vmdebootstrap ] ; then
     VMDEBOOTSTRAP=vendor/vmdebootstrap/vmdebootstrap
 fi
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
 echo $'Making customised customisation script'
-TEMP_CUSTOMISE=/etc/${PROJECT_NAME}/image-customise
-TEMP_CUSTOMISE2=/tmp/${PROJECT_NAME}-image-customise2
-TEMP_CUSTOMISE3=/tmp/${PROJECT_NAME}-image-customise3
-TEMP_CUSTOMISE4=/tmp/${PROJECT_NAME}-image-customise4
+TEMP_CUSTOMISE="/etc/${PROJECT_NAME}/image-customise"
+TEMP_CUSTOMISE2="/tmp/${PROJECT_NAME}-image-customise2"
+TEMP_CUSTOMISE3="/tmp/${PROJECT_NAME}-image-customise3"
+TEMP_CUSTOMISE4="/tmp/${PROJECT_NAME}-image-customise4"
 
 # cat all the things together
 combine_all_scripts $TEMP_CUSTOMISE2
 fi
 
 echo $'Changing values within customised customisation script'
-cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise $TEMP_CUSTOMISE3
-if [ $MYUSERNAME ]; then
-    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" $TEMP_CUSTOMISE3
+cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise" "$TEMP_CUSTOMISE3"
+if [ "$MYUSERNAME" ]; then
+    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" "$TEMP_CUSTOMISE3"
 fi
-if [ $MYPASSWORD ]; then
-    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" $TEMP_CUSTOMISE3
+if [ "$MYPASSWORD" ]; then
+    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" "$TEMP_CUSTOMISE3"
 fi
-sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" $TEMP_CUSTOMISE3
-sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
-sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
+sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
+sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
 if [ -f $TEMP_CUSTOMISE ]; then
      SOURCE="$SOURCE" \
      CUSTOM_SETUP="$CUSTOM_SETUP" \
      $VMDEBOOTSTRAP \
-     --log $(dirname $IMAGE)/${PROJECT_NAME}.log \
+     --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
      --log-level debug \
-     --size $IMAGE_SIZE \
-     --image $IMAGE.img \
+     --size "$IMAGE_SIZE" \
+     --image "$IMAGE.img" \
      --hostname ${PROJECT_NAME} \
      --verbose \
-     --mirror $BUILD_MIRROR \
+     --mirror "$BUILD_MIRROR" \
      --customize "$TEMP_CUSTOMISE" \
      --lock-root-password \
-     --arch $ARCHITECTURE \
-     --distribution $SUITE \
-     $extra_opts \
-     $pkgopts
+     --arch "$ARCHITECTURE" \
+     --distribution "$SUITE" \
+     "$extra_opts" \
+     "$pkgopts"
 
 echo $'Removing customised customisation script'
 sudo shred -zu $TEMP_CUSTOMISE

src/freedombone-image-vmdebootstrap

 
 mkdir -p vendor
 if [ -d vendor/vmdebootstrap ] ; then
-    (cd vendor/vmdebootstrap; git checkout .; git pull)
+    (cd vendor/vmdebootstrap || exit 246824624; git checkout .; git pull)
 else
     git clone $VMDEBOOTSTRAP_REPO vendor/vmdebootstrap
 fi
     sudo mv /tmp/ubuntu.csv /usr/share/distro-info/
 fi
 
-cd vendor/vmdebootstrap
+cd vendor/vmdebootstrap || exit 2648726446
 git checkout $VMDEBOOTSTRAP_BRANCH

src/freedombone-keydrive

     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 69350
 fi
 
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"Home directory for $MY_USERNAME not found. This user may not exist on the system"
     exit 72378
 fi
 
-if [ ! -b $USB_DRIVE ]; then
+if [ ! -b "$USB_DRIVE" ]; then
     echo $'Please attach a USB drive'
     exit 65743
 fi
 
 # optionally format the drive
 if [[ $FORMAT == "yes" ]]; then
-    ${PROJECT_NAME}-format ${USB_DRIVE::-1}
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-format" "${USB_DRIVE::-1}"; then
         exit 36823
     fi
 fi
 
-cryptsetup luksOpen $USB_DRIVE encrypted_usb
-if [ "$?" = "0" ]; then
+if cryptsetup luksOpen "$USB_DRIVE" encrypted_usb; then
     USB_DRIVE=/dev/mapper/encrypted_usb
 fi
-mount $USB_DRIVE $USB_MOUNT
-if [ ! "$?" = "0" ]; then
+if ! mount $USB_DRIVE $USB_MOUNT; then
     echo $"There was a problem mounting the USB drive to $USB_MOUNT"
     rm -rf $USB_MOUNT
     exit 78543
 
 # optionally create a master drive which contains the full GPG keyring
 if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
-    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+    if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
         echo $"No .gnupg directory was found for $MY_USERNAME"
         umount -f $USB_MOUNT
         rm -rf $USB_MOUNT
     GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
 
     gpgerrstr=$'error'
-    gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
+    gpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_ID")
     if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg key'
         echo "$gpgkey"
     fi
     echo ''
     echo $'Enter your gpg private key passphrase:'
-    gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
+    gpgprivkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_ID")
     if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg key'
         echo "$gpgprivkey"
     # Dummy password to get around not being able to create a key without passphrase
     BACKUP_DUMMY_PASSWORD='backup'
 
-    backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
+    backupgpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_BACKUP_ID")
     if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg backup key'
         echo "$backupgpgkey"
         exit 735282
     fi
-    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
+    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_BACKUP_ID")
     if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg backup key'
         echo "$backupgpgprivkey"
     echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
     echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
 
-    cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+    cp -rf "/home/$MY_USERNAME/.gnupg" $USB_MOUNT
 
     if [ -d /etc/letsencrypt ]; then
         cp -rf /etc/letsencrypt $USB_MOUNT
 FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
 
 # make a directory to contain the fragments
-if [ ! -d $FRAGMENTS_DIR ]; then
-    mkdir -p $FRAGMENTS_DIR
+if [ ! -d "$FRAGMENTS_DIR" ]; then
+    mkdir -p "$FRAGMENTS_DIR"
     echo $"Made directory $FRAGMENTS_DIR"
 fi
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $"There was a problem making the directory $FRAGMENTS_DIR"
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 6843
 fi
 
-cd $FRAGMENTS_DIR
-no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$FRAGMENTS_DIR" || exit 13389478368
+# shellcheck disable=SC2012
+if ! no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_usb_shares=0
 fi
 if (( no_of_usb_shares > 0 )); then
     echo $"A key fragment already exists on the drive for the user $MY_USERNAME"
-    cd ~/
+    cd ~/ || exit 34678264583
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 58945
 # copy a random fragment to the drive
 LOCAL_FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 
-if [ ! -d $LOCAL_FRAGMENTS_DIR ]; then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
+if [ ! -d "$LOCAL_FRAGMENTS_DIR" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
 fi
 
-cd $LOCAL_FRAGMENTS_DIR
-no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$LOCAL_FRAGMENTS_DIR" || exit 7822452644
+# shellcheck disable=SC2012
+if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_local_shares=0
 fi
 if (( no_of_local_shares < 3 )); then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
-    cd $LOCAL_FRAGMENTS_DIR
-    no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-    if [ ! "$?" = "0" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
+    cd "$LOCAL_FRAGMENTS_DIR" || exit 724524242
+    # shellcheck disable=SC2012
+    if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
         no_of_local_shares=0
     fi
 fi
 
 if (( no_of_local_shares < 3 )); then
     echo $"Not enough key fragments available ${no_of_local_shares}"
-    cd ~/
+    cd ~/ || exit 7245267457
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 63386
 fi
 
-share_files=($LOCAL_FRAGMENTS_DIR/keyshare.asc.*)
+share_files=("$LOCAL_FRAGMENTS_DIR/keyshare.asc.*")
 SHARE_FILENAME=${share_files[RANDOM % ${#share_files[@]}]}
 
-cp -f $SHARE_FILENAME $FRAGMENTS_DIR
-cd $FRAGMENTS_DIR
+cp -f "$SHARE_FILENAME" "$FRAGMENTS_DIR"
+cd "$FRAGMENTS_DIR" || exit 2543244726
+# shellcheck disable=SC2012
 no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
 echo $"Number of fragments on the drive: ${no_of_usb_shares}"
 if (( no_of_usb_shares > 1 )); then
     echo $"Too many key fragments exist in $FRAGMENTS_DIR"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || 357836582645
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
 if (( no_of_usb_shares <= 0 )); then
     echo $"There was a problem copying the key fragment to $USB_DRIVE"
     echo $"Files found: ${no_of_usb_shares}"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || exit 743452452
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
 fi
 
-cd ~/
+cd ~/ || exit 245672457
 umount -f $USB_MOUNT
 rm -rf $USB_MOUNT
 echo $"Key fragment copied to $USB_DRIVE. You may now remove the drive."

src/freedombone-logging

 
 source /usr/local/bin/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 APPS_AVAILABLE=()
 
 function logging_get_app_names {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-        if grep -q "logging_on_" ${filename}; then
-            if grep -q "logging_off_" ${filename}; then
+        if grep -q "logging_on_" "${filename}"; then
+            if grep -q "logging_off_" "${filename}"; then
                 APPS_AVAILABLE+=("${app_name}")
             fi
         fi
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning on logging for ${a}"
-        logging_on_${a}
+        "logging_on_${a}"
     done
 }
 
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning off logging for ${a}"
-        logging_off_${a}
+        "logging_off_${a}"
     done
 }
 
         fi
         for filename in /etc/nginx/sites-available/* ; do
             filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
-            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename
-            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename
+            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
+            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
         done
         sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         if [ ! -d /var/log/exim4 ]; then
     fi
     if [ -d /etc/nginx ]; then
         for filename in /etc/nginx/sites-available/* ; do
-            sed -i 's|access_log.*|access_log /dev/null;|g' $filename
-            sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename
-            sed -i 's|error_log.*|error_log /dev/null;|g' $filename
+            sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
+            sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
+            sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
         done
         sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
         $REMOVE_FILES_COMMAND /var/log/nginx/*
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs

src/freedombone-mesh-batman

 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="/root/${PROJECT_NAME}-completed.txt"
 
 # hotspot passphrase must be 5 characters or longer
 HOTSPOT_PASSPHRASE="${PROJECT_NAME}"
 mesh_protocol_init
 update_wifi_adaptors
 
-if [ ! $IFACE ]; then
+if [ ! "$IFACE" ]; then
     echo $'No wlan adaptor'
     exit 0
 fi
 
 if [ -e /etc/default/batctl ]; then
+    # shellcheck disable=SC1091
     . /etc/default/batctl
 fi
 
 function status {
     batctl o
 
-    if grep -q "bmx6" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_CURRENT_PROTOCOL"; then
         bmx6 -c show=originators
     fi
-    if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_CURRENT_PROTOCOL"; then
         bmx7 -c show=originators
     fi
 }
 
 function stop {
-    if [ ! -f $MESH_CURRENT_PROTOCOL ]; then
+    if [ ! -f "$MESH_CURRENT_PROTOCOL" ]; then
         return
     fi
 
     systemctl disable dnsmasq
 
     if [ "$EIFACE" ]; then
-        brctl delif $BRIDGE bat0
-        ifconfig $BRIDGE down || true
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        brctl delif "$BRIDGE" bat0
+        ifconfig "$BRIDGE" down || true
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             systemctl stop hostapd
-            brctl delif $BRIDGE $EIFACE
-            ifconfig $EIFACE down -promisc
+            brctl delif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" down -promisc
         fi
-        brctl delbr $BRIDGE
+        brctl delbr "$BRIDGE"
     fi
 
     ifconfig bat0 down -promisc
 
-    batctl if del $IFACE
-    ifconfig $IFACE mtu 1500
-    ifconfig $IFACE down
-    iwconfig $IFACE mode managed
+    batctl if del "$IFACE"
+    ifconfig "$IFACE" mtu 1500
+    ifconfig "$IFACE" down
+    iwconfig "$IFACE" mode managed
 
-    if [ $IFACE_SECONDARY ]; then
+    if [ "$IFACE_SECONDARY" ]; then
         systemctl stop hostapd
         systemctl disable hostapd
-        batctl if del $IFACE_SECONDARY
-        ifconfig $IFACE_SECONDARY mtu 1500
-        ifconfig $IFACE_SECONDARY down
-        iwconfig $IFACE_SECONDARY mode managed
+        batctl if del "$IFACE_SECONDARY"
+        ifconfig "$IFACE_SECONDARY" mtu 1500
+        ifconfig "$IFACE_SECONDARY" down
+        iwconfig "$IFACE_SECONDARY" mode managed
     fi
 
     rmmod batman-adv
 
     systemctl restart network-manager
 
-    if [ -f $MESH_CURRENT_PROTOCOL ]; then
-        rm $MESH_CURRENT_PROTOCOL
+    if [ -f "$MESH_CURRENT_PROTOCOL" ]; then
+        rm "$MESH_CURRENT_PROTOCOL"
     fi
 }
 
 function verify {
     tempfile="$(mktemp)"
-    batctl o > $tempfile
-    if grep -q "disabled" $tempfile; then
+    batctl o > "$tempfile"
+    if grep -q "disabled" "$tempfile"; then
         echo $'B.A.T.M.A.N. not enabled'
-        rm $tempfile
+        rm "$tempfile"
         stop
         exit 726835
     fi
     echo $'B.A.T.M.A.N. is running'
-    rm $tempfile
+    rm "$tempfile"
 }
 
 function add_wifi_interface {
     ifname=$1
     ifssid=$WIFI_SSID
-    if [ $2 ]; then
+    if [ "$2" ]; then
         ifssid=$2
     fi
     ifmode=ad-hoc
-    if [ $3 ]; then
+    if [ "$3" ]; then
         ifmode=$3
     fi
     ifchannel=$CHANNEL
-    if [ $4 ]; then
+    if [ "$4" ]; then
         ifchannel=$4
     fi
 
-    ifconfig $ifname down
-    ifconfig $ifname mtu 1532
+    ifconfig "$ifname" down
+    ifconfig "$ifname" mtu 1532
     peermac=$(assign_peer_address)
-    if [ ! $peermac ]; then
+    if [ ! "$peermac" ]; then
         echo $"Unable to obtain MAC address for $peermac on $ifname"
         return
     fi
-    ifconfig $ifname hw ether $peermac
+    ifconfig "$ifname" hw ether "$peermac"
     echo $"$ifname assigned MAC address $peermac"
-    iwconfig $ifname enc off
-    iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel
+    iwconfig "$ifname" enc off
+    iwconfig "$ifname" mode "$ifmode" essid "$ifssid" channel "$ifchannel"
 
-    batctl if add $ifname
-    ifconfig $ifname up
+    batctl if add "$ifname"
+    ifconfig "$ifname" up
 }
 
 function start {
     global_rate_limit
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
     secondary_wifi_available=
-    if [ $IFACE_SECONDARY ]; then
-        if [[ $IFACE != $IFACE_SECONDARY ]]; then
+    if [ "$IFACE_SECONDARY" ]; then
+        if [[ "$IFACE" != "$IFACE_SECONDARY" ]]; then
             if [ -d /etc/hostapd ]; then
                 if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then
                     secondary_wifi_available=1
     sed -i "s|ExecStart=.*|ExecStart=/usr/local/bin/babeld ${IFACE}|g" /etc/systemd/system/babel.service
     systemctl daemon-reload
 
-    add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL
+    add_wifi_interface "$IFACE" "$WIFI_SSID" ad-hoc "$CHANNEL"
 
     # NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself
 
     ifconfig bat0 up promisc
 
-    brctl addbr $BRIDGE
-    brctl addif $BRIDGE bat0
+    brctl addbr "$BRIDGE"
+    brctl addif "$BRIDGE" bat0
     ifconfig bat0 0.0.0.0
     ethernet_connected='0'
     if [ "$EIFACE" ] ; then
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             echo $'Trying ethernet bridge to the internet'
-            brctl addif $BRIDGE $EIFACE
-            ifconfig $EIFACE 0.0.0.0
-            ifconfig $EIFACE up promisc
+            brctl addif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" 0.0.0.0
+            ifconfig "$EIFACE" up promisc
             echo $'End of ethernet bridge'
 
             sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service
             echo $"$EIFACE is not connected"
         fi
     fi
-    ifconfig $BRIDGE up
-    dhclient $BRIDGE
+    ifconfig "$BRIDGE" up
+    dhclient "$BRIDGE"
 
     enable_mesh_seconary_wifi
 
 
     systemctl restart nginx
 
-    if [ ! -f $MESH_DEFAULT_PROTOCOL ]; then
-        echo 'bmx6' > $MESH_DEFAULT_PROTOCOL
+    if [ ! -f "$MESH_DEFAULT_PROTOCOL" ]; then
+        echo 'bmx6' > "$MESH_DEFAULT_PROTOCOL"
     fi
 
-    if grep -q "bmx6" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx6
         systemctl restart bmx6
         sed -i 's|<type>.*|<type>_bmx6._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "bmx7" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx7
         systemctl restart bmx7
         sed -i 's|<type>.*|<type>_bmx7._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "olsr" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/olsr2.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "olsr" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart "/etc/systemd/system/olsr2.service" | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable olsr2
         systemctl restart olsr2
         sed -i 's|<type>.*|<type>_olsr2._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "babel" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/babel.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "babel" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart /etc/systemd/system/babel.service | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable babel
         systemctl restart babel
 
     verify
 
-    echo "$(cat $MESH_DEFAULT_PROTOCOL)" > $MESH_CURRENT_PROTOCOL
+    cat "$MESH_DEFAULT_PROTOCOL" > "$MESH_CURRENT_PROTOCOL"
 }
 
 function monitor {
     echo ''
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
-    ifconfig $IFACE down
-    ifconfig $IFACE mtu 1532
-    ifconfig $IFACE hw ether $(assign_peer_address)
-    iwconfig $IFACE enc off
-    iwconfig $IFACE mode monitor channel $CHANNEL
+    ifconfig "$IFACE" down
+    ifconfig "$IFACE" mtu 1532
+    ifconfig "$IFACE" hw ether "$(assign_peer_address)"
+    iwconfig "$IFACE" enc off
+    iwconfig "$IFACE" mode monitor channel "$CHANNEL"
     sleep 1
-    iwconfig $IFACE ap $CELLID
+    iwconfig "$IFACE" ap "$CELLID"
 
     modprobe batman-adv
-    batctl if add $IFACE
-    ifconfig $IFACE up
+    batctl if add "$IFACE"
+    ifconfig "$IFACE" up
 
-    horst -i $IFACE
+    horst -i "$IFACE"
 
     clear
     echo ''
 }
 
 if ! grep -q "$IFACE" /proc/net/dev; then
-    echo 'Interface $IFACE was not found'
+    echo "Interface \$IFACE was not found"
     stop
     exit 1
 fi
         start
         ;;
     ping)
-        batctl ping $2
+        batctl ping "$2"
         ;;
     data)
         watch -n1 "batctl s | grep mgmt | grep bytes"
         ;;
     *)
         echo "error: invalid parameter $1"
-        echo 'usage: $0 {start|stop|restart|status|ping|ls|list}'
+        echo "usage: \$0 {start|stop|restart|status|ping|ls|list}"
         exit 2
         ;;
 esac

src/freedombone-mesh-blog

 DEFAULT_BLOG_TITLE=$"Freedombone Blog"
 
 function remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function ipfs_publish {
     DIR_TO_CHECK=/home/$USER/Public
-    if [ ! -d $DIR_TO_CHECK ]; then
+    if [ ! -d "$DIR_TO_CHECK" ]; then
         return
     fi
 
     echo $'Publishing to IPFS. This may take some time...'
 
     OLD_STAT_FILE=/home/$USER/.old_stat.txt
-    NEW_STAT=$(stat -t $DIR_TO_CHECK)
-    echo $($IPFS_COMMAND add -rq /home/$USER/Public | tail -n 1) > $IPFS_PUBLIC
-    echo "$NEW_STAT" > $OLD_STAT_FILE
+    NEW_STAT=$(stat -t "$DIR_TO_CHECK")
+    $IPFS_COMMAND add -rq "/home/$USER/Public" | tail -n 1 > "$IPFS_PUBLIC"
+    echo "$NEW_STAT" > "$OLD_STAT_FILE"
 
-    if [ -f $IPFS_PUBLIC ]; then
-        IPFS_PUBLIC_ID=$(cat $IPFS_PUBLIC)
-        $IPFS_COMMAND name publish /ipfs/$IPFS_PUBLIC_ID
+    if [ -f "$IPFS_PUBLIC" ]; then
+        IPFS_PUBLIC_ID=$(cat "$IPFS_PUBLIC")
+        $IPFS_COMMAND name publish "/ipfs/$IPFS_PUBLIC_ID"
     fi
 }
 
     echo ''
     echo $'Regenerating blog...'
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 246872648
     if grep -q "SITENAME=u'${DEFAULT_BLOG_TITLE}'" $BLOG_PATH/pelicanconf.py; then
         TOX_NICK=$(toxid --showuser)
         BLOG_TITLE=$"${TOX_NICK}'s Blog"
     fi
     make html
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 23682468
     remove_bad_blog_links
 
     ipfs_publish
 function new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
-    echo $'Title: Blog Post Title' > ~/.new-blog-entry
-    echo $"Date: ${DATESTR}" >> ~/.new-blog-entry
-    echo $"Author: $(toxid --showuser)" >> ~/.new-blog-entry
-    echo $'Category: default' >> ~/.new-blog-entry
-    echo $'Tags: blog, tag' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'Add your text here' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ' >> ~/.new-blog-entry
-    echo $'then link to it with:' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'![My image]({filename}images/myimage.jpg)' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
+    { echo $'Title: Blog Post Title';
+      echo $"Date: ${DATESTR}";
+      echo $"Author: $(toxid --showuser)";
+      echo $'Category: default';
+      echo $'Tags: blog, tag';
+      echo  '';
+      echo $'Add your text here';
+      echo  '';
+      echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ';
+      echo $'then link to it with:';
+      echo  '';
+      echo $'![My image]({filename}images/myimage.jpg)';
+      echo  ''; } > ~/.new-blog-entry
 
     $BLOG_EDITOR ~/.new-blog-entry
 
     if grep -q $"Blog Post Title" ~/.new-blog-entry; then
         return
     fi
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
-        echo '0' > $CURRENT_BLOG_INDEX
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
+        echo '0' > "$CURRENT_BLOG_INDEX"
     fi
 
     # move to the content directory
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
-    mv ~/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
+    mv ~/.new-blog-entry "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
-    echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+    echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
 
     regenerate_blog
 }
 
 function edit_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
 }
 
 function delete_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
         return
     fi
 
-    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
+    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
         rm $LAST_BLOG_ENTRY
-        if [ $CURRENT_INDEX -gt 0 ]; then
+        if [ "$CURRENT_INDEX" -gt 0 ]; then
             CURRENT_INDEX=$PREVIOUS_INDEX
-            echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+            echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
         else
-            rm -f $CURRENT_BLOG_INDEX
+            rm -f "$CURRENT_BLOG_INDEX"
         fi
         regenerate_blog
     fi
 
     n=1
     curr_theme_index=
-    if [ -f /home/$USER/.blog-theme-index ]; then
-        curr_theme_index=$(cat /home/$USER/.blog-theme-index)
+    if [ -f "/home/$USER/.blog-theme-index" ]; then
+        curr_theme_index=$(cat "/home/$USER/.blog-theme-index")
     fi
     if [ -f /tmp/.blog-themes ]; then
         rm /tmp/.blog-themes
     for a in "${THEMES[@]}"
     do
         echo "$n $a" >> /tmp/.blog-themes
-        n=$[n+1]
+        n=$((n+1))
     done
 
     CHOSEN_THEME_INDEX=$(
+    # shellcheck disable=SC2002
     cat /tmp/.blog-themes | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
            --column=$'Index' --column=$'Theme' \
            --print-column=1 --hide-column=1 --width=300 --height=400)
     rm /tmp/.blog-themes
-    if [ ! $CHOSEN_THEME_INDEX ]; then
+    if [ ! "$CHOSEN_THEME_INDEX" ]; then
         exit 1
     fi
 
-    echo "$CHOSEN_THEME_INDEX" > /home/$USER/.blog-theme-index
+    echo "$CHOSEN_THEME_INDEX" > "/home/$USER/.blog-theme-index"
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
-    cd cd $BLOG_PATH/themes/$CHOSEN_THEME
+    cd "$BLOG_PATH/themes/$CHOSEN_THEME" || exit 346746824
     remove_bad_blog_links
     if grep -q "THEME=" $BLOG_PATH/pelicanconf.py; then
         sed -i "s|THEME=.*|THEME='themes/${CHOSEN_THEME}'|g" $BLOG_PATH/pelicanconf.py

src/freedombone-mesh-connect

     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 246872464
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
 
     # create an archive of the vpn client files
-    cd /home/$MY_USERNAME
+    cd /home/$MY_USERNAME || exit 346825628354
     tar -czvf vpn.tar.gz stunnel* client.ovpn
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
 
     if [ -f vpn.tar.gz ]; then
-        zenity --info --title $"Generate VPN client keys" --text $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
+        zenity --info --title $"Generate VPN client keys" --text $"\\nNew VPN client keys have been generated in the /home/fbone directory.\\n\\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\\n\\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
     fi
 }
 
                     sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
 
                     clear
-                    cd ~/
+                    cd ~/ || exit 234628422874
                     sudo stunnel stunnel-client.conf
                     sudo openvpn client.ovpn
                 fi

src/freedombone-mesh-install

     fi
 
     # Add a mesh routing protocol service
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/routing.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/routing.service
-    echo '<service-group>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <name replace-wildcards="yes">%h routing</name>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '    <type>_bmx6._tcp</type>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  </service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '</service-group>' >> $rootdir/etc/avahi/services/routing.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h routing</name>';
+      echo '  <service>';
+      echo '    <type>_bmx6._tcp</type>';
+      echo '  </service>';
+      echo '</service-group>'; } > "$rootdir/etc/avahi/services/routing.service"
 
     # keep the daemon running
     WATCHDOG_SCRIPT_NAME="keepon"
-    echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '';
+    echo '# keep avahi daemon running';
+    echo "AVAHI_RUNNING=\$(pgrep avahi-daemon > /dev/null && echo Running)";
+    echo "if [ ! \$AVAHI_RUNNING ]; then";
+    echo '  systemctl start avahi-daemon';
+    echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+    echo "  echo \" Avahi daemon restarted\" >> \$LOGFILE";
+    echo 'fi'; } >> "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+    chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 function install_batman_remove {
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     $CHROOT_PREFIX systemctl enable batman
 }
 
     FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
-    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-
-    echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-
-    echo '# OLSR2/MANET' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-
-    echo '# Babel' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    { echo '#!/bin/bash';
+      echo 'iptables -P INPUT ACCEPT';
+      echo 'ip6tables -P INPUT ACCEPT';
+      echo 'iptables -F';
+      echo 'ip6tables -F';
+      echo 'iptables -t nat -F';
+      echo 'ip6tables -t nat -F';
+      echo 'iptables -X';
+      echo 'ip6tables -X';
+      echo 'iptables -P INPUT DROP';
+      echo 'ip6tables -P INPUT DROP';
+      echo 'iptables -A INPUT -i lo -j ACCEPT';
+      echo 'ip6tables -A INPUT -i lo -j ACCEPT';
+      echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo '';
+      echo '# Make sure incoming tcp connections are SYN packets';
+      echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo '';
+      echo '# Drop packets with incoming fragments';
+      echo 'iptables -A INPUT -f -j DROP';
+      echo 'ip6tables -A INPUT -f -j DROP';
+      echo '';
+      echo '# Drop bogons';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo '';
+      echo '# Incoming malformed NULL packets:';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo '';
+      echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+
+      echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
+
+      echo '# OLSR2/MANET';
+      echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT';
+
+      echo '# Babel';
+      echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT'; } > "$MESH_FIREWALL_SCRIPT"
     chmod +x $MESH_FIREWALL_SCRIPT
 
-    echo '[Unit]' > $FIREWALL_FILENAME
-    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Service]' >> $FIREWALL_FILENAME
-    echo 'Type=oneshot' >> $FIREWALL_FILENAME
-    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
-    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Install]' >> $FIREWALL_FILENAME
-    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
+    { echo '[Unit]';
+      echo 'Description=Mesh Firewall';
+      echo '';
+      echo '[Service]';
+      echo 'Type=oneshot';
+      echo 'ExecStart=/usr/bin/mesh-firewall';
+      echo 'RemainAfterExit=no';
+      echo '';
+      echo 'TimeoutSec=30';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $FIREWALL_FILENAME
     chmod +x $FIREWALL_FILENAME
     $CHROOT_PREFIX systemctl enable meshfirewall
 }
         -r|--rootdir)
             shift
             rootdir="$1"
-            CHROOT_PREFIX='chroot "${rootdir}"'
+            CHROOT_PREFIX="chroot \"\${rootdir}\""
             ;;
         -w|--wifi|--interface)
             shift

src/freedombone-mesh-invite

 
 if [ ${#invite} -lt 10 ]; then
    dialog --title $"Create Invite" \
-          --msgbox $"\nThe invite could not be created" 7 70
+          --msgbox $"\\nThe invite could not be created" 7 70
    exit 1
 fi
 
 echo "$invite" | xclip -selection c
 
 dialog --title $"Create Invite" \
-       --msgbox $"\nThe invite has been copied to the clipboard.\n\nYou can paste it with CTRL+v" 9 70
+       --msgbox $"\\nThe invite has been copied to the clipboard.\\n\\nYou can paste it with CTRL+v" 9 70
 
 exit 0

src/freedombone-mesh-reset

     sudo pkill midori
     sudo pkill patchwork
     sudo rm -f $MESH_INSTALL_COMPLETED
-    sudo ${PROJECT_NAME}-image-mesh $USER new
+    sudo "${PROJECT_NAME}-image-mesh" "$USER" new
 
     sudo batman start
 
-    if [ -f $HOME/mesh-desktop.sh ]; then
-        $HOME/mesh-desktop.sh
+    if [ -f "$HOME/mesh-desktop.sh" ]; then
+        "$HOME/mesh-desktop.sh"
     else
         zenity --info --title=$"New Identity" --text=$"You now have a new identity" --width=200
     fi

src/freedombone-mesh-routing

 export TEXTDOMAIN=${PROJECT_NAME}-mesh-routing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi"
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh"
 
 function mesh_stop_daemon {
     daemon_name=$1
 
     clear
     echo ''
-    echo $"Stopping $1..."
-    sudo systemctl stop $1
-    echo $"Disabling $1..."
-    sudo systemctl disable $1
+    echo $"Stopping ${daemon_name}..."
+    sudo systemctl stop "${daemon_name}"
+    echo $"Disabling ${daemon_name}..."
+    sudo systemctl disable "${daemon_name}"
 }
 
 clear
 echo ''
 echo $'Scanning for BMX6 protocol...'
-bmx6_peers=$(avahi-browse -at | grep routing | grep bmx6 | wc -l)
+bmx6_peers=$(avahi-browse -at | grep routing | grep -c bmx6)
 
 clear
 echo ''
 echo $'Scanning for OLSR2 protocol...'
-olsr2_peers=$(avahi-browse -at | grep routing | grep olsr2 | wc -l)
+olsr2_peers=$(avahi-browse -at | grep routing | grep -c olsr2)
 
 clear
 echo ''
 echo $'Scanning for Babel protocol...'
-babel_peers=$(avahi-browse -at | grep routing | grep babel | wc -l)
+babel_peers=$(avahi-browse -at | grep routing | grep -c babel)
 
 clear
 
 esac
 
 temp_script=$HOME/.change_routing
-echo '#!/bin/bash' > $temp_script
-echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL" >> $temp_script
-echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL" >> $temp_script
-echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service" >> $temp_script
-echo 'systemctl restart avahi-daemon' >> $temp_script
-echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')" >> $temp_script
-echo 'network=fd66:66:66' >> $temp_script
-echo 'search_ipv6=$(ifconfig $1 | grep $network)' >> $temp_script
-echo 'if [ $search_ipv6 ]; then' >> $temp_script
-echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')" >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'else' >> $temp_script
-echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )' >> $temp_script
-echo '    a=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    b=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    c=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    result=$network:$a:$b:$c:$d:$e' >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'fi' >> $temp_script
-chmod +x $temp_script
+{ echo '#!/bin/bash';
+  echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL";
+  echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL";
+  echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service";
+  echo 'systemctl restart avahi-daemon';
+  echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')";
+  echo 'network=fd66:66:66';
+  echo "search_ipv6=\$(ifconfig \$1 | grep \$network)";
+  echo "if [ \$search_ipv6 ]; then";
+  echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'else';
+  echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )';
+  echo "    a=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    b=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    c=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    d=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    e=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    result=\$network:\$a:\$b:\$c:\$d:\$e";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'fi'; } > "$temp_script"
+chmod +x "$temp_script"
 
 clear
 echo ''
 echo ''
 
 case $data in
-    1)  sudo $temp_script 'bmx6'
+    1)  sudo "$temp_script" 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
         mesh_stop_daemon 'babel'
         echo $'Starting BMX6...'
         sudo systemctl start bmx6
         ;;
-    2)  sudo $temp_script 'olsr2'
+    2)  sudo "$temp_script" 'olsr2'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'babel'
         echo $'Starting OLSR2...'
         sudo systemctl start olsr2
         ;;
-    3)  sudo $temp_script 'babel'
+    3)  sudo "$temp_script" 'babel'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
         ;;
 esac
 
-rm $temp_script
+rm "$temp_script"
 
 exit 0

src/freedombone-mesh-visit-site

 
 USERS_FILE_LINES=$(wc -l $USERS_FILE | awk -F ' ' '{print $1}')
 
-if [ $USERS_FILE_LINES -gt 200 ]; then
+if [ "$USERS_FILE_LINES" -gt 200 ]; then
     # If there are more than a Dunbar number of peers then ask for the peer name or ID
     data=$(zenity --entry --title="Visit IPFS site" --text="Enter the username or Tox ID for the site you wish to visit")
     sel=$?
         if ! grep -q "$TOX_USERNAME_OR_ID" $USERS_FILE; then
                     TOX_ID="$TOX_USERNAME_OR_ID"
         else
-                    TOX_ID=$(cat "$USERS_FILE" | grep "$TOX_USERNAME_OR_ID" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
+                    TOX_ID=$(grep "$TOX_USERNAME_OR_ID" "$USERS_FILE" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
         fi
 
         if [ ${#TOX_ID} -gt 5 ]; then
             zenity --info --title $"Visit a site" --text $"An IPFS site was not found for the user '$TOX_USERNAME_OR_ID'" --width 500
             exit 3
                     fi
-                    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+                    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
                     pkill $BROWSER
                     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 
 else
     # If there are a relatively small number of users then choose from a list
     TOX_ID=$(
-    cat $USERS_FILE | \
+    # shellcheck disable=SC2002
+    cat "$USERS_FILE" | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
             print $i;
            --title='Visit the site of another user' \
            --column='Username' --column='Tox ID' \
            --print-column=2 --hide-column=2 --width=300 --height=400)
-    if [ ! $TOX_ID ]; then
+    if [ ! "$TOX_ID" ]; then
         exit 0
     fi
-    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
     pkill $BROWSER
     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 

src/freedombone-pass

     MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
     if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
         echo $"Error: gpg backup key was not found"
-        return 58213
+        exit 58213
     fi
 }
 
     pass_string="$1"
     str_length=${#pass_string}
     total_padding=$((128 - str_length))
-    leading_padding=$((1 + RANDOM % $total_padding))
+    leading_padding=$((1 + RANDOM % total_padding))
     trailing_padding=$((total_padding - leading_padding))
     leading=$(printf "%-${leading_padding}s")
     trailing=$(printf "%-${trailing_padding}s")
         echo $'Incorrect padded length'
         exit 78352
     fi
-    ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-pass" -u root -a tests -p "$pass"; then
         echo $'Unable to encrypt password'
         exit 72725
     fi
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
         if [[ "$USERNAME" != 'root' ]]; then
-            shred -zu /root/.passwords/$USERNAME/*
-            rm -rf /root/.passwords/$USERNAME
+            shred -zu "/root/.passwords/$USERNAME/*"
+            rm -rf "/root/.passwords/$USERNAME"
         fi
     done
     if [ ! -f $NO_PASSWORD_STORE_FILE ]; then
 function export_to_keepass {
     filename="$1"
 
-    echo '<database>' > $filename
-    echo '  <group>' >> $filename
-    echo "    <title>${PROJECT_NAME}</title>" >> $filename
-    echo '    <icon>48</icon>' >> $filename
+    { echo '<database>';
+      echo '  <group>';
+      echo "    <title>${PROJECT_NAME}</title>";
+      echo '    <icon>48</icon>'; } > "$filename"
 
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
-        echo '    <group>' >> $filename
-        echo "      <title>$USERNAME</title>" >> $filename
-        echo '      <icon>0</icon>' >> $filename
+        { echo '    <group>';
+          echo "      <title>$USERNAME</title>";
+          echo '      <icon>0</icon>'; } >> "$filename"
         for a in /root/.passwords/$USERNAME/* ; do
-            APP_NAME=$(basename $a)
-            app_password=$(${PROJECT_NAME}-pass -u $USERNAME -a $APP_NAME)
-            echo '      <entry>' >> $filename
-            echo "        <title>$APP_NAME</title>" >> $filename
-            echo "        <username>$USERNAME</username>" >> $filename
-            echo "        <password>$app_password</password>" >> $filename
-            echo '        <url/>' >> $filename
-            echo '        <comment/>' >> $filename
-            echo '        <icon>0</icon>' >> $filename
-            echo '        <expire>Never</expire>' >> $filename
-            echo '      </entry>' >> $filename
+            APP_NAME=$(basename "$a")
+            app_password=$("${PROJECT_NAME}-pass" -u "$USERNAME" -a "$APP_NAME")
+            { echo '      <entry>';
+              echo "        <title>$APP_NAME</title>";
+              echo "        <username>$USERNAME</username>";
+              echo "        <password>$app_password</password>";
+              echo '        <url/>';
+              echo '        <comment/>';
+              echo '        <icon>0</icon>';
+              echo '        <expire>Never</expire>';
+              echo '      </entry>'; } >> "$filename"
         done
-        echo '    </group>' >> $filename
+        echo '    </group>' >> "$filename"
     done
 
-    echo '  </group>' >> $filename
-    echo '</database>' >> $filename
+    echo '  </group>' >> "$filename"
+    echo '</database>' >> "$filename"
 
     echo $"Exported $filename"
 }
     shift
 done
 
-if [ ${REMOVE_USERNAME} ]; then
-    if [ -d ~/.passwords/${REMOVE_USERNAME} ]; then
-        rm -rf ~/.passwords/${REMOVE_USERNAME}
+if [ "${REMOVE_USERNAME}" ]; then
+    if [ -d "${HOME}/.passwords/${REMOVE_USERNAME}" ]; then
+        rm -rf "${HOME}/.passwords/${REMOVE_USERNAME}"
     fi
     exit 0
 fi
     exit 0
 fi
 
-if [ $EXPORT_FILENAME ]; then
-    export_to_keepass $EXPORT_FILENAME
+if [ "$EXPORT_FILENAME" ]; then
+    export_to_keepass "$EXPORT_FILENAME"
     exit 0
 fi
 
-if [ ! $CURR_USERNAME ]; then
+if [ ! "$CURR_USERNAME" ]; then
     echo $'Error: No username given'
     exit 1
 fi
 
-if [ ! -d /home/$CURR_USERNAME ]; then
+if [ ! -d "/home/$CURR_USERNAME" ]; then
     if [[ "$CURR_USERNAME" != "root" ]]; then
         echo $"Error: User $CURR_USERNAME does not exist"
         exit 2
     fi
 fi
 
-if [ ${REMOVE_APP} ]; then
-    if [ -d ~/.passwords/${CURR_USERNAME}/${REMOVE_APP} ]; then
-        shred -zu ~/.passwords/${CURR_USERNAME}/${REMOVE_APP}
+if [ "${REMOVE_APP}" ]; then
+    if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
+        shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
     fi
     exit 0
 fi
 
-if [ ! $CURR_APP ]; then
+if [ ! "$CURR_APP" ]; then
     echo $'Error: No app name given'
     exit 3
 fi
 
 if [ ${#CURR_PASSWORD} -eq 0 ]; then
     # retrieve password
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         echo ""
         exit 4
     else
-        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
+        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP")
         remove_padding "${pass}"
     fi
 else
             exit 0
         fi
     fi
-    if [ ! -d ~/.passwords/$CURR_USERNAME ]; then
-        mkdir -p ~/.passwords/$CURR_USERNAME
+    if [ ! -d "${HOME}/.passwords/$CURR_USERNAME" ]; then
+        mkdir -p "${HOME}/.passwords/$CURR_USERNAME"
     fi
     # padding helps to ensure than nothing can be learned from the length of the cyphertext
-    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP"
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         exit 5
     fi

src/freedombone-pin-cert

         return
     fi
 
-    cd $WEBSITES_DIRECTORY
-    for file in `dir -d *` ; do
-        if grep -q "Public-Key-Pins" $file; then
+    cd $WEBSITES_DIRECTORY || exit 2468724684
+    for file in $(dir -d "*") ; do
+        if grep -q "Public-Key-Pins" "$file"; then
             DOMAIN_NAME=$file
             KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
-            if [ -f $KEY_FILENAME ]; then
+            if [ -f "$KEY_FILENAME" ]; then
                 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
-                if [ -f $BACKUP_KEY_FILENAME ]; then
-                    KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-                    BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                if [ -f "$BACKUP_KEY_FILENAME" ]; then
+                    KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                    BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';"
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
+                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$file"
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
                     fi
                 fi
     done
 }
 
-if [[ $1 == "all" ]]; then
+if [[ "$1" == "all" ]]; then
     pin_all_certs
     systemctl restart nginx
     exit 0
 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
 SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME}
 
-if [ ! ${DOMAIN_NAME} ]; then
+if [ ! "${DOMAIN_NAME}" ]; then
     exit 0
 fi
 
 fi
 
 if [[ $REMOVE == "remove" ]]; then
-    if grep -q "Public-Key-Pins" $SITE_FILENAME; then
-        sed -i "/Public-Key-Pins/d" $SITE_FILENAME
+    if grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+        sed -i "/Public-Key-Pins/d" "$SITE_FILENAME"
         echo $"Removed pinning for ${DOMAIN_NAME}"
         systemctl restart nginx
     fi
     exit 2
 fi
 
-KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
 
 if [ ${#KEY_HASH} -lt 5 ]; then
     echo 'Pin hash unexpectedly short'
 fi
 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
+if ! grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" "$SITE_FILENAME"
 else
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
+    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$SITE_FILENAME"
 fi
 
 systemctl restart nginx
 
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
+if ! grep -q "add_header Public-Key-Pins" "$SITE_FILENAME"; then
     echo $'Pinning failed'
 fi
 

src/freedombone-powerline

   readonly WHITE_BRIGHT=15
 
   # Font effects
-  readonly DIM="\[$(tput dim)\]"
-  readonly REVERSE="\[$(tput rev)\]"
-  readonly RESET="\[$(tput sgr0)\]"
-  readonly BOLD="\[$(tput bold)\]"
+  readonly DIM="\\[$(tput dim)\\]"
+  readonly REVERSE="\\[$(tput rev)\\]"
+  readonly RESET="\\[$(tput sgr0)\\]"
+  readonly BOLD="\\[$(tput bold)\\]"
 
   # Generate terminal colour codes
   # $1 is an int (a colour) and $2 must be 'fg' or 'bg'
   __colour() {
     case "$2" in
       'fg'*)
-        echo "\[$(tput setaf "$1")\]"
+        echo "\\[$(tput setaf "$1")\\]"
         ;;
       'bg'*)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
       *)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
     esac
   }
       if [ ! -z "${text+x}" ]; then
         text+="@"
       fi
-      text+="\h"
+      text+="\\h"
     fi
 
     if [ ! -z ${text+x} ]; then

src/freedombone-recoverkey

 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 FRIENDS_SERVERS_LIST=
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 3578
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
+FRAGMENTS_DIR="/home/$MY_USERNAME/.gnupg_fragments"
 
 # if no remote backup list was given then assume recover from USB
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     interactive_gpg_from_usb
     exit 0
 fi
 
 # obtain shares/fragments from remote locations
-if [ $FRIENDS_SERVERS_LIST ]; then
+if [ "$FRIENDS_SERVERS_LIST" ]; then
     # For each remote server
-    while read remote_server
+    while read -r remote_server
     do
         # Get the server and its password
         # Format is:
         #   username@domain:/home/username <port number> <ssh password>
         REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-        if [ $REMOTE_SERVER ]; then
+        if [ "$REMOTE_SERVER" ]; then
             REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
             REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
 
             # create a directory if it doesn't exist
-            if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
-                mkdir -p /home/$MY_USERNAME/.gnupg_fragments
+            if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
+                mkdir -p "/home/$MY_USERNAME/.gnupg_fragments"
             fi
 
             echo -n $"Starting key retrieval from $REMOTE_SERVER..."
-            /usr/bin/sshpass -p $REMOTE_PASSWORD \
-                             scp -r -P $REMOTE_SSH_PORT $REMOTE_SERVER/.gnupg_fragments/* /home/$MY_USERNAME/.gnupg_fragments
+            /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
+                             scp -r -P "$REMOTE_SSH_PORT" "$REMOTE_SERVER/.gnupg_fragments/*" "/home/$MY_USERNAME/.gnupg_fragments"
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $'FAILED'
             else
                 echo $'Ok'
             fi
         fi
-    done < $FRIENDS_SERVERS_LIST
+    done < "$FRIENDS_SERVERS_LIST"
 fi
 
 # was a directory created?
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $'No fragments have been recovered, so the key cannot be recovered'
     exit 7483
 fi
 
 # was anything downloaded?
-cd $FRAGMENTS_DIR
+cd "$FRAGMENTS_DIR" || exit 24682468
+# shellcheck disable=SC2012
 no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
 if (( no_of_shares == 0 )); then
     echo $'No key fragments were retrieved'
 fi
 
 # set permissions on the fragments
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg_fragments
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg_fragments"
 
 # decrypt the file
 KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-cd $FRAGMENTS_DIR
-gfcombine $KEYS_FILE.*
+cd "$FRAGMENTS_DIR" || exit 482746874624
+gfcombine "$KEYS_FILE.*"
 
-if [ ! -f $KEYS_FILE ]; then
+if [ ! -f "$KEYS_FILE" ]; then
     echo $'Unable to decrypt key. This may mean that not enough fragments are available'
     exit 6283
 fi
 echo $'Key fragments recombined'
 
 # import the gpg key
-gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
     echo $'Unable to import gpg key'
-    shred -zu $KEYS_FILE
+    shred -zu "$KEYS_FILE"
     exit 3682
 fi
-shred -zu $KEYS_FILE
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
-chmod -R 600 /home/$MY_USERNAME/.gnupg
+shred -zu "$KEYS_FILE"
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
+chmod -R 600 "/home/$MY_USERNAME/.gnupg"
 
 echo $'GPG key was recovered'
 

src/freedombone-remote

 export TEXTDOMAIN=${PROJECT_NAME}-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # User to create the list for
 MY_USERNAME=$USER
 FRIENDS_SERVERS_LIST=
 
 # Minimum password length in characters
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # How many remote locations were specified
 entering_remote_backups_ctr=0
 done
 
 function interactive_config_remote_backups {
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo $'Please specify a username with the -u option'
         exit 7356
     fi
 
-    if [ ! /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"The user /home/$MY_USERNAME does not exist on the system"
         exit 3689
     fi
 
-    if [ ! $FRIENDS_SERVERS_LIST ]; then
+    if [ ! "$FRIENDS_SERVERS_LIST" ]; then
         FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
     fi
 
     # clear any existing list
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        rm -f $FRIENDS_SERVERS_LIST
-        touch $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        rm -f "$FRIENDS_SERVERS_LIST"
+        touch "$FRIENDS_SERVERS_LIST"
     fi
     # number of entries made
     entering_remote_backups_ctr=1
     remote_ssh_reciprocal_password=""
     while [[ $entering_remote_backups_done == "no" ]]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $RECIPROCAL == "yes" ]]; then
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server\n\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
+                   --form "\\nPlease specify the SSH login details for the remote server\\n\\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
                    "Reciprocal Username:" 5 1 "$remote_ssh_reciprocal_username" 5 23 20 100 \
                    "Reciprocal Password:" 6 1 "$remote_ssh_reciprocal_password" 6 23 20 100 \
-                   2> $data
+                   2> "$data"
         else
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server" 15 50 4 \
+                   --form "\\nPlease specify the SSH login details for the remote server" 15 50 4 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
-                   2> $data
+                   2> "$data"
         fi
         sel=$?
         case $sel in
             1) entering_remote_backups_done="yes";;
             255) entering_remote_backups_done="yes";;
         esac
-        remote_ssh_username=$(cat $data | sed -n 1p)
-        remote_ssh_domain=$(cat $data | sed -n 2p)
-        remote_ssh_port=$(cat $data | sed -n 3p)
-        remote_ssh_password=$(cat $data | sed -n 4p)
-        remote_ssh_reciprocal_username=$(cat $data | sed -n 5p)
-        remote_ssh_reciprocal_password=$(cat $data | sed -n 6p)
+        remote_ssh_username=$(sed -n 1p < "$data")
+        remote_ssh_domain=$(sed -n 2p < "$data")
+        remote_ssh_port=$(sed -n 3p < "$data")
+        remote_ssh_password=$(sed -n 4p < "$data")
+        remote_ssh_reciprocal_username=$(sed -n 5p < "$data")
+        remote_ssh_reciprocal_password=$(sed -n 6p < "$data")
+        rm -f "$data"
         if [[ $remote_ssh_username != "" && \
                     $remote_ssh_domain != "" && \
                     $remote_ssh_port != "" && \
                     $remote_ssh_password != "" ]]; then
 
-            if [ ${#remote_ssh_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#remote_ssh_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title "Password quality check" --msgbox "The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
             else
 
                 if [[ $RECIPROCAL == "yes" ]]; then
                     if [[ $remote_ssh_reciprocal_username != "" && \
                                 $remote_ssh_reciprocal_password != "" ]]; then
-                        if [ ${#remote_ssh_reciprocal_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+                        if [ ${#remote_ssh_reciprocal_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                             dialog --title "Password quality check" --msgbox "The reciprocal password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
                         else
-                            echo ${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash | newusers
-                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                            echo "${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash" | newusers
+                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                             remote_ssh_username=""
                             remote_ssh_domain=""
                             remote_ssh_port=""
                             entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                         fi
                     else
-                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                         remote_ssh_username=""
                         remote_ssh_domain=""
                         remote_ssh_port=""
                         entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                     fi
                 else
-                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                     remote_ssh_username=""
                     remote_ssh_domain=""
                     remote_ssh_port=""
             entering_remote_backups_done="yes"
         fi
     done
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        chown $MY_USERNAME:$MY_USERNAME $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        chown "$MY_USERNAME":"$MY_USERNAME" "$FRIENDS_SERVERS_LIST"
     fi
 }
 
 function show_result {
     clear
-    if (( $entering_remote_backups_ctr < 2 )); then
+    if (( "$entering_remote_backups_ctr" < 2 )); then
         echo $'No remote backup locations were specified'
         exit 0
     fi
-    if [ ! -f $FRIENDS_SERVERS_LIST ]; then
+    if [ ! -f "$FRIENDS_SERVERS_LIST" ]; then
         echo $"No remote backups list found: $FRIENDS_SERVERS_LIST"
         exit 7358
     fi
     echo ''
     echo $'Contents:'
     echo ''
-    cat $FRIENDS_SERVERS_LIST
+    cat "$FRIENDS_SERVERS_LIST"
     echo ''
 }
 
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
 fi
 

src/freedombone-renew-cert

         echo $"Renewing Let's Encrypt certificate"
     fi
 
-    ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH; then
         echo $"Unable to add Let's encrypt certificate"
         exit 6328
     fi
 shift
 done
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5748
 fi
 fi
 
 # check that the web site exists
-if [ ! -f /etc/nginx/sites-available/$HOSTNAME ]; then
+if [ ! -f "/etc/nginx/sites-available/$HOSTNAME" ]; then
     echo $"/etc/nginx/sites-available/$HOSTNAME does not exist"
     exit 7598
 fi

src/freedombone-repair-database

 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 export TEXTDOMAIN=${PROJECT_NAME}-repair-databases
 export TEXTDOMAINDIR="/usr/share/locale"
 
 # The database to be repaired
-DATABASE=$1
+DATABASE="$1"
 
-ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
 ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
 
 # Frequency - daily/weekly
 
 umask 0077
 
-if [ $2 ]; then
-    BACKUP_TYPE=$2
+if [ "$2" ]; then
+    BACKUP_TYPE="$2"
 fi
 
 # check the database
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # Attempt to repair the database if it contains errors
 if grep -q "Error" "$TEMPFILE"; then
-    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair $DATABASE
+    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair "$DATABASE"
 else
     # No errors were found, so exit
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE"
     exit 0
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 # Check the database again
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # If it still contains errors then restore from backup
 if grep -q "Error" "$TEMPFILE"; then
-    mysql -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE -o < /var/backups/${DATABASE}_${BACKUP_TYPE}.sql
+    mysql -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" -o < "/var/backups/${DATABASE}_${BACKUP_TYPE}.sql"
 
     # Send a warning email
-    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" $ADMIN_EMAIL_ADDRESS
-    rm -f $TEMPFILE
+    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" "$ADMIN_EMAIL_ADDRESS"
+    rm -f "$TEMPFILE"
 
     exit 1
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 exit 0

src/freedombone-restore-local

 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 MONGODB_APPS_FILE=$HOME/.mongodbapps
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 
 # whether to restore everything or just a specific application
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 clear
 
 read_config_param USB_DRIVE
 
-if [ -f $COMPLETION_FILE ]; then
+if [ -f "$COMPLETION_FILE" ]; then
     ADMIN_USERNAME=$(get_completion_param "Admin user")
 fi
 
 
 function check_admin_user {
     echo $"Checking that admin user exists"
-    if [ ! -d /home/$ADMIN_USERNAME ]; then
+    if [ ! -d "/home/$ADMIN_USERNAME" ]; then
         echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
         set_user_permissions
         backup_unmount_drive
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 859034853
             fi
         fi
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 62121
             fi
         fi
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         fi
         rm -rf $temp_restore_dir
     fi
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf $temp_restore_dir
     fi
             fi
 
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f $temp_restore_dir/.muttrc ]; then
-                        cp -f $temp_restore_dir/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f $temp_restore_dir/Muttrc ]; then
                         cp -f $temp_restore_dir/Muttrc /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
         for d in $USB_MOUNT/backup/gnupg/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_usb $temp_restore_dir gnupg/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
                     exit 276
                 fi
                 rm -rf $temp_restore_dir
-                gpg_set_permissions $USERNAME
+                gpg_set_permissions "$USERNAME"
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         set_user_permissions
                         backup_unmount_drive
                         exit 283
         for d in $USB_MOUNT/backup/procmail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_usb $temp_restore_dir procmail/$USERNAME
+                restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
                 if [ -d $temp_restore_dir ]; then
-                    if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                    if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                     else
-                        cp -f $temp_restore_dir/.procmailrc /home/$USERNAME/.procmailrc
+                        cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
         for d in $USB_MOUNT/backup/spamassassin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring spamassassin settings for $USERNAME"
                     temp_restore_dir=/root/tempspamassassin
-                    restore_directory_from_usb $temp_restore_dir spamassassin/$USERNAME
-                    if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                        cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                    restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
+                    if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                        cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                     else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                        cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                        cp -rf "$temp_restore_dir/*" "/home/$USERNAME/.spamassassin/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
 
         # Make a backup of the original README file
         # incase old passwords need to be used
-        if [ -f /home/$ADMIN_USERNAME/README ]; then
-            if [ ! -f /home/$ADMIN_USERNAME/README_original ]; then
-                cp /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/README_original
+        if [ -f "/home/$ADMIN_USERNAME/README" ]; then
+            if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
+                cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
             fi
         fi
 
         temp_restore_dir=/root/tempreadme
         restore_directory_from_usb $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             set_user_permissions
         for d in $USB_MOUNT/backup/ssh/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_usb $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
         for d in $USB_MOUNT/backup/config/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_usb $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
         for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_usb $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     fi
 }
         for d in $USB_MOUNT/backup/fin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_usb $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
         for d in $USB_MOUNT/backup/local/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_usb $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
         for d in $USB_MOUNT/backup/personal/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring personal settings for $USERNAME"
                     temp_restore_dir=/root/temppersonal
-                    restore_directory_from_usb $temp_restore_dir personal/$USERNAME
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                    restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                        mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                        mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                     else
-                        if [ ! -d /home/$USERNAME/personal ]; then
-                            mkdir /home/$USERNAME/personal
+                        if [ ! -d "/home/$USERNAME/personal" ]; then
+                            mkdir "/home/$USERNAME/personal"
                         fi
-                        cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                        cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         set_user_permissions
                         backup_unmount_drive
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
         for d in $USB_MOUNT/backup/mail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_usb $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     set_user_permissions
                     backup_unmount_drive
 }
 
 function get_restore_app {
-    if [ ${1} ]; then
-        if [ ! -d /home/${1} ]; then
-            RESTORE_APP=${1}
+    if [ "${1}" ]; then
+        if [ ! -d "/home/${1}" ]; then
+            RESTORE_APP="${1}"
             echo $"Restore $RESTORE_APP"
         fi
     fi
 }
 
-get_restore_app ${2}
-backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
+get_restore_app "${2}"
+backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
 check_backup_exists
 check_admin_user
 copy_gpg_keys
 restore_personal_settings
 restore_mailing_list
 restore_email
-restore_apps local $RESTORE_APP
+restore_apps local "$RESTORE_APP"
 set_user_permissions
 update_default_domain
 backup_unmount_drive

src/freedombone-restore-remote

 export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-SERVER_NAME=$1
+SERVER_NAME="$1"
 
 # whether to restore everything or just a specific application
 RESTORE_APP='all'
 
-if [ ${2} ]; then
-    RESTORE_APP=${2}
+if [ "${2}" ]; then
+    RESTORE_APP="${2}"
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
 
 BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
 
-if [ ! $SERVER_NAME ]; then
+if [ ! "$SERVER_NAME" ]; then
     echo $'restorefromfriend [server]'
     exit 1
 fi
 
-if [ ! -f $BACKUP_LIST ]; then
+if [ ! -f "$BACKUP_LIST" ]; then
     echo $"No friends list found at $BACKUP_LIST"
     exit 2
 fi
 
-if ! grep -q "$SERVER_NAME" $BACKUP_LIST; then
+if ! grep -q "$SERVER_NAME" "$BACKUP_LIST"; then
     echo $"Server not found within the friends list"
     exit 3
 fi
 
-REMOTE_SERVER=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $1}')
-REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $2}')
-REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $3}')
-REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $4}')
+REMOTE_SERVER=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $1}')
+REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $2}')
+REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $3}')
+REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $4}')
 REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
 
 NOW=$(date +"%Y-%m-%d %H:%M:%S")
 
 echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
-rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $REMOTE_SERVER/backup $SERVER_DIRECTORY
-if [ ! "$?" = "0" ]; then
+if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$REMOTE_SERVER/backup" "$SERVER_DIRECTORY"; then
     echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
     # Send a warning email
-    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" $ADMIN_EMAIL_ADDRESS
+    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" "$ADMIN_EMAIL_ADDRESS"
     exit 790
 else
     echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
 fi
 
 # MariaDB password
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
         fi
     fi
 
-    if [ -d $USB_MOUNT/backup/blocklist ]; then
+    if [ -d "$USB_MOUNT/backup/blocklist" ]; then
         echo $"Restoring blocklist"
         temp_restore_dir=/root/tempblocklist
         restore_directory_from_friend $temp_restore_dir blocklist
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 7835335
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 62121
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
         fi
         rm -rf ${temp_restore_dir}
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
-                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
+                db_pass=$("${PROJECT_NAME}-pass" -u root -a postgresql)
                 if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
                 else
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf ${temp_restore_dir}
     fi
         fi
 
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mutt/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_friend ${temp_restore_dir} "mutt/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f ${temp_restore_dir}/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "${temp_restore_dir}/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f ${temp_restore_dir}/Muttrc ]; then
                         cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
     for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/gnupg/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_friend ${temp_restore_dir} gnupg/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "gnupg/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/.gnupg" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
+                    cp -r "${temp_restore_dir}/*" "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
                 fi
                 rm -rf ${temp_restore_dir}
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         exit 283
                     fi
                     gpg_set_permissions root
     for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/procmail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_friend ${temp_restore_dir} procmail/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "procmail/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                 else
-                    cp -f ${temp_restore_dir}/.procmailrc /home/$USERNAME/.procmailrc
+                    cp -f "${temp_restore_dir}/.procmailrc" "/home/$USERNAME/.procmailrc"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
     for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/spamassassin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring spamassassin settings for $USERNAME"
                 temp_restore_dir=/root/tempspamassassin
-                restore_directory_from_friend $temp_restore_dir spamassassin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "spamassassin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                    cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                    cp -rf $temp_restore_dir/* "/home/$USERNAME/.spamassassin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 276
         echo $"Restoring README"
         temp_restore_dir=/root/tempreadme
         restore_directory_from_friend $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
     for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/ssh/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_friend $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
     for d in $SERVER_DIRECTORY/backup/config/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/config/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_friend $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
     for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/monkeysphere/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_friend $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     done
 }
     for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/fin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_friend $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
     for d in $SERVER_DIRECTORY/backup/local/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/local/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_friend $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 276
         fi
     for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/personal/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring personal settings for $USERNAME"
                 temp_restore_dir=/root/temppersonal
-                restore_directory_from_friend $temp_restore_dir personal/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                restore_directory_from_friend $temp_restore_dir "personal/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                 else
-                    if [ ! -d /home/$USERNAME/personal ]; then
-                        mkdir /home/$USERNAME/personal
+                    if [ ! -d "/home/$USERNAME/personal" ]; then
+                        mkdir "/home/$USERNAME/personal"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 18437643
                 fi
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 526
         fi
     for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_friend $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_friend $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 927
                 fi
 
 # Social key management
 # Recover any key fragments and reconstruct the gpg key
-${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
+${PROJECT_NAME}-recoverkey -u "${ADMIN_USERNAME}" -l "$BACKUP_LIST"
 
 copy_gpg_keys
 gpg_agent_setup root

src/freedombone-rmemail

     show_help
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
 PM=/home/$MYUSERNAME/.procmailrc
 
-if grep -q "Email rule for $EMAILADDRESS ->" $PM; then
-    sed -i "/# Email rule for $EMAILADDRESS ->.*/,/# End of rule/d" $PM
+if grep -q "Email rule for $EMAILADDRESS ->" "$PM"; then
+    sed -i "/# Email rule for $EMAILADDRESS ->.*/,/# End of rule/d" "$PM"
 fi
 
 exit 0

src/freedombone-rmlist

 fi
 
 MUTTRC=/home/$MYUSERNAME/.muttrc
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
 if [[ $MUTT_MAILBOXES == *$MAILINGLIST* ]]; then
-    sed -i "s| =$MAILINGLIST||g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    sed -i "s| =$MAILINGLIST||g" "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
-if [ $LIST_ADDRESS ]; then
-    if ! grep -q "unsubscribe $LIST_ADDRESS" $MUTTRC; then
-        sed -i "s|subscribe $LIST_ADDRESS|unsubscribe $LIST_ADDRESS|g" $MUTTRC
+if [ "$LIST_ADDRESS" ]; then
+    if ! grep -q "unsubscribe $LIST_ADDRESS" "$MUTTRC"; then
+        sed -i "s|subscribe $LIST_ADDRESS|unsubscribe $LIST_ADDRESS|g" "$MUTTRC"
     fi
 fi
 

src/freedombone-rmuser

 
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 read_config_param MY_USERNAME
 REMOVE_USERNAME=$1
 REMOVE_OPTIONS="$2"
 
-if [ ! $REMOVE_USERNAME ]; then
+if [ ! "$REMOVE_USERNAME" ]; then
     echo $'Please specify a username to remove'
     exit 1
 fi
     exit 3
 fi
 
-if [ ! -d /home/$REMOVE_USERNAME ]; then
+if [ ! -d "/home/$REMOVE_USERNAME" ]; then
     echo $"Home directory does not exist for $REMOVE_USERNAME"
     exit 4
 fi
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $"$COMPLETION_FILE not found"
     exit 5
 fi
 
-if ! grep -q "Admin user" $COMPLETION_FILE; then
+if ! grep -q "Admin user" "$COMPLETION_FILE"; then
     echo $"No admin user specified in $COMPLETION_FILE"
     exit 6
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
-if [ ! $ADMIN_USERNAME ]; then
+if [ ! "$ADMIN_USERNAME" ]; then
     echo $"No admin username specified in $COMPLETION_FILE"
     exit 7
 fi
 
-if [[ $REMOVE_USERNAME == $ADMIN_USERNAME ]]; then
+if [[ "$REMOVE_USERNAME" == "$ADMIN_USERNAME" ]]; then
     echo $"The administrator user cannot be removed"
     exit 8
 fi
 
 if [[ "$REMOVE_OPTIONS" != '-f' && "$REMOVE_OPTIONS" != '-y' && "$REMOVE_OPTIONS" != '--force' ]]; then
     echo $'>>> REMOVE USER <<<'
-    read -p $"Do you really wish to remove the user '$REMOVE_USERNAME' (y/n) ?" yn
+    read -r -p $"Do you really wish to remove the user '$REMOVE_USERNAME' (y/n) ?" yn
     if [[ $yn != 'y' && $yn != 'Y' && $yn != 'yes' && $yn != 'Yes' && $yn != 'YES' ]]; then
         echo $"User $REMOVE_USERNAME was not removed"
         exit 9
 
 if [ -f /etc/nginx/.htpasswd ]; then
     if grep -q "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
-        htpasswd -D /etc/nginx/.htpasswd $REMOVE_USERNAME
+        htpasswd -D /etc/nginx/.htpasswd "$REMOVE_USERNAME"
     fi
 fi
 
 # remove gpg keys
-if [ -d /home/$REMOVE_USERNAME/.gnupg ]; then
-    shred -zu /home/$REMOVE_USERNAME/.gnupg/*
+if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
+    shred -zu "/home/$REMOVE_USERNAME/.gnupg/*"
 fi
 
 # remove ssh keys
-if [ -d /home/$REMOVE_USERNAME/.ssh ]; then
-    shred -zu /home/$REMOVE_USERNAME/.ssh/*
+if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
+    shred -zu "/home/$REMOVE_USERNAME/.ssh/*"
 fi
 
 echo $'Detecting installed apps...'
 get_apps_installed_names
 for app_name in "${APPS_INSTALLED_NAMES[@]}"
 do
-    if [[ $(function_exists remove_user_${app_name}) == "1" ]]; then
+    if [[ $(function_exists "remove_user_${app_name}") == "1" ]]; then
         echo $"Removing user from ${app_name}"
-        app_load_variables ${app_name}
-        remove_user_${app_name} "$REMOVE_USERNAME"
-        if grep -q "${app_name}_${REMOVE_USERNAME}" $APP_USERS_FILE; then
-            sed -i "/${app_name}_${REMOVE_USERNAME}/d" $APP_USERS_FILE
+        app_load_variables "${app_name}"
+        "remove_user_${app_name}" "$REMOVE_USERNAME"
+        if grep -q "${app_name}_${REMOVE_USERNAME}" "$APP_USERS_FILE"; then
+            sed -i "/${app_name}_${REMOVE_USERNAME}/d" "$APP_USERS_FILE"
         fi
     fi
 done
 
 chmod 600 /etc/shadow
 chmod 600 /etc/gshadow
-userdel -r $REMOVE_USERNAME
-groupdel $REMOVE_USERNAME
+userdel -r "$REMOVE_USERNAME"
+groupdel "$REMOVE_USERNAME"
 chmod 0000 /etc/shadow
 chmod 0000 /etc/gshadow
 
-if [ -d /home/$REMOVE_USERNAME ]; then
-    rm -rf /home/$REMOVE_USERNAME
+if [ -d "/home/$REMOVE_USERNAME" ]; then
+    rm -rf "/home/${REMOVE_USERNAME:?}"
 fi
 
 echo $"User $REMOVE_USERNAME was removed"

src/freedombone-splitkey

 shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
     echo $'No gpg key found'
     exit 5393
 fi
 
-if [ $PASSWORD_FILE ]; then
-    if [ ! -f $PASSWORD_FILE ]; then
+if [ "$PASSWORD_FILE" ]; then
+    if [ ! -f "$PASSWORD_FILE" ]; then
         echo $'Password file not found'
         exit 62952
     fi
 fi
 
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
-if [ -d $FRAGMENTS_DIR ]; then
+if [ -d "$FRAGMENTS_DIR" ]; then
     exit 0
 fi
 
 # get the gpg key ID
-if [ ! $MY_EMAIL_ADDRESS ]; then
+if [ ! "$MY_EMAIL_ADDRESS" ]; then
     MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
 fi
 
-KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
+KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - "$MY_USERNAME" | sed -n '2p' | sed 's/^[ \t]*//')
 if [ ${#KEYID} -lt 4 ]; then
     echo $"gpg key for $MY_EMAIL_ADDRESS was not found"
     exit 3682
 fi
 
 # create the key file
-mkdir -p $FRAGMENTS_DIR
-chown $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
-KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-gpg --output $FRAGMENTS_DIR/pubkey.txt --armor --export $KEYID
-if [ ! "$?" = "0" ]; then
+mkdir -p "$FRAGMENTS_DIR"
+chown "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
+KEYS_FILE="$FRAGMENTS_DIR/keyshare.asc"
+if ! gpg --output "$FRAGMENTS_DIR/pubkey.txt" --armor --export "$KEYID"; then
     echo $"Unable to extract public key for $KEYID"
     exit 7835
 fi
-if [ ! $PASSWORD_FILE ]; then
-    gpg --output $FRAGMENTS_DIR/privkey.txt \
-        --armor --export-secret-key $KEYID
+if [ ! "$PASSWORD_FILE" ]; then
+    gpg --output "$FRAGMENTS_DIR/privkey.txt" \
+        --armor --export-secret-key "$KEYID"
 else
-    echo "$(printf `cat $PASSWORD_FILE`)" | \
+    # shellcheck disable=SC2005
+    echo "$(printf "%s" "$(cat "$PASSWORD_FILE")")" | \
         gpg --batch --passphrase-fd 0 \
-        --output $FRAGMENTS_DIR/privkey.txt \
-        --armor --export-secret-key $KEYID
+        --output "$FRAGMENTS_DIR/privkey.txt" \
+        --armor --export-secret-key "$KEYID"
 fi
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract private key for $KEYID"
     exit 7823
 fi
-gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
-    --armor --export $MY_BACKUP_KEY_ID
-if [ ! "$?" = "0" ]; then
-    shred -zu $FRAGMENTS_DIR/privkey.txt
+if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
+    --armor --export "$MY_BACKUP_KEY_ID"; then
+    shred -zu "$FRAGMENTS_DIR/privkey.txt"
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
     exit 62928
 fi
 echo "$BACKUP_DUMMY_PASSWORD" | \
-    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
         --batch --passphrase-fd 0 \
-        --armor --export-secret-key $MY_BACKUP_KEY_ID
-if [ ! "$?" = "0" ]; then
-    shred -zu $FRAGMENTS_DIR/privkey.txt
+        --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
+    shred -zu "$FRAGMENTS_DIR/privkey.txt"
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
     exit 13783
 fi
 
 # Ensure there aren't any permissions problems when running cat
-chmod +r $FRAGMENTS_DIR/privkey.txt
-chmod +r $FRAGMENTS_DIR/backup_privkey.txt
-
-cat $FRAGMENTS_DIR/pubkey.txt \
-    $FRAGMENTS_DIR/privkey.txt \
-    $FRAGMENTS_DIR/backup_pubkey.txt \
-    $FRAGMENTS_DIR/backup_privkey.txt > $KEYS_FILE
-shred -zu $FRAGMENTS_DIR/privkey.txt
-shred -zu $FRAGMENTS_DIR/pubkey.txt
-shred -zu $FRAGMENTS_DIR/backup_privkey.txt
-shred -zu $FRAGMENTS_DIR/backup_pubkey.txt
+chmod +r "$FRAGMENTS_DIR/privkey.txt"
+chmod +r "$FRAGMENTS_DIR/backup_privkey.txt"
+
+cat "$FRAGMENTS_DIR/pubkey.txt" \
+    "$FRAGMENTS_DIR/privkey.txt" \
+    "$FRAGMENTS_DIR/backup_pubkey.txt" \
+    "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
+shred -zu "$FRAGMENTS_DIR/privkey.txt"
+shred -zu "$FRAGMENTS_DIR/pubkey.txt"
+shred -zu "$FRAGMENTS_DIR/backup_privkey.txt"
+shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt"
 
 KEY_SHARES=$((KEY_FRAGMENTS * 2))
-gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gfsplit -n "$KEY_FRAGMENTS" -m "$KEY_SHARES $KEYS_FILE"; then
     echo $"Unable to split the gpg key"
-    rm -rf $FRAGMENTS_DIR
-    if [ -f $KEYS_FILE ]; then
-        shred -zu $KEYS_FILE
+    rm -rf "$FRAGMENTS_DIR"
+    if [ -f "$KEYS_FILE" ]; then
+        shred -zu "$KEYS_FILE"
     fi
     exit 63028
 fi
-shred -zu $KEYS_FILE
+shred -zu "$KEYS_FILE"
 
 # set permissions
-chown -R $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
-chmod -R 600 $FRAGMENTS_DIR
+chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
+chmod -R 600 "$FRAGMENTS_DIR"
 
 echo $"$KEY_SHARES key shares created"
 

src/freedombone-syncthing

 export TEXTDOMAIN=$PROJECT_NAME-syncthing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # File which keeps track of what has already been installed
     for i in {1..8}
     do
         v=""
+        # shellcheck disable=SC2034
         for j in {1..2}
         do
-            v2=`echo "obase=16;$RANDOM" | bc`
+            v2=$(echo "obase=16;$RANDOM" | bc)
             v=$v$v2
         done
         v=$(echo "$v" | cut -c1-7)
-        if [[ ${i} < 8 ]]; then
+        if [ "${i}" -lt 8 ]; then
             v=$v"-"
         fi
         echo -n "$v"
 }
 
 function create_syncthing_config {
-    if grep -q "syncthing ID" $COMPLETION_FILE; then
+    if grep -q "syncthing ID" "$COMPLETION_FILE"; then
         SYNCTHING_ID=$(get_completion_param "syncthing ID")
     else
         if [ -f $SYNCTHING_CONFIG_FILE ]; then
-            SYNCTHING_ID=$(cat $SYNCTHING_CONFIG_FILE | grep "device id=" | head -n 1 | awk -F '"' '{print $2}')
+            SYNCTHING_ID=$(grep "device id=" "$SYNCTHING_CONFIG_FILE" | head -n 1 | awk -F '"' '{print $2}')
         else
             SYNCTHING_ID=$(new_syncthing_id)
         fi
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             echo "    <folder id=\"$USERNAME\" path=\"/home/$USERNAME/Sync/\" ro=\"false\" rescanIntervalS=\"60\" ignorePerms=\"false\" autoNormalize=\"true\">" >> $SYNCTHING_CONFIG_FILE
             # include any specified device IDs for this user
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 echo "" > $TEMP_IDS_FILE
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
                 rm $TEMP_IDS_FILE
             fi
-            echo "        <device id=\"$SYNCTHING_ID\"></device>" >> $SYNCTHING_CONFIG_FILE
-            echo '        <minDiskFreePct>1</minDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <versioning></versioning>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <copiers>0</copiers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullers>0</pullers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <hashers>0</hashers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <order>random</order>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <ignoreDelete>false</ignoreDelete>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <scanProgressIntervalS>0</scanProgressIntervalS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullerSleepS>0</pullerSleepS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullerPauseS>0</pullerPauseS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <maxConflicts>10</maxConflicts>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <disableSparseFiles>false</disableSparseFiles>' >> $SYNCTHING_CONFIG_FILE
-            echo '    </folder>' >> $SYNCTHING_CONFIG_FILE
+            { echo "        <device id=\"$SYNCTHING_ID\"></device>";
+              echo '        <minDiskFreePct>1</minDiskFreePct>';
+              echo '        <versioning></versioning>';
+              echo '        <copiers>0</copiers>';
+              echo '        <pullers>0</pullers>';
+              echo '        <hashers>0</hashers>';
+              echo '        <order>random</order>';
+              echo '        <ignoreDelete>false</ignoreDelete>';
+              echo '        <scanProgressIntervalS>0</scanProgressIntervalS>';
+              echo '        <pullerSleepS>0</pullerSleepS>';
+              echo '        <pullerPauseS>0</pullerPauseS>';
+              echo '        <maxConflicts>10</maxConflicts>';
+              echo '        <disableSparseFiles>false</disableSparseFiles>';
+              echo '    </folder>'; } >> "$SYNCTHING_CONFIG_FILE"
         fi
     done
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
         fi
     done
     rm $TEMP_IDS_FILE
-    echo "        <device id=\"$SYNCTHING_ID\"></device>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <minDiskFreePct>1</minDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <versioning></versioning>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <copiers>0</copiers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullers>0</pullers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <hashers>0</hashers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <order>random</order>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <ignoreDelete>false</ignoreDelete>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <scanProgressIntervalS>0</scanProgressIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullerSleepS>0</pullerSleepS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullerPauseS>0</pullerPauseS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxConflicts>10</maxConflicts>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <disableSparseFiles>false</disableSparseFiles>' >> $SYNCTHING_CONFIG_FILE
-    echo '    </folder>' >> $SYNCTHING_CONFIG_FILE
+    { echo "        <device id=\"$SYNCTHING_ID\"></device>";
+      echo '        <minDiskFreePct>1</minDiskFreePct>';
+      echo '        <versioning></versioning>';
+      echo '        <copiers>0</copiers>';
+      echo '        <pullers>0</pullers>';
+      echo '        <hashers>0</hashers>';
+      echo '        <order>random</order>';
+      echo '        <ignoreDelete>false</ignoreDelete>';
+      echo '        <scanProgressIntervalS>0</scanProgressIntervalS>';
+      echo '        <pullerSleepS>0</pullerSleepS>';
+      echo '        <pullerPauseS>0</pullerPauseS>';
+      echo '        <maxConflicts>10</maxConflicts>';
+      echo '        <disableSparseFiles>false</disableSparseFiles>';
+      echo '    </folder>';
 
-
-    echo "    <device id=\"$SYNCTHING_ID\" name=\"${PROJECT_NAME}\" compression=\"metadata\" introducer=\"false\">" >> $SYNCTHING_CONFIG_FILE
-    echo '        <address>dynamic</address>' >> $SYNCTHING_CONFIG_FILE
-    echo '    </device>' >> $SYNCTHING_CONFIG_FILE
+      echo "    <device id=\"$SYNCTHING_ID\" name=\"${PROJECT_NAME}\" compression=\"metadata\" introducer=\"false\">";
+      echo '        <address>dynamic</address>';
+      echo '    </device>'; } >> "$SYNCTHING_CONFIG_FILE"
 
     echo "" > $TEMP_IDS_FILE
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                         if [ ${#line2} -gt 10 ]; then
                             if ! grep -q "$line2" $TEMP_IDS_FILE; then
-                                echo "    <device id=\"$line2\" name=\"${USERNAME}\" compression=\"metadata\" introducer=\"false\">" >> $SYNCTHING_CONFIG_FILE
+                                echo "    <device id=\"$line2\" name=\"${USERNAME}\" compression=\"metadata\" introducer=\"false\">" >> "$SYNCTHING_CONFIG_FILE"
                                 echo '        <address>dynamic</address>' >> $SYNCTHING_CONFIG_FILE
                                 echo '    </device>' >> $SYNCTHING_CONFIG_FILE
                                 echo "$line2" >> $TEMP_IDS_FILE
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
         fi
     done
     rm $TEMP_IDS_FILE
 
-    echo '    <options>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <listenAddress>tcp://0.0.0.0:$SYNCTHING_PORT</listenAddress>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <globalAnnounceServer>default</globalAnnounceServer>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <globalAnnounceEnabled>true</globalAnnounceEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnounceEnabled>true</localAnnounceEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnouncePort>21027</localAnnouncePort>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <relayServer>dynamic+$SYNCTHING_RELAY_SERVER</relayServer>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxSendKbps>0</maxSendKbps>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxRecvKbps>0</maxRecvKbps>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <reconnectionIntervalS>60</reconnectionIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <relaysEnabled>true</relaysEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <relayReconnectIntervalM>10</relayReconnectIntervalM>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <startBrowser>true</startBrowser>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpEnabled>true</upnpEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpLeaseMinutes>60</upnpLeaseMinutes>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpRenewalMinutes>30</upnpRenewalMinutes>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpTimeoutSeconds>10</upnpTimeoutSeconds>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urAccepted>-1</urAccepted>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urUniqueID></urUniqueID>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urURL>https://data.syncthing.net/newdata</urURL>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urPostInsecurely>false</urPostInsecurely>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urInitialDelayS>1800</urInitialDelayS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <restartOnWakeup>true</restartOnWakeup>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <keepTemporariesH>24</keepTemporariesH>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <cacheIgnoredFiles>true</cacheIgnoredFiles>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <progressUpdateIntervalS>5</progressUpdateIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <symlinksEnabled>true</symlinksEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <limitBandwidthInLan>false</limitBandwidthInLan>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <minHomeDiskFreePct>1</minHomeDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <releasesURL>$SYNCTHING_RELEASES</releasesURL>" >> $SYNCTHING_CONFIG_FILE
-    echo '    </options>' >> $SYNCTHING_CONFIG_FILE
-    echo '</configuration>' >> $SYNCTHING_CONFIG_FILE
+    { echo '    <options>';
+      echo "        <listenAddress>tcp://0.0.0.0:$SYNCTHING_PORT</listenAddress>";
+      echo '        <globalAnnounceServer>default</globalAnnounceServer>';
+      echo '        <globalAnnounceEnabled>true</globalAnnounceEnabled>';
+      echo '        <localAnnounceEnabled>true</localAnnounceEnabled>';
+      echo '        <localAnnouncePort>21027</localAnnouncePort>';
+      echo '        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>';
+      echo "        <relayServer>dynamic+$SYNCTHING_RELAY_SERVER</relayServer>";
+      echo '        <maxSendKbps>0</maxSendKbps>';
+      echo '        <maxRecvKbps>0</maxRecvKbps>';
+      echo '        <reconnectionIntervalS>60</reconnectionIntervalS>';
+      echo '        <relaysEnabled>true</relaysEnabled>';
+      echo '        <relayReconnectIntervalM>10</relayReconnectIntervalM>';
+      echo '        <startBrowser>true</startBrowser>';
+      echo '        <upnpEnabled>true</upnpEnabled>';
+      echo '        <upnpLeaseMinutes>60</upnpLeaseMinutes>';
+      echo '        <upnpRenewalMinutes>30</upnpRenewalMinutes>';
+      echo '        <upnpTimeoutSeconds>10</upnpTimeoutSeconds>';
+      echo '        <urAccepted>-1</urAccepted>';
+      echo '        <urUniqueID></urUniqueID>';
+      echo '        <urURL>https://data.syncthing.net/newdata</urURL>';
+      echo '        <urPostInsecurely>false</urPostInsecurely>';
+      echo '        <urInitialDelayS>1800</urInitialDelayS>';
+      echo '        <restartOnWakeup>true</restartOnWakeup>';
+      echo '        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>';
+      echo '        <keepTemporariesH>24</keepTemporariesH>';
+      echo '        <cacheIgnoredFiles>true</cacheIgnoredFiles>';
+      echo '        <progressUpdateIntervalS>5</progressUpdateIntervalS>';
+      echo '        <symlinksEnabled>true</symlinksEnabled>';
+      echo '        <limitBandwidthInLan>false</limitBandwidthInLan>';
+      echo '        <minHomeDiskFreePct>1</minHomeDiskFreePct>';
+      echo "        <releasesURL>$SYNCTHING_RELEASES</releasesURL>";
+      echo '    </options>';
+      echo '</configuration>'; } >> "$SYNCTHING_CONFIG_FILE"
 
     # give each user account a file containing the device id for this server
     # This allows it to appear within the user control panel
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            echo "$SYNCTHING_ID" > /home/$USERNAME/.syncthing-server-id
-            chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+            echo "$SYNCTHING_ID" > "/home/$USERNAME/.syncthing-server-id"
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
         fi
     done
 }
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ ! -f /home/$USERNAME/.syncthing-server-id ]; then
+        if [ ! -f "/home/$USERNAME/.syncthing-server-id" ]; then
             CHANGED=1
             return
         fi
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_UPDATE_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_UPDATE_FILE" ]; then
                 CHANGED=1
             fi
 
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     if [[ $line != *"#"* && $line != *"*"* && $line != *'/'*  && $line == *"-"* ]]; then
                         if [ ${#line} -gt 10 ]; then
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
 
             # Permissions on user Sync directories
-            if [ -d /home/$USERNAME/Sync ]; then
-                chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+            if [ -d "/home/$USERNAME/Sync" ]; then
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/Sync"
             fi
-            if [ -d /home/$USERNAME/SyncShared ]; then
-                chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+            if [ -d "/home/$USERNAME/SyncShared" ]; then
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/SyncShared"
             fi
         fi
     done
 function syncthing_set_permissions {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -d /home/$USERNAME/Sync ]; then
-            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+        if [ -d "/home/$USERNAME/Sync" ]; then
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/Sync"
         fi
-        if [ -d /home/$USERNAME/SyncShared ]; then
-            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+        if [ -d "/home/$USERNAME/SyncShared" ]; then
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/SyncShared"
         fi
     done
 }

src/freedombone-template

         -a|--app|--appname)
             shift
             app_name="$1"
-            app_name_lower=$(echo ${app_name} | tr '[:upper:]' '[:lower:]')
+            app_name_lower=$(echo "${app_name}" | tr '[:upper:]' '[:lower:]')
             app_name=$app_name_lower
-            app_name_upper=$(echo ${app_name} | tr '[:lower:]' '[:upper:]')
+            app_name_upper=$(echo "${app_name}" | tr '[:lower:]' '[:upper:]')
             ;;
         -r|--repo)
             shift
 echo ''
 echo "${app_name_upper}_DOMAIN_NAME="
 echo "${app_name_upper}_CODE="
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo "${app_name_upper}_PORT=$app_port"
 fi
 echo "${app_name_upper}_ONION_PORT=$(( ( RANDOM % 1000 )  + 9010 ))"
 echo "${app_name_upper}_REPO=\"${app_repo}\""
 echo "${app_name_upper}_COMMIT='${app_repo_commit}'"
 if [ $app_daemon ]; then
-    if [ ! $app_port_internal ]; then
+    if [ ! "$app_port_internal" ]; then
         echo "${app_name_upper}_PORT_INTERNAL=TODO"
     else
         echo "${app_name_upper}_PORT_INTERNAL=$app_port_internal"
 echo '}'
 echo ''
 echo "function remove_user_${app_name} {"
-echo '    remove_username="$1"'
+echo "    remove_username=\"\$1\""
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$remove_username --rmapp ${app_name}"
 echo '}'
 echo ''
 echo "function add_user_${app_name} {"
-echo '    new_username="$1"'
-echo '    new_user_password="$2"'
+echo "    new_username=\"\$1\""
+echo "    new_user_password=\"\$2\""
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$new_username -a ${app_name} -p \"\$new_user_password\""
 echo "    echo '0'"
 echo ''
 echo "function install_interactive_${app_name} {"
 if [ ! $app_onion_only ]; then
-    echo '    if [ ! $ONION_ONLY ]; then'
+    echo "    if [ ! \$ONION_ONLY ]; then"
     echo "        ONION_ONLY='no'"
     echo '    fi'
     echo ''
-    echo '    if [[ $ONION_ONLY != "no" ]]; then'
+    echo "    if [[ \$ONION_ONLY != \"no\" ]]; then"
     echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
     echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
     echo '    else'
 echo '}'
 echo ''
 echo "function change_password_${app_name} {"
-echo '    curr_username="$1"'
-echo '    new_user_password="$2"'
+echo "    curr_username=\"\$1\""
+echo "    new_user_password=\"\$2\""
 echo ''
 echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* ]]; then
     echo ''
     echo "function ${app_name}_create_database {"
-    echo '    if [ -f $IMAGE_PASSWORD_FILE ]; then'
-    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf `cat $IMAGE_PASSWORD_FILE`)\""
+    echo "    if [ -f \$IMAGE_PASSWORD_FILE ]; then"
+    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf \"%d\" \"\$(cat \"$IMAGE_PASSWORD_FILE\")\")\""
     echo '    else'
     echo "        if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then"
     echo "            ${app_name_upper}_ADMIN_PASSWORD=\"\$(create_password \${MINIMUM_PASSWORD_LENGTH})\""
 echo "function configure_interactive_${app_name} {"
 echo '    while true'
 echo '    do'
-echo '        data=$(tempfile 2>/dev/null)'
-echo '        trap "rm -f $data" 0 1 2 5 15'
+echo "        data=\$(mktemp 2>/dev/null)"
 echo "        dialog --backtitle \$\"Freedombone Control Panel\" \\"
 echo "               --title \$\"${app_name}\" \\"
 echo "               --radiolist \$\"Choose an operation:\" 16 70 3 \\"
-echo '               1 $"Option 1" off \'
-echo '               2 $"Option 2" off \'
-echo '               3 $"Exit" on 2> $data'
+echo "               1 \$\"Option 1\" off \\"
+echo "               2 \$\"Option 2\" off \\"
+echo "               3 \$\"Exit\" on 2> \"\$data\""
 echo '        sel=$?'
-echo '        case $sel in'
-echo '            1) return;;'
-echo '            255) return;;'
+echo "        case \$sel in"
+echo "            1) rm -f \"\$data\""
+echo '               return;;'
+echo "            255) rm -f \"\$data\""
+echo '                 return;;'
 echo '        esac'
-echo '        case $(cat $data) in'
+echo "        case \$(cat \"\$data\") in"
 echo '            1) # call some function for option 1'
 echo '               ;;'
 echo '            2) # call some function for option 2'
 echo '               ;;'
-echo '            3) break;;'
+echo "            3) rm -f \"\$data\""
+echo '               break;;'
 echo '        esac'
+echo "        rm -f \"\$data\""
 echo '    done'
 echo '}'
 echo ''
 echo '    fi'
 echo ''
 echo '    # update to the next commit'
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    set_repo_commit /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
     echo "    chown -R www-data:www-data /var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
 echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
 echo ''
 echo "    dest_directory=${app_name}"
-echo '    backup_directory_to_usb $source_directory $dest_directory'
+echo "    backup_directory_to_usb \$source_directory \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_usb ${app_name}"
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "        ${app_name}_dir=${app_dir}"
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_usb \$temp_restore_dir ${app_name}"
-echo '        if [ -d $temp_restore_dir ]; then'
+echo "        if [ -d \$temp_restore_dir ]; then"
 echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
 echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
 echo '            else'
 echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
 echo '            fi'
 echo "            chown -R www-data:www-data \$${app_name}_dir"
-echo '            rm -rf $temp_restore_dir'
+echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo '    fi'
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
 echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
 echo ''
 echo "    dest_directory=${app_name}"
-echo '    backup_directory_to_friend $source_directory $dest_directory'
+echo "    backup_directory_to_friend \$source_directory \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_friend ${app_name}"
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "        ${app_name}_dir=${app_dir}"
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database_from_friend ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database_from_friend ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_friend \$temp_restore_dir ${app_name}"
-echo '        if [ -d $temp_restore_dir ]; then'
+echo "        if [ -d \$temp_restore_dir ]; then"
 echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
 echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
 echo '            else'
 echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
 echo '            fi'
 echo "            chown -R www-data:www-data \$${app_name}_dir"
-echo '            rm -rf $temp_restore_dir'
+echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo '    fi'
 echo "    remove_app ${app_name}"
 echo "    remove_completion_param install_${app_name}"
 echo "    sed -i '/${app_name}/d' \$COMPLETION_FILE"
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo ''
     echo "    firewall_remove ${app_port} tcp"
 fi
 echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
 echo "        if [ -d /repos/${app_name} ]; then"
 echo "            mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "            cp -r -p /repos/${app_name}/. /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
     echo "            cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
 fi
 echo '            git pull'
 echo '        else'
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "            git_clone \$${app_name_upper}_REPO /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
     echo "            git_clone \$${app_name_upper}_REPO ${app_dir}"
 fi
 echo '        fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
 else
     echo "        if [ ! -d ${app_dir} ]; then"
 echo '        fi'
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
     echo "    cd ${app_dir}"
 echo "    ${app_name}_nginx_site=/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
 
 if [ $app_onion_only ]; then
-    echo '    if [[ $ONION_ONLY == "no" ]]; then'
+    echo "    if [[ \"\$ONION_ONLY\" == \"no\" ]]; then"
     if [[ "$app_php" == 'yes' ]]; then
         echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.php\""
     else
     echo "        echo '' >> \$${app_name}_nginx_site"
     if [[ "$app_php" == 'yes' ]]; then
         echo "        echo '  index index.php;' >> \$${app_name}_nginx_site"
-        echo "        echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+        echo "        echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
         echo "        echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
         echo "        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
         echo "        echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
 echo "    echo '' >> \$${app_name}_nginx_site"
 if [[ "$app_php" == 'yes' ]]; then
     echo "    echo '  index index.php;' >> \$${app_name}_nginx_site"
-    echo "    echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+    echo "    echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
     echo "    echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
     echo "    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
     echo "    echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
     echo "    echo 'Type=simple' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'User=${app_name}' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'Group=${app_name}' >> /etc/systemd/system/${app_name}.service"
-    if [ ! $app_dir ]; then
+    if [ ! "$app_dir" ]; then
         echo "    echo 'WorkingDirectory=TODO' >> /etc/systemd/system/${app_name}.service"
     else
         echo "    echo 'WorkingDirectory=${app_dir}' >> /etc/systemd/system/${app_name}.service"
     echo "    echo '[Install]' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/${app_name}.service"
     echo "    systemctl enable ${app_name}"
-    if [ $app_dir ]; then
+    if [ "$app_dir" ]; then
         echo "    chown -R ${app_name}:${app_name} ${app_dir}"
     fi
     echo "    systemctl start ${app_name}"
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$MY_USERNAME -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
 echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo ''
     echo "    firewall_add ${app_name} ${app_port} tcp"
 fi

src/freedombone-tests

     filename=$1
     fn_type=$2
     app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-    app_function=$(cat "${filename}" | grep "function ${fn_type}_${app_name} {" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
-    if [ ! ${app_function} ]; then
+    app_function=$(grep "function ${fn_type}_${app_name} {" "${filename}" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
+    if [ ! "${app_function}" ]; then
         echo $"Application ${app_name} does not contain a function called '${fn_type}_${app_name}'"
         echo ''
         echo "See ${filename}"
     if [ $RUN_STIG ]; then
         return
     fi
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     # check that these functions exist
     interface_functions=( install remove backup_local backup_remote restore_local restore_remote upgrade reconfigure )
         # for each expected interface function
         for f in "${interface_functions[@]}"
         do
-            test_app_function_type ${filename} $f
+            test_app_function_type ${filename} "$f"
         done
     done
 }
     fi
 
     # test that some services are not assigned the same onion port
-    FILES=src/${PROJECT_NAME}-app-*
-    ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
-    unique_ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
+    FILES="src/${PROJECT_NAME}-app-*"
+    ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
+    unique_ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
     if [[ "$ports" != "$unique_ports" ]]; then
         echo $'Some onion ports are clashing'
-        grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq
+        grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq
         exit 637252
     fi
 }
     NORMAL=$(tput sgr0)
     MSG="$2"
 
-    if [ $ESTATUS -eq 0 ];then
+    if [ "$ESTATUS" -eq 0 ];then
         printf "%s %s"  "$GREEN$BOLD[ PASS ]$NORMAL" "$MSG"
         echo
     else
 
     local pid=$1
     local delay=0.1
+    # shellcheck disable=SC2143
     while [ "$(ps -a | awk '{print $1}' | grep "$pid")" ];
     do
         sleep $delay
     done
-    printf " \b"
-    wait $1
+    printf " \\b"
+    wait "$1"
 }
 
 function disallow_package {
     package_name=$1
 
     if service --status-all | grep "+.*${package_name}";then
-        apt-get -yq remove --purge ${package_name}
+        apt-get -yq remove --purge "${package_name}"
         apt -yq autoremove
     fi
 }
     CATCOLOR=1
     SETLANG="en"
 
-    source $STIG_TESTS_DIR/output.sh
+    source "$STIG_TESTS_DIR/output.sh"
 
     ##RHEL-06-000001
     ##The system must use a separate file system for /tmp.
     ##RHEL-06-000033
     ##The /etc/shadow file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000034
     ##The /etc/shadow file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000035
     ##The /etc/shadow file must have mode 0000.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $1}' | grep "^----------$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000036
     ##The /etc/gshadow file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000037
     ##The /etc/gshadow file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000038
     ##The /etc/gshadow file must have mode 0000.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $1}' | grep "^----------$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000039
     ##The /etc/passwd file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/passwd | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000040
     ##The /etc/passwd file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/passwd | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000042
     ##The /etc/group file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/group | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     ##RHEL-06-000043
     ##The /etc/group file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/group | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
     if [ $SHOW_ALL_TESTS ]; then
         show_passes_fails=1
     else
-        if [ $FAILS -gt 0 ]; then
+        if [ "$FAILS" -gt 0 ]; then
             show_passes_fails=1
         fi
     fi
         echo ''
         echo $"Passes: $PASSES"
         echo $"Fails:  $FAILS"
-        if [ $FAILS -gt 0 ]; then
+        if [ "$FAILS" -gt 0 ]; then
             exit 792353
         fi
     fi
     shift
 done
 
-if [ ! $RUN_STIG ]; then
+if [ ! "$RUN_STIG" ]; then
     echo $'Running tests'
 fi
 

src/freedombone-unignore

     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
 PM=/home/$MYUSERNAME/.procmailrc
 
 # unignore if subject line contains text
-if [ $SUBJECT_TEXT ]; then
-    if grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        sed -i "/# Ignore rule for $SUBJECT_TEXT/,/# End of ignore rule/d" $PM
+if [ "$SUBJECT_TEXT" ]; then
+    if grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        sed -i "/# Ignore rule for $SUBJECT_TEXT/,/# End of ignore rule/d" "$PM"
     fi
 fi
 
 # unignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        sed -i "/# Ignore rule for $EMAIL_ADDRESS/,/# End of ignore rule/d" $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        sed -i "/# Ignore rule for $EMAIL_ADDRESS/,/# End of ignore rule/d" "$PM"
     fi
 fi
 

src/freedombone-upgrade

 # clear temporary files
 rm -rf /tmp/*
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 read_config_param PROJECT_REPO
 
 #update-ca-certificates
 
-if [ ! -d $PROJECT_DIR ]; then
-    git_clone $PROJECT_REPO $PROJECT_DIR
+if [ ! -d "$PROJECT_DIR" ]; then
+    git_clone "$PROJECT_REPO" "$PROJECT_DIR"
 fi
 
-if [ -d $PROJECT_DIR ]; then
-    if [ -f $CONFIGURATION_FILE ]; then
-        cd $PROJECT_DIR
-        rm -rf $PROJECT_DIR/locale/*
+if [ -d "$PROJECT_DIR" ]; then
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cd "$PROJECT_DIR" || exit 246823484
+        rm -rf "$PROJECT_DIR/locale/*"
         if [[ "$CURRENT_BRANCH" == *"master" ]]; then
             git_pull $PROJECT_REPO
         else
             chmod -R +r /usr/share/${PROJECT_NAME}
         fi
 
-        ${PROJECT_NAME} -c $CONFIGURATION_FILE
-        if [ ! "$?" = "0" ]; then
+        if ! ${PROJECT_NAME} -c "$CONFIGURATION_FILE"; then
             exit 453536
         fi
 

src/freedombone-usb-canary

 
 PROJECT_NAME=freedombone
 
-UPTIME=$(cat /proc/uptime | awk -F '.' '{print $1}')
-if [ $UPTIME -gt 120 ]; then
-    ADMIN_USER=$(cat /root/${PROJECT_NAME}-completed.txt | grep 'Admin user' | awk -F ':' '{print $2}')
+UPTIME=$(awk -F '.' '{print $1}' < "/proc/uptime")
+if [ "$UPTIME" -gt 120 ]; then
+    ADMIN_USER=$(grep 'Admin user' /root/${PROJECT_NAME}-completed.txt | awk -F ':' '{print $2}')
     MY_EMAIL_ADDRESS=${ADMIN_USER}@$(cat /etc/hostname)
-    echo "USB device connected on ${DEVPATH}" | mail -s "${PROJECT_NAME} USB canary" ${MY_EMAIL_ADDRESS}
+    echo "USB device connected on ${DEVPATH}" | mail -s "${PROJECT_NAME} USB canary" "${MY_EMAIL_ADDRESS}"
     echo "${ACTION}" > /tmp/usb-canary
     echo "${MY_EMAIL_ADDRESS}" >> /tmp/usb-canary
-    echo "$(date)" >> /tmp/usb-canary
+    date >> /tmp/usb-canary
 fi

src/meshavahi

     # include some subdirectories
     for dir in $DIR_TO_CHECK/*/
     do
-        REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir)"
+        REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir")"
         NEW_STAT="$REALLY_NEW_STAT"
 
         for dir2 in "$dir"/*/
         do
-            REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir2)"
+            REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir2")"
             NEW_STAT="$REALLY_NEW_STAT"
 
             for dir3 in "$dir2"/*/
             do
-                REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir3)"
+                REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir3")"
                 NEW_STAT="$REALLY_NEW_STAT"
             done
         done
 
 function ipfs_bootstrap {
     # TODO switch to ipv6
-    cat $TEMPFILE_BASE | grep "ipfs_id\|hostname =\|address =\|port =\|txt =" > $TEMPFILE
+    grep "ipfs_id\\|hostname =\\|address =\\|port =\\|txt =" "$TEMPFILE_BASE" > "$TEMPFILE"
 
     state=0
     address=""
         fi
         if [ ${state} -eq "2" ]; then
             if [[ $line == *"address ="* ]]; then
-                address=$(echo $line | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
+                address=$(echo "$line" | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
                 state=3
             fi
         fi
         if [ ${state} -eq "1" ]; then
             if [[ $line == *"hostname ="* ]]; then
-                peer=$(echo $line | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
+                peer=$(echo "$line" | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
                 state=2
             fi
         fi
     # Create a list of user sites, in alphabetical order by Tox nick
     if [ -d /home/$MY_USERNAME/Desktop ]; then
         if [ -f ${IPFS_USERS_FILE}.new ]; then
-            sites_list=$(cat ${IPFS_USERS_FILE}.new | sort -d)
+            sites_list=$(sort -d < "${IPFS_USERS_FILE}.new")
             echo "${sites_list}" > ${IPFS_USERS_FILE}
             chown $MY_USERNAME:$MY_USERNAME ${IPFS_USERS_FILE}
             rm ${IPFS_USERS_FILE}.new
 function detect_new_tox_users {
     CURRENT_USERS_FILE=$1
 
-    if [ ! -f $CURRENT_USERS_FILE ]; then
+    if [ ! -f "$CURRENT_USERS_FILE" ]; then
         return
     fi
 
             if [[ $line != "Failed*" && $line != "data "* && $line != "Anon "* && $line != "anon "* && $line != "anonymous "* && $line != "Anonymous "* ]]; then
                 if ! grep -q "$line" $PREV_TOX_USERS_FILE; then
                     # get the nick of the user
-                    toxidstr=$(echo "$line" | awk -F ' ' '{print $(NF)}')
-                    toxuser=$(echo "$line" | sed "s| $toxidstr||g")
+                    toxidstr=$(awk -F ' ' '{print $(NF)}' < "$line")
+                    toxuser=$(sed "s| $toxidstr||g" < "$line")
 
                     if [ -r "/home/$MESH_USERNAME/.dbus/Xdbus" ]; then
+                        # shellcheck disable=SC1090
                         . "/home/$MESH_USERNAME/.dbus/Xdbus"
                     fi
                     export DISPLAY=:0.0
     fi
 
     # Store the previous tox users list
-    cp -f $CURRENT_USERS_FILE $PREV_TOX_USERS_FILE
+    cp -f "$CURRENT_USERS_FILE" "$PREV_TOX_USERS_FILE"
 }
 
 function detect_tox_users {
     # don't show the first peer field
-    lstox | awk -F ' ' '{$1=""; print $0}' | sed -e 's/^[[:space:]]*//' | sort -d > $TEMPFILE
+    lstox | awk -F ' ' '{$1=""; print $0}' | sed -e 's/^[[:space:]]*//' | sort -d > "$TEMPFILE"
 
-    detect_new_tox_users $TEMPFILE
+    detect_new_tox_users "$TEMPFILE"
 }
 
 function avahi_extract_info {
     # Create a list of bootstrap nodes
-    avahi-browse -atr > $TEMPFILE_BASE
-    cat $TEMPFILE_BASE | grep "hostname =\|address =\|port =" > $TEMPFILE
-    if [ ! -f $TEMPFILE ]; then
+    avahi-browse -atr > "$TEMPFILE_BASE"
+    grep "hostname =\\|address =\\|port =" "$TEMPFILE_BASE" > "$TEMPFILE"
+    if [ ! -f "$TEMPFILE" ]; then
         exit 1
     fi
 }
 
 function avahi_remove_info {
-    rm -f $TEMPFILE_BASE
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE_BASE"
+    rm -f "$TEMPFILE"
 }
 
 if [ ! -d /etc/avahi ]; then