Tidying

src/cronic

@@ -12,14 +12,14 @@ ERR=$TMP/cronic.err
 TRACE=$TMP/cronic.trace
 
 set +e
-"$@" >$OUT 2>$TRACE
+"$@" >"$OUT" 2>"$TRACE"
 RESULT=$?
 set -e
 
 PATTERN="^${PS4:0:1}\\+${PS4:1}"
-if grep -aq "$PATTERN" $TRACE
+if grep -aq "$PATTERN" "$TRACE"
 then
-    ! grep -av "$PATTERN" $TRACE > $ERR
+    ! grep -av "$PATTERN" "$TRACE" > "$ERR"
 else
     ERR=$TRACE
 fi
@@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ]
     echo
     echo "STANDARD OUTPUT:"
     cat "$OUT"
-    if [ $TRACE != $ERR ]
+    if [ "$TRACE" != "$ERR" ]
     then
         echo
         echo "TRACE-ERROR OUTPUT:"

src/freedombone

@@ -42,61 +42,61 @@ fi
 
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
-command_options=$1
+command_options="$1"
 
-if [[ $command_options == "menuconfig-full" ]]; then
+if [[ "$command_options" == "menuconfig-full" ]]; then
     MINIMAL_INSTALL="no"
 fi
 
-if [[ $command_options == "menuconfig-onion" ]]; then
+if [[ "$command_options" == "menuconfig-onion" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="yes"
 fi
 
-if [[ $command_options == "menuconfig-gnusocial" ]]; then
+if [[ "$command_options" == "menuconfig-gnusocial" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="no"
     SOCIALINSTANCE='gnusocial'
 fi
 
-if [[ $command_options == "menuconfig-postactiv" ]]; then
+if [[ "$command_options" == "menuconfig-postactiv" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="no"
     SOCIALINSTANCE='postactiv'
 fi
 
-if [ ! $CONFIGURATION_FILE ]; then
-    CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+if [ ! "$CONFIGURATION_FILE" ]; then
+    CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 fi
-if [ ! $COMPLETION_FILE ]; then
-    COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+if [ ! "$COMPLETION_FILE" ]; then
+    COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 fi
 
 # before the interactive config so that wifi adaptors may be detected
 setup_wifi_atheros
 
-if [[ $command_options == "menuconfig"* ]]; then
+if [[ "$command_options" == "menuconfig"* ]]; then
     if [[ "$2" == "--reset" ]]; then
-        if [ -f $CONFIGURATION_FILE ]; then
-            rm $CONFIGURATION_FILE
+        if [ -f "$CONFIGURATION_FILE" ]; then
+            rm "$CONFIGURATION_FILE"
         fi
-        if [ -f $COMPLETION_FILE ]; then
-            rm $COMPLETION_FILE
+        if [ -f "$COMPLETION_FILE" ]; then
+            rm "$COMPLETION_FILE"
         fi
-        if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then
-            rm /usr/share/${PROJECT_NAME}/installed.txt
+        if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then
+            rm "/usr/share/${PROJECT_NAME}/installed.txt"
         fi
         if [ -f /root/removed ]; then
             rm /root/removed
@@ -104,18 +104,18 @@ if [[ $command_options == "menuconfig"* ]]; then
     fi
 
     # clear the interactive file which indicates configuration success
-    interactive_file=$HOME/.${PROJECT_NAME}-interactive
-    if [ -f $interactive_file ]; then
-        rm $interactive_file
+    interactive_file="$HOME/.${PROJECT_NAME}-interactive"
+    if [ -f "$interactive_file" ]; then
+        rm "$interactive_file"
     fi
 
     interactive_configuration
 
     # check that the interactive file was created
-    if [ ! -f $interactive_file ]; then
+    if [ ! -f "$interactive_file" ]; then
         exit 6393562
     fi
-    rm $interactive_file
+    rm "$interactive_file"
 else
     while [ $# -gt 1 ]
     do
@@ -169,12 +169,12 @@ else
             # Static IP address for the system
             --ip)
                 shift
-                LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
+                LOCAL_NETWORK_STATIC_IP_ADDRESS="$1"
                 ;;
             # IP address for the internet router
             --iprouter)
                 shift
-                ROUTER_IP_ADDRESS=$1
+                ROUTER_IP_ADDRESS="$1"
                 ;;
             # ssh port
             --ssh)
@@ -214,61 +214,61 @@ else
             # Mumble server password
             --vpass)
                 shift
-                MUMBLE_SERVER_PASSWORD=$1
+                MUMBLE_SERVER_PASSWORD="$1"
                 ;;
             # Mumble server port
             --vport)
                 shift
-                MUMBLE_PORT=$1
+                MUMBLE_PORT="$1"
                 ;;
             # DNS Nameserver 1
             --ns1)
                 shift
-                NAMESERVER1=$1
+                NAMESERVER1="$1"
                 ;;
             # DNS Nameserver 2
             --ns2)
                 shift
-                NAMESERVER2=$1
+                NAMESERVER2="$1"
                 ;;
             # DNS Nameserver 3
             --ns3)
                 shift
-                NAMESERVER3=$1
+                NAMESERVER3="$1"
                 ;;
             # DNS Nameserver 4
             --ns4)
                 shift
-                NAMESERVER4=$1
+                NAMESERVER4="$1"
                 ;;
             # DNS Nameserver 5
             --ns5)
                 shift
-                NAMESERVER5=$1
+                NAMESERVER5="$1"
                 ;;
             # DNS Nameserver 6
             --ns6)
                 shift
-                NAMESERVER6=$1
+                NAMESERVER6="$1"
                 ;;
             # Debian repository
             --repo)
                 shift
-                DEBIAN_REPO=$1
+                DEBIAN_REPO="$1"
                 ;;
             # clear the config file
             --reset)
-                if [ -f $CONFIGURATION_FILE ]; then
-                    rm $CONFIGURATION_FILE
+                if [ -f "$CONFIGURATION_FILE" ]; then
+                    rm "$CONFIGURATION_FILE"
                 fi
-                if [ -f $COMPLETION_FILE ]; then
-                    rm $COMPLETION_FILE
+                if [ -f "$COMPLETION_FILE" ]; then
+                    rm "$COMPLETION_FILE"
                 fi
                 ;;
             # minimal install
             --minimal)
                 shift
-                MINIMAL_INSTALL=$1
+                MINIMAL_INSTALL="$1"
                 ;;
             *)
                 # unknown option
@@ -293,7 +293,7 @@ function parse_args {
     read_config_param 'DDNS_USERNAME'
     read_config_param 'DDNS_PASSWORD'
 
-    if [ ! -d /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
         exit 1
     fi
@@ -304,7 +304,7 @@ function parse_args {
             exit 2
         fi
     fi
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo 'No username specified'
         show_help
         exit 3
@@ -312,11 +312,11 @@ function parse_args {
     if [[ $SYSTEM_TYPE != "mesh"* ]]; then
         if [[ "$DDNS_PROVIDER" != 'none' ]]; then
             if [[ $ONION_ONLY == "no" ]]; then
-                if [ ! $DDNS_USERNAME ]; then
+                if [ ! "$DDNS_USERNAME" ]; then
                     echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
                     exit 7823
                 fi
-                if [ ! $DDNS_PASSWORD ]; then
+                if [ ! "$DDNS_PASSWORD" ]; then
                     echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
                     exit 6382
                 fi
@@ -324,7 +324,7 @@ function parse_args {
         fi
     fi
 
-    if [ ! $SYSTEM_TYPE ]; then
+    if [ ! "$SYSTEM_TYPE" ]; then
         SYSTEM_TYPE=$'full'
         write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE"
     fi
@@ -338,8 +338,7 @@ function parse_args {
 
 # run some initial tests
 clear
-${PROJECT_NAME}-tests
-if [ ! "$?" = "0" ]; then
+if ! "${PROJECT_NAME}-tests"; then
     exit 768252
 fi
 
@@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions
 setup_utils
 setup_email
 setup_web
-setup_apps $command_options
+setup_apps "$command_options"
 setup_final
 
 echo ''

src/freedombone-addcert

@@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Don't pin certs by default
@@ -145,11 +145,11 @@ do
             ;;
         --dhkey)
             shift
-            DH_KEYLENGTH=${1}
+            DH_KEYLENGTH="${1}"
             ;;
         --pin)
             shift
-            PIN_CERTS=${1}
+            PIN_CERTS="${1}"
             ;;
         *)
             # unknown option
@@ -158,8 +158,8 @@ do
     shift
 done
 
-if [ ! $HOSTNAME ]; then
-    if [ ! $LETSENCRYPT_HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
+    if [ ! "$LETSENCRYPT_HOSTNAME" ]; then
         echo $'No hostname specified'
         exit 5748
     fi
@@ -180,16 +180,16 @@ function remove_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
     # disable the site if needed
-    if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
-        if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
-            nginx_dissite ${LETSENCRYPT_HOSTNAME}
+    if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then
+        if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then
+            nginx_dissite "${LETSENCRYPT_HOSTNAME}"
         fi
     fi
 
     # remove the cert
-    rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
-    rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
-    rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
+    rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*"
+    rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*"
+    rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf"
 
     # restart the web server
     systemctl restart nginx
@@ -199,14 +199,14 @@ function add_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
     # obtain the email address for the admin user
-    if [ ! $MY_EMAIL_ADDRESS ]; then
-        if [ -f $CONFIGURATION_FILE ]; then
+    if [ ! "$MY_EMAIL_ADDRESS" ]; then
+        if [ -f "$CONFIGURATION_FILE" ]; then
             read_config_param MY_EMAIL_ADDRESS
         fi
     fi
-    if [ ! $MY_EMAIL_ADDRESS ]; then
-        if [ -f $COMPLETION_FILE ]; then
-            if grep -q "Admin user:" $COMPLETION_FILE; then
+    if [ ! "$MY_EMAIL_ADDRESS" ]; then
+        if [ -f "$COMPLETION_FILE" ]; then
+            if grep -q "Admin user:" "$COMPLETION_FILE"; then
                 function_check get_completion_param
                 ADMIN_USER=$(get_completion_param "Admin user")
                 if [ ${#ADMIN_USER} -eq 0 ]; then
@@ -232,8 +232,7 @@ function add_cert_letsencrypt {
     chgrp -R root /etc/letsencrypt
     chmod -R 777 /etc/letsencrypt
 
-    certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
-    if [ ! "$?" = "0" ]; then
+    if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
         echo $'Also see https://letsencrypt.status.io to check for any service outages'
         chgrp -R ssl-cert /etc/letsencrypt
@@ -245,42 +244,42 @@ function add_cert_letsencrypt {
     fi
 
     # replace some legacy filenames
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
-        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then
+        mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
-        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then
+        mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
-    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
 
     # link the private key
-    if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-        if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
-            mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+    if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
+        if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then
+            mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old"
         else
-            rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+            rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
         fi
     fi
-    if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-        rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
+        rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
     fi
-    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
 
     # link the public key
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
-            mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then
+            mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old"
         else
-            rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+            rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
         fi
     fi
-    if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-        rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
+        rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
 
-    cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
+    cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem"
 
     update_default_domain
 
@@ -291,12 +290,11 @@ function add_cert_letsencrypt {
     chmod -R g=rX /etc/letsencrypt
     chown -R root:ssl-cert /etc/letsencrypt
 
-    nginx_ensite ${LETSENCRYPT_HOSTNAME}
+    nginx_ensite "${LETSENCRYPT_HOSTNAME}"
     systemctl start nginx
 
-    if [ $PIN_CERTS ]; then
-        ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
-        if [ ! "$?" = "0" ]; then
+    if [ "$PIN_CERTS" ]; then
+        if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then
             echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
             exit 62878
         fi
@@ -304,21 +302,20 @@ function add_cert_letsencrypt {
 }
 
 function add_cert_selfsigned {
-    if [[ $ORGANISATION == "Freedombone-CA" ]]; then
+    if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then
         CERTFILE="ca-$HOSTNAME"
     fi
 
-    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
+    openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-            -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
-            -out /etc/ssl/certs/${CERTFILE}.crt
-    chmod 400 /etc/ssl/private/${CERTFILE}.key
-    chmod 640 /etc/ssl/certs/${CERTFILE}.crt
-    cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
-
-    if [ $PIN_CERTS ]; then
-        ${PROJECT_NAME}-pin-cert $CERTFILE
-        if [ ! "$?" = "0" ]; then
+            -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
+            -out "/etc/ssl/certs/${CERTFILE}.crt"
+    chmod 400 "/etc/ssl/private/${CERTFILE}.key"
+    chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
+    cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
+
+    if [ "$PIN_CERTS" ]; then
+        if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
             echo $"Certificate for $CERTFILE could not be pinned"
             exit 62879
         fi
@@ -326,9 +323,9 @@ function add_cert_selfsigned {
 }
 
 function generate_dh_params {
-    if [ ! $NODH ]; then
-        if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
-            ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+    if [ ! "$NODH" ]; then
+        if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then
+            "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes
         fi
     fi
 }
@@ -346,12 +343,12 @@ function make_cert_bundle {
 }
 
 function create_cert {
-    if [ $remove_cert ]; then
+    if [ "$remove_cert" ]; then
         remove_cert_letsencrypt
         return
     fi
 
-    if [ $LETSENCRYPT_HOSTNAME ]; then
+    if [ "$LETSENCRYPT_HOSTNAME" ]; then
         add_cert_letsencrypt
     else
         add_cert_selfsigned

src/freedombone-addemail

@@ -52,49 +52,49 @@ do
     key="$1"
 
     case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MYUSERNAME="$1"
-        ;;
-    -e|--email)
-        shift
-        EMAILADDRESS="$1"
-        ;;
-    -s|--subject)
-        shift
-        SUBJECT_TEXT="$1"
-        ;;
-    -g|--group)
-        shift
-        GROUP_NAME="$1"
-        ;;
-    -p|--public)
-        shift
-        PUBLIC="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MYUSERNAME="$1"
+            ;;
+        -e|--email)
+            shift
+            EMAILADDRESS="$1"
+            ;;
+        -s|--subject)
+            shift
+            SUBJECT_TEXT="$1"
+            ;;
+        -g|--group)
+            shift
+            GROUP_NAME="$1"
+            ;;
+        -p|--public)
+            shift
+            PUBLIC="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
     esac
     shift
 done
 
-if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then
+if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then
     show_help
 fi
 
-if [ ${#EMAILADDRESS} -lt 2 ]; then
+if [ "${#EMAILADDRESS}" -lt 2 ]; then
     if [ ${#SUBJECT_TEXT} -lt 2 ]; then
-    show_help
+        show_help
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
-LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
+LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME"
 
 proc_rule="  * ^From:.*$EMAILADDRESS"
 proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME"
@@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then
 fi
 
 if [ ! -d "$LISTDIR" ]; then
-    mkdir -m 700 $LISTDIR
-    mkdir -m 700 $LISTDIR/tmp
-    mkdir -m 700 $LISTDIR/new
-    mkdir -m 700 $LISTDIR/cur
+    mkdir -m 700 "$LISTDIR"
+    mkdir -m 700 "$LISTDIR/tmp"
+    mkdir -m 700 "$LISTDIR/new"
+    mkdir -m 700 "$LISTDIR/cur"
 fi
-chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
-if ! grep -q "$proc_comment" $PM; then
+chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
+if ! grep -q "$proc_comment" "$PM"; then
     if [[ $PUBLIC != "yes" ]]; then
-    # private emails go after the encryption stage
-    echo '' >> $PM
-    echo "$proc_comment" >> $PM
-    echo ":0" >> $PM
-    echo "$proc_rule" >> $PM
-    echo "$LISTDIR/new" >> $PM
-    echo "# End of rule" >> $PM
+        # private emails go after the encryption stage
+        { echo '';
+          echo "$proc_comment";
+          echo ":0";
+          echo "$proc_rule";
+          echo "$LISTDIR/new";
+          echo "# End of rule"; } >> "$PM"
     else
-    # public emails are copied before the encryption stage
-    if ! grep -q '# encrypt' $PM; then
-        echo '' >> $PM
-        echo "$proc_comment" >> $PM
-        echo ":0" >> $PM
-        echo "$proc_rule" >> $PM
-        echo "$LISTDIR/new" >> $PM
-        echo "# End of rule" >> $PM
-    else
-        filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n")
-        sed -i "/# encrypt/i ${filter}" $PM
-    fi
+        # public emails are copied before the encryption stage
+        if ! grep -q '# encrypt' "$PM"; then
+            { echo '';
+              echo "$proc_comment";
+              echo ":0";
+              echo "$proc_rule";
+              echo "$LISTDIR/new";
+              echo "# End of rule"; } >> "$PM"
+        else
+            sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
+        fi
     fi
-    chown $MYUSERNAME:$MYUSERNAME $PM
+    chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-    cp /etc/Muttrc $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
-if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then
-    if ! grep -q "=$GROUP_NAME" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
+if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then
+    if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then
+        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
     fi
 fi
 

src/freedombone-addlist

@@ -52,119 +52,114 @@ do
     key="$1"
 
     case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MYUSERNAME="$1"
-        ;;
-    -l|--list)
-        shift
-        MAILINGLIST="$1"
-        ;;
-    -s|--subject)
-        shift
-        SUBJECTTAG="$1"
-        ;;
-    -e|--email)
-        shift
-        LIST_ADDRESS="$1"
-        ;;
-    -p|--public)
-        shift
-        PUBLIC="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MYUSERNAME="$1"
+            ;;
+        -l|--list)
+            shift
+            MAILINGLIST="$1"
+            ;;
+        -s|--subject)
+            shift
+            SUBJECTTAG="$1"
+            ;;
+        -e|--email)
+            shift
+            LIST_ADDRESS="$1"
+            ;;
+        -p|--public)
+            shift
+            PUBLIC="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
     esac
     shift
 done
 
-if [ ! $MYUSERNAME ]; then
+if [ ! "$MYUSERNAME" ]; then
     show_help
 fi
 
-if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then
+if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then
     show_help
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
-LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
+LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST"
 
-if grep -q "=$MAILINGLIST" $MUTTRC; then
+if grep -q "=$MAILINGLIST" "$MUTTRC"; then
     echo $"Mailing list $MAILINGLIST was already added"
 fi
 
 if [ ! -d "$LISTDIR" ]; then
-    mkdir -m 700 $LISTDIR
-    mkdir -m 700 $LISTDIR/tmp
-    mkdir -m 700 $LISTDIR/new
-    mkdir -m 700 $LISTDIR/cur
+    mkdir -m 700 "$LISTDIR"
+    mkdir -m 700 "$LISTDIR/tmp"
+    mkdir -m 700 "$LISTDIR/new"
+    mkdir -m 700 "$LISTDIR/cur"
 fi
 
-chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
+chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
 
 if [ ${#SUBJECTTAG} -gt 0 ]; then
     # use the subject tag
-    if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then
-    if [[ $PUBLIC != "yes" ]]; then
-        # private emails go after the encryption stage
-        filter="
-# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
-:0
-  * ^Subject:.*()\[$SUBJECTTAG\]
-$LISTDIR/new
-# End of rule
-"
-        echo "$filter" >> $PM
-    else
-        # public emails are copied before hte encryption stage
-        if ! grep -q '# encrypt' $PM; then
-        filter="
-# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
-:0
-  * ^Subject:.*()\[$SUBJECTTAG\]
-$LISTDIR/new
-# End of rule
-"
-        echo "$filter" >> $PM
+    if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then
+        if [[ $PUBLIC != "yes" ]]; then
+            # private emails go after the encryption stage
+            { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
+              echo ":0";
+              echo "  * ^Subject:.*()\\[$SUBJECTTAG\\]";
+              echo "$LISTDIR/new";
+              echo "# End of rule";
+              echo ""; } >> "$PM"
         else
-        filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n  * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n")
-        sed -i "/# encrypt/i ${filter}" $PM
+            # public emails are copied before hte encryption stage
+            if ! grep -q '# encrypt' "$PM"; then
+                { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
+                  echo ":0";
+                  echo "  * ^Subject:.*()\\[$SUBJECTTAG\\]";
+                  echo "$LISTDIR/new";
+                  echo "# End of rule";
+                  echo ""; } >> "$PM"
+            else
+                sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n  * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
+            fi
         fi
-    fi
-    chown $MYUSERNAME:$MYUSERNAME $PM
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 else
-    exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC)
+    exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")"
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-    cp /etc/Muttrc $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
-PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+PROCMAILLOG="/home/$MYUSERNAME/log"
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
-if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then
-    if ! grep -q "=$MAILINGLIST" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
+if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then
+    if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then
+        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
     fi
 fi
 
-if [ $LIST_ADDRESS ]; then
-    sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC
-    if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then
-    echo "subscribe $LIST_ADDRESS" >> $MUTTRC
+if [ "$LIST_ADDRESS" ]; then
+    sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC"
+    if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then
+        echo "subscribe $LIST_ADDRESS" >> "$MUTTRC"
     fi
 fi
 

src/freedombone-addremove

@@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove
 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # Start including files
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-  source $f
+    source "$f"
 done
 
 # End including files
@@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed {
         return
     fi
 
-    if [ -f $REMOVED_APPS_FILE ]; then
-        rm $REMOVED_APPS_FILE
+    if [ -f "$REMOVED_APPS_FILE" ]; then
+        rm "$REMOVED_APPS_FILE"
     fi
 
     app_index=0
     for app_name in "${APPS_AVAILABLE[@]}"
     do
         if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then
-            echo "_${app_name}_" >> $REMOVED_APPS_FILE
+            echo "_${app_name}_" >> "$REMOVED_APPS_FILE"
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 }
 
@@ -93,7 +93,7 @@ function app_expected_to_be_installed {
             echo "0"
             return
         fi
-        if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
+        if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
             echo "0"
             return
         fi
@@ -102,7 +102,7 @@ function app_expected_to_be_installed {
 }
 
 function show_apps {
-    select_all_apps=$1
+    select_all_apps="$1"
     applist=""
     n=1
     app_index=0
@@ -117,19 +117,20 @@ function show_apps {
                 applist="$applist $n $a on"
             fi
         fi
-        n=$[n+1]
-        app_index=$[app_index+1]
+        n=$((n+1))
+        app_index=$((app_index+1))
     done
 
     choices=$(dialog --stdout --backtitle $"Freedombone" \
                      --title $"Add/Remove Applications" \
                      --checklist $'Choose:' \
-                     27 40 20 $applist)
+                     27 40 20 "$applist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
         for choice in $choices
         do
-            app_index=$[choice-1]
+            app_index=$((choice-1))
             APPS_CHOSEN[$app_index]="1"
         done
     else
@@ -151,10 +152,10 @@ function remove_apps_selected {
                 else
                     removals="${APPS_AVAILABLE[$app_index]}"
                 fi
-                n=$[n+1]
+                n=$((n+1))
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     # if no apps to be removed then don't do anything
@@ -166,7 +167,7 @@ function remove_apps_selected {
     dialog --title $"Remove applications" \
            --backtitle $"Freedombone" \
            --defaultno \
-           --yesno $"\nYou have chosen to remove $n apps.\n\n    $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60
+           --yesno $"\\nYou have chosen to remove $n apps.\\n\\n    $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60
     sel=$?
     case $sel in
         1) return;;
@@ -195,10 +196,10 @@ function install_apps_selected {
                 else
                     installs="${APPS_AVAILABLE[$app_index]}"
                 fi
-                n=$[n+1]
+                n=$((n+1))
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     # if no apps to be installed then don't do anything
@@ -212,13 +213,13 @@ function install_apps_selected {
             dialog --title $"$installs" \
                    --backtitle $"Freedombone" \
                    --defaultno \
-                   --yesno $"\nThis will install the $installs app\n\nProceed?" 9 40
+                   --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40
         else
-            dialog_height=$((15 + $n))
+            dialog_height=$((15 + "$n"))
             dialog --title $"Add applications" \
                    --backtitle $"Freedombone" \
                    --defaultno \
-                   --yesno $"\nYou have chosen to install $n apps\n\n    $installs\n\nProceed?" $dialog_height 60
+                   --yesno $"\\nYou have chosen to install $n apps\\n\\n    $installs\\n\\nProceed?" $dialog_height 60
         fi
         sel=$?
         case $sel in
@@ -232,14 +233,13 @@ function install_apps_selected {
     # install the apps
     read_configuration
     install_apps interactive
-    if [ ! $APP_INSTALLED_SUCCESS ]; then
+    if [ ! "$APP_INSTALLED_SUCCESS" ]; then
         echo $'One or more apps failed to install'
     fi
 }
 
 if [[ $1 == "test"* ]]; then
-    ${PROJECT_NAME}-tests
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-tests; then
         exit 2
     fi
 fi
@@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then
     exit 1
 fi
 
-show_apps $1
-mark_unselected_apps_as_removed $1
+show_apps "$1"
+mark_unselected_apps_as_removed "$1"
 
 clear
 

src/freedombone-adduser

@@ -34,18 +34,18 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-adduser
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 ADD_USERNAME=$1
@@ -55,35 +55,35 @@ SSH_PORT=2222
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 DEFAULT_DOMAIN_NAME=
 
-if [ ! $ADD_USERNAME ]; then
+if [ ! "$ADD_USERNAME" ]; then
     echo $'No username was given'
     exit 1
 fi
 
-if [ -d /home/$ADD_USERNAME ]; then
+if [ -d "/home/$ADD_USERNAME" ]; then
     echo $"The user $ADD_USERNAME already exists"
     exit 2
 fi
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $"$COMPLETION_FILE not found"
-    userdel -r $ADD_USERNAME
+    userdel -r "$ADD_USERNAME"
     exit 3
 fi
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
-NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
 chmod 600 /etc/shadow
 chmod 600 /etc/gshadow
-useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME
-adduser $ADD_USERNAME sasl
-groupadd $ADD_USERNAME
+useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
+adduser "$ADD_USERNAME" sasl
+groupadd "$ADD_USERNAME"
 chmod 0000 /etc/shadow
 chmod 0000 /etc/gshadow
 
-if [ ! -d /home/$ADD_USERNAME ]; then
+if [ ! -d "/home/$ADD_USERNAME" ]; then
     echo $'Home directory was not created'
     exit 4
 fi
@@ -91,15 +91,15 @@ fi
 if [ "$SSH_PUBLIC_KEY" ]; then
     if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
         if [ -f "$SSH_PUBLIC_KEY" ]; then
-            mkdir /home/$ADD_USERNAME/.ssh
-            cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys
-            chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
+            mkdir "/home/$ADD_USERNAME/.ssh"
+            cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
+            chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
             echo $'ssh public key installed'
         else
             if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                mkdir /home/$ADD_USERNAME/.ssh
-                echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys
-                chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
+                mkdir "/home/$ADD_USERNAME/.ssh"
+                echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
+                chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
                 echo $'ssh public key installed'
             else
                 echo $'The second parameter does not look like an ssh key'
@@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then
     fi
 fi
 
-if [ -d /home/$ADD_USERNAME/Maildir ]; then
-    if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then
-        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc
+if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
+    if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
+        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
     else
-        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc
+        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
     fi
 
-    USERN='$USER@'
-    sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
+    sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
 fi
 
 # generate a gpg key
 echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
-mkdir /home/$ADD_USERNAME/.gnupg
-echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
-chmod 700 /home/$ADD_USERNAME/.gnupg
-chmod 600 /home/$ADD_USERNAME/.gnupg/*
+mkdir "/home/$ADD_USERNAME/.gnupg"
+{ echo "keyserver $GPG_KEYSERVER";
+  echo 'keyserver-options auto-key-retrieve';
+  echo '';
+  echo '# default preferences';
+  echo 'personal-digest-preferences SHA256';
+  echo 'cert-digest-algo SHA256';
+  echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
+
+chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
+chmod 700 "/home/$ADD_USERNAME/.gnupg"
+chmod 600 "/home/$ADD_USERNAME/.gnupg/*"
 
 # Generate a GPG key
-echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
-chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
-su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
-shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
+{ echo 'Key-Type: eddsa';
+  echo 'Key-Curve: Ed25519';
+  echo 'Subkey-Type: eddsa';
+  echo "Name-Real:  $ADD_USERNAME";
+  echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
+  echo 'Expire-Date: 0';
+  echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
+chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
+su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
+chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
+shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
-MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
-su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
+MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
+su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
 
-if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
+if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then
     echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
-    userdel -r $ADD_USERNAME
+    userdel -r "$ADD_USERNAME"
     exit 7
 fi
 
-gpg_agent_setup $ADD_USERNAME
+gpg_agent_setup "$ADD_USERNAME"
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
@@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME
 #echo $'Updating monkeysphere users'
 #monkeysphere-authentication update-users
 
-if [ -f /home/$ADD_USERNAME/.muttrc ]; then
+if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
     # encrypt outgoing mail to the "sent" folder
-    if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
-        echo '' >> /home/$ADD_USERNAME/.muttrc
-        echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
+        { echo '';
+          echo $'# Encrypt items in the Sent folder';
+          echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
     fi
 
-    if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
     fi
 fi
 
-if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then
-    echo '' >> /home/$ADD_USERNAME/README
-    echo '' >> /home/$ADD_USERNAME/README
-    echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README
-    echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README
-    echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README
-    echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README
-    echo $'You can change the it with:' >> /home/$ADD_USERNAME/README
-    echo '' >> /home/$ADD_USERNAME/README
-    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README
-    echo '  passwd' >> /home/$ADD_USERNAME/README
-    echo '  save' >> /home/$ADD_USERNAME/README
-    echo '  quit' >> /home/$ADD_USERNAME/README
+if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then
+    { echo '';
+      echo '';
+      echo $'# Change your GPG password';
+      echo $"It's very important to add a password to your GPG key so that";
+      echo $"if anyone does get access to your email they still won't be able";
+      echo $'to read them without knowning the GPG password.';
+      echo $'You can change the it with:';
+      echo '';
+      echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID";
+      echo '  passwd';
+      echo '  save';
+      echo '  quit'; } >> "/home/$ADD_USERNAME/README"
 fi
 
-chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README
-chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY
-chmod 600 /home/$ADD_USERNAME/README
+chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README"
+chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY"
+chmod 600 "/home/$ADD_USERNAME/README"
 
 echo $'Detecting installed apps...'
 detect_apps
 get_apps_installed_names
 for app_name in "${APPS_INSTALLED_NAMES[@]}"
 do
-    if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
+    if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
         echo $"Adding user to ${app_name}"
-        app_load_variables ${app_name}
-        retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
+        app_load_variables "${app_name}"
+        retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
         if [[ $retval != '0' ]]; then
             echo $"Failed with error code ${retval}"
-            ${PROJECT_NAME}-rmuser $ADD_USERNAME --force
+            "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force
             exit 672392
         fi
-        if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then
-            echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE
+        if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
+            echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
         fi
     fi
 done
 
 if [ -f /etc/nginx/.htpasswd ]; then
     if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
-        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
+        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
     fi
 fi
 
 # add user menu on ssh login
-if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
-    echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
+if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
+    echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
 fi
 
 # fix some gpg strangeness when searching for keys
-printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr
-if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then
-    chmod +x /home/$ADD_USERNAME/.gnupg/crls.d
+printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
+if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
+    chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
 fi
 
-${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
+"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
 
-gpg_agent_enable $ADD_USERNAME
+gpg_agent_enable "$ADD_USERNAME"
 
 clear
 

src/freedombone-app-akaunting

@@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY
                      MY_USERNAME)
 
 function akaunting_remove_bad_links {
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658
 
     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f jquery-${jquery_version}.js ]; then
-        cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@@ -74,7 +74,7 @@ function akaunting_remove_bad_links {
     sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css
     sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html
 
-    chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
 }
 
 function logging_on_akaunting {
@@ -88,65 +88,66 @@ function logging_off_akaunting {
 function remove_user_akaunting {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting
 }
 
 function add_user_akaunting {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password"
 
     echo '0'
 }
 
 function install_interactive_akaunting {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         AKAUNTING_DOMAIN_NAME='akaunting.local'
     else
         AKAUNTING_DETAILS_COMPLETE=
         while [ ! $AKAUNTING_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
-                       --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
-                       --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $AKAUNTING_DOMAIN_NAME ]; then
+            AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$AKAUNTING_DOMAIN_NAME" ]; then
                 if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     AKAUNTING_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then
                     AKAUNTING_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        AKAUNTING_CODE=$(cat $data | sed -n 2p)
+                        AKAUNTING_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$AKAUNTING_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             AKAUNTING_DOMAIN_NAME=
                         fi
                     fi
@@ -155,6 +156,7 @@ function install_interactive_akaunting {
             if [ $AKAUNTING_DOMAIN_NAME ]; then
                 AKAUNTING_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE"
@@ -169,23 +171,23 @@ function change_password_akaunting {
 
     read_config_param 'AKAUNTING_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password"
 }
 
 function akaunting_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
-            AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
+            AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
+    if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME
+    create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_akaunting {
@@ -198,70 +200,69 @@ function upgrade_akaunting {
         return
     fi
 
-    if grep -q "akaunting domain" $COMPLETION_FILE; then
+    if grep -q "akaunting domain" "$COMPLETION_FILE"; then
         AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO
+    set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO"
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835
     install_composer
     akaunting_remove_bad_links
 
-    chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_akaunting {
-    akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
-    if [ -d $akaunting_path ]; then
-        suspend_site ${AKAUNTING_DOMAIN_NAME}
+    akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
+    if [ -d "$akaunting_path" ]; then
+        suspend_site "${AKAUNTING_DOMAIN_NAME}"
         function_check backup_database_to_usb
         backup_database_to_usb akaunting
-        backup_directory_to_usb $akaunting_path akaunting
+        backup_directory_to_usb "$akaunting_path" akaunting
         restart_site
     fi
 }
 
 function restore_local_akaunting {
     temp_restore_dir=/root/tempakaunting
-    akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 
-    suspend_site ${AKAUNTING_DOMAIN_NAME}
+    suspend_site "${AKAUNTING_DOMAIN_NAME}"
 
     function_check akaunting_create_database
     akaunting_create_database
 
-    restore_database akaunting ${AKAUNTING_DOMAIN_NAME}
-    chown www-data:www-data $akaunting_dir
+    restore_database akaunting "${AKAUNTING_DOMAIN_NAME}"
+    chown www-data:www-data "$akaunting_dir"
 
     restart_site
 }
 
 function backup_remote_akaunting {
-    akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
-    if [ -d $akaunting_path ]; then
-        suspend_site ${AKAUNTING_DOMAIN_NAME}
+    akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
+    if [ -d "$akaunting_path" ]; then
+        suspend_site "${AKAUNTING_DOMAIN_NAME}"
         function_check backup_database_to_friend
         backup_database_to_friend akaunting
-        backup_directory_to_friend $akaunting_path akaunting
+        backup_directory_to_friend "$akaunting_path" akaunting
         restart_site
     fi
 }
 
 function restore_remote_akaunting {
-    temp_restore_dir=/root/tempakaunting
-    akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 
-    suspend_site ${AKAUNTING_DOMAIN_NAME}
+    suspend_site "${AKAUNTING_DOMAIN_NAME}"
 
     function_check akaunting_create_database
     akaunting_create_database
 
-    restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME}
-    chown www-data:www-data $akaunting_dir
+    restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}"
+    chown www-data:www-data "$akaunting_dir"
 
     restart_site
 }
@@ -274,28 +275,28 @@ function remove_akaunting {
     read_config_param "AKAUNTING_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $AKAUNTING_DOMAIN_NAME"
-    nginx_dissite $AKAUNTING_DOMAIN_NAME
-    remove_certs $AKAUNTING_DOMAIN_NAME
+    nginx_dissite "$AKAUNTING_DOMAIN_NAME"
+    remove_certs "$AKAUNTING_DOMAIN_NAME"
 
-    if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
-        rm -rf /var/www/$AKAUNTING_DOMAIN_NAME
+    if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database akaunting
     function_check remove_onion_service
-    remove_onion_service akaunting ${AKAUNTING_ONION_PORT}
+    remove_onion_service akaunting "${AKAUNTING_ONION_PORT}"
     if grep -q "akaunting" /etc/crontab; then
         sed -i "/akaunting/d" /etc/crontab
     fi
     remove_app akaunting
     remove_completion_param install_akaunting
-    sed -i '/akaunting/d' $COMPLETION_FILE
+    sed -i '/akaunting/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $AKAUNTING_DOMAIN_NAME
+    remove_ddns_domain "$AKAUNTING_DOMAIN_NAME"
 }
 
 function install_akaunting {
@@ -303,7 +304,7 @@ function install_akaunting {
         ONION_ONLY='no'
     fi
 
-    if [ ! $AKAUNTING_DOMAIN_NAME ]; then
+    if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then
         echo $'No domain name was given for akaunting'
         exit 89353
     fi
@@ -317,142 +318,142 @@ function install_akaunting {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
-        mkdir /var/www/$AKAUNTING_DOMAIN_NAME
+    if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$AKAUNTING_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
         if [ -d /repos/akaunting ]; then
-            mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-            cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-            cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+            cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735
             git pull
         else
             function_check git_clone
-            git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+            git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone akaunting repo'
             exit 2589389
         fi
     fi
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-    git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527
+    git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT"
     set_completion_param "akaunting commit" "$AKAUNTING_COMMIT"
 
-    chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524
     install_composer
 
     function_check akaunting_create_database
     akaunting_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $AKAUNTING_DOMAIN_NAME
+    add_ddns_domain "$AKAUNTING_DOMAIN_NAME"
 
     AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT})
 
     akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $akaunting_nginx_site
-        echo '  listen 443 ssl;' >> $akaunting_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $akaunting_nginx_site
-        echo "  server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
+        nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $AKAUNTING_DOMAIN_NAME;";
+          echo ''; } >> "$akaunting_nginx_site"
         function_check nginx_compress
-        nginx_compress $AKAUNTING_DOMAIN_NAME
-        echo '' >> $akaunting_nginx_site
-        echo '  # Security' >> $akaunting_nginx_site
+        nginx_compress "$AKAUNTING_DOMAIN_NAME"
+        echo '' >> "$akaunting_nginx_site"
+        echo '  # Security' >> "$akaunting_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $AKAUNTING_DOMAIN_NAME
+        nginx_ssl "$AKAUNTING_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
-
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  access_log /dev/null;' >> $akaunting_nginx_site
-        echo '  error_log /dev/null;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  index index.php;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location ~ \.php {' >> $akaunting_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location / {' >> $akaunting_nginx_site
+        nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  location / {'; } >> "$akaunting_nginx_site"
         function_check nginx_limits
-        nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location @akaunting {' >> $akaunting_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $akaunting_nginx_site
-        echo '    deny all;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '}' >> $akaunting_nginx_site
+        nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @akaunting;";
+          echo '  }';
+          echo '';
+          echo '  location @akaunting {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$akaunting_nginx_site"
     else
-        echo -n '' > $akaunting_nginx_site
+        echo -n '' > "$akaunting_nginx_site"
     fi
-    echo 'server {' >> $akaunting_nginx_site
-    echo "    listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site
-    echo "    server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    function_check nginx_compress
-    nginx_compress $AKAUNTING_DOMAIN_NAME
-    echo '' >> $akaunting_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;";
+      echo "    server_name $AKAUNTING_ONION_HOSTNAME;";
+      echo ''; } >> "$akaunting_nginx_site"
+      function_check nginx_compress
+    nginx_compress "$AKAUNTING_DOMAIN_NAME"
+    echo '' >> "$akaunting_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
-    echo '' >> $akaunting_nginx_site
-    echo '  access_log /dev/null;' >> $akaunting_nginx_site
-    echo '  error_log /dev/null;' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  index index.php;' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location ~ \.php {' >> $akaunting_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location / {' >> $akaunting_nginx_site
+    nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
+    { echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {'; } >> "$akaunting_nginx_site"
     function_check nginx_limits
-    nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location @akaunting {' >> $akaunting_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $akaunting_nginx_site
-    echo '    deny all;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '}' >> $akaunting_nginx_site
+    nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @akaunting;";
+      echo '  }';
+      echo '';
+      echo '  location @akaunting {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$akaunting_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes'
+    create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $AKAUNTING_DOMAIN_NAME
+    nginx_ensite "$AKAUNTING_DOMAIN_NAME"
 
     akaunting_remove_bad_links
 
@@ -460,7 +461,7 @@ function install_akaunting {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
 
     set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME"
 

src/freedombone-app-batman

@@ -90,8 +90,7 @@ function restore_remote_batman {
 }
 
 function remove_batman {
-    ${PROJECT_NAME}-mesh-install -f batman --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then
         echo $'Failed to remove batman'
         exit 79353
     fi
@@ -100,45 +99,46 @@ function remove_batman {
 }
 
 function mesh_install_batman {
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
     chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
     chroot "$rootdir" apt-get -yq install wireless-tools rfkill
 
-    if ! grep -q "batman_adv" $rootdir/etc/modules; then
-        echo 'batman_adv' >> $rootdir/etc/modules
+    if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
+        echo 'batman_adv' >> "$rootdir/etc/modules"
     fi
 
     BATMAN_SCRIPT=$rootdir/var/lib/batman
 
-    if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-        cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then
+        cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
     else
-        cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+        cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     chroot "$rootdir" systemctl enable batman
 }
 
 function install_batman {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_batman
         return
     fi
@@ -146,8 +146,7 @@ function install_batman {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f batman
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f batman; then
         echo $'Failed to install batman'
         exit 72524
     fi

src/freedombone-app-bdsmail

@@ -49,29 +49,29 @@ function bdsmail_configure_users {
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
 
             # Add the user to the i2p group
-            usermod -a -G i2psvc $USERNAME
+            usermod -a -G i2psvc "$USERNAME"
 
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 # Create a mutt i2p folder
-                if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then
-                    MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc)
-                    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc
+                if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
+                    MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc")
+                    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc"
                 fi
 
                 # Create a mutt folder hook to the i2p config
-                if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
-                    echo 'folder-hook !i2p/*     source ~/.muttrc' >> /home/$USERNAME/.muttrc
+                if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
+                    echo 'folder-hook !i2p/*     source ~/.muttrc' >> "/home/$USERNAME/.muttrc"
                 fi
-                if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
-                    echo 'folder-hook i2p/*     source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc
+                if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
+                    echo 'folder-hook i2p/*     source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc"
                 fi
             fi
 
             # Create a directory where i2p mail will be stored
-            if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then
-                mkdir -p /home/$USERNAME/Maildir/i2p/cur
-                mkdir -p /home/$USERNAME/Maildir/i2p/new
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p
+            if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then
+                mkdir -p "/home/$USERNAME/Maildir/i2p/cur"
+                mkdir -p "/home/$USERNAME/Maildir/i2p/new"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p"
             fi
         fi
     done
@@ -93,18 +93,18 @@ function add_user_bdsmail {
     new_username="$1"
     new_user_password="$2"
 
-    if [ ! -d /home/$new_username/.mutt ]; then
-        mkdir /home/$new_username/.mutt
-        cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt
+    if [ ! -d "/home/$new_username/.mutt" ]; then
+        mkdir "/home/$new_username/.mutt"
+        cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt"
     fi
     read_config_param MY_USERNAME
-    BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail)
-    sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail
-    sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail
+    BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail)
+    sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail"
+    sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail"
     bdsmail_configure_users
-    cd $BDSMAIL_DIR
-    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD"
-    chown -R $new_username:$new_username /home/$new_username/.mutt
+    cd $BDSMAIL_DIR || exit 57247684234
+    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD"
+    chown -R "$new_username":"$new_username" "/home/$new_username/.mutt"
     echo '0'
 }
 
@@ -117,16 +117,16 @@ function change_password_bdsmail {
     curr_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password"
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail
-            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
-            chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
+            sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
+            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
+            chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
             cd $BDSMAIL_DIR
-            $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password"
+            $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
         fi
     done
 }
@@ -136,9 +136,9 @@ function bdsmail_update_domain {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail
-            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
-            chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
+            cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail"
+            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
+            chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
         fi
     done
 }
@@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation {
         sleep 30
         bds_domain=$(bdsmail_domain)
         sleep_ctr=$((sleep_ctr + 1))
-        if [ $sleep_ctr -gt 100 ]; then
+        if [ "$sleep_ctr" -gt 100 ]; then
             break
         fi
     done
@@ -178,9 +178,9 @@ function upgrade_bdsmail {
     fi
 
     # update to the next commit
-    set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO
-    cd $BDSMAIL_DIR
-    make GOROOT=/home/go/go${GO_VERSION}
+    set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO"
+    cd $BDSMAIL_DIR || exit 2457245
+    make GOROOT="/home/go/go${GO_VERSION}"
     chown -R i2psvc:i2psvc $BDSMAIL_DIR
     systemctl restart bdsmail
 
@@ -210,7 +210,7 @@ function restore_local_bdsmail {
     function_check restore_directory_from_usb
     restore_directory_from_usb $temp_restore_dir bdsmail
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
+        if [ -d $temp_restore_dir$bdsmail_dir ]; then
             cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
         else
             if [ ! -d $bdsmail_dir ]; then
@@ -246,7 +246,7 @@ function restore_remote_bdsmail {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir bdsmail
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
+        if [ -d $temp_restore_dir$bdsmail_dir ]; then
             cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
         else
             if [ ! -d $bdsmail_dir ]; then
@@ -272,33 +272,33 @@ function remove_bdsmail {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # remove the user from the i2p group
-            deluser $USERNAME i2psvc
+            deluser "$USERNAME" i2psvc
 
             # Remove mutt folder hook to the i2p config
-            if [ -f /home/$USERNAME/.muttrc ]; then
-                if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
-                    sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
+                if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
+                    sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc"
                 fi
-                if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
-                    sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc
+                if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
+                    sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc"
                 fi
             fi
 
             # Remove folder
-            if grep -q ' =i2p' /home/$USERNAME/.muttrc; then
-                sed -i 's| =i2p||g' /home/$USERNAME/.muttrc
+            if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
+                sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc"
             fi
 
             # NOTE: leave Maildir/i2p/cur. We might want to archive that
             # or just be reinstalling the system without losing mail
-            rm -rf /home/$USERNAME/Maildir/i2p/new
+            rm -rf "/home/$USERNAME/Maildir/i2p/new"
         fi
     done
 
     remove_i2p
     remove_app bdsmail
     remove_completion_param install_bdsmail
-    sed -i '/bdsmail/d' $COMPLETION_FILE
+    sed -i '/bdsmail/d' "$COMPLETION_FILE"
     rm -rf /etc/skel/.mutt
     if [ -d $BDSMAIL_DIR ]; then
         rm -rf $BDSMAIL_DIR
@@ -322,7 +322,7 @@ function install_bdsmail {
         cd $BDSMAIL_DIR
         git pull
     else
-        git_clone $BDSMAIL_REPO $BDSMAIL_DIR
+        git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
     fi
 
     if [ ! -d $BDSMAIL_DIR ]; then
@@ -331,13 +331,13 @@ function install_bdsmail {
     fi
 
     cd $BDSMAIL_DIR
-    git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT
+    git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
     set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
 
     mkdir -p $BDSMAIL_DIR/Maildir/i2p
     chmod -R 700 $BDSMAIL_DIR/Maildir
 
-    make GOROOT=/home/go/go${GO_VERSION}
+    make GOROOT="/home/go/go${GO_VERSION}"
     if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then
         echo $'Unable to make bdsmail'
         exit 87923567842
@@ -347,72 +347,72 @@ function install_bdsmail {
     i2p_enable_sam
 
     # create configuration file
-    $BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
-    echo '[maild]' > $BDSMAIL_DIR/config.ini
-    echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini
-    echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini
-    echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini
-    echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini
-    echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini
-    echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini
-    echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini
-    echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini
-    echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini
-
-    echo '[Unit]' > /etc/systemd/system/bdsmail.service
-    echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service
-    echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service
-    echo 'After=network.target' >> /etc/systemd/system/bdsmail.service
-    echo '' >> /etc/systemd/system/bdsmail.service
-    echo '[Service]' >> /etc/systemd/system/bdsmail.service
-    echo 'Type=simple' >> /etc/systemd/system/bdsmail.service
-    echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service
-    echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service
-    echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service
-    echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service
-    echo 'Restart=always' >> /etc/systemd/system/bdsmail.service
-    echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service
-    echo '' >> /etc/systemd/system/bdsmail.service
-    echo '[Install]' >> /etc/systemd/system/bdsmail.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service
-
-    echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address
-    echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address
-    echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address
-    echo "    print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address
+    #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
+    { echo '[maild]':
+      echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT";
+      echo 'i2pkeyfile = bdsmail-privkey.dat';
+      echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT";
+      echo "bindweb = 127.0.0.1:$I2P_WEB_PORT";
+      echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT";
+      echo 'domain = localhost';
+      echo 'maildir = Maildir/i2p';
+      echo 'database = localhost.sqlite';
+      echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini
+
+    { echo '[Unit]';
+      echo 'Description=bdsmail';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=i2psvc';
+      echo 'Group=i2psvc';
+      echo "WorkingDirectory=$BDSMAIL_DIR";
+      echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini";
+      echo 'Restart=always';
+      echo 'Environment="USER=i2psvc"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service
+
+    { echo '#!/usr/bin/env python2';
+      echo 'import base64, hashlib, sys';
+      echo 'with open(sys.argv[1]) as f:';
+      echo "    print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address
     chmod +x $BDSMAIL_DIR/get_address
 
     chown -R i2psvc:i2psvc $BDSMAIL_DIR
     systemctl enable bdsmail
     systemctl start bdsmail
 
-    echo '#!/bin/bash' > /usr/bin/bdsmail_distribute
-    echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute
-    echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute
-    echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute
-    echo '    exit 0' >> /usr/bin/bdsmail_distribute
-    echo 'fi' >> /usr/bin/bdsmail_distribute
-    echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute
-    echo '    to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute
-    echo "    to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute
-    echo '    if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute
-    echo '        chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute
-    echo '        chmod 600 $filename' >> /usr/bin/bdsmail_distribute
-    echo '        mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute
-    echo '    fi' >> /usr/bin/bdsmail_distribute
-    echo 'done' >> /usr/bin/bdsmail_distribute
+    { echo '#!/bin/bash';
+      echo "BDSMAIL_DIR=$BDSMAIL_DIR";
+      echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')";
+      echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo "for filename in \$MAIL_DIR/postmaster/new/*; do";
+      echo "    to_line=\$(cat \$filename | grep \"To: \" | head -n 1)";
+      echo "    to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')";
+      echo "    if [ -d /home/\$to_username/Maildir/i2p/new ]; then";
+      echo "        chown \$to_username:\$to_username \$filename";
+      echo "        chmod 600 \$filename";
+      echo "        mv \$filename /home/\$to_username/Maildir/i2p/new";
+      echo '    fi';
+      echo 'done'; } > /usr/bin/bdsmail_distribute
     chmod +x /usr/bin/bdsmail_distribute
 
     if ! grep -q 'bdsmail_distribute' /etc/crontab; then
         cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null'
     fi
 
-    echo '#!/bin/bash' > /usr/bin/bdsmail_domain
-    echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain
-    echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain
-    echo '    exit 1' >> /usr/bin/bdsmail_domain
-    echo 'fi' >> /usr/bin/bdsmail_domain
-    echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain
+    { echo '#!/bin/bash';
+      echo "cd $BDSMAIL_DIR";
+      echo 'if [ ! -f bdsmail-privkey.dat ]; then';
+      echo '    exit 1';
+      echo 'fi';
+      echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain
     chmod +x /usr/bin/bdsmail_domain
 
     echo ''
@@ -422,7 +422,7 @@ function install_bdsmail {
 
     bdsmail_wait_for_key_generation
 
-    if [ ! $bds_domain ]; then
+    if [ ! "$bds_domain" ]; then
         systemctl stop bdsmail
         systemctl disable bdsmail
         remove_i2p
@@ -430,38 +430,38 @@ function install_bdsmail {
         exit 8934638
     fi
 
-    BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD"
-    cd $BDSMAIL_DIR
+    BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD"
+    cd $BDSMAIL_DIR || exit 2346872427
     $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD"
 
     # Create mutt configuration
     if [ ! -d /etc/skel/.mutt ]; then
         mkdir /etc/skel/.mutt
     fi
-    echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail
-    echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail
-    echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail
-    echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail
-    echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail
+    { echo 'set mbox_type=Maildir';
+      echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/";
+      echo 'set use_from=yes';
+      echo "set from=username@${bds_domain}";
+      echo "set spoolfile=~/Maildir/i2p";
+      echo 'set pgp_autoencrypt=no';
+      echo 'set pgp_replyencrypt=no';
+      echo 'set pgp_autosign=no';
+      echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail
 
     # mutt configuration for the admin user
-    if [ ! -d /home/$MY_USERNAME/.mutt ]; then
-        mkdir /home/$MY_USERNAME/.mutt
+    if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
+        mkdir "/home/$MY_USERNAME/.mutt"
     fi
-    cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt
-    sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail
-    sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
+    cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt"
+    sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail"
+    sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
 
     bdsmail_configure_users
 
-    cd $BDSMAIL_DIR
-    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD"
+    cd $BDSMAIL_DIR || exit 2457245
+    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD"
 
     APP_INSTALLED=1
 }

src/freedombone-app-cryptpad

@@ -101,7 +101,7 @@ function upgrade_cryptpad {
     function_check set_repo_commit
     set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 254724
     cryptpad_create_config
     npm upgrade
     npm install
@@ -156,7 +156,7 @@ function restore_local_cryptpad {
 }
 
 function backup_remote_cryptpad {
-    if grep -q "cryptpad domain" $COMPLETION_FILE; then
+    if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
         temp_backup_dir=$CRYPTPAD_DIR/datastore
         if [ -d $temp_backup_dir ]; then
             systemctl stop cryptpad
@@ -226,7 +226,7 @@ function remove_cryptpad {
     remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
     remove_app cryptpad
     remove_completion_param install_cryptpad
-    sed -i '/cryptpad/d' $COMPLETION_FILE
+    sed -i '/cryptpad/d' "$COMPLETION_FILE"
 
     userdel -r cryptpad
 }
@@ -236,123 +236,123 @@ function cryptpad_create_config {
 
     cryptpad_prefix=
     if [[ "$cryptpad_install_type" == "mesh" ]]; then
-        cryptpad_prefix=$rootdir
+        # shellcheck disable=SC2154
+        cryptpad_prefix="$rootdir"
     fi
 
-    echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '  globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+    { echo '/*@flow*/';
+      echo '/*';
+      echo '  globals module';
+      echo '*/';
+      echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
+      echo 'module.exports = {';
+      echo "        httpAddress: '::',";
+      echo '        httpHeaders: {';
+      echo '                "X-XSS-Protection": "1; mode=block",';
+      echo '                "X-Content-Type-Options": "nosniff",';
+      echo '                "Access-Control-Allow-Origin": "*"';
+      echo '        },';
+      echo '';
+      echo '        contentSecurity: [';
+      echo "                \"default-src 'none'\",";
+      echo "                \"style-src 'unsafe-inline' 'self' \" + domain,";
+      echo "                \"script-src 'self'\" + domain,";
+      echo "                \"font-src 'self' data:\" + domain,";
+      echo '';
+      echo '                "child-src blob: *",';
+    echo '                "frame-src blob: *",';
+    echo '                "media-src * blob:",';
+    echo '';
+    echo "                \"connect-src 'self' ws: wss: blob:\" + domain,";
+    echo '';
+    echo "                \"img-src 'self' data: blob:\" + domain,";
+    echo '';
+    echo '                "frame-ancestors *",';
+    echo "        ].join('; '),";
+    echo '';
+    echo '        padContentSecurity: [';
+    echo "                \"default-src 'none'\",";
+    echo "                \"style-src 'unsafe-inline' 'self'\" + domain,";
+    echo "                \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
+    echo "                \"font-src 'self'\" + domain,";
+    echo '';
+    echo '                "child-src *",';
+    echo '                "frame-src *",';
+    echo '';
+    echo "                \"connect-src 'self' ws: wss:\" + domain,";
+    echo '';
+    echo '                "img-src * blob:",';
+    echo "        ].join('; '),";
+    echo '';
+    echo "        httpPort: ${CRYPTPAD_PORT},";
+    echo '';
+    echo '        // This is for allowing the cross-domain iframe to function when developing';
+    echo "        httpSafePort: ${CRYPTPAD_PORT2},";
+    echo '';
+    echo "        websocketPath: '/cryptpad_websocket',";
+    echo '';
+    echo '        logToStdout: false,';
+    echo '';
+    echo '        verbose: false,';
+    echo '';
+    echo '        mainPages: [';
+    echo "                'index'";
+    echo '        ],';
+    echo '';
+    echo '        removeDonateButton: true,';
+    echo '        allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     if [[ "$cryptpad_install_type" == "mesh" ]]; then
-        echo "        myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        echo "        myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     else
         CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
-        echo "        myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        echo "        myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     fi
-    echo '        defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "       filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+    { echo '        defaultStorageLimit: 50 * 1024 * 1024,';
+      echo '';
+      echo '        customLimits: {';
+      echo '        },';
+      echo '';
+      echo '        adminEmail: false,';
+      echo '';
+      echo "        storage: './storage/file',";
+      echo '';
+      echo "       filePath: './datastore/',";
+      echo "        pinPath: './pins',";
+      echo "        blobPath: './blob',";
+      echo "        blobStagingPath: './blobstage',";
+      echo '        channelExpirationMs: 30000,';
+      echo '        openFileLimit: 1024,';
+      echo "        rpc: './rpc.js',";
+      echo '        suppressRPCErrors: false,';
+      echo '        enableUploads: true,';
+      echo '        //restrictUploads: false,';
+      echo '        maxUploadSize: 20 * 1024 * 1024,';
+      echo '        //logFeedback: true,';
+      echo '        //logRPC: true,';
+      echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
 
     if [[ "$cryptpad_install_type" != "mesh" ]]; then
-        chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     else
         chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
     fi
 }
 
 function mesh_install_cryptpad {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
 
-    if [ ! -d $rootdir/var/www/cryptpad ]; then
-        mkdir $rootdir/var/www/cryptpad
+    if [ ! -d "$rootdir/var/www/cryptpad" ]; then
+        mkdir "$rootdir/var/www/cryptpad"
     fi
-    if [ -d $rootdir$CRYPTPAD_DIR ]; then
-        rm -rf $rootdir$CRYPTPAD_DIR
+    if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
+        rm -rf "$rootdir$CRYPTPAD_DIR"
     fi
 
-    git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR
+    git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
 
-    if [ ! -d $rootdir$CRYPTPAD_DIR ]; then
+    if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
         echo $'Unable to clone cryptpad repo'
         exit 783251
     fi
@@ -360,94 +360,94 @@ function mesh_install_cryptpad {
     # an unprivileged user to run as
     chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
 
-    cd $rootdir$CRYPTPAD_DIR
-    git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
+    cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
+    git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
 
     chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
-    echo 'server {' > $cryptpad_nginx_site
-    echo "  listen 80 default_server;" >> $cryptpad_nginx_site
-    echo "  server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Logs' >> $cryptpad_nginx_site
-    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
-    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Root' >> $cryptpad_nginx_site
-    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  index index.html;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
-    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
-    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
-    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
-    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-
-    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
-    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
-    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location = /api/config {' >> $cryptpad_nginx_site
-    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
-    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
-    echo '}' >> $cryptpad_nginx_site
-
-    cd $rootdir$CRYPTPAD_DIR
+    { echo 'server {';
+      echo "  listen 80 default_server;";
+      echo "  server_name P${PEER_ID}.local;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root $CRYPTPAD_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '';
+      echo "  if (\$uri = /pad/inner.html) {";
+      echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
+      echo '  }';
+      echo '';
+      echo '  location = /cryptpad_websocket {';
+      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # WebSocket support (nginx 1.4)';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '';
+
+      echo '  location ^~ /customize.dist/ {';
+      echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root';
+      echo '  }';
+      echo '  location ^~ /customize/ {';
+      echo "    rewrite ^/customize/(.*)\$ \$1 break;";
+      echo "    try_files /customize/\$uri /customize.dist/\$uri;";
+      echo '  }';
+      echo '  location = /api/config {';
+      echo '    default_type text/javascript;';
+      echo '    rewrite ^.*$ /customize/api/config break;';
+      echo '  }';
+      echo '';
+      echo '  location ^~ /blob/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /register/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /login/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /about.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /contact.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /what-is-cryptpad.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
+      echo "    rewrite ^(.*)\$ \$1/ redirect;";
+      echo '  }';
+      echo '';
+      echo "  try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
+      echo '}'; } > "$cryptpad_nginx_site"
+
+    cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
 
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_cryptpad
+    cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
 #!/bin/bash
 cd $CRYPTPAD_DIR
 npm install --arch=$NPM_ARCH --build-from-source
@@ -456,37 +456,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 su -c 'bower install' - cryptpad
 cp config.example.js config.js
 EOF
-    chmod +x $rootdir/usr/bin/install_cryptpad
+    chmod +x "$rootdir/usr/bin/install_cryptpad"
     chroot "$rootdir" /usr/bin/install_cryptpad
 
-    if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then
+    if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
         echo $'Cryptpad config file not found'
         exit 628252
     fi
 
-    rm $rootdir/usr/bin/install_cryptpad
+    rm "$rootdir/usr/bin/install_cryptpad"
 
     cryptpad_create_config mesh
 
     chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service
-    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service
+    { echo '[Unit]';
+      echo 'Description=Cryptpad';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=cryptpad';
+      echo 'Group=cryptpad';
+      echo "WorkingDirectory=$CRYPTPAD_DIR";
+      echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
+      echo 'Environment=PATH=/usr/bin:/usr/local/bin';
+      echo 'Environment=NODE_ENV=production';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
     chroot "$rootdir" systemctl enable cryptpad.service
 }
 
@@ -505,7 +505,7 @@ function install_cryptpad_main {
     if [ -d /repos/cryptpad ]; then
         mkdir $CRYPTPAD_DIR
         cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
-        cd $CRYPTPAD_DIR
+        cd $CRYPTPAD_DIR || exit 3468356385
         git pull
     else
         function_check git_clone
@@ -520,7 +520,7 @@ function install_cryptpad_main {
     # an unprivileged user to run as
     useradd -d $CRYPTPAD_DIR/ cryptpad
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 34683655
     git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
     set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
 
@@ -529,87 +529,87 @@ function install_cryptpad_main {
     CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
 
     cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
-    echo 'server {' > $cryptpad_nginx_site
-    echo "  listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site
-    echo "  server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Logs' >> $cryptpad_nginx_site
-    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
-    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Root' >> $cryptpad_nginx_site
-    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  index index.html;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($args ~ ver=) {' >> $cryptpad_nginx_site
-    echo '      set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
-    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
-    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
-    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
-    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-
-    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
-    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
-    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location = /api/config {' >> $cryptpad_nginx_site
-    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
-    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
-    echo '}' >> $cryptpad_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
+      echo "  server_name $CRYPTPAD_ONION_HOSTNAME;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root $CRYPTPAD_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo "  if (\$args ~ ver=) {";
+      echo "      set \$cacheControl max-age=31536000;";
+      echo '  }';
+      echo "  add_header Cache-Control \$cacheControl;";
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '';
+      echo "  if (\$uri = /pad/inner.html) {";
+      echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
+      echo '  }';
+      echo '';
+      echo '  location = /cryptpad_websocket {';
+      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # WebSocket support (nginx 1.4)';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '';
+
+      echo '  location ^~ /customize.dist/ {';
+      echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root';
+      echo '  }';
+      echo '  location ^~ /customize/ {';
+      echo "    rewrite ^/customize/(.*)\$ \$1 break;";
+      echo "    try_files /customize/\$uri /customize.dist/\$uri;";
+      echo '  }';
+      echo '  location = /api/config {';
+      echo '    default_type text/javascript;';
+      echo '    rewrite ^.*$ /customize/api/config break;';
+      echo '  }';
+      echo '';
+      echo '  location ^~ /blob/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /register/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /login/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /about.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /contact.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /what-is-cryptpad.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
+      echo "    rewrite ^(.*)\$ \$1/ redirect;";
+      echo '  }';
+      echo '';
+      echo "  try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
+      echo '}'; } > $cryptpad_nginx_site
 
     function_check nginx_ensite
     nginx_ensite cryptpad
@@ -623,7 +623,7 @@ function install_cryptpad {
 
     install_cryptpad_main
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 35483548
 
     npm install
     npm install -g bower@1.8.0
@@ -639,22 +639,22 @@ function install_cryptpad {
     chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/cryptpad.service
-    echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service
-    echo 'After=network.target' >> /etc/systemd/system/cryptpad.service
-    echo '' >> /etc/systemd/system/cryptpad.service
-    echo '[Service]' >> /etc/systemd/system/cryptpad.service
-    echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service
-    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service
-    echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service
-    echo '' >> /etc/systemd/system/cryptpad.service
-    echo '[Install]' >> /etc/systemd/system/cryptpad.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service
+    { echo '[Unit]';
+      echo 'Description=Cryptpad';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=cryptpad';
+      echo 'Group=cryptpad';
+      echo "WorkingDirectory=$CRYPTPAD_DIR";
+      echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
+      echo 'Environment=PATH=/usr/bin:/usr/local/bin';
+      echo 'Environment=NODE_ENV=production';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
     systemctl enable cryptpad.service
     systemctl daemon-reload
     systemctl start cryptpad.service
@@ -664,7 +664,7 @@ function install_cryptpad {
     cryptpad_generate_api_config
 
     # install again
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 73537453
     su -c 'bower install' - cryptpad
 
     systemctl restart nginx

src/freedombone-app-dlna

@@ -49,24 +49,27 @@ function logging_off_dlna {
 function configure_interactive_dlna {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Media Menu" \
                --radiolist $"Choose an operation:" 13 70 3 \
                1 $"Attach a drive containing playable media" off \
                2 $"Remove a drive containing playable media" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
         case $(cat $data) in
             1) attach-music;;
             2) remove-music;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -95,19 +98,19 @@ function configure_firewall_for_dlna {
     firewall_add DLNA 1900 udp
     firewall_add DLNA 8200 tcp
 
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/dlna.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/dlna.service
-    echo '<service-group>' >> /etc/avahi/services/dlna.service
-    echo '  <name replace-wildcards="yes">%h DLNA</name>' >> /etc/avahi/services/dlna.service
-    echo '  <service>' >> /etc/avahi/services/dlna.service
-    echo '    <type>_dlna._tcp</type>' >> /etc/avahi/services/dlna.service
-    echo "    <port>8200</port>" >> /etc/avahi/services/dlna.service
-    echo '  </service>' >> /etc/avahi/services/dlna.service
-    echo '  <service>' >> /etc/avahi/services/dlna.service
-    echo '    <type>_dlna._udp</type>' >> /etc/avahi/services/dlna.service
-    echo "    <port>1900</port>" >> /etc/avahi/services/dlna.service
-    echo '  </service>' >> /etc/avahi/services/dlna.service
-    echo '</service-group>' >> /etc/avahi/services/dlna.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h DLNA</name>';
+      echo '  <service>';
+      echo '    <type>_dlna._tcp</type>';
+      echo "    <port>8200</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_dlna._udp</type>';
+      echo "    <port>1900</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/dlna.service
 
     systemctl restart avahi-daemon
 
@@ -125,7 +128,7 @@ function backup_local_dlna {
 
 function restore_local_dlna {
     if [ -d /var/cache/minidlna ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then
             echo $"Restoring DLNA cache"
             temp_restore_dir=/root/tempdlna
             function_check restore_directory_from_usb
@@ -135,6 +138,7 @@ function restore_local_dlna {
             else
                 cp -r $temp_restore_dir/* /var/cache/minidlna/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -156,7 +160,7 @@ function backup_remote_dlna {
 
 function restore_remote_dlna {
     if [ -d /var/cache/minidlna ]; then
-        if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then
             temp_restore_dir=/root/tempdlna
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir dlna
@@ -165,6 +169,7 @@ function restore_remote_dlna {
             else
                 cp -r $temp_restore_dir/* /var/cache/minidlna/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 982
             fi
@@ -201,7 +206,7 @@ function install_dlna_main {
         exit 55
     fi
 
-    if [ ! $USB_MOUNT_DLNA ]; then
+    if [ ! "$USB_MOUNT_DLNA" ]; then
         USB_MOUNT_DLNA=/mnt/dlna
     fi
     if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then
@@ -242,7 +247,7 @@ function install_dlna_main {
     systemctl reload minidlna
 
     sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
-    if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+    if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then
         echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
     fi
     /sbin/sysctl -p -q
@@ -256,37 +261,37 @@ function script_for_attaching_usb_drive {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    echo '#!/bin/bash' > /usr/bin/attach-music
-    echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music
-    echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music
-    echo 'do' >> /usr/bin/attach-music
-    echo '    source $f' >> /usr/bin/attach-music
-    echo 'done' >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music
-    echo 'detect_usb_drive' >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'remove-music' >> /usr/bin/attach-music
-    echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music
-    echo "    mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo 'fi' >> /usr/bin/attach-music
-    echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music
-    echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music
-    echo 'systemctl restart minidlna' >> /usr/bin/attach-music
-    echo 'minidlnad -R' >> /usr/bin/attach-music
-    echo 'exit 0' >> /usr/bin/attach-music
+    { echo '#!/bin/bash';
+      echo "source /usr/local/bin/${PROJECT_NAME}-vars";
+      echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*";
+      echo '';
+      echo "for f in \$UTILS_FILES";
+      echo 'do';
+      echo "    source \$f";
+      echo 'done';
+      echo '';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'detect_usb_drive';
+      echo '';
+      echo 'remove-music';
+      echo "if [ ! -d $USB_MOUNT_DLNA ]; then";
+      echo "    mkdir $USB_MOUNT_DLNA";
+      echo 'fi';
+      echo -n "mount \$USB_DRIVE ";
+      echo "$USB_MOUNT_DLNA";
+      echo "chown root:root $USB_MOUNT_DLNA";
+      echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*";
+      echo 'systemctl restart minidlna';
+      echo 'minidlnad -R';
+      echo 'exit 0'; } > /usr/bin/attach-music
     chmod +x /usr/bin/attach-music
 
-    echo '#!/bin/bash' > /usr/bin/remove-music
-    echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music
-    echo "  umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music
-    echo "  rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music
-    echo 'fi' >> /usr/bin/remove-music
-    echo 'exit 0' >> /usr/bin/remove-music
+    { echo '#!/bin/bash';
+      echo "if [ -d $USB_MOUNT_DLNA ]; then";
+      echo "  umount $USB_MOUNT_DLNA";
+      echo "  rm -rf $USB_MOUNT_DLNA";
+      echo 'fi';
+      echo 'exit 0'; } > /usr/bin/remove-music
     chmod +x /usr/bin/remove-music
 
     mark_completed "${FUNCNAME[0]}"

src/freedombone-app-dokuwiki

@@ -75,18 +75,18 @@ function change_password_dokuwiki {
     new_user_password="$2"
 
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-    if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
+    if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
         HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-        existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
+        existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
         if [[ "$existing_user" == *":admin,"* ]]; then
             sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         else
             sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         fi
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+        "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password"
     fi
 }
 
@@ -96,21 +96,21 @@ function add_user_dokuwiki {
 
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
+    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password"
 }
 
 function remove_user_dokuwiki {
     remove_username="$1"
 
     read_config_param "DOKUWIKI_DOMAIN_NAME"
-    if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
-        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
+    if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
+        sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+        sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki
     fi
 }
 
@@ -120,7 +120,7 @@ function reconfigure_dokuwiki {
 
 function upgrade_dokuwiki {
     function_check set_repo_commit
-    set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
+    set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
 }
 
 function backup_local_dokuwiki {
@@ -129,18 +129,18 @@ function backup_local_dokuwiki {
     function_check backup_directory_to_usb
 
     # backup the data
-    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+    if [ -d "$source_directory" ]; then
         dest_directory=dokuwikidat
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 
     # backup the users
-    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl"
+    if [ -d "$source_directory" ]; then
         dest_directory=dokuwikiacl
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        backup_directory_to_usb $source_directory $dest_directory
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 }
 
@@ -153,11 +153,12 @@ function restore_local_dokuwiki {
     temp_restore_dir=/root/tempdokuwikidat
     function_check restore_directory_from_usb
     restore_directory_from_usb ${temp_restore_dir} dokuwikidat
-    if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then
-        cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then
+        cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
     else
-        cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+        cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         function_check restore_directory_from_usb
         set_user_permissions
@@ -172,13 +173,14 @@ function restore_local_dokuwiki {
     temp_restore_dir=/root/tempdokuwikiacl
     function_check restore_directory_from_usb
     restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
-    if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then
-        cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+    if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then
+        cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
     else
-        cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+        cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         function_check restore_directory_from_usb
         set_user_permissions
@@ -189,21 +191,21 @@ function restore_local_dokuwiki {
     fi
     rm -rf ${temp_restore_dir}
 
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
     echo $"Restore of Dokuwiki complete"
 }
 
 function backup_remote_dokuwiki {
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
+    if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then
         echo $"Backing up dokuwiki"
-        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
+        backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl
     fi
 }
 
@@ -212,15 +214,16 @@ function restore_remote_dokuwiki {
     function_check get_completion_param
     function_check restore_directory_from_friend
 
-    if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then
         echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
         temp_restore_dir=/root/tempdokuwikidat
         restore_directory_from_friend $temp_restore_dir dokuwikidat
-        if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then
-            cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
+        if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then
+            cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
         else
-            cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
+            cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 92634
         fi
@@ -229,15 +232,16 @@ function restore_remote_dokuwiki {
         echo $"Restore of Dokuwiki data complete"
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then
         echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
         temp_restore_dir=/root/tempdokuwikiacl
         restore_directory_from_friend $temp_restore_dir dokuwikiacl
-        if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then
-            cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+        if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then
+            cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
         else
-            cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+            cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 735287
         fi
@@ -246,11 +250,11 @@ function restore_remote_dokuwiki {
         echo $"Restore of Dokuwiki users complete"
     fi
 
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
 }
 
 function remove_dokuwiki {
@@ -259,13 +263,13 @@ function remove_dokuwiki {
     fi
     function_check remove_onion_service
     remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}
-    nginx_dissite $DOKUWIKI_DOMAIN_NAME
-    remove_certs $DOKUWIKI_DOMAIN_NAME
-    if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_dissite "$DOKUWIKI_DOMAIN_NAME"
+    remove_certs "$DOKUWIKI_DOMAIN_NAME"
+    if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
-        rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME"
     fi
     if [ -d /var/lib/dokuwiki ]; then
         rm -rf /var/lib/dokuwiki
@@ -278,14 +282,14 @@ function remove_dokuwiki {
     fi
     remove_completion_param "install_dokuwiki"
     remove_completion_param "dokuwiki domain"
-    sed -i '/dokuwiki/d' $COMPLETION_FILE
+    sed -i '/dokuwiki/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $DOKUWIKI_DOMAIN_NAME
+    remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
 }
 
 function install_dokuwiki {
-    if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
+    if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -293,25 +297,25 @@ function install_dokuwiki {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached memcached
 
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
-        mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME"
     fi
 
-    if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
-        cd /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then
+        cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824
 
         if [ -d /repos/dokuwiki ]; then
-            mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-            cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-            cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+            cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462
             git pull
         else
             function_check git_clone
-            git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
         fi
 
-        cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-        git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
+        cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832
+        git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT"
         set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
 
     fi
@@ -322,40 +326,40 @@ function install_dokuwiki {
         echo $'Removed Apache installation after Dokuwiki install'
     fi
 
-    echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
-
-    chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    { echo '<?php';
+      echo "\$conf['title'] = '${DOKUWIKI_TITLE}';";
+      echo "\$conf['lang'] = 'en';";
+      echo "\$conf['license'] = 'cc-by-sa';";
+      echo "\$conf['useacl'] = 1;";
+      echo "\$conf['superuser'] = '@admin';";
+      echo "\$conf['disableactions'] = 'register';"; } > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
+    ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php"
+
+    chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then
-            DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then
+            DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
 
-    if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'ogv     video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'ogv     video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
-    if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'mp4     video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'mp4     video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
-    if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'webm    video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'webm    video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
 
     DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@@ -363,178 +367,178 @@ function install_dokuwiki {
 
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $DOKUWIKI_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
+          echo "    server_name $DOKUWIKI_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $DOKUWIKI_DOMAIN_NAME
+        nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security "max-age=0;";';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $DOKUWIKI_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $DOKUWIKI_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    #deny access to store';
+          echo '    location ~ /store {';
+          echo '        deny all;';
+          echo '    }';
+          echo '    location ~ /(data|conf|bin|inc)/ {';
+          echo '      deny all;';
+          echo '    }';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     else
-        echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;";
+      echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
+      echo "    server_name $DOKUWIKI_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $DOKUWIKI_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $DOKUWIKI_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
 
     function_check create_site_certificate
-    create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes'
+    create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    nginx_ensite $DOKUWIKI_DOMAIN_NAME
+    nginx_ensite "$DOKUWIKI_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain
-    add_ddns_domain $DOKUWIKI_DOMAIN_NAME
+    add_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
 
     APP_INSTALLED=1
 }

src/freedombone-app-edith

@@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME
 function remove_bad_links_edith {
     read_config_param EDITH_DOMAIN_NAME
 
-    edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs
+    edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs"
 
     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then
-        cd $edith_dir
+        cd $edith_dir || exit 246824628
         wget https://code.jquery.com/jquery-${jquery_version}.js
         if [ -f $edith_dir/jquery-${jquery_version}.js ]; then
             jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
@@ -79,9 +79,9 @@ function change_password_edith {
     new_user_password="$2"
 
     sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd
-    echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username}
+    echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password"
 }
 
 function logging_on_edith {
@@ -102,21 +102,20 @@ function edith_enable_login {
     dialog --title $"Enable Edith login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60
     sel=$?
     case $sel in
-        0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
-               sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+        0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
+               sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith)
+           read_config_param "$MY_USERNAME"
+           EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith)
            dialog --title $"Enable Edith login" \
                   --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65
-           EDITH__PASSWORD=
            ;;
-        1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
-               sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+        1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
+               sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
                systemctl restart nginx
            fi
            dialog --title $"Disable Edith login" \
@@ -127,31 +126,34 @@ function edith_enable_login {
 
 function edith_browse {
     read_config_param EDITH_DOMAIN_NAME
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data
-    editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642
+    editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
 }
 
 function configure_interactive_edith {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Edith" \
                --radiolist $"Choose an operation:" 10 50 3 \
                1 $"Enable login" off \
                2 $"Browse notes" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) edith_enable_login;;
             2) edith_browse;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -165,24 +167,24 @@ function upgrade_edith {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO
+    set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO"
 
     remove_bad_links_edith
-    chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
 }
 
 function backup_local_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     function_check suspend_site
-    suspend_site ${EDITH_DOMAIN_NAME}
+    suspend_site "${EDITH_DOMAIN_NAME}"
 
-    source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check backup_directory_to_usb
     dest_directory=edith
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
@@ -192,12 +194,12 @@ function restore_local_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     temp_restore_dir=/root/tempedith
-    edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check restore_directory_from_usb
     restore_directory_from_usb $temp_restore_dir edith
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$edith_dir ]; then
+        if [ -d $temp_restore_dir$edith_dir ]; then
             cp -rp $temp_restore_dir$edith_dir $edith_dir/
         else
             if [ ! -d $edith_dir ]; then
@@ -215,13 +217,13 @@ function backup_remote_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     function_check suspend_site
-    suspend_site ${EDITH_DOMAIN_NAME}
+    suspend_site "${EDITH_DOMAIN_NAME}"
 
-    source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check backup_directory_to_friend
     dest_directory=edith
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
@@ -231,12 +233,12 @@ function restore_remote_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     temp_restore_dir=/root/tempedith
-    edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir edith
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$edith_dir ]; then
+        if [ -d $temp_restore_dir$edith_dir ]; then
             cp -rp $temp_restore_dir$edith_dir $edith_dir/
         else
             if [ ! -d $edith_dir ]; then
@@ -253,17 +255,17 @@ function restore_remote_edith {
 function remove_edith {
     nginx_dissite $EDITH_DOMAIN_NAME
 
-    if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
     fi
 
-    if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then
-        rm -rf /var/www/$EDITH_DOMAIN_NAME
+    if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$EDITH_DOMAIN_NAME"
     fi
 
     function_check remove_onion_service
     remove_onion_service edith ${EDITH_ONION_PORT}
-    sed -i '/edith/d' $COMPLETION_FILE
+    sed -i '/edith/d' "$COMPLETION_FILE"
 
     if [ -f /etc/nginx/.edithpasswd ]; then
         rm /etc/nginx/.edithpasswd
@@ -286,26 +288,26 @@ function install_edith {
     function_check install_nodejs
     install_nodejs edith
 
-    if [ ! ${EDITH_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${EDITH_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
-    if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
-        rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs
+    if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs"
     fi
 
     if [ -d /repos/edith ]; then
-        mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs
-        cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs
-        cd /var/www/$EDITH_DOMAIN_NAME/htdocs
+        mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+        cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462
         git pull
     else
         function_check git_clone
-        git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs
+        git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs"
     fi
 
     if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
@@ -313,102 +315,102 @@ function install_edith {
         exit 537593569
     fi
 
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs
-    git checkout $EDITH_COMMIT -b $EDITH_COMMIT
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248
+    git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT"
     set_completion_param "edith commit" "$EDITH_COMMIT"
 
-    if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then
-        mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then
+        mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
     fi
 
     EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT})
 
-    edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME
-    if [[ $ONION_ONLY == "no" ]]; then
+    edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $edith_nginx_site
-        echo '  listen 443 ssl;' >> $edith_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $edith_nginx_site
-        echo "  server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
+        nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $EDITH_DOMAIN_NAME;";
+          echo ''; } >> "$edith_nginx_site"
         function_check nginx_compress
-        nginx_compress $EDITH_DOMAIN_NAME
-        echo '' >> $edith_nginx_site
-        echo '  # Security' >> $edith_nginx_site
+        nginx_compress "$EDITH_DOMAIN_NAME"
+        echo '' >> "$edith_nginx_site"
+        echo '  # Security' >> "$edith_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $EDITH_DOMAIN_NAME
+        nginx_ssl "$EDITH_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $EDITH_DOMAIN_NAME
-
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  access_log /dev/null;' >> $edith_nginx_site
-        echo '  error_log /dev/null;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  index index.php;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  # PHP' >> $edith_nginx_site
-        echo '  location ~ \.php {' >> $edith_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $edith_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $edith_nginx_site
-        echo '  }' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  # Location' >> $edith_nginx_site
-        echo '  location / {' >> $edith_nginx_site
+        nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$edith_nginx_site"
         function_check nginx_limits
-        nginx_limits $EDITH_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
-        echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
-        echo '    auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
-        echo '  }' >> $edith_nginx_site
-        echo '}' >> $edith_nginx_site
+        nginx_limits "$EDITH_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+          echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";";
+          echo '    auth_basic_user_file /etc/nginx/.edithpasswd;';
+          echo '  }';
+          echo '}'; } >> "$edith_nginx_site"
     else
-        echo -n '' > $edith_nginx_site
+        echo -n '' > "$edith_nginx_site"
     fi
-    echo 'server {' >> $edith_nginx_site
-    echo "    listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site
-    echo "    server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$EDITH_ONION_PORT default_server;";
+      echo "    server_name $EDITH_ONION_HOSTNAME;";
+      echo ''; } >> "$edith_nginx_site"
     function_check nginx_compress
-    nginx_compress $EDITH_DOMAIN_NAME
-    echo '' >> $edith_nginx_site
+    nginx_compress "$EDITH_DOMAIN_NAME"
+    echo '' >> "$edith_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $EDITH_DOMAIN_NAME
-    echo '' >> $edith_nginx_site
-    echo '  access_log /dev/null;' >> $edith_nginx_site
-    echo '  error_log /dev/null;' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  index index.php;' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  # PHP' >> $edith_nginx_site
-    echo '  location ~ \.php {' >> $edith_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $edith_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $edith_nginx_site
-    echo '  }' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  # Location' >> $edith_nginx_site
-    echo '  location / {' >> $edith_nginx_site
+    nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
+    { echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$edith_nginx_site"
     function_check nginx_limits
     nginx_limits $EDITH_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
-    echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
-    echo '    auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
-    echo '  }' >> $edith_nginx_site
-    echo '}' >> $edith_nginx_site
+    { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+      echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";";
+      echo '    auth_basic_user_file /etc/nginx/.edithpasswd;';
+      echo '  }';
+      echo '}'; } >> "$edith_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $EDITH_DOMAIN_NAME 'yes'
+    create_site_certificate "$EDITH_DOMAIN_NAME" 'yes'
 
     # create a password for users
     if [ ! -f /etc/nginx/.edithpasswd ]; then
@@ -417,24 +419,23 @@ function install_edith {
     if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd
     fi
-    echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME
+    echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME"
     if [ ! -f /etc/nginx/.edithpasswd ]; then
         echo $'/etc/nginx/.edithpasswd not found'
         exit 6537683563
     fi
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD"
 
-    cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs
+    cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess"
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468
     npm install -g coffeescript uglify-js
-    cake build
-    if [ ! "$?" = "0" ]; then
+    if ! cake build; then
         echo $'Unable to build Edith'
         exit 7396483635
     fi
     cp config.example.php config.php
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php
     else
         sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php
@@ -445,20 +446,20 @@ function install_edith {
 
     remove_bad_links_edith
 
-    chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
-    nginx_ensite $EDITH_DAEMON_NAME
+    chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
+    nginx_ensite "$EDITH_DAEMON_NAME"
     systemctl restart nginx
 
     APP_INSTALLED=1
 }
 
 function install_interactive_edith {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         GHOST_DOMAIN_NAME='edith.local'
         write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
     else

src/freedombone-app-emacs

@@ -57,13 +57,13 @@ function backup_local_emacs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
                 function_check backup_directory_to_usb
-                backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
             fi
         fi
     done
@@ -71,24 +71,25 @@ function backup_local_emacs {
 
 function restore_local_emacs {
     temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
+    if [ -d "$USB_MOUNT/backup/emacs" ]; then
         for d in $USB_MOUNT/backup/emacs/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Emacs config for $USERNAME"
                 function_check restore_directory_from_usb
-                restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+                restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.emacs.d ]; then
-                        mkdir /home/$USERNAME/.emacs.d
+                    if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
+                        mkdir "/home/$USERNAME/.emacs.d"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -97,10 +98,10 @@ function restore_local_emacs {
                     backup_unmount_drive
                     exit 664
                 fi
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
                 else
-                    cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
+                    cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
                 fi
                 rm -rf $temp_restore_dir
             fi
@@ -112,13 +113,13 @@ function backup_remote_emacs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
                 function_check backup_directory_to_friend
-                backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
             fi
         fi
     done
@@ -126,24 +127,25 @@ function backup_remote_emacs {
 
 function restore_remote_emacs {
     temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
+    if [ -d "$USB_MOUNT/backup/emacs" ]; then
         for d in $USB_MOUNT/backup/emacs/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Emacs config for $USERNAME"
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir emacs/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.emacs.d ]; then
-                        mkdir /home/$USERNAME/.emacs.d
+                    if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
+                        mkdir "/home/$USERNAME/.emacs.d"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/*
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -152,10 +154,10 @@ function restore_remote_emacs {
                     backup_unmount_drive
                     exit 664
                 fi
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
                 else
-                    cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
+                    cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
                 fi
                 rm -rf $temp_restore_dir
             fi
@@ -166,7 +168,7 @@ function restore_remote_emacs {
 function remove_emacs {
     apt-get -yq remove --purge emacs
     update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_emacs/d' $COMPLETION_FILE
+    sed -i '/install_emacs/d' "$COMPLETION_FILE"
 
     # remove emacs as the mutt email editor
     if [ -f /etc/Muttrc ]; then
@@ -176,9 +178,9 @@ function remove_emacs {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
@@ -194,74 +196,74 @@ function install_emacs {
     #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
     #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
     #echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
-    echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
-    echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
-    echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
-    echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
-    echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
-    echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
-    echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
-    echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
-    cp /home/$MY_USERNAME/.emacs /root/.emacs
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+    { echo $';; ===== Remove trailing whitepace ======================================';
+      echo '';
+      echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+      echo '';
+      echo ';; Goto a line number with CTRL-l';
+      echo -n '(global-set-key "\C-l" ';
+      echo "'goto-line)";
+      echo '';
+      echo $';; ===== Show line numbers ==============================================';
+      echo '';
+      echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))";
+      echo '';
+      echo $';; ===== Enable line wrapping in org-mode ===============================';
+      echo '';
+      echo " (add-hook 'org-mode-hook";
+      echo "           '(lambda ()";
+      echo "              (visual-line-mode 1)))";
+      echo '';
+      echo $';; ===== Enable shift select in org mode ================================';
+      echo '';
+      echo '(setq org-support-shift-select t)';
+      echo '';
+      echo $';; ===== Set standard indent to 4 rather that 4 =========================';
+      echo '';
+      echo '(setq standard-indent 4)';
+      echo '(setq-default tab-width 4)';
+      echo '(setq c-basic-offset 4)';
+      echo '';
+      echo $';; ===== Support Wheel Mouse Scrolling ==================================';
+      echo '';
+      echo '(mouse-wheel-mode t)';
+      echo '';
+      echo $';; ===== Place Backup Files in Specific Directory =======================';
+      echo '';
+      echo '(setq make-backup-files t)';
+      echo '(setq version-control t)';
+      echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+      echo '';
+      echo $';; ===== Make Text mode the default mode for new buffers ================';
+      echo '';
+      echo "(setq default-major-mode 'text-mode)";
+      echo '';
+      echo $';; ===== Line length ====================================================';
+      echo '';
+      echo '(setq-default fill-column 72)';
+      echo '';
+      echo $';; ===== Enable Line and Column Numbering ===============================';
+      echo '';
+      echo '(line-number-mode 1)';
+      echo '(column-number-mode 1)';
+      echo '';
+      echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============';
+      echo '';
+      echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of';
+      echo ';; newlines when the cursor goes over the column limit.';
+      echo '';
+      echo ';; This should actually turn on auto-fill-mode by default in all major';
+      echo ';; modes. The other way to do this is to turn on the fill for specific modes';
+      echo ';; via hooks.';
+      echo '';
+      echo '(setq auto-fill-mode 1)';
+      echo '';
+      echo $';; ===== Enable GPG encryption =========================================';
+      echo '';
+      echo "(require 'epa)";
+      echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs"
+    cp "/home/$MY_USERNAME/.emacs" /root/.emacs
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs"
 
     # add a mutt entry to use emacs to compose emails
     if [ -f /etc/Muttrc ]; then
@@ -273,92 +275,92 @@ function install_emacs {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc"
                     else
-                        sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc
+                        sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc"
                     fi
                 fi
 
                 # create an Emacs configuration specifically for use with Mutt, which
                 # has word wrap and spell checking on by default
-                if [ ! -f /home/$USERNAME/.emacs-mutt ]; then
-                    echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt
-                    echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt
-                    echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt
-                    echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt
-                    echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt
+                if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then
+                    { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+                    echo '(setq org-support-shift-select t)';
+                    echo '(setq standard-indent 4)';
+                    echo '(setq-default tab-width 4)';
+                    echo '(setq c-basic-offset 4)';
+                    echo '(mouse-wheel-mode t)';
+                    echo '(setq make-backup-files t)';
+                    echo '(setq version-control t)';
+                    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+                    echo "(setq default-major-mode 'text-mode)";
+                    echo "(dolist (hook '(text-mode-hook))";
+                    echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+                    echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt"
                     if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then
-                        echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then
-                        echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then
-                        echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then
-                        echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then
-                        echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then
-                        echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then
-                        echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then
-                        echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then
-                        echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then
-                        echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then
-                        echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then
-                        echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then
-                        echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then
-                        echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then
-                        echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then
-                        echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then
-                        echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then
-                        echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
-                    echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt
-                    echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt
-                    echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt
+                    { echo '(setq auto-fill-mode 0)';
+                      echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+                      echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt"
 
                     # add the emacs mutt configuration to the user profile skeleton
                     if [ ! -f /etc/skel/.emacs-mutt ]; then
-                        cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
+                        cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt
                         chown root:root /etc/skel/.emacs-mutt
                     fi
                 fi

src/freedombone-utils-go

@@ -51,7 +51,7 @@ function select_go_version {
     else
         sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
     fi
-    cd $GVM_ROOT/bin
+    cd "$GVM_ROOT/bin" || exit 3873658
     [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
     gvm use go${GO_VERSION} --default
 
@@ -60,21 +60,21 @@ function select_go_version {
         exit 629825
     fi
 
-    systemctl set-environment GOPATH=$GOPATH
+    systemctl set-environment GOPATH="$GOPATH"
 }
 
 function mesh_upgrade_golang_from_source {
     chroot "$rootdir" adduser --disabled-login --gecos 'go' ipfs
 
-    git clone $GO_REPO $rootdir/home/go/go${GO_VERSION}
-    cd $rootdir/home/go/go${GO_VERSION}
-    git checkout go${GO_VERSION} -b go${GO_VERSION}
+    git clone "$GO_REPO" "$rootdir/home/go/go${GO_VERSION}"
+    cd "$rootdir/home/go/go${GO_VERSION}" || exit 3463635
+    git checkout "go${GO_VERSION}" -b "go${GO_VERSION}"
 
-    git clone $GO_REPO $rootdir/home/go/go${GO_INTERMEDIATE_VERSION}
-    cd $rootdir/home/go/go${GO_INTERMEDIATE_VERSION}
+    git clone "$GO_REPO" "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}"
+    cd "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}" || exit 672845624
     git checkout go${GO_INTERMEDIATE_VERSION} -b go${GO_INTERMEDIATE_VERSION}
 
-    cat <<EOF > ${rootdir}/root/upgrade_golang.sh
+    cat <<EOF > "${rootdir}/root/upgrade_golang.sh"
 #!/bin/bash
 
 apt-get -yq install build-essential libc6-dev
@@ -119,20 +119,20 @@ systemctl set-environment GOROOT=\$GOROOT
 
 exit 0
 EOF
-    chroot ${rootdir} chmod +x /root/upgrade_golang.sh
-    chroot ${rootdir} /root/upgrade_golang.sh
-    if [ ! -f ${rootdir}/home/go/go${GO_VERSION}/bin/go ]; then
+    chroot "${rootdir}" chmod +x /root/upgrade_golang.sh
+    chroot "${rootdir}" /root/upgrade_golang.sh
+    if [ ! -f "${rootdir}/home/go/go${GO_VERSION}/bin/go" ]; then
         echo $'Failed to upgrade golang'
-        cat ${rootdir}/root/upgrade_golang.sh
-        rm -f ${rootdir}/root/upgrade_golang.sh
+        cat "${rootdir}/root/upgrade_golang.sh"
+        rm -f "${rootdir}/root/upgrade_golang.sh"
         exit 836535
     fi
-    rm -f ${rootdir}/root/upgrade_golang.sh
+    rm -f "${rootdir}/root/upgrade_golang.sh"
 }
 
 function mesh_upgrade_golang {
     prefix=
-    if [ $rootdir ]; then
+    if [ "$rootdir" ]; then
         prefix="chroot $rootdir"
     fi
     $prefix adduser --disabled-login --gecos 'go' go
@@ -177,43 +177,43 @@ function mesh_upgrade_golang {
     fi
     GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        chroot "$rootdir" mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        chroot "$rootdir" mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${rootdir}${INSTALL_DIR}
-    if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
+    cd "${rootdir}${INSTALL_DIR}" || exit 236487365
+    if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
         wget ${GO_SOURCE}
     fi
-    if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
+    if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
         exit 26524
     fi
-    $prefix tar -C /home/go -xzf ${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz
-    if [ ! -d ${rootdir}/home/go/go/bin ]; then
+    $prefix tar -C /home/go -xzf "${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz"
+    if [ ! -d "${rootdir}/home/go/go/bin" ]; then
         echo 'Go binary not installed'
         exit 763562
     fi
-    mv ${rootdir}/home/go/go ${rootdir}/home/go/go${GO_VERSION}
-    echo "export GOROOT=/home/go" >> ${rootdir}/root/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/etc/skel/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/home/$MY_USERNAME/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/home/go/.bashrc
-
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/root/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/etc/skel/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/$MY_USERNAME/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/go/.bashrc
-
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/root/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/etc/skel/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/$MY_USERNAME/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/go/.bashrc
-    $prefix chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME
+    mv "${rootdir}/home/go/go" "${rootdir}/home/go/go${GO_VERSION}"
+    echo "export GOROOT=/home/go" >> "${rootdir}/root/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/home/go/.bashrc"
+
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/root/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/go/.bashrc"
+
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/root/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/go/.bashrc"
+    $prefix chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME"
     $prefix chown -R go:go /home/go
-    cp ${rootdir}/home/go/go${GO_VERSION}/bin/* ${rootdir}/usr/bin
+    cp "${rootdir}/home/go/go${GO_VERSION}/bin/*" "${rootdir}/usr/bin"
 }
 
 function upgrade_golang {
-    if grep -Fxq "upgrade_golang:$GO_VERSION" $COMPLETION_FILE; then
+    if grep -Fxq "upgrade_golang:$GO_VERSION" "$COMPLETION_FILE"; then
         return
     fi
 

src/freedombone-utils-gpg

@@ -29,57 +29,57 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function gpg_update_mutt {
-    key_username=$1
+    key_username="$1"
 
-    if [ ! -f /home/$key_username/.muttrc ]; then
+    if [ ! -f "/home/$key_username/.muttrc" ]; then
         return
     fi
 
     CURR_EMAIL_ADDRESS=$key_username@$HOSTNAME
-    CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+    CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
 
     # If the default key is specified within gpg.conf
-    if [ -f /home/$key_username/gpg.conf ]; then
-        if grep -q "default-key" /home/$key_username/gpg.conf; then
-            default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key")
+    if [ -f "/home/$key_username/gpg.conf" ]; then
+        if grep -q "default-key" "/home/$key_username/gpg.conf"; then
+            default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf")
             if [[ "$default_gpg_key" != *'#'* ]]; then
-                default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf" | awk -F ' ' '{print $2}')
                 if [ ${#default_gpg_key} -gt 3 ]; then
-                    CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                    CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
                 fi
             fi
         fi
     fi
 
-    sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc
-    sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc
+    sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
+    sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
 
-    chown $key_username:$key_username /home/$key_username/.muttrc
+    chown "$key_username":"$key_username" "/home/$key_username/.muttrc"
 }
 
 function gpg_import_public_key {
-    key_username=$1
-    key_filename=$2
+    key_username="$1"
+    key_filename="$2"
 
-    gpg --homedir=/home/$key_username/.gnupg --import $key_filename
-    gpg_set_permissions $key_username
+    gpg --homedir="/home/$key_username/.gnupg" --import "$key_filename"
+    gpg_set_permissions "$key_username"
 }
 
 function gpg_import_private_key {
-    key_username=$1
-    key_filename=$2
+    key_username="$1"
+    key_filename="$2"
 
-    gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename
-    gpg_set_permissions $key_username
+    gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$key_filename"
+    gpg_set_permissions "$key_username"
 }
 
 function gpg_export_public_key {
-    key_username=$1
-    key_id=$2
-    key_filename=$3
+    key_username="$1"
+    key_id="$2"
+    key_filename="$3"
 
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
-    su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
+    su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - "$key_username"
 }
 
 function gpg_export_private_key {
@@ -87,68 +87,68 @@ function gpg_export_private_key {
     key_id=$2
     key_filename=$3
 
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
-    su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
+    su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - "$key_username"
 }
 
 function gpg_create_key {
-    key_username=$1
-    key_passphrase=$2
-
-    gpg_dir=/home/$key_username/.gnupg
-
-    echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf
-    echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
-    echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf
-    echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
-    echo "Name-Real:  $MY_NAME" >> /home/$key_username/gpg-genkey.conf
-    echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf
-    echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf
-    cat /home/$key_username/gpg-genkey.conf
-    if [ $key_passphrase ]; then
-        echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf
+    key_username="$1"
+    key_passphrase="$2"
+
+    gpg_dir="/home/$key_username/.gnupg"
+
+    { echo 'Key-Type: eddsa';
+      echo 'Key-Curve: Ed25519';
+      echo 'Subkey-Type: eddsa';
+      echo 'Subkey-Curve: Ed25519';
+      echo "Name-Real:  $MY_NAME";
+      echo "Name-Email: $MY_EMAIL_ADDRESS";
+      echo 'Expire-Date: 0'; } > "/home/$key_username/gpg-genkey.conf"
+    cat "/home/$key_username/gpg-genkey.conf"
+    if [ "$key_passphrase" ]; then
+        echo "Passphrase: $key_passphrase" >> "/home/$key_username/gpg-genkey.conf"
     else
-        echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf
+        echo "Passphrase: $PROJECT_NAME" >> "/home/$key_username/gpg-genkey.conf"
     fi
-    chown $key_username:$key_username /home/$key_username/gpg-genkey.conf
+    chown "$key_username":"$key_username" "/home/$key_username/gpg-genkey.conf"
 
     echo $'Generating a new GPG key'
-    su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
+    su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - "$key_username"
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
     KEY_EXISTS=$(gpg_key_exists "$key_username" "$MY_EMAIL_ADDRESS")
     if [[ $KEY_EXISTS == "no" ]]; then
         echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
         exit 63621
     fi
-    shred -zu /home/$key_username/gpg-genkey.conf
+    shred -zu "/home/$key_username/gpg-genkey.conf"
     CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
     if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
         echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
         exit 825292
     fi
-    gpg_set_permissions $key_username
+    gpg_set_permissions "$key_username"
 }
 
 function gpg_delete_key {
-    key_username=$1
-    key_id=$2
+    key_username="$1"
+    key_id="$2"
 
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
-    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - $key_username
-    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - $key_username
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
+    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - "$key_username"
+    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - "$key_username"
 }
 
 function gpg_set_permissions {
     key_username=$1
 
     if [[ "$key_username" != 'root' ]]; then
-        chmod 700 /home/$key_username/.gnupg
-        chmod -R 600 /home/$key_username/.gnupg/*
-        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr
-        if [ -d /home/$key_username/.gnupg/crls.d ]; then
-            chmod +x /home/$key_username/.gnupg/crls.d
+        chmod 700 "/home/$key_username/.gnupg"
+        chmod -R 600 "/home/$key_username/.gnupg/*"
+        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$key_username/.gnupg/S.dirmngr"
+        if [ -d "/home/$key_username/.gnupg/crls.d" ]; then
+            chmod +x "/home/$key_username/.gnupg/crls.d"
         fi
-        chown -R $key_username:$key_username /home/$key_username/.gnupg
+        chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
     else
         chmod 700 /root/.gnupg
         chmod -R 600 /root/.gnupg/*
@@ -156,7 +156,7 @@ function gpg_set_permissions {
         if [ -d /root/.gnupg/crls.d ]; then
             chmod +x /root/.gnupg/crls.d
         fi
-        chown -R $key_username:$key_username /root/.gnupg
+        chown -R "$key_username":"$key_username" /root/.gnupg
     fi
 }
 
@@ -164,22 +164,22 @@ function gpg_reconstruct_key {
     key_username=$1
     key_interactive=$2
 
-    if [ ! -d /home/$key_username/.gnupg_fragments ]; then
+    if [ ! -d "/home/$key_username/.gnupg_fragments" ]; then
         return
     fi
-    cd /home/$key_username/.gnupg_fragments
+    cd "/home/$key_username/.gnupg_fragments" || exit 3468346
+    # shellcheck disable=SC2012
     no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
     if (( no_of_shares < 4 )); then
-        if [ $key_interactive ]; then
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
         else
             echo $'Not enough fragments to reconstruct the key'
         fi
         exit 7348
     fi
-    gfcombine /home/$key_username/.gnupg_fragments/keyshare*
-    if [ ! "$?" = "0" ]; then
-        if [ $key_interactive ]; then
+    if ! gfcombine "/home/$key_username/.gnupg_fragments/keyshare*"; then
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
         else
             echo $'Unable to reconstruct the key'
@@ -188,8 +188,8 @@ function gpg_reconstruct_key {
     fi
 
     KEYS_FILE=/home/$key_username/.gnupg_fragments/keyshare.asc
-    if [ ! -f $KEYS_FILE ]; then
-        if [ $key_interactive ]; then
+    if [ ! -f "$KEYS_FILE" ]; then
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
         else
             echo $'Unable to reconstruct the key'
@@ -197,22 +197,21 @@ function gpg_reconstruct_key {
         exit 52852
     fi
 
-    gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $KEYS_FILE
-    if [ ! "$?" = "0" ]; then
-        shred -zu $KEYS_FILE
-        rm -rf /home/$key_username/.tempgnupg
-        if [ $key_interactive ]; then
+    if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
+        shred -zu "$KEYS_FILE"
+        rm -rf "/home/$key_username/.tempgnupg"
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
         else
             echo $'Unable to import gpg key'
         fi
         exit 96547
     fi
-    shred -zu $KEYS_FILE
+    shred -zu "$KEYS_FILE"
 
-    gpg_set_permissions $key_username
+    gpg_set_permissions "$key_username"
 
-    if [ $key_interactive ]; then
+    if [ "$key_interactive" ]; then
         dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70
     else
         echo $'Key has been reconstructed'
@@ -224,9 +223,9 @@ function gpg_agent_setup {
 
     if [[ $gpg_username == 'root' ]]; then
         if ! grep -q 'GPG_TTY' /root/.bashrc; then
-            echo '' >> /root/.bashrc
-            echo 'GPG_TTY=$(tty)' >> /root/.bashrc
-            echo 'export GPG_TTY' >> /root/.bashrc
+            { echo '';
+              echo "GPG_TTY=\$(tty)";
+              echo 'export GPG_TTY'; } >> /root/.bashrc
         fi
         if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
             sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
@@ -234,37 +233,37 @@ function gpg_agent_setup {
         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
             echo 'use-agent' >> /root/.gnupg/gpg.conf
         fi
-        echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
-        echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
-        echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        { echo 'default-cache-ttl 300';
+          echo 'max-cache-ttl 999999';
+          echo 'allow-loopback-pinentry'; } > /root/.gnupg/gpg-agent.conf
         if [ -f /root/.gnupg/S.dirmngr ]; then
             rm /root/.gnupg/S.dirmngr
         fi
         echo RELOADAGENT | gpg-connect-agent
     else
-        if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
-            echo '' >> /home/$gpg_username/.bashrc
-            echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc
-            echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
-            chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+        if ! grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
+            { echo '';
+              echo "GPG_TTY=\$(tty)";
+              echo 'export GPG_TTY'; } >> "/home/$gpg_username/.bashrc"
+            chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
         fi
-        if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
-            sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
+        if grep -q '# use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            sed -i 's|# use-agent|use-agent|g' "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
-            echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
+        if ! grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            echo 'use-agent' >> "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
-            echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
+        if ! grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            echo 'pinentry-mode loopback' >> "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
-        echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
-        echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
-        if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
-            rm /home/$gpg_username/.gnupg/S.dirmngr
+        echo 'default-cache-ttl 300' > "/home/$gpg_username/.gnupg/gpg-agent.conf"
+        echo 'max-cache-ttl 999999' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
+        echo 'allow-loopback-pinentry' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
+        if [ -f "/home/$gpg_username/.gnupg/S.dirmngr" ]; then
+            rm "/home/$gpg_username/.gnupg/S.dirmngr"
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
-            su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+            su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
         else
             echo RELOADAGENT | gpg-connect-agent
         fi
@@ -277,21 +276,21 @@ function gpg_agent_enable {
     if [[ $gpg_username == 'root' ]]; then
         return
     else
-        if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
-            sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc
-            chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+        if grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
+            sed -i '/GPG_TTY/d' "/home/$gpg_username/.bashrc"
+            chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
         fi
-        if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
-           sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf
+        if grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
+           sed -i '/use-agent/d' "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
-            sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf
+        if grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            sed -i '/pinentry-mode loopback/d' "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
-            rm /home/$gpg_username/.gnupg/gpg-agent.conf
+        if [ -f "/home/$gpg_username/.gnupg/gpg-agent.conf" ]; then
+            rm "/home/$gpg_username/.gnupg/gpg-agent.conf"
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
-            su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+            su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
         else
             echo RELOADAGENT | gpg-connect-agent
         fi
@@ -303,46 +302,46 @@ function gpg_pubkey_from_email {
     key_email_address=$2
     key_id=
     if [[ $key_owner_username != "root" ]]; then
-        key_id=$(su -c "gpg --list-keys $key_email_address" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')
+        key_id=$(su -c "gpg --list-keys $key_email_address" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
 
         # If the default key is specified within gpg.conf
-        if [ -f /home/$key_owner_username/gpg.conf ]; then
-            if grep -q "default-key" /home/$key_owner_username/gpg.conf; then
-                default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key")
+        if [ -f "/home/$key_owner_username/gpg.conf" ]; then
+            if grep -q "default-key" "/home/$key_owner_username/gpg.conf"; then
+                default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf")
                 if [[ "$default_gpg_key" != *'#'* ]]; then
-                    default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                    default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf" | awk -F ' ' '{print $2}')
                     if [ ${#default_gpg_key} -gt 3 ]; then
-                        key_id=$(su -c "gpg --list-keys $default_gpg_key" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')
+                        key_id=$(su -c "gpg --list-keys $default_gpg_key" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
                     fi
                 fi
             fi
         fi
     else
-        key_id=$(gpg --list-keys $key_email_address | sed -n '2p' | sed 's/^[ \t]*//')
+        key_id=$(gpg --list-keys "$key_email_address" | sed -n '2p' | sed 's/^[ \t]*//')
 
         # If the default key is specified within gpg.conf
         if [ -f /root/gpg.conf ]; then
             if grep -q "default-key" /root/gpg.conf; then
-                default_gpg_key=$(cat /root/gpg.conf | grep "default-key")
+                default_gpg_key=$(grep "default-key" /root/gpg.conf)
                 if [[ "$default_gpg_key" != *'#'* ]]; then
-                    default_gpg_key=$(cat /root/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                    default_gpg_key=$(grep "default-key" /root/gpg.conf | awk -F ' ' '{print $2}')
                     if [ ${#default_gpg_key} -gt 3 ]; then
-                        key_id=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                        key_id=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
                     fi
                 fi
             fi
         fi
     fi
-    echo $key_id
+    echo "$key_id"
 }
 
 function enable_email_encryption_at_rest {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then
-                sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc
-                sed -i 's|#:0 f|:0 f|g' /home/$USERNAME/.procmailrc
+            if grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
+                sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
+                sed -i 's|#:0 f|:0 f|g' "/home/$USERNAME/.procmailrc"
             fi
         fi
     done
@@ -357,9 +356,9 @@ function disable_email_encryption_at_rest {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if ! grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then
-                sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc
-                sed -i 's|:0 f|#:0 f|g' /home/$USERNAME/.procmailrc
+            if ! grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
+                sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
+                sed -i 's|:0 f|#:0 f|g' "/home/$USERNAME/.procmailrc"
             fi
         fi
     done

src/freedombone-utils-guile

@@ -37,14 +37,14 @@ EIGHTSYNC_COMMIT='8cbb7f22227c0afdd3b0bd758ebec0efba2fa1e1'
 function install_8sync {
     apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 67832456
 
-    git_clone $EIGHTSYNC_REPO $INSTALL_DIR/eightsync
-    cd $INSTALL_DIR/eightsync
-    git checkout ${EIGHTSYNC_COMMIT} -b ${EIGHTSYNC_COMMIT}
+    git_clone "$EIGHTSYNC_REPO" "$INSTALL_DIR/eightsync"
+    cd "$INSTALL_DIR/eightsync" || exit 23468346
+    git checkout "${EIGHTSYNC_COMMIT}" -b "${EIGHTSYNC_COMMIT}"
 
     export GUILE_BASE_PATH=/opt/guile-${GUILE_VERSION}
     export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include"
@@ -67,31 +67,31 @@ function install_guile {
 
     apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo lzip wget
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 4298497
 
-    if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then
-        wget https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz
+    if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
+        wget "https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
     fi
-    if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then
+    if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
         echo 'Unable to download guile pack'
         exit 6735238
     fi
-    CURR_GUILE_HASH=$(sha256sum guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz | awk -F ' ' '{print $1}')
+    CURR_GUILE_HASH=$(sha256sum "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" | awk -F ' ' '{print $1}')
     if [[ "$CURR_GUILE_HASH" != "$GUILE_HASH" ]]; then
         echo 'Guile hash does not match'
         exit 7237625
     fi
-    cd /
-    tar xvf $INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz
-    if [ ! -d /opt/guile-${GUILE_VERSION}/bin ]; then
+    cd / || exit 73563635
+    tar xvf "$INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
+    if [ ! -d "/opt/guile-${GUILE_VERSION}/bin" ]; then
         echo 'Guile was not installed'
         exit 825269
     fi
     echo "export GUILE_PATH=/opt/guile-${GUILE_VERSION}/bin" >> ~/.bashrc
-    echo 'export PATH=$PATH:$GUILE_PATH' >> ~/.bashrc
+    echo "export PATH=\$PATH:\$GUILE_PATH" >> ~/.bashrc
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-utils-i2p

@@ -34,12 +34,12 @@
 I2P_DOMAIN='deb.i2p2.de'
 
 function install_i2p {
-    if [ ! -d $INSTALL_DIR ]; then
-       mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+       mkdir -p "$INSTALL_DIR"
     fi
 
     # install the gpg key
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 346735
     if [ -f i2p-debian-repo.key.asc ]; then
         rm i2p-debian-repo.key.asc
     fi
@@ -121,3 +121,5 @@ function i2p_enable_sam {
     sed -i 's|clientApp.1.startOnLoad=.*|clientApp.1.startOnLoad=true|g' /var/lib/i2p/i2p-config/clients.config
     systemctl restart i2p
 }
+
+# NOTE: deliberately no exit 0

src/freedombone-utils-interactive

@@ -32,14 +32,13 @@ function interactive_configuration_remote_backups {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
-        if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
+    if [ ! -f "/usr/local/bin/${PROJECT_NAME}-remote" ]; then
+        if [ ! -f "/usr/bin/${PROJECT_NAME}-remote" ]; then
             echo $"The command ${PROJECT_NAME}-remote was not found"
             exit 87354
         fi
     fi
-    ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$FRIENDS_SERVERS_LIST" -m "$MINIMUM_PASSWORD_LENGTH" -r yes; then
         echo $'Command failed:'
         echo ''
         echo $"  ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
@@ -49,8 +48,8 @@ function interactive_configuration_remote_backups {
 }
 
 function interactive_configuration {
-    if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
-        if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
+    if [ ! -f "/usr/local/bin/${PROJECT_NAME}-config" ]; then
+        if [ ! -f "/usr/bin/${PROJECT_NAME}-config" ]; then
             echo $"The command ${PROJECT_NAME}-config was not found"
             exit 63935
         fi
@@ -59,32 +58,32 @@ function interactive_configuration {
         rm -f /tmp/meshuserdevice
     fi
 
-    if [ $SOCIALINSTANCE ]; then
-        ${PROJECT_NAME}-config \
-                       -f $CONFIGURATION_FILE \
-                       -w $PROJECT_WEBSITE \
-                       -m $MINIMUM_PASSWORD_LENGTH \
+    if [ "$SOCIALINSTANCE" ]; then
+        "${PROJECT_NAME}-config" \
+                       -f "$CONFIGURATION_FILE" \
+                       -w "$PROJECT_WEBSITE" \
+                       -m "$MINIMUM_PASSWORD_LENGTH" \
                        --minimal "yes" \
-                       --social $SOCIALINSTANCE
+                       --social "$SOCIALINSTANCE"
     else
         if [[ $ONION_ONLY == "no" ]]; then
             if [[ $MINIMAL_INSTALL == "no" ]]; then
-                ${PROJECT_NAME}-config \
-                               -f $CONFIGURATION_FILE \
-                               -w $PROJECT_WEBSITE \
-                               -m $MINIMUM_PASSWORD_LENGTH
+                "${PROJECT_NAME}-config" \
+                               -f "$CONFIGURATION_FILE" \
+                               -w "$PROJECT_WEBSITE" \
+                               -m "$MINIMUM_PASSWORD_LENGTH"
             else
-                ${PROJECT_NAME}-config \
-                               -f $CONFIGURATION_FILE \
-                               -w $PROJECT_WEBSITE \
-                               -m $MINIMUM_PASSWORD_LENGTH \
+                "${PROJECT_NAME}-config" \
+                               -f "$CONFIGURATION_FILE" \
+                               -w "$PROJECT_WEBSITE" \
+                               -m "$MINIMUM_PASSWORD_LENGTH" \
                                --minimal "yes"
             fi
         else
-            ${PROJECT_NAME}-config \
-                           -f $CONFIGURATION_FILE \
-                           -w $PROJECT_WEBSITE \
-                           -m $MINIMUM_PASSWORD_LENGTH \
+            "${PROJECT_NAME}-config" \
+                           -f "$CONFIGURATION_FILE" \
+                           -w "$PROJECT_WEBSITE" \
+                           -m "$MINIMUM_PASSWORD_LENGTH" \
                            --onion "yes"
         fi
     fi
@@ -93,6 +92,7 @@ function interactive_configuration {
         rm -f /tmp/meshuserdevice
         exit 0
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         echo $'Command failed:'
         echo ''
@@ -107,7 +107,7 @@ function interactive_configuration {
         dialog --title $"Encrypted backup to other servers" \
                --backtitle $"${PROJECT_NAME} Configuration" \
                --defaultno \
-               --yesno $"\nDo you wish to configure some remote backup locations?" 7 60
+               --yesno $"\\nDo you wish to configure some remote backup locations?" 7 60
         sel=$?
         case $sel in
             0) interactive_configuration_remote_backups;;
@@ -121,53 +121,55 @@ function interactive_site_details {
 
     SITE_BACKTITLE=$"Freedombone Configuration"
     SITE_CONFIG_TITLE=$"${site_name^} Configuration"
-    SITE_FORM_TEXT=$"\nPlease enter your ${site_name^} details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
+    SITE_FORM_TEXT=$"\\nPlease enter your ${site_name^} details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
     SITE_DOMAIN_NAME=
     SITE_CODE=
     SITE_DETAILS_COMPLETE=
     while [ ! $SITE_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
             dialog --backtitle "$SITE_BACKTITLE" \
                    --title "$SITE_CONFIG_TITLE" \
                    --form "$SITE_FORM_TEXT" 14 55 3 \
-                   $"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                   $"Code:" 2 1 "$(grep '${site_name_upper}_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
-                   2> $data
+                   $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
+                   $"Code:" 2 1 "$(grep "${site_name_upper}_CODE" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
+                   2> "$data"
         else
             dialog --backtitle "$SITE_BACKTITLE" \
                    --title "$SITE_CONFIG_TITLE" \
                    --form "$SITE_FORM_TEXT" 11 55 3 \
-                   $"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                   2> $data
+                   $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
+                   2> "$data"
         fi
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        SITE_DOMAIN_NAME=$(cat $data | sed -n 1p)
-        if [ $SITE_DOMAIN_NAME ]; then
+        SITE_DOMAIN_NAME=$(sed -n 1p < "$data")
+        if [ "$SITE_DOMAIN_NAME" ]; then
             TEST_DOMAIN_NAME=$SITE_DOMAIN_NAME
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $SITE_DOMAIN_NAME ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$SITE_DOMAIN_NAME" ]]; then
                 SITE_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
-                if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                    SITE_CODE=$(cat $data | sed -n 2p)
+                if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
+                    SITE_CODE=$(sed -n 2p < "$data")
                     validate_freedns_code "$SITE_CODE"
-                    if [ ! $VALID_CODE ]; then
+                    if [ ! "$VALID_CODE" ]; then
                         SITE_DOMAIN_NAME=
                     fi
                 fi
             fi
         fi
-        if [ $SITE_DOMAIN_NAME ]; then
+        if [ "$SITE_DOMAIN_NAME" ]; then
             SITE_DETAILS_COMPLETE="yes"
         fi
+        rm -f "$data"
     done
 
     # save the results in the config file
@@ -192,31 +194,31 @@ function interactive_site_details_with_title {
     SITE_DETAILS_COMPLETE=
     while [ ! $SITE_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title "$SITE_BACKTITLE" \
                        --form "$SITE_FORM_TEXT" 14 55 4 \
-                       $"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                       $"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
-                       $"Code:" 3 1 "$(grep '$SITE_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
-                       2> $data
+                       $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
+                       $"Code:" 3 1 "$(grep "$SITE_CODE" temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
+                       2> "$data"
         else
             dialog --backtitle "$SITE_BACKTITLE" \
                    --title "$SITE_CONFIG_TITLE" \
                    --form "$SITE_FORM_TEXT" 11 55 3 \
-                   $"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                   $"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
-                   2> $data
+                   $"Title:" 1 1 "$(grep "$SITE_TITLE" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
+                   $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
+                   2> "$data"
         fi
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        SITE_TITLE=$(cat $data | sed -n 1p)
-        SITE_DOMAIN_NAME=$(cat $data | sed -n 2p)
+        SITE_TITLE=$(sed -n 1p < "$data")
+        SITE_DOMAIN_NAME=$(sed -n 2p < "$data")
         site_domain_name_str="$SITE_DOMAIN_NAME"
         if [ ${#site_domain_name_str} -gt 1 ]; then
             TEST_DOMAIN_NAME="$SITE_DOMAIN_NAME"
@@ -225,10 +227,10 @@ function interactive_site_details_with_title {
                 SITE_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
-                if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                    SITE_CODE=$(cat $data | sed -n 3p)
+                if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
+                    SITE_CODE=$(sed -n 3p < "$data")
                     validate_freedns_code "${SITE_CODE}"
-                    if [ ! $VALID_CODE ]; then
+                    if [ ! "$VALID_CODE" ]; then
                         SITE_DOMAIN_NAME=
                     fi
                 fi
@@ -240,6 +242,7 @@ function interactive_site_details_with_title {
                 SITE_DETAILS_COMPLETE="yes"
             fi
         fi
+        rm -f "$data"
     done
 
     # save the results in the config file

src/freedombone-utils-keys

@@ -41,137 +41,137 @@ function interactive_gpg_from_usb {
     do
         detect_usb_drive
 
-        if [ ! -b $USB_DRIVE ]; then
+        if [ ! -b "$USB_DRIVE" ]; then
             if (( GPG_CTR > 0 )); then
-                gpg_reconstruct_key $MY_USERNAME interactive
-                gpg_update_mutt $MY_USERNAME
+                gpg_reconstruct_key "$MY_USERNAME" interactive
+                gpg_update_mutt "$MY_USERNAME"
                 return 0
             fi
             dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30
             exit 739836
         fi
 
-        backup_mount_drive ${USB_DRIVE} ${MY_USERNAME}
+        backup_mount_drive "${USB_DRIVE}" "${MY_USERNAME}"
 
-        if [ ! -d $USB_MOUNT ]; then
+        if [ ! -d "$USB_MOUNT" ]; then
             if (( GPG_CTR > 0 )); then
-                backup_unmount_drive ${USB_DRIVE}
-                gpg_reconstruct_key $MY_USERNAME interactive
+                backup_unmount_drive "${USB_DRIVE}"
+                gpg_reconstruct_key "$MY_USERNAME" interactive
                 return 0
             fi
             dialog --title $"Recover Encryption Keys" \
                    --msgbox $"There was a problem mounting the USB drive $USB_DRIVE to $USB_MOUNT" 6 70
-            backup_unmount_drive ${USB_DRIVE}
+            backup_unmount_drive "${USB_DRIVE}"
             exit 74393
         fi
 
-        if [ ! -d $USB_MOUNT/.gnupg ]; then
-            if [ ! -d $USB_MOUNT/.gnupg_fragments ]; then
+        if [ ! -d "$USB_MOUNT/.gnupg" ]; then
+            if [ ! -d "$USB_MOUNT/.gnupg_fragments" ]; then
                 if (( GPG_CTR > 0 )); then
-                    backup_unmount_drive ${USB_DRIVE}
-                    gpg_reconstruct_key $MY_USERNAME interactive
-                    gpg_update_mutt $MY_USERNAME
+                    backup_unmount_drive "${USB_DRIVE}"
+                    gpg_reconstruct_key "$MY_USERNAME" interactive
+                    gpg_update_mutt "$MY_USERNAME"
                     return 0
                 fi
                 dialog --title $"Recover Encryption Keys" \
                        --msgbox $"The directory $USB_MOUNT/.gnupg or $USB_MOUNT/.gnupg_fragments was not found" 6 70
-                backup_unmount_drive ${USB_DRIVE}
+                backup_unmount_drive "${USB_DRIVE}"
                 exit 723814
             fi
         fi
 
-        if [ -d $USB_MOUNT/letsencrypt ]; then
+        if [ -d "$USB_MOUNT/letsencrypt" ]; then
             if [ ! -d /etc/letsencrypt ]; then
                 mkdir /etc/letsencrypt
             fi
             echo $'Recovering LetsEncrypt keys'
-            cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
+            cp -r "$USB_MOUNT/letsencrypt/*" /etc/letsencrypt
             addgroup ssl-cert
             chown -R root:ssl-cert /etc/letsencrypt
         fi
 
-        if [ -f $USB_MOUNT/.mastergpgkey ]; then
+        if [ -f "$USB_MOUNT/.mastergpgkey" ]; then
             # Recovering keys from file rather than just copying the gnupg
             # directory may help to avoid problems during upgrades/reinstalls
-            if [ ! -f $USB_MOUNT/.backupgpgkey ]; then
+            if [ ! -f "$USB_MOUNT/.backupgpgkey" ]; then
                 echo $'No backup key file found on USB drive'
                 exit 725729
             fi
             CURR_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-            CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
-            CURR_GPG_BACKUP_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
+            CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
+            CURR_GPG_BACKUP_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
 
             # If the default key is specified within gpg.conf
-            if [ -f $HOME_DIR/gpg.conf ]; then
-                if grep -q "default-key" $HOME_DIR/gpg.conf; then
-                    default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key")
+            if [ -f "$HOME_DIR/gpg.conf" ]; then
+                if grep -q "default-key" "$HOME_DIR/gpg.conf"; then
+                    default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf")
                     if [[ "$default_gpg_key" != *'#'* ]]; then
-                        default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                        default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf" | awk -F ' ' '{print $2}')
                         if [ ${#default_gpg_key} -gt 3 ]; then
-                            CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                            CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
                         fi
                     fi
                 fi
             fi
 
             echo $'Making backup copy of existing gpg keys'
-            if [ -d $HOME_DIR/.gnupg ]; then
-                if [ -d $HOME_DIR/.gnupg_old ]; then
-                    rm -rf $HOME_DIR/.gnupg_old
+            if [ -d "$HOME_DIR/.gnupg" ]; then
+                if [ -d "$HOME_DIR/.gnupg_old" ]; then
+                    rm -rf "$HOME_DIR/.gnupg_old"
                 fi
-                cp -r $HOME_DIR/.gnupg $HOME_DIR/.gnupg_old
-                chmod 700 $HOME_DIR/.gnupg_old
-                chmod -R 600 $HOME_DIR/.gnupg_old/*
-                chown -R $MY_USERNAME:$MY_USERNAME $HOME_DIR/.gnupg_old
+                cp -r "$HOME_DIR/.gnupg $HOME_DIR/.gnupg_old"
+                chmod 700 "$HOME_DIR/.gnupg_old"
+                chmod -R 600 "$HOME_DIR/.gnupg_old/*"
+                chown -R "$MY_USERNAME":"$MY_USERNAME" "$HOME_DIR/.gnupg_old"
             fi
             echo $'Removing old gpg keys'
-            gpg_delete_key $MY_USERNAME $CURR_GPG_BACKUP_ID
-            gpg_delete_key $MY_USERNAME $CURR_GPG_ID
+            gpg_delete_key "$MY_USERNAME" "$CURR_GPG_BACKUP_ID"
+            gpg_delete_key "$MY_USERNAME" "$CURR_GPG_ID"
             echo $'Importing master keys'
-            gpg --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey
-            echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey
-            if [ -d $HOME_DIR/.gnupg ]; then
+            gpg --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.mastergpgkey"
+            echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.backupgpgkey"
+            if [ -d "$HOME_DIR/.gnupg" ]; then
                 echo $'Setting permissions'
-                gpg_set_permissions $MY_USERNAME
+                gpg_set_permissions "$MY_USERNAME"
                 echo $"Updating muttrc for $MY_USERNAME"
-                gpg_update_mutt $MY_USERNAME
+                gpg_update_mutt "$MY_USERNAME"
             fi
             GPG_LOADING="no"
             dialog --title $"Recover Encryption Keys" \
                    --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
         else
-            if [ -d $USB_MOUNT/.gnupg ]; then
-                if [ ! -d $HOME_DIR/.gnupg ]; then
-                    mkdir $HOME_DIR/.gnupg
+            if [ -d "$USB_MOUNT/.gnupg" ]; then
+                if [ ! -d "$HOME_DIR/.gnupg" ]; then
+                    mkdir "$HOME_DIR/.gnupg"
                 fi
                 echo $'Recovering GPG keys'
-                cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
+                cp -r "$USB_MOUNT/.gnupg/*" "$HOME_DIR/.gnupg"
                 GPG_LOADING="no"
                 dialog --title $"Recover Encryption Keys" \
                        --msgbox $"GPG Keyring directory loaded to $HOME_DIR" 6 70
             else
                 # Collect fragments from the USB drive
-                if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
-                    mkdir $HOME_DIR/.gnupg_fragments
+                if [ ! -d "$HOME_DIR/.gnupg_fragments" ]; then
+                    mkdir "$HOME_DIR/.gnupg_fragments"
                 fi
-                cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
+                cp -r "$USB_MOUNT/.gnupg_fragments/*" "$HOME_DIR/.gnupg_fragments"
             fi
         fi
 
-        if [[ $SSH_IMPORTED == "no" ]]; then
-            if [ -d $USB_MOUNT/.ssh ]; then
-                if [ ! -d $HOME_DIR/.ssh ]; then
-                    mkdir $HOME_DIR/.ssh
+        if [[ "$SSH_IMPORTED" == "no" ]]; then
+            if [ -d "$USB_MOUNT/.ssh" ]; then
+                if [ ! -d "$HOME_DIR/.ssh" ]; then
+                    mkdir "$HOME_DIR/.ssh"
                 fi
-                cp $USB_MOUNT/.ssh/* $HOME_DIR/.ssh
+                cp "$USB_MOUNT/.ssh/*" "$HOME_DIR/.ssh"
                 dialog --title $"Recover Encryption Keys" \
                        --msgbox $"ssh keys imported" 6 70
                 SSH_IMPORTED="yes"
             fi
         fi
 
-        if [ -d $USB_MOUNT ]; then
-            backup_unmount_drive ${USB_DRIVE}
+        if [ -d "$USB_MOUNT" ]; then
+            backup_unmount_drive "${USB_DRIVE}"
         fi
         if [[ $GPG_LOADING == "yes" ]]; then
             dialog --title $"Recover Encryption Keys" \
@@ -185,15 +185,15 @@ function interactive_gpg_from_remote {
     REMOTE_SERVERS_LIST=/home/$MY_USERNAME/keyshareservers.txt
 
     # get a list of remote servers
-    ${PROJECT_NAME}-remote -u $MY_USERNAME -l $REMOTE_SERVERS_LIST -t "Remote server"
+    "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST" -t "Remote server"
 
-    if [ ! -f $REMOTE_SERVERS_LIST ]; then
+    if [ ! -f "$REMOTE_SERVERS_LIST" ]; then
         dialog --title $"Encryption Keys Recovery" --msgbox $'Error obtaining server list' 6 70
         return 1
     fi
 
     # check the number of entries in the file
-    no_of_servers=$(cat $REMOTE_SERVERS_LIST | wc -l)
+    no_of_servers=$(wc -l < "$REMOTE_SERVERS_LIST")
     if (( no_of_servers < 3 )); then
         dialog --title $"Encryption Keys Recovery" \
                --msgbox $'There must be at least three servers to recover the key' 6 70
@@ -201,8 +201,7 @@ function interactive_gpg_from_remote {
     fi
 
     # try to recover the key from the servers
-    ${PROJECT_NAME}-recoverkey -u $MY_USERNAME -l $REMOTE_SERVERS_LIST
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST"; then
         dialog --title $"Encryption Keys Recovery" --msgbox $'Your key could not be recovered' 6 70
         return 3
     fi
@@ -217,36 +216,36 @@ function interactive_gpg {
     while [[ $GPG_CONFIGURED != "yes" ]]
     do
         GPG_CONFIGURED="yes"
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
                --radiolist $"GPG/PGP keys for your system:" 13 70 3 \
                1 $"Generate new keys (new user)" on \
                2 $"Import keys from USB drive/s" off \
-               3 $"Retrieve keys from friends servers" off 2> $data
+               3 $"Retrieve keys from friends servers" off 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 2;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 2;;
         esac
-        case $(cat $data) in
-            1) if [ -d /home/${MY_USERNAME}/.gnupg ]; then
-                   rm -rf /home/${MY_USERNAME}/.gnupg
+        case $(cat "$data") in
+            1) if [ -d "/home/${MY_USERNAME}/.gnupg" ]; then
+                   rm -rf "/home/${MY_USERNAME}/.gnupg"
                fi
                break;;
             2) interactive_gpg_from_usb
                break;;
-            3) interactive_gpg_from_remote
-               if [ ! "$?" = "0" ]; then
+            3) if ! interactive_gpg_from_remote; then
                    GPG_CONFIGURED="no"
                fi;;
         esac
+        rm -f "$data"
     done
 }
 
 function interactive_key_recovery {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
 
     dialog --title $"Encryption Keys Recovery" \
            --backtitle $"Freedombone Configuration" \
@@ -254,14 +253,16 @@ function interactive_key_recovery {
            --yesno $"Do you wish to recover your previous encryption keys from a USB master keydrive?" 7 60
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
     clear
     apt-get -yq install cryptsetup
-    ${PROJECT_NAME}-recoverkey -u $MY_USERNAME
-    if [ -d /home/$MY_USERNAME/.gnupg ]; then
-        cp -rf /home/$MY_USERNAME/.gnupg /root
+    "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME"
+    if [ -d "/home/$MY_USERNAME/.gnupg" ]; then
+        cp -rf "/home/$MY_USERNAME/.gnupg" /root
         chmod 700 /root/.gnupg
         chmod 600 /root/.gnupg/*
         printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
@@ -269,6 +270,7 @@ function interactive_key_recovery {
             chmod +x /root/.gnupg/crls.d
         fi
     fi
+    rm -f "$data"
 }
 
 function set_password_for_all_users {
@@ -278,7 +280,7 @@ function set_password_for_all_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            ${PROJECT_NAME}-pass -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
+            "${PROJECT_NAME}-pass" -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
         fi
     done
 }

src/freedombone-utils-login

@@ -38,14 +38,13 @@ function change_login_message {
         rm -f /etc/init.d/motd
     fi
 
-    echo '' > /etc/motd
-    echo ".---.                  .              .                   " >> /etc/motd
-    echo "|                      |              |                   " >> /etc/motd
-    echo "|--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-. " >> /etc/motd
-    echo "|    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-' " >> /etc/motd
-    echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'" >> /etc/motd
-    echo $'                  Freedom in the Cloud' >> /etc/motd
-    echo '' >> /etc/motd
+    { echo ".---.                  .              .                   ";
+      echo "|                      |              |                   ";
+      echo "|--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-. ";
+      echo "|    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-' ";
+      echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'";
+      echo $'                  Freedom in the Cloud';
+      echo ''; } > /etc/motd
     mark_completed "${FUNCNAME[0]}"
 }
 

src/freedombone-utils-mesh

@@ -35,11 +35,11 @@ MESH_DEFAULT_PROTOCOL=/root/.mesh_protocol_default
 function mesh_generate_ipv6_address {
     network=fd66:66:66
 
-    if [ $1 ]; then
-        search_ipv6=$(ifconfig $1 | grep $network)
-        if [ $search_ipv6 ]; then
-            result=$(ifconfig $1 | grep $network | awk -F ' ' '{print $2}')
-            ip -6 addr add ${result}/128 dev $1
+    if [ "$1" ]; then
+        search_ipv6=$(ifconfig "$1" | grep "$network")
+        if [ "$search_ipv6" ]; then
+            result=$(ifconfig "$1" | grep "$network" | awk -F ' ' '{print $2}')
+            ip -6 addr add "${result}/128" dev "$1"
             return
         fi
     fi
@@ -51,7 +51,7 @@ function mesh_generate_ipv6_address {
     d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
     e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
     result=$network:$a:$b:$c:$d:$e
-    ip -6 addr add ${result}/128 dev $1
+    ip -6 addr add "${result}/128" dev "$1"
 }
 
 function mesh_protocol_init {
@@ -67,21 +67,21 @@ function mesh_protocol_init {
 
     # Mesh definition
     WIFI_SSID='mesh'
-    if [ -f $COMPLETION_FILE ]; then
-        if grep -q "WIFI_SSID:" $COMPLETION_FILE; then
-            WIFI_SSID=$(cat $COMPLETION_FILE | grep "WIFI_SSID:" | awk -F ':' '{print $2}')
+    if [ -f "$COMPLETION_FILE" ]; then
+        if grep -q "WIFI_SSID:" "$COMPLETION_FILE"; then
+            WIFI_SSID=$(grep "WIFI_SSID:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
         fi
-        sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" $COMPLETION_FILE
+        sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" "$COMPLETION_FILE"
     fi
     CELLID='any'
 
     CHANNEL=2
     HOTSPOT_CHANNEL=6
-    if [ -f $COMPLETION_FILE ]; then
-        if grep -q "Wifi channel:" $COMPLETION_FILE; then
-            CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}')
+    if [ -f "$COMPLETION_FILE" ]; then
+        if grep -q "Wifi channel:" "$COMPLETION_FILE"; then
+            CHANNEL=$(grep "Wifi channel:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
         fi
-        sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" $COMPLETION_FILE
+        sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" "$COMPLETION_FILE"
     fi
 
     ZERONET_PORT=15441
@@ -101,18 +101,18 @@ function mesh_protocol_init {
     EIFACE=eth0
     WLAN_ADAPTORS=$(count_wlan)
 
-    if [ $WLAN_ADAPTORS -eq 0 ]; then
+    if [ "$WLAN_ADAPTORS" -eq 0 ]; then
         echo $'No wlan adaptors found'
         exit 0
     fi
 }
 
 function get_ipv6_wlan {
-    echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
+    ifconfig "${IFACE}" | grep inet6 | awk -F ' ' '{print $2}'
 }
 
 function mesh_hotspot_ip_address {
-    echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
+    ifconfig "${BRIDGE}" | grep inet6 | awk -F ' ' '{print $2}'
 }
 
 function global_rate_limit {
@@ -129,7 +129,7 @@ function global_rate_limit {
 function assign_peer_address {
     for i in {1..6}; do
         number=$RANDOM
-        let "number %= 255"
+        (( "number %= 255" ))
         octet=$(echo "obase=16;$number" | bc)
         if [ ${#octet} -lt 2 ]; then
             octet="0${octet}"
@@ -142,7 +142,7 @@ function assign_peer_address {
 }
 
 function mesh_create_app_downloads_page {
-    if [ ! -d /root/$PROJECT_NAME/image_build/mesh_apps ]; then
+    if [ ! -d "/root/$PROJECT_NAME/image_build/mesh_apps" ]; then
         return
     fi
     if [ ! -d /var/www/html ]; then
@@ -163,27 +163,27 @@ function mesh_create_app_downloads_page {
         mv /home/fbone/Desktop/cryptpad.desktop /home/fbone/.cryptpad.desktop
     fi
 
-    cp /root/$PROJECT_NAME/website/EN/meshindex.html /var/www/html/index.html
+    cp "/root/$PROJECT_NAME/website/EN/meshindex.html" /var/www/html/index.html
     if [ ! -f /var/www/html/ssb.apk ]; then
-        cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
+        cp "/root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk" /var/www/html/ssb.apk
     fi
     if [ ! -f /var/www/html/trifa.apk ]; then
-        cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk
+        cp "/root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk" /var/www/html/trifa.apk
     fi
     if [ ! -d /var/www/html/images ]; then
         mkdir /var/www/html/images
     fi
     if [ ! -f /var/www/html/images/logo.png ]; then
-        cp /root/$PROJECT_NAME/img/logo.png /var/www/html/images/logo.png
+        cp "/root/$PROJECT_NAME/img/logo.png" /var/www/html/images/logo.png
     fi
     if [ ! -f /var/www/html/images/ssb.png ]; then
-        cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
+        cp "/root/$PROJECT_NAME/img/icon_patchwork.png" /var/www/html/images/ssb.png
     fi
     if [ ! -f /var/www/html/images/trifa.png ]; then
-        cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png
+        cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png
     fi
     if [ ! -f /var/www/html/freedombone.css ]; then
-        cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
+        cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css
     fi
     chown -R www-data:www-data /var/www/html/*
 }
@@ -191,8 +191,8 @@ function mesh_create_app_downloads_page {
 function enable_mesh_firewall {
     iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
     iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
-    iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     iptables -A INPUT -p udp --dport 6240 -j ACCEPT
     iptables -A INPUT -p tcp --dport 6240 -j ACCEPT
     iptables -A INPUT -p tcp --dport 80 -j ACCEPT
@@ -203,16 +203,16 @@ function enable_mesh_firewall {
     iptables -A INPUT -p udp --dport 5353 -j ACCEPT
     iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
     iptables -A INPUT -p udp --dport 5354 -j ACCEPT
-    iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     iptables -A INPUT -p udp --dport 8008 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
@@ -227,8 +227,8 @@ function enable_mesh_firewall {
 
     ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
     ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     ip6tables -A INPUT -p udp --dport 6240 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 6240 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
@@ -239,16 +239,16 @@ function enable_mesh_firewall {
     ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 5354 -j ACCEPT
     ip6tables -A INPUT -p udp --dport 5354 -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    ip6tables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     ip6tables -A INPUT -p udp --dport 8008 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT
     ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT
@@ -266,12 +266,12 @@ function enable_mesh_firewall {
     # to discover local peers
     iptables -A INPUT -p tcp --dport 653 -j ACCEPT
     iptables -A INPUT -p udp --dport 653 -j ACCEPT
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+    iptables -A INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -A INPUT -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+    iptables -A FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -A FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
     iptables -A OUTPUT -o tun+ -j ACCEPT
     echo 1 > /proc/sys/net/ipv4/ip_forward
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
@@ -280,8 +280,8 @@ function enable_mesh_firewall {
 }
 
 function disable_mesh_firewall {
-    iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     iptables -D INPUT -p udp --dport 6240 -j ACCEPT
     iptables -D INPUT -p tcp --dport 6240 -j ACCEPT
     iptables -D INPUT -p tcp --dport 80 -j ACCEPT
@@ -292,17 +292,17 @@ function disable_mesh_firewall {
     iptables -D INPUT -p udp --dport 5353 -j ACCEPT
     iptables -D INPUT -p tcp --dport 5354 -j ACCEPT
     iptables -D INPUT -p udp --dport 5354 -j ACCEPT
-    iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     iptables -D INPUT -p udp --dport 8008 -j ACCEPT
     iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@@ -315,8 +315,8 @@ function disable_mesh_firewall {
     ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT
 
 
-    ip6tables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     ip6tables -D INPUT -p udp --dport 6240 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 6240 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 80 -j ACCEPT
@@ -327,17 +327,17 @@ function disable_mesh_firewall {
     ip6tables -D INPUT -p udp --dport 5353 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 5354 -j ACCEPT
     ip6tables -D INPUT -p udp --dport 5354 -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    ip6tables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     ip6tables -D INPUT -p udp --dport 8008 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT
     ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT
@@ -352,12 +352,12 @@ function disable_mesh_firewall {
     # vpn over the internet
     iptables -D INPUT -p tcp --dport 653 -j ACCEPT
     iptables -D INPUT -p udp --dport 653 -j ACCEPT
-    iptables -D INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+    iptables -D INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -D INPUT -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -j ACCEPT
-    iptables -D FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -D FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+    iptables -D FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -D FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
     iptables -D OUTPUT -o tun+ -j ACCEPT
 
     echo 0 > /proc/sys/net/ipv4/ip_forward
@@ -401,25 +401,25 @@ function enable_mesh_tor {
 }
 
 function enable_mesh_seconary_wifi {
-    if [ $secondary_wifi_available ]; then
+    if [ "$secondary_wifi_available" ]; then
         sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
 
         mesh_hotspot_address=$(mesh_hotspot_ip_address)
         if [[ "$mesh_hotspot_address" == *'.'* ]]; then
-            echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
-            echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
-            echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
-            echo "country_code=UK" >> /etc/hostapd/hostapd.conf
-            echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf
-            echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
-            echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
-            echo 'wpa=2' >> /etc/hostapd/hostapd.conf
-            echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
-            echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
-            echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
-            echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
-            echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
-            echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
+            { echo "interface=${IFACE_SECONDARY}";
+              echo "bridge=${BRIDGE}";
+              echo 'driver=nl80211';
+              echo "country_code=UK";
+              echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}";
+              echo 'hw_mode=g';
+              echo "channel=${HOTSPOT_CHANNEL}";
+              echo 'wpa=2';
+              echo "wpa_passphrase=$HOTSPOT_PASSPHRASE";
+              echo 'wpa_key_mgmt=WPA-PSK';
+              echo 'wpa_pairwise=TKIP';
+              echo 'rsn_pairwise=CCMP';
+              echo 'auth_algs=1';
+              echo 'macaddr_acl=0'; } > /etc/hostapd/hostapd.conf
 
             sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
             sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
@@ -437,7 +437,7 @@ function enable_mesh_seconary_wifi {
         fi
     fi
 
-    if [ ! $secondary_wifi_available ]; then
+    if [ ! "$secondary_wifi_available" ]; then
         systemctl stop hostapd
         systemctl disable hostapd
 

src/freedombone-utils-meteor

@@ -41,14 +41,14 @@ function meteor_cleanUp {
 }
 
 function install_meteor_script {
-    meteor_dir=$1
+    meteor_dir="$1"
 
-    if [ ! $meteor_dir ]; then
+    if [ ! "$meteor_dir" ]; then
         echo $'No meteor install directory specified'
         exit 692025
     fi
 
-    if [ ! -d $meteor_dir ]; then
+    if [ ! -d "$meteor_dir" ]; then
         echo $'Meteor install directory not found'
         exit 845382
     fi
@@ -67,19 +67,19 @@ function install_meteor_script {
 
     DIR_PREFIX="/usr/local"
 
-    TARBALL_URL="$https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
+    TARBALL_URL="https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
     INSTALL_TMPDIR="$meteor_dir/.meteor-install-tmp"
     TARBALL_FILE="$meteor_dir/.meteor-tarball-tmp"
 
     # Remove temporary files now in case they exist.
     meteor_cleanUp
 
-    if [ -d $INSTALL_TMPDIR ]; then
-        rm -rf $INSTALL_TMPDIR
+    if [ -d "$INSTALL_TMPDIR" ]; then
+        rm -rf "$INSTALL_TMPDIR"
     fi
     mkdir "$INSTALL_TMPDIR"
 
-    if [ ! -f ${TARBALL_FILE} ]; then
+    if [ ! -f "${TARBALL_FILE}" ]; then
         echo "Downloading Meteor distribution"
         # keep trying to curl the file until it works (resuming where possible)
         MAX_ATTEMPTS=10
@@ -90,11 +90,8 @@ function install_meteor_script {
         do
             ATTEMPTS=$((ATTEMPTS + 1))
 
-            curl --progress-bar --fail --continue-at - \
-                 "$TARBALL_URL" --output "$TARBALL_FILE"
-
-            if [ $? -eq 0 ]
-            then
+            if curl --progress-bar --fail --continue-at - \
+                    "$TARBALL_URL" --output "$TARBALL_FILE"; then
                 break
             fi
 
@@ -103,14 +100,14 @@ function install_meteor_script {
         done
     fi
 
-    if [ ! -f ${TARBALL_FILE} ]; then
+    if [ ! -f "${TARBALL_FILE}" ]; then
         echo $'meteor tarball could not be downloaded'
         exit 7272452
     fi
 
     tar -xzf "$TARBALL_FILE" -C "$INSTALL_TMPDIR" -o
 
-    if [ ! -f ${INSTALL_TMPDIR}/.meteor/meteor ]; then
+    if [ ! -f "${INSTALL_TMPDIR}/.meteor/meteor" ]; then
         echo $'tarball not extracted'
         exit 693252
     fi
@@ -201,10 +198,10 @@ EOF
 
 function install_meteor {
     apt-get -yq install curl
-    if [ ! -d $INSTALL_DIR/meteor ]; then
-        mkdir $INSTALL_DIR/meteor
+    if [ ! -d "$INSTALL_DIR/meteor" ]; then
+        mkdir "$INSTALL_DIR/meteor"
     fi
-    cd $INSTALL_DIR/meteor
+    cd "$INSTALL_DIR/meteor" || exit 72345274
     install_meteor_script
 }
 

src/freedombone-utils-mongodb

@@ -35,14 +35,14 @@ MONGODB_APPS_FILE=$HOME/.mongodbapps
 function store_original_mongodb_password {
     if [ ! -f /root/.mongodboriginal ]; then
         echo $'Storing original mongodb password'
-        ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
+        ORIGINAL_MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
         # We can store this in plaintext because it will soon be of historical interest only
         echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
     fi
 }
 
 function get_mongodb_password {
-    MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
+    MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
     if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
         echo $'Could not obtain mongodb password'
         exit 7835272
@@ -63,14 +63,14 @@ function install_mongodb {
 
     function_check get_mongodb_password
     get_mongodb_password
-    if [ ! $MONGODB_PASSWORD ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "$MONGODB_PASSWORD" ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            MONGODB_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+            MONGODB_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    ${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD"
+    "${PROJECT_NAME}-pass" -u root -a mongodb -p "$MONGODB_PASSWORD"
 
     apt-get -yq install mongodb mongo-tools
     apt-get -yq remove --purge apache2-bin*
@@ -84,9 +84,9 @@ function install_mongodb {
         exit 78352
     fi
 
-    if [ $app_name ]; then
-        if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
-           echo "$app_name" >> $MONGODB_APPS_FILE
+    if [ "$app_name" ]; then
+        if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
+           echo "$app_name" >> "$MONGODB_APPS_FILE"
         fi
     fi
 
@@ -96,14 +96,14 @@ function install_mongodb {
 function remove_mongodb {
     app_name=$1
 
-    if [ ! $app_name ]; then
+    if [ ! "$app_name" ]; then
         return
     fi
 
     removemongo=
-    if [ -f $MONGODB_APPS_FILE ]; then
-        sed -i "/$app_name/d" $MONGODB_APPS_FILE
-        if [ ! -s $MONGODB_APPS_FILE ]; then
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
+        if [ ! -s "$MONGODB_APPS_FILE" ]; then
             removemongo=1
         fi
     else
@@ -125,7 +125,7 @@ function remove_mongodb {
         if [ -f /etc/init.d/mongodb ]; then
             rm /etc/init.d/mongodb
         fi
-        sed -i '/install_mongodb/d' $COMPLETION_FILE
+        sed -i '/install_mongodb/d' "$COMPLETION_FILE"
     fi
 }
 
@@ -146,10 +146,10 @@ function drop_database_mongodb {
     if [[ "$database_name" == 'admin' ]]; then
         return
     fi
-    mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )"
-    if [ $app_name ]; then
-        if grep -q "$app_name" $MONGODB_APPS_FILE; then
-            sed -i "/$app_name/d" $MONGODB_APPS_FILE
+    mongo "$database_name" --eval "db.runCommand( { dropDatabase: 1 } )"
+    if [ "$app_name" ]; then
+        if grep -q "$app_name" "$MONGODB_APPS_FILE"; then
+            sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
         fi
     fi
 }
@@ -157,8 +157,7 @@ function drop_database_mongodb {
 function initialise_database_mongodb {
     database_name=$1
     database_file=$2
-    mongorestore $database_file
-    if [ ! "$?" = "0" ]; then
+    if ! mongorestore "$database_file"; then
         exit 8358365
     fi
 }
@@ -166,11 +165,13 @@ function initialise_database_mongodb {
 function create_database_mongodb {
     app_name="$1"
     app_admin_password="$2"
-    app_admin_username=$3
+    app_admin_username="$3"
     mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
-    if [ $app_name ]; then
-        if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
-           echo "$app_name" >> $MONGODB_APPS_FILE
+    if [ "$app_name" ]; then
+        if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
+           echo "$app_name" >> "$MONGODB_APPS_FILE"
         fi
     fi
 }
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-utils-monkeysphere

@@ -34,22 +34,22 @@ function install_monkeysphere {
     fi
     apt-get -yq install monkeysphere msva-perl
     #su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
-    mkdir /home/$MY_USERNAME/.monkeysphere
-    chmod 755 /home/$MY_USERNAME/.monkeysphere
-    echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
-    chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
+    mkdir "/home/$MY_USERNAME/.monkeysphere"
+    chmod 755 "/home/$MY_USERNAME/.monkeysphere"
+    echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
+    chmod 644 "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.monkeysphere"
     monkeysphere-authentication update-users
 
     if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
         echo $'monkeysphere import: ssh host key not found'
         exit 76295
     fi
-    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
+    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
     SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
-    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
+    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
 
-    if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
+    if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
             echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
@@ -57,8 +57,8 @@ function install_monkeysphere {
         fi
     fi
     # The admin user is the identity certifier
-    fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-    monkeysphere-authentication add-identity-certifier $fpr
+    fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+    monkeysphere-authentication add-identity-certifier "$fpr"
 
     mark_completed "${FUNCNAME[0]}"
 }

src/freedombone-utils-network

@@ -62,11 +62,11 @@ function install_static_network {
     echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
     echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
 
-    echo 'auto eth0' > /etc/network/interfaces.d/static
-    echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
-    echo "    address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces.d/static
-    echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
-    echo "    gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces.d/static
+    { echo 'auto eth0';
+      echo 'iface eth0 inet static';
+      echo "    address $LOCAL_NETWORK_STATIC_IP_ADDRESS";
+      echo '    netmask 255.255.255.0';
+      echo "    gateway $ROUTER_IP_ADDRESS"; } > /etc/network/interfaces.d/static
 
     mark_completed "${FUNCNAME[0]}"
 }
@@ -77,23 +77,23 @@ function get_external_ipv4_address {
 
 function get_ipv4_address {
     IPv4dev=$(ip route get $IPV4_ADDRESS_TEST_DESTINATION | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
-    echo $(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+    ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}'
 }
 
 function get_ipv6_address {
     retval=$(ip -6 route get $IPV6_ADDRESS_TEST_DESTINATION 2> /dev/null)
-    echo $(echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
+    echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }'
 }
 
 function update_external_ip {
     ip_update_script=/usr/bin/externalipupdate
-    echo '#!/bin/bash' >> $ip_update_script
-    echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
-    echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
-    echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
-    echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
-    echo "  echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt" >> $ip_update_script
-    echo 'fi' >> $ip_update_script
+    { echo '#!/bin/bash';
+      echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'";
+      echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')";
+      echo "if [[ \"\$curr_ip\" != \"\$existing_ip\" ]]; then";
+      echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE";
+      echo "  echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt";
+      echo 'fi'; } > $ip_update_script
 
     cron_add_mins 10 $ip_update_script
 }