From 8848ea40ef2729e8b5e8b0940274ac82554eff8b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 26 Feb 2018 13:50:40 +0000 Subject: [PATCH] Tidying --- src/cronic | 8 +- src/freedombone | 97 +++-- src/freedombone-addcert | 115 +++--- src/freedombone-addemail | 135 ++++--- src/freedombone-addlist | 153 ++++---- src/freedombone-addremove | 62 +-- src/freedombone-adduser | 185 +++++---- src/freedombone-app-akaunting | 303 +++++++-------- src/freedombone-app-batman | 53 ++- src/freedombone-app-bdsmail | 244 ++++++------ src/freedombone-app-cryptpad | 594 ++++++++++++++--------------- src/freedombone-app-dlna | 109 +++--- src/freedombone-app-dokuwiki | 500 ++++++++++++------------ src/freedombone-app-edith | 267 ++++++------- src/freedombone-app-emacs | 292 +++++++------- src/freedombone-utils-go | 76 ++-- src/freedombone-utils-gpg | 245 ++++++------ src/freedombone-utils-guile | 34 +- src/freedombone-utils-i2p | 8 +- src/freedombone-utils-interactive | 119 +++--- src/freedombone-utils-keys | 154 ++++---- src/freedombone-utils-login | 15 +- src/freedombone-utils-mesh | 192 +++++----- src/freedombone-utils-meteor | 31 +- src/freedombone-utils-mongodb | 51 +-- src/freedombone-utils-monkeysphere | 20 +- src/freedombone-utils-network | 28 +- 27 files changed, 2047 insertions(+), 2043 deletions(-) diff --git a/src/cronic b/src/cronic index 2e8e9b27..385979f2 100755 --- a/src/cronic +++ b/src/cronic @@ -12,14 +12,14 @@ ERR=$TMP/cronic.err TRACE=$TMP/cronic.trace set +e -"$@" >$OUT 2>$TRACE +"$@" >"$OUT" 2>"$TRACE" RESULT=$? set -e PATTERN="^${PS4:0:1}\\+${PS4:1}" -if grep -aq "$PATTERN" $TRACE +if grep -aq "$PATTERN" "$TRACE" then - ! grep -av "$PATTERN" $TRACE > $ERR + ! grep -av "$PATTERN" "$TRACE" > "$ERR" else ERR=$TRACE fi @@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ] echo echo "STANDARD OUTPUT:" cat "$OUT" - if [ $TRACE != $ERR ] + if [ "$TRACE" != "$ERR" ] then echo echo "TRACE-ERROR OUTPUT:" diff --git a/src/freedombone b/src/freedombone index d3ee8164..0549bcf4 100755 --- a/src/freedombone +++ b/src/freedombone @@ -42,61 +42,61 @@ fi source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done -APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* +APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*" for f in $APP_FILES do - source $f + source "$f" done -command_options=$1 +command_options="$1" -if [[ $command_options == "menuconfig-full" ]]; then +if [[ "$command_options" == "menuconfig-full" ]]; then MINIMAL_INSTALL="no" fi -if [[ $command_options == "menuconfig-onion" ]]; then +if [[ "$command_options" == "menuconfig-onion" ]]; then MINIMAL_INSTALL="yes" ONION_ONLY="yes" fi -if [[ $command_options == "menuconfig-gnusocial" ]]; then +if [[ "$command_options" == "menuconfig-gnusocial" ]]; then MINIMAL_INSTALL="yes" ONION_ONLY="no" SOCIALINSTANCE='gnusocial' fi -if [[ $command_options == "menuconfig-postactiv" ]]; then +if [[ "$command_options" == "menuconfig-postactiv" ]]; then MINIMAL_INSTALL="yes" ONION_ONLY="no" SOCIALINSTANCE='postactiv' fi -if [ ! $CONFIGURATION_FILE ]; then - CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +if [ ! "$CONFIGURATION_FILE" ]; then + CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" fi -if [ ! $COMPLETION_FILE ]; then - COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt +if [ ! "$COMPLETION_FILE" ]; then + COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt" fi # before the interactive config so that wifi adaptors may be detected setup_wifi_atheros -if [[ $command_options == "menuconfig"* ]]; then +if [[ "$command_options" == "menuconfig"* ]]; then if [[ "$2" == "--reset" ]]; then - if [ -f $CONFIGURATION_FILE ]; then - rm $CONFIGURATION_FILE + if [ -f "$CONFIGURATION_FILE" ]; then + rm "$CONFIGURATION_FILE" fi - if [ -f $COMPLETION_FILE ]; then - rm $COMPLETION_FILE + if [ -f "$COMPLETION_FILE" ]; then + rm "$COMPLETION_FILE" fi - if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then - rm /usr/share/${PROJECT_NAME}/installed.txt + if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then + rm "/usr/share/${PROJECT_NAME}/installed.txt" fi if [ -f /root/removed ]; then rm /root/removed @@ -104,18 +104,18 @@ if [[ $command_options == "menuconfig"* ]]; then fi # clear the interactive file which indicates configuration success - interactive_file=$HOME/.${PROJECT_NAME}-interactive - if [ -f $interactive_file ]; then - rm $interactive_file + interactive_file="$HOME/.${PROJECT_NAME}-interactive" + if [ -f "$interactive_file" ]; then + rm "$interactive_file" fi interactive_configuration # check that the interactive file was created - if [ ! -f $interactive_file ]; then + if [ ! -f "$interactive_file" ]; then exit 6393562 fi - rm $interactive_file + rm "$interactive_file" else while [ $# -gt 1 ] do @@ -169,12 +169,12 @@ else # Static IP address for the system --ip) shift - LOCAL_NETWORK_STATIC_IP_ADDRESS=$1 + LOCAL_NETWORK_STATIC_IP_ADDRESS="$1" ;; # IP address for the internet router --iprouter) shift - ROUTER_IP_ADDRESS=$1 + ROUTER_IP_ADDRESS="$1" ;; # ssh port --ssh) @@ -214,61 +214,61 @@ else # Mumble server password --vpass) shift - MUMBLE_SERVER_PASSWORD=$1 + MUMBLE_SERVER_PASSWORD="$1" ;; # Mumble server port --vport) shift - MUMBLE_PORT=$1 + MUMBLE_PORT="$1" ;; # DNS Nameserver 1 --ns1) shift - NAMESERVER1=$1 + NAMESERVER1="$1" ;; # DNS Nameserver 2 --ns2) shift - NAMESERVER2=$1 + NAMESERVER2="$1" ;; # DNS Nameserver 3 --ns3) shift - NAMESERVER3=$1 + NAMESERVER3="$1" ;; # DNS Nameserver 4 --ns4) shift - NAMESERVER4=$1 + NAMESERVER4="$1" ;; # DNS Nameserver 5 --ns5) shift - NAMESERVER5=$1 + NAMESERVER5="$1" ;; # DNS Nameserver 6 --ns6) shift - NAMESERVER6=$1 + NAMESERVER6="$1" ;; # Debian repository --repo) shift - DEBIAN_REPO=$1 + DEBIAN_REPO="$1" ;; # clear the config file --reset) - if [ -f $CONFIGURATION_FILE ]; then - rm $CONFIGURATION_FILE + if [ -f "$CONFIGURATION_FILE" ]; then + rm "$CONFIGURATION_FILE" fi - if [ -f $COMPLETION_FILE ]; then - rm $COMPLETION_FILE + if [ -f "$COMPLETION_FILE" ]; then + rm "$COMPLETION_FILE" fi ;; # minimal install --minimal) shift - MINIMAL_INSTALL=$1 + MINIMAL_INSTALL="$1" ;; *) # unknown option @@ -293,7 +293,7 @@ function parse_args { read_config_param 'DDNS_USERNAME' read_config_param 'DDNS_PASSWORD' - if [ ! -d /home/$MY_USERNAME ]; then + if [ ! -d "/home/$MY_USERNAME" ]; then echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user." exit 1 fi @@ -304,7 +304,7 @@ function parse_args { exit 2 fi fi - if [ ! $MY_USERNAME ]; then + if [ ! "$MY_USERNAME" ]; then echo 'No username specified' show_help exit 3 @@ -312,11 +312,11 @@ function parse_args { if [[ $SYSTEM_TYPE != "mesh"* ]]; then if [[ "$DDNS_PROVIDER" != 'none' ]]; then if [[ $ONION_ONLY == "no" ]]; then - if [ ! $DDNS_USERNAME ]; then + if [ ! "$DDNS_USERNAME" ]; then echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option' exit 7823 fi - if [ ! $DDNS_PASSWORD ]; then + if [ ! "$DDNS_PASSWORD" ]; then echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option' exit 6382 fi @@ -324,7 +324,7 @@ function parse_args { fi fi - if [ ! $SYSTEM_TYPE ]; then + if [ ! "$SYSTEM_TYPE" ]; then SYSTEM_TYPE=$'full' write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE" fi @@ -338,8 +338,7 @@ function parse_args { # run some initial tests clear -${PROJECT_NAME}-tests -if [ ! "$?" = "0" ]; then +if ! "${PROJECT_NAME}-tests"; then exit 768252 fi @@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions setup_utils setup_email setup_web -setup_apps $command_options +setup_apps "$command_options" setup_final echo '' diff --git a/src/freedombone-addcert b/src/freedombone-addcert index b37575ef..ffcd9709 100755 --- a/src/freedombone-addcert +++ b/src/freedombone-addcert @@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale" CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done # Don't pin certs by default @@ -145,11 +145,11 @@ do ;; --dhkey) shift - DH_KEYLENGTH=${1} + DH_KEYLENGTH="${1}" ;; --pin) shift - PIN_CERTS=${1} + PIN_CERTS="${1}" ;; *) # unknown option @@ -158,8 +158,8 @@ do shift done -if [ ! $HOSTNAME ]; then - if [ ! $LETSENCRYPT_HOSTNAME ]; then +if [ ! "$HOSTNAME" ]; then + if [ ! "$LETSENCRYPT_HOSTNAME" ]; then echo $'No hostname specified' exit 5748 fi @@ -180,16 +180,16 @@ function remove_cert_letsencrypt { CERTFILE=$LETSENCRYPT_HOSTNAME # disable the site if needed - if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then - if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then - nginx_dissite ${LETSENCRYPT_HOSTNAME} + if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then + if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then + nginx_dissite "${LETSENCRYPT_HOSTNAME}" fi fi # remove the cert - rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}* - rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}* - rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf + rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*" + rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*" + rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf" # restart the web server systemctl restart nginx @@ -199,14 +199,14 @@ function add_cert_letsencrypt { CERTFILE=$LETSENCRYPT_HOSTNAME # obtain the email address for the admin user - if [ ! $MY_EMAIL_ADDRESS ]; then - if [ -f $CONFIGURATION_FILE ]; then + if [ ! "$MY_EMAIL_ADDRESS" ]; then + if [ -f "$CONFIGURATION_FILE" ]; then read_config_param MY_EMAIL_ADDRESS fi fi - if [ ! $MY_EMAIL_ADDRESS ]; then - if [ -f $COMPLETION_FILE ]; then - if grep -q "Admin user:" $COMPLETION_FILE; then + if [ ! "$MY_EMAIL_ADDRESS" ]; then + if [ -f "$COMPLETION_FILE" ]; then + if grep -q "Admin user:" "$COMPLETION_FILE"; then function_check get_completion_param ADMIN_USER=$(get_completion_param "Admin user") if [ ${#ADMIN_USER} -eq 0 ]; then @@ -232,8 +232,7 @@ function add_cert_letsencrypt { chgrp -R root /etc/letsencrypt chmod -R 777 /etc/letsencrypt - certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS - if [ ! "$?" = "0" ]; then + if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" echo $'Also see https://letsencrypt.status.io to check for any service outages' chgrp -R ssl-cert /etc/letsencrypt @@ -245,42 +244,42 @@ function add_cert_letsencrypt { fi # replace some legacy filenames - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then + mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then + mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi - sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME - sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME + sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME" + sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME" # link the private key - if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then - if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then - mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old + if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then + if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then + mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" else - rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" fi fi - if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then - rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then + rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" fi - ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" # link the public key - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then - if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old + if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then + if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then + mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" else - rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi fi - if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then - rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then + rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi - ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" - cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem + cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem" update_default_domain @@ -291,12 +290,11 @@ function add_cert_letsencrypt { chmod -R g=rX /etc/letsencrypt chown -R root:ssl-cert /etc/letsencrypt - nginx_ensite ${LETSENCRYPT_HOSTNAME} + nginx_ensite "${LETSENCRYPT_HOSTNAME}" systemctl start nginx - if [ $PIN_CERTS ]; then - ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME - if [ ! "$?" = "0" ]; then + if [ "$PIN_CERTS" ]; then + if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" exit 62878 fi @@ -304,21 +302,20 @@ function add_cert_letsencrypt { } function add_cert_selfsigned { - if [[ $ORGANISATION == "Freedombone-CA" ]]; then + if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then CERTFILE="ca-$HOSTNAME" fi - openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \ + openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \ -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \ - -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \ - -out /etc/ssl/certs/${CERTFILE}.crt - chmod 400 /etc/ssl/private/${CERTFILE}.key - chmod 640 /etc/ssl/certs/${CERTFILE}.crt - cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts + -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \ + -out "/etc/ssl/certs/${CERTFILE}.crt" + chmod 400 "/etc/ssl/private/${CERTFILE}.key" + chmod 640 "/etc/ssl/certs/${CERTFILE}.crt" + cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts" - if [ $PIN_CERTS ]; then - ${PROJECT_NAME}-pin-cert $CERTFILE - if [ ! "$?" = "0" ]; then + if [ "$PIN_CERTS" ]; then + if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then echo $"Certificate for $CERTFILE could not be pinned" exit 62879 fi @@ -326,9 +323,9 @@ function add_cert_selfsigned { } function generate_dh_params { - if [ ! $NODH ]; then - if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then - ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes + if [ ! "$NODH" ]; then + if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then + "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes fi fi } @@ -346,12 +343,12 @@ function make_cert_bundle { } function create_cert { - if [ $remove_cert ]; then + if [ "$remove_cert" ]; then remove_cert_letsencrypt return fi - if [ $LETSENCRYPT_HOSTNAME ]; then + if [ "$LETSENCRYPT_HOSTNAME" ]; then add_cert_letsencrypt else add_cert_selfsigned diff --git a/src/freedombone-addemail b/src/freedombone-addemail index 348f10ce..bf2926a2 100755 --- a/src/freedombone-addemail +++ b/src/freedombone-addemail @@ -52,49 +52,49 @@ do key="$1" case $key in - -h|--help) - show_help - ;; - -u|--user) - shift - MYUSERNAME="$1" - ;; - -e|--email) - shift - EMAILADDRESS="$1" - ;; - -s|--subject) - shift - SUBJECT_TEXT="$1" - ;; - -g|--group) - shift - GROUP_NAME="$1" - ;; - -p|--public) - shift - PUBLIC="$1" - ;; - *) - # unknown option - ;; + -h|--help) + show_help + ;; + -u|--user) + shift + MYUSERNAME="$1" + ;; + -e|--email) + shift + EMAILADDRESS="$1" + ;; + -s|--subject) + shift + SUBJECT_TEXT="$1" + ;; + -g|--group) + shift + GROUP_NAME="$1" + ;; + -p|--public) + shift + PUBLIC="$1" + ;; + *) + # unknown option + ;; esac shift done -if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then +if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then show_help fi -if [ ${#EMAILADDRESS} -lt 2 ]; then +if [ "${#EMAILADDRESS}" -lt 2 ]; then if [ ${#SUBJECT_TEXT} -lt 2 ]; then - show_help + show_help fi fi -MUTTRC=/home/$MYUSERNAME/.muttrc -PM=/home/$MYUSERNAME/.procmailrc -LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME +MUTTRC="/home/$MYUSERNAME/.muttrc" +PM="/home/$MYUSERNAME/.procmailrc" +LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME" proc_rule=" * ^From:.*$EMAILADDRESS" proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME" @@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then fi if [ ! -d "$LISTDIR" ]; then - mkdir -m 700 $LISTDIR - mkdir -m 700 $LISTDIR/tmp - mkdir -m 700 $LISTDIR/new - mkdir -m 700 $LISTDIR/cur + mkdir -m 700 "$LISTDIR" + mkdir -m 700 "$LISTDIR/tmp" + mkdir -m 700 "$LISTDIR/new" + mkdir -m 700 "$LISTDIR/cur" fi -chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR -if ! grep -q "$proc_comment" $PM; then +chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR" +if ! grep -q "$proc_comment" "$PM"; then if [[ $PUBLIC != "yes" ]]; then - # private emails go after the encryption stage - echo '' >> $PM - echo "$proc_comment" >> $PM - echo ":0" >> $PM - echo "$proc_rule" >> $PM - echo "$LISTDIR/new" >> $PM - echo "# End of rule" >> $PM + # private emails go after the encryption stage + { echo ''; + echo "$proc_comment"; + echo ":0"; + echo "$proc_rule"; + echo "$LISTDIR/new"; + echo "# End of rule"; } >> "$PM" else - # public emails are copied before the encryption stage - if ! grep -q '# encrypt' $PM; then - echo '' >> $PM - echo "$proc_comment" >> $PM - echo ":0" >> $PM - echo "$proc_rule" >> $PM - echo "$LISTDIR/new" >> $PM - echo "# End of rule" >> $PM - else - filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n") - sed -i "/# encrypt/i ${filter}" $PM + # public emails are copied before the encryption stage + if ! grep -q '# encrypt' "$PM"; then + { echo ''; + echo "$proc_comment"; + echo ":0"; + echo "$proc_rule"; + echo "$LISTDIR/new"; + echo "# End of rule"; } >> "$PM" + else + sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM" + fi fi - fi - chown $MYUSERNAME:$MYUSERNAME $PM + chown "$MYUSERNAME":"$MYUSERNAME" "$PM" fi if [ ! -f "$MUTTRC" ]; then - cp /etc/Muttrc $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC + cp /etc/Muttrc "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi PROCMAILLOG=/home/$MYUSERNAME/log -if [ ! -d $PROCMAILLOG ]; then - mkdir $PROCMAILLOG - chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG +if [ ! -d "$PROCMAILLOG" ]; then + mkdir "$PROCMAILLOG" + chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG" fi -MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) -if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then - if ! grep -q "=$GROUP_NAME" $MUTTRC; then - sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC +MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC") +if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then + if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then + sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi fi diff --git a/src/freedombone-addlist b/src/freedombone-addlist index 3e19c9e9..d76d4cd0 100755 --- a/src/freedombone-addlist +++ b/src/freedombone-addlist @@ -52,119 +52,114 @@ do key="$1" case $key in - -h|--help) - show_help - ;; - -u|--user) - shift - MYUSERNAME="$1" - ;; - -l|--list) - shift - MAILINGLIST="$1" - ;; - -s|--subject) - shift - SUBJECTTAG="$1" - ;; - -e|--email) - shift - LIST_ADDRESS="$1" - ;; - -p|--public) - shift - PUBLIC="$1" - ;; - *) - # unknown option - ;; + -h|--help) + show_help + ;; + -u|--user) + shift + MYUSERNAME="$1" + ;; + -l|--list) + shift + MAILINGLIST="$1" + ;; + -s|--subject) + shift + SUBJECTTAG="$1" + ;; + -e|--email) + shift + LIST_ADDRESS="$1" + ;; + -p|--public) + shift + PUBLIC="$1" + ;; + *) + # unknown option + ;; esac shift done -if [ ! $MYUSERNAME ]; then +if [ ! "$MYUSERNAME" ]; then show_help fi -if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then +if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then show_help fi -MUTTRC=/home/$MYUSERNAME/.muttrc -PM=/home/$MYUSERNAME/.procmailrc -LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST +MUTTRC="/home/$MYUSERNAME/.muttrc" +PM="/home/$MYUSERNAME/.procmailrc" +LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST" -if grep -q "=$MAILINGLIST" $MUTTRC; then +if grep -q "=$MAILINGLIST" "$MUTTRC"; then echo $"Mailing list $MAILINGLIST was already added" fi if [ ! -d "$LISTDIR" ]; then - mkdir -m 700 $LISTDIR - mkdir -m 700 $LISTDIR/tmp - mkdir -m 700 $LISTDIR/new - mkdir -m 700 $LISTDIR/cur + mkdir -m 700 "$LISTDIR" + mkdir -m 700 "$LISTDIR/tmp" + mkdir -m 700 "$LISTDIR/new" + mkdir -m 700 "$LISTDIR/cur" fi -chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR +chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR" if [ ${#SUBJECTTAG} -gt 0 ]; then # use the subject tag - if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then - if [[ $PUBLIC != "yes" ]]; then - # private emails go after the encryption stage - filter=" -# Email rule for $MAILINGLIST subject [$SUBJECTTAG] -:0 - * ^Subject:.*()\[$SUBJECTTAG\] -$LISTDIR/new -# End of rule -" - echo "$filter" >> $PM - else - # public emails are copied before hte encryption stage - if ! grep -q '# encrypt' $PM; then - filter=" -# Email rule for $MAILINGLIST subject [$SUBJECTTAG] -:0 - * ^Subject:.*()\[$SUBJECTTAG\] -$LISTDIR/new -# End of rule -" - echo "$filter" >> $PM + if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then + if [[ $PUBLIC != "yes" ]]; then + # private emails go after the encryption stage + { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]"; + echo ":0"; + echo " * ^Subject:.*()\\[$SUBJECTTAG\\]"; + echo "$LISTDIR/new"; + echo "# End of rule"; + echo ""; } >> "$PM" else - filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n") - sed -i "/# encrypt/i ${filter}" $PM + # public emails are copied before hte encryption stage + if ! grep -q '# encrypt' "$PM"; then + { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]"; + echo ":0"; + echo " * ^Subject:.*()\\[$SUBJECTTAG\\]"; + echo "$LISTDIR/new"; + echo "# End of rule"; + echo ""; } >> "$PM" + else + sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM" + fi fi - fi - chown $MYUSERNAME:$MYUSERNAME $PM + chown "$MYUSERNAME":"$MYUSERNAME" "$PM" fi else - exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC) + exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")" fi if [ ! -f "$MUTTRC" ]; then - cp /etc/Muttrc $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC + cp /etc/Muttrc "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi -PROCMAILLOG=/home/$MYUSERNAME/log -if [ ! -d $PROCMAILLOG ]; then - mkdir $PROCMAILLOG - chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG +PROCMAILLOG="/home/$MYUSERNAME/log" +if [ ! -d "$PROCMAILLOG" ]; then + mkdir "$PROCMAILLOG" + chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG" fi -MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) -if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then - if ! grep -q "=$MAILINGLIST" $MUTTRC; then - sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC +MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC") +if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then + if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then + sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi fi -if [ $LIST_ADDRESS ]; then - sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC - if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then - echo "subscribe $LIST_ADDRESS" >> $MUTTRC +if [ "$LIST_ADDRESS" ]; then + sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC" + if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then + echo "subscribe $LIST_ADDRESS" >> "$MUTTRC" fi fi diff --git a/src/freedombone-addremove b/src/freedombone-addremove index 2c8f8c5f..219d45d8 100755 --- a/src/freedombone-addremove +++ b/src/freedombone-addremove @@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove export TEXTDOMAINDIR="/usr/share/locale" PROJECT_INSTALL_DIR=/usr/local/bin -if [ -f /usr/bin/${PROJECT_NAME} ]; then +if [ -f "/usr/bin/${PROJECT_NAME}" ]; then PROJECT_INSTALL_DIR=/usr/bin fi -COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt -CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt" +CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" # Start including files -source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars +source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars" -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done -APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* +APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*" for f in $APP_FILES do - source $f + source "$f" done # End including files @@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed { return fi - if [ -f $REMOVED_APPS_FILE ]; then - rm $REMOVED_APPS_FILE + if [ -f "$REMOVED_APPS_FILE" ]; then + rm "$REMOVED_APPS_FILE" fi app_index=0 for app_name in "${APPS_AVAILABLE[@]}" do if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then - echo "_${app_name}_" >> $REMOVED_APPS_FILE + echo "_${app_name}_" >> "$REMOVED_APPS_FILE" fi - app_index=$[app_index+1] + app_index=$((app_index+1)) done } @@ -93,7 +93,7 @@ function app_expected_to_be_installed { echo "0" return fi - if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then + if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then echo "0" return fi @@ -102,7 +102,7 @@ function app_expected_to_be_installed { } function show_apps { - select_all_apps=$1 + select_all_apps="$1" applist="" n=1 app_index=0 @@ -117,19 +117,20 @@ function show_apps { applist="$applist $n $a on" fi fi - n=$[n+1] - app_index=$[app_index+1] + n=$((n+1)) + app_index=$((app_index+1)) done choices=$(dialog --stdout --backtitle $"Freedombone" \ --title $"Add/Remove Applications" \ --checklist $'Choose:' \ - 27 40 20 $applist) + 27 40 20 "$applist") + # shellcheck disable=SC2181 if [ $? -eq 0 ]; then for choice in $choices do - app_index=$[choice-1] + app_index=$((choice-1)) APPS_CHOSEN[$app_index]="1" done else @@ -151,10 +152,10 @@ function remove_apps_selected { else removals="${APPS_AVAILABLE[$app_index]}" fi - n=$[n+1] + n=$((n+1)) fi fi - app_index=$[app_index+1] + app_index=$((app_index+1)) done # if no apps to be removed then don't do anything @@ -166,7 +167,7 @@ function remove_apps_selected { dialog --title $"Remove applications" \ --backtitle $"Freedombone" \ --defaultno \ - --yesno $"\nYou have chosen to remove $n apps.\n\n $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60 + --yesno $"\\nYou have chosen to remove $n apps.\\n\\n $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60 sel=$? case $sel in 1) return;; @@ -195,10 +196,10 @@ function install_apps_selected { else installs="${APPS_AVAILABLE[$app_index]}" fi - n=$[n+1] + n=$((n+1)) fi fi - app_index=$[app_index+1] + app_index=$((app_index+1)) done # if no apps to be installed then don't do anything @@ -212,13 +213,13 @@ function install_apps_selected { dialog --title $"$installs" \ --backtitle $"Freedombone" \ --defaultno \ - --yesno $"\nThis will install the $installs app\n\nProceed?" 9 40 + --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40 else - dialog_height=$((15 + $n)) + dialog_height=$((15 + "$n")) dialog --title $"Add applications" \ --backtitle $"Freedombone" \ --defaultno \ - --yesno $"\nYou have chosen to install $n apps\n\n $installs\n\nProceed?" $dialog_height 60 + --yesno $"\\nYou have chosen to install $n apps\\n\\n $installs\\n\\nProceed?" $dialog_height 60 fi sel=$? case $sel in @@ -232,14 +233,13 @@ function install_apps_selected { # install the apps read_configuration install_apps interactive - if [ ! $APP_INSTALLED_SUCCESS ]; then + if [ ! "$APP_INSTALLED_SUCCESS" ]; then echo $'One or more apps failed to install' fi } if [[ $1 == "test"* ]]; then - ${PROJECT_NAME}-tests - if [ ! "$?" = "0" ]; then + if ! ${PROJECT_NAME}-tests; then exit 2 fi fi @@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then exit 1 fi -show_apps $1 -mark_unselected_apps_as_removed $1 +show_apps "$1" +mark_unselected_apps_as_removed "$1" clear diff --git a/src/freedombone-adduser b/src/freedombone-adduser index 9271fca4..9dfb9178 100755 --- a/src/freedombone-adduser +++ b/src/freedombone-adduser @@ -34,18 +34,18 @@ PROJECT_NAME='freedombone' export TEXTDOMAIN=${PROJECT_NAME}-adduser export TEXTDOMAINDIR="/usr/share/locale" -CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done -APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* +APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*" for f in $APP_FILES do - source $f + source "$f" done ADD_USERNAME=$1 @@ -55,35 +55,35 @@ SSH_PORT=2222 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt DEFAULT_DOMAIN_NAME= -if [ ! $ADD_USERNAME ]; then +if [ ! "$ADD_USERNAME" ]; then echo $'No username was given' exit 1 fi -if [ -d /home/$ADD_USERNAME ]; then +if [ -d "/home/$ADD_USERNAME" ]; then echo $"The user $ADD_USERNAME already exists" exit 2 fi -if [ ! -f $COMPLETION_FILE ]; then +if [ ! -f "$COMPLETION_FILE" ]; then echo $"$COMPLETION_FILE not found" - userdel -r $ADD_USERNAME + userdel -r "$ADD_USERNAME" exit 3 fi # Minimum number of characters in a password -MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') +MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}') -NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" +NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" chmod 600 /etc/shadow chmod 600 /etc/gshadow -useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME -adduser $ADD_USERNAME sasl -groupadd $ADD_USERNAME +useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME" +adduser "$ADD_USERNAME" sasl +groupadd "$ADD_USERNAME" chmod 0000 /etc/shadow chmod 0000 /etc/gshadow -if [ ! -d /home/$ADD_USERNAME ]; then +if [ ! -d "/home/$ADD_USERNAME" ]; then echo $'Home directory was not created' exit 4 fi @@ -91,15 +91,15 @@ fi if [ "$SSH_PUBLIC_KEY" ]; then if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then if [ -f "$SSH_PUBLIC_KEY" ]; then - mkdir /home/$ADD_USERNAME/.ssh - cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys - chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh + mkdir "/home/$ADD_USERNAME/.ssh" + cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys" + chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh" echo $'ssh public key installed' else if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then - mkdir /home/$ADD_USERNAME/.ssh - echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys - chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh + mkdir "/home/$ADD_USERNAME/.ssh" + echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys" + chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh" echo $'ssh public key installed' else echo $'The second parameter does not look like an ssh key' @@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then fi fi -if [ -d /home/$ADD_USERNAME/Maildir ]; then - if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then - sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc +if [ -d "/home/$ADD_USERNAME/Maildir" ]; then + if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then + sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc" else - echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc + echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc" fi - USERN='$USER@' - sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc + sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc" fi # generate a gpg key echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME" -mkdir /home/$ADD_USERNAME/.gnupg -echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf +mkdir "/home/$ADD_USERNAME/.gnupg" +{ echo "keyserver $GPG_KEYSERVER"; + echo 'keyserver-options auto-key-retrieve'; + echo ''; + echo '# default preferences'; + echo 'personal-digest-preferences SHA256'; + echo 'cert-digest-algo SHA256'; + echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf" -chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg -chmod 700 /home/$ADD_USERNAME/.gnupg -chmod 600 /home/$ADD_USERNAME/.gnupg/* +chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg" +chmod 700 "/home/$ADD_USERNAME/.gnupg" +chmod 600 "/home/$ADD_USERNAME/.gnupg/*" # Generate a GPG key -echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf -echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf -echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf -echo "Name-Real: $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf -echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf -echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf -echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf -chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf -su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME -chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg -shred -zu /home/$ADD_USERNAME/gpg-genkey.conf +{ echo 'Key-Type: eddsa'; + echo 'Key-Curve: Ed25519'; + echo 'Subkey-Type: eddsa'; + echo "Name-Real: $ADD_USERNAME"; + echo "Name-Email: $ADD_USERNAME@$HOSTNAME"; + echo 'Expire-Date: 0'; + echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf" +chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf" +su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME" +chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg" +shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf" MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME") -MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg -su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME +MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg" +su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME" -if [ ! -f $MY_GPG_PUBLIC_KEY ]; then +if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID" - userdel -r $ADD_USERNAME + userdel -r "$ADD_USERNAME" exit 7 fi -gpg_agent_setup $ADD_USERNAME +gpg_agent_setup "$ADD_USERNAME" # add a monkeysphere subkey #echo $'Adding monkeysphere subkey' @@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME #echo $'Updating monkeysphere users' #monkeysphere-authentication update-users -if [ -f /home/$ADD_USERNAME/.muttrc ]; then +if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then # encrypt outgoing mail to the "sent" folder - if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then - echo '' >> /home/$ADD_USERNAME/.muttrc - echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc - echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc + if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then + { echo ''; + echo $'# Encrypt items in the Sent folder'; + echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc" else - sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc + sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc" fi - if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then - echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc + if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then + echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc" else - sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc + sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc" fi fi -if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then - echo '' >> /home/$ADD_USERNAME/README - echo '' >> /home/$ADD_USERNAME/README - echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README - echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README - echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README - echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README - echo $'You can change the it with:' >> /home/$ADD_USERNAME/README - echo '' >> /home/$ADD_USERNAME/README - echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README - echo ' passwd' >> /home/$ADD_USERNAME/README - echo ' save' >> /home/$ADD_USERNAME/README - echo ' quit' >> /home/$ADD_USERNAME/README +if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then + { echo ''; + echo ''; + echo $'# Change your GPG password'; + echo $"It's very important to add a password to your GPG key so that"; + echo $"if anyone does get access to your email they still won't be able"; + echo $'to read them without knowning the GPG password.'; + echo $'You can change the it with:'; + echo ''; + echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID"; + echo ' passwd'; + echo ' save'; + echo ' quit'; } >> "/home/$ADD_USERNAME/README" fi -chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README -chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY -chmod 600 /home/$ADD_USERNAME/README +chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README" +chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY" +chmod 600 "/home/$ADD_USERNAME/README" echo $'Detecting installed apps...' detect_apps get_apps_installed_names for app_name in "${APPS_INSTALLED_NAMES[@]}" do - if [[ $(function_exists add_user_${app_name}) == "1" ]]; then + if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then echo $"Adding user to ${app_name}" - app_load_variables ${app_name} - retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1) + app_load_variables "${app_name}" + retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1) if [[ $retval != '0' ]]; then echo $"Failed with error code ${retval}" - ${PROJECT_NAME}-rmuser $ADD_USERNAME --force + "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force exit 672392 fi - if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then - echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE + if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then + echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE" fi fi done if [ -f /etc/nginx/.htpasswd ]; then if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then - echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME + echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME" fi fi # add user menu on ssh login -if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then - echo 'controluser' >> /home/$ADD_USERNAME/.bashrc +if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then + echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc" fi # fix some gpg strangeness when searching for keys -printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr -if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then - chmod +x /home/$ADD_USERNAME/.gnupg/crls.d +printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr" +if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then + chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d" fi -${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD" +"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD" -gpg_agent_enable $ADD_USERNAME +gpg_agent_enable "$ADD_USERNAME" clear diff --git a/src/freedombone-app-akaunting b/src/freedombone-app-akaunting index 82fbc44d..6887c7a4 100755 --- a/src/freedombone-app-akaunting +++ b/src/freedombone-app-akaunting @@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY MY_USERNAME) function akaunting_remove_bad_links { - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658 # copy jquery locally jquery_version='1.12.4' if [ ! -f jquery-${jquery_version}.js ]; then - cd /var/www/$GHOST_DOMAIN_NAME/htdocs + cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324 wget https://code.jquery.com/jquery-${jquery_version}.js jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then @@ -74,7 +74,7 @@ function akaunting_remove_bad_links { sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html - chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" } function logging_on_akaunting { @@ -88,65 +88,66 @@ function logging_off_akaunting { function remove_user_akaunting { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting } function add_user_akaunting { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password" echo '0' } function install_interactive_akaunting { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then AKAUNTING_DOMAIN_NAME='akaunting.local' else AKAUNTING_DETAILS_COMPLETE= while [ ! $AKAUNTING_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Akaunting Configuration" \ - --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"Akaunting Configuration" \ - --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $AKAUNTING_DOMAIN_NAME ]; then + AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$AKAUNTING_DOMAIN_NAME" ]; then if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then AKAUNTING_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then AKAUNTING_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - AKAUNTING_CODE=$(cat $data | sed -n 2p) + AKAUNTING_CODE=$(sed -n 2p < "$data") validate_freedns_code "$AKAUNTING_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then AKAUNTING_DOMAIN_NAME= fi fi @@ -155,6 +156,7 @@ function install_interactive_akaunting { if [ $AKAUNTING_DOMAIN_NAME ]; then AKAUNTING_DETAILS_COMPLETE="yes" fi + rm -f "$data" done write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE" @@ -169,23 +171,23 @@ function change_password_akaunting { read_config_param 'AKAUNTING_DOMAIN_NAME' - ${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password" } function akaunting_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then - AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then + AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then + if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME + create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME" } function reconfigure_akaunting { @@ -198,70 +200,69 @@ function upgrade_akaunting { return fi - if grep -q "akaunting domain" $COMPLETION_FILE; then + if grep -q "akaunting domain" "$COMPLETION_FILE"; then AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain") fi # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO + set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO" - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835 install_composer akaunting_remove_bad_links - chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs + chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" } function backup_local_akaunting { - akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs - if [ -d $akaunting_path ]; then - suspend_site ${AKAUNTING_DOMAIN_NAME} + akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" + if [ -d "$akaunting_path" ]; then + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check backup_database_to_usb backup_database_to_usb akaunting - backup_directory_to_usb $akaunting_path akaunting + backup_directory_to_usb "$akaunting_path" akaunting restart_site fi } function restore_local_akaunting { temp_restore_dir=/root/tempakaunting - akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs + akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" - suspend_site ${AKAUNTING_DOMAIN_NAME} + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check akaunting_create_database akaunting_create_database - restore_database akaunting ${AKAUNTING_DOMAIN_NAME} - chown www-data:www-data $akaunting_dir + restore_database akaunting "${AKAUNTING_DOMAIN_NAME}" + chown www-data:www-data "$akaunting_dir" restart_site } function backup_remote_akaunting { - akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs - if [ -d $akaunting_path ]; then - suspend_site ${AKAUNTING_DOMAIN_NAME} + akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" + if [ -d "$akaunting_path" ]; then + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check backup_database_to_friend backup_database_to_friend akaunting - backup_directory_to_friend $akaunting_path akaunting + backup_directory_to_friend "$akaunting_path" akaunting restart_site fi } function restore_remote_akaunting { - temp_restore_dir=/root/tempakaunting - akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs + akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" - suspend_site ${AKAUNTING_DOMAIN_NAME} + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check akaunting_create_database akaunting_create_database - restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME} - chown www-data:www-data $akaunting_dir + restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}" + chown www-data:www-data "$akaunting_dir" restart_site } @@ -274,28 +275,28 @@ function remove_akaunting { read_config_param "AKAUNTING_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $AKAUNTING_DOMAIN_NAME" - nginx_dissite $AKAUNTING_DOMAIN_NAME - remove_certs $AKAUNTING_DOMAIN_NAME + nginx_dissite "$AKAUNTING_DOMAIN_NAME" + remove_certs "$AKAUNTING_DOMAIN_NAME" - if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then - rm -rf /var/www/$AKAUNTING_DOMAIN_NAME + if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then + rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" fi function_check drop_database drop_database akaunting function_check remove_onion_service - remove_onion_service akaunting ${AKAUNTING_ONION_PORT} + remove_onion_service akaunting "${AKAUNTING_ONION_PORT}" if grep -q "akaunting" /etc/crontab; then sed -i "/akaunting/d" /etc/crontab fi remove_app akaunting remove_completion_param install_akaunting - sed -i '/akaunting/d' $COMPLETION_FILE + sed -i '/akaunting/d' "$COMPLETION_FILE" function_check remove_ddns_domain - remove_ddns_domain $AKAUNTING_DOMAIN_NAME + remove_ddns_domain "$AKAUNTING_DOMAIN_NAME" } function install_akaunting { @@ -303,7 +304,7 @@ function install_akaunting { ONION_ONLY='no' fi - if [ ! $AKAUNTING_DOMAIN_NAME ]; then + if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then echo $'No domain name was given for akaunting' exit 89353 fi @@ -317,142 +318,142 @@ function install_akaunting { apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl - if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then - mkdir /var/www/$AKAUNTING_DOMAIN_NAME + if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then + mkdir "/var/www/$AKAUNTING_DOMAIN_NAME" fi - if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/akaunting ]; then - mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" + cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735 git pull else function_check git_clone - git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone akaunting repo' exit 2589389 fi fi - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527 + git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT" set_completion_param "akaunting commit" "$AKAUNTING_COMMIT" - chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524 install_composer function_check akaunting_create_database akaunting_create_database function_check add_ddns_domain - add_ddns_domain $AKAUNTING_DOMAIN_NAME + add_ddns_domain "$AKAUNTING_DOMAIN_NAME" AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT}) akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php" - echo 'server {' >> $akaunting_nginx_site - echo ' listen 443 ssl;' >> $akaunting_nginx_site - echo ' #listen [::]:443 ssl;' >> $akaunting_nginx_site - echo " server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site + nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $AKAUNTING_DOMAIN_NAME;"; + echo ''; } >> "$akaunting_nginx_site" function_check nginx_compress - nginx_compress $AKAUNTING_DOMAIN_NAME - echo '' >> $akaunting_nginx_site - echo ' # Security' >> $akaunting_nginx_site + nginx_compress "$AKAUNTING_DOMAIN_NAME" + echo '' >> "$akaunting_nginx_site" + echo ' # Security' >> "$akaunting_nginx_site" function_check nginx_ssl - nginx_ssl $AKAUNTING_DOMAIN_NAME + nginx_ssl "$AKAUNTING_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME + nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' access_log /dev/null;' >> $akaunting_nginx_site - echo ' error_log /dev/null;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' index index.php;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ \.php {' >> $akaunting_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site - echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location / {' >> $akaunting_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' location / {'; } >> "$akaunting_nginx_site" function_check nginx_limits - nginx_limits $AKAUNTING_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location @akaunting {' >> $akaunting_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site - echo ' deny all;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo '}' >> $akaunting_nginx_site + nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @akaunting;"; + echo ' }'; + echo ''; + echo ' location @akaunting {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo '}'; } >> "$akaunting_nginx_site" else - echo -n '' > $akaunting_nginx_site + echo -n '' > "$akaunting_nginx_site" fi - echo 'server {' >> $akaunting_nginx_site - echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site - echo " server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - function_check nginx_compress - nginx_compress $AKAUNTING_DOMAIN_NAME - echo '' >> $akaunting_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;"; + echo " server_name $AKAUNTING_ONION_HOSTNAME;"; + echo ''; } >> "$akaunting_nginx_site" + function_check nginx_compress + nginx_compress "$AKAUNTING_DOMAIN_NAME" + echo '' >> "$akaunting_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME - echo '' >> $akaunting_nginx_site - echo ' access_log /dev/null;' >> $akaunting_nginx_site - echo ' error_log /dev/null;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' index index.php;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ \.php {' >> $akaunting_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site - echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location / {' >> $akaunting_nginx_site + nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME" + { echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' location / {'; } >> "$akaunting_nginx_site" function_check nginx_limits - nginx_limits $AKAUNTING_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location @akaunting {' >> $akaunting_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site - echo ' deny all;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '}' >> $akaunting_nginx_site + nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @akaunting;"; + echo ' }'; + echo ''; + echo ' location @akaunting {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "$akaunting_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes' + create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes' function_check nginx_ensite - nginx_ensite $AKAUNTING_DOMAIN_NAME + nginx_ensite "$AKAUNTING_DOMAIN_NAME" akaunting_remove_bad_links @@ -460,7 +461,7 @@ function install_akaunting { systemctl restart php7.0-fpm systemctl restart nginx - ${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD" set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME" diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman index dfe27c37..22c64170 100755 --- a/src/freedombone-app-batman +++ b/src/freedombone-app-batman @@ -90,8 +90,7 @@ function restore_remote_batman { } function remove_batman { - ${PROJECT_NAME}-mesh-install -f batman --remove yes - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then echo $'Failed to remove batman' exit 79353 fi @@ -100,45 +99,46 @@ function remove_batman { } function mesh_install_batman { + # shellcheck disable=SC2154 chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git chroot "$rootdir" apt-get -yq install wireless-tools rfkill - if ! grep -q "batman_adv" $rootdir/etc/modules; then - echo 'batman_adv' >> $rootdir/etc/modules + if ! grep -q "batman_adv" "$rootdir/etc/modules"; then + echo 'batman_adv' >> "$rootdir/etc/modules" fi BATMAN_SCRIPT=$rootdir/var/lib/batman - if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then - cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then + cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT" else - cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT" fi BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service - echo '[Unit]' > $BATMAN_DAEMON - echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON - echo 'After=network.target' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '[Service]' >> $BATMAN_DAEMON - echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON - echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON - echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON - echo 'Restart=on-failure' >> $BATMAN_DAEMON - echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON - echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON - echo 'TimeoutSec=300' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '[Install]' >> $BATMAN_DAEMON - echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON + { echo '[Unit]'; + echo 'Description=B.A.T.M.A.N. Advanced'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'RemainAfterExit=yes'; + echo "ExecStart=/var/lib/batman start"; + echo "ExecStop=/var/lib/batman stop"; + echo 'Restart=on-failure'; + echo 'SuccessExitStatus=3 4'; + echo 'RestartForceExitStatus=3 4'; + echo ''; + echo '# Allow time for the server to start/stop'; + echo 'TimeoutSec=300'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON" chroot "$rootdir" systemctl enable batman } function install_batman { - if [ $INSTALLING_MESH ]; then + if [ "$INSTALLING_MESH" ]; then mesh_install_batman return fi @@ -146,8 +146,7 @@ function install_batman { return fi - ${PROJECT_NAME}-mesh-install -f batman - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-mesh-install" -f batman; then echo $'Failed to install batman' exit 72524 fi diff --git a/src/freedombone-app-bdsmail b/src/freedombone-app-bdsmail index 20ae44f1..1c9163da 100755 --- a/src/freedombone-app-bdsmail +++ b/src/freedombone-app-bdsmail @@ -49,29 +49,29 @@ function bdsmail_configure_users { if [[ $(is_valid_user "$USERNAME") == "1" ]]; then # Add the user to the i2p group - usermod -a -G i2psvc $USERNAME + usermod -a -G i2psvc "$USERNAME" - if [ -f /home/$USERNAME/.muttrc ]; then + if [ -f "/home/$USERNAME/.muttrc" ]; then # Create a mutt i2p folder - if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then - MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc) - sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc + if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then + MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc") + sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc" fi # Create a mutt folder hook to the i2p config - if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then - echo 'folder-hook !i2p/* source ~/.muttrc' >> /home/$USERNAME/.muttrc + if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then + echo 'folder-hook !i2p/* source ~/.muttrc' >> "/home/$USERNAME/.muttrc" fi - if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then - echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc + if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then + echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc" fi fi # Create a directory where i2p mail will be stored - if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then - mkdir -p /home/$USERNAME/Maildir/i2p/cur - mkdir -p /home/$USERNAME/Maildir/i2p/new - chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p + if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then + mkdir -p "/home/$USERNAME/Maildir/i2p/cur" + mkdir -p "/home/$USERNAME/Maildir/i2p/new" + chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p" fi fi done @@ -93,18 +93,18 @@ function add_user_bdsmail { new_username="$1" new_user_password="$2" - if [ ! -d /home/$new_username/.mutt ]; then - mkdir /home/$new_username/.mutt - cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt + if [ ! -d "/home/$new_username/.mutt" ]; then + mkdir "/home/$new_username/.mutt" + cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt" fi read_config_param MY_USERNAME - BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail) - sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail - sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail + BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail) + sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail" + sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail" bdsmail_configure_users - cd $BDSMAIL_DIR - $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD" - chown -R $new_username:$new_username /home/$new_username/.mutt + cd $BDSMAIL_DIR || exit 57247684234 + $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD" + chown -R "$new_username":"$new_username" "/home/$new_username/.mutt" echo '0' } @@ -117,16 +117,16 @@ function change_password_bdsmail { curr_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password" for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail - sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail - chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail + sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail" + sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail" + chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail" cd $BDSMAIL_DIR - $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password" + $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password" fi done } @@ -136,9 +136,9 @@ function bdsmail_update_domain { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail - sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail - chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail + cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail" + sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail" + chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail" fi done } @@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation { sleep 30 bds_domain=$(bdsmail_domain) sleep_ctr=$((sleep_ctr + 1)) - if [ $sleep_ctr -gt 100 ]; then + if [ "$sleep_ctr" -gt 100 ]; then break fi done @@ -178,9 +178,9 @@ function upgrade_bdsmail { fi # update to the next commit - set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO - cd $BDSMAIL_DIR - make GOROOT=/home/go/go${GO_VERSION} + set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO" + cd $BDSMAIL_DIR || exit 2457245 + make GOROOT="/home/go/go${GO_VERSION}" chown -R i2psvc:i2psvc $BDSMAIL_DIR systemctl restart bdsmail @@ -210,7 +210,7 @@ function restore_local_bdsmail { function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir bdsmail if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$bdsmail_dir ]; then + if [ -d $temp_restore_dir$bdsmail_dir ]; then cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ else if [ ! -d $bdsmail_dir ]; then @@ -246,7 +246,7 @@ function restore_remote_bdsmail { function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir bdsmail if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$bdsmail_dir ]; then + if [ -d $temp_restore_dir$bdsmail_dir ]; then cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ else if [ ! -d $bdsmail_dir ]; then @@ -272,33 +272,33 @@ function remove_bdsmail { USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then # remove the user from the i2p group - deluser $USERNAME i2psvc + deluser "$USERNAME" i2psvc # Remove mutt folder hook to the i2p config - if [ -f /home/$USERNAME/.muttrc ]; then - if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then - sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc + if [ -f "/home/$USERNAME/.muttrc" ]; then + if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then + sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc" fi - if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then - sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc + if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then + sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc" fi fi # Remove folder - if grep -q ' =i2p' /home/$USERNAME/.muttrc; then - sed -i 's| =i2p||g' /home/$USERNAME/.muttrc + if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then + sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc" fi # NOTE: leave Maildir/i2p/cur. We might want to archive that # or just be reinstalling the system without losing mail - rm -rf /home/$USERNAME/Maildir/i2p/new + rm -rf "/home/$USERNAME/Maildir/i2p/new" fi done remove_i2p remove_app bdsmail remove_completion_param install_bdsmail - sed -i '/bdsmail/d' $COMPLETION_FILE + sed -i '/bdsmail/d' "$COMPLETION_FILE" rm -rf /etc/skel/.mutt if [ -d $BDSMAIL_DIR ]; then rm -rf $BDSMAIL_DIR @@ -322,7 +322,7 @@ function install_bdsmail { cd $BDSMAIL_DIR git pull else - git_clone $BDSMAIL_REPO $BDSMAIL_DIR + git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR" fi if [ ! -d $BDSMAIL_DIR ]; then @@ -331,13 +331,13 @@ function install_bdsmail { fi cd $BDSMAIL_DIR - git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT + git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT" set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT" mkdir -p $BDSMAIL_DIR/Maildir/i2p chmod -R 700 $BDSMAIL_DIR/Maildir - make GOROOT=/home/go/go${GO_VERSION} + make GOROOT="/home/go/go${GO_VERSION}" if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then echo $'Unable to make bdsmail' exit 87923567842 @@ -347,72 +347,72 @@ function install_bdsmail { i2p_enable_sam # create configuration file - $BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini - echo '[maild]' > $BDSMAIL_DIR/config.ini - echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini - echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini - echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini - echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini - echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini - echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini - echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini - echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini - echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini + #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini + { echo '[maild]': + echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT"; + echo 'i2pkeyfile = bdsmail-privkey.dat'; + echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT"; + echo "bindweb = 127.0.0.1:$I2P_WEB_PORT"; + echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT"; + echo 'domain = localhost'; + echo 'maildir = Maildir/i2p'; + echo 'database = localhost.sqlite'; + echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini - echo '[Unit]' > /etc/systemd/system/bdsmail.service - echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service - echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service - echo 'After=network.target' >> /etc/systemd/system/bdsmail.service - echo '' >> /etc/systemd/system/bdsmail.service - echo '[Service]' >> /etc/systemd/system/bdsmail.service - echo 'Type=simple' >> /etc/systemd/system/bdsmail.service - echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service - echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service - echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service - echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service - echo 'Restart=always' >> /etc/systemd/system/bdsmail.service - echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service - echo '' >> /etc/systemd/system/bdsmail.service - echo '[Install]' >> /etc/systemd/system/bdsmail.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service + { echo '[Unit]'; + echo 'Description=bdsmail'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=i2psvc'; + echo 'Group=i2psvc'; + echo "WorkingDirectory=$BDSMAIL_DIR"; + echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini"; + echo 'Restart=always'; + echo 'Environment="USER=i2psvc"'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service - echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address - echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address - echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address - echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address + { echo '#!/usr/bin/env python2'; + echo 'import base64, hashlib, sys'; + echo 'with open(sys.argv[1]) as f:'; + echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address chmod +x $BDSMAIL_DIR/get_address chown -R i2psvc:i2psvc $BDSMAIL_DIR systemctl enable bdsmail systemctl start bdsmail - echo '#!/bin/bash' > /usr/bin/bdsmail_distribute - echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute - echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute - echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute - echo ' exit 0' >> /usr/bin/bdsmail_distribute - echo 'fi' >> /usr/bin/bdsmail_distribute - echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute - echo ' to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute - echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute - echo ' if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute - echo ' chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute - echo ' chmod 600 $filename' >> /usr/bin/bdsmail_distribute - echo ' mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute - echo ' fi' >> /usr/bin/bdsmail_distribute - echo 'done' >> /usr/bin/bdsmail_distribute + { echo '#!/bin/bash'; + echo "BDSMAIL_DIR=$BDSMAIL_DIR"; + echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')"; + echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then"; + echo ' exit 0'; + echo 'fi'; + echo "for filename in \$MAIL_DIR/postmaster/new/*; do"; + echo " to_line=\$(cat \$filename | grep \"To: \" | head -n 1)"; + echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')"; + echo " if [ -d /home/\$to_username/Maildir/i2p/new ]; then"; + echo " chown \$to_username:\$to_username \$filename"; + echo " chmod 600 \$filename"; + echo " mv \$filename /home/\$to_username/Maildir/i2p/new"; + echo ' fi'; + echo 'done'; } > /usr/bin/bdsmail_distribute chmod +x /usr/bin/bdsmail_distribute if ! grep -q 'bdsmail_distribute' /etc/crontab; then cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null' fi - echo '#!/bin/bash' > /usr/bin/bdsmail_domain - echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain - echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain - echo ' exit 1' >> /usr/bin/bdsmail_domain - echo 'fi' >> /usr/bin/bdsmail_domain - echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain + { echo '#!/bin/bash'; + echo "cd $BDSMAIL_DIR"; + echo 'if [ ! -f bdsmail-privkey.dat ]; then'; + echo ' exit 1'; + echo 'fi'; + echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain chmod +x /usr/bin/bdsmail_domain echo '' @@ -422,7 +422,7 @@ function install_bdsmail { bdsmail_wait_for_key_generation - if [ ! $bds_domain ]; then + if [ ! "$bds_domain" ]; then systemctl stop bdsmail systemctl disable bdsmail remove_i2p @@ -430,38 +430,38 @@ function install_bdsmail { exit 8934638 fi - BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD" - cd $BDSMAIL_DIR + BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD" + cd $BDSMAIL_DIR || exit 2346872427 $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD" # Create mutt configuration if [ ! -d /etc/skel/.mutt ]; then mkdir /etc/skel/.mutt fi - echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail - echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail - echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail - echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail - echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail - echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail - echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail - echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail - echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail + { echo 'set mbox_type=Maildir'; + echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/"; + echo 'set use_from=yes'; + echo "set from=username@${bds_domain}"; + echo "set spoolfile=~/Maildir/i2p"; + echo 'set pgp_autoencrypt=no'; + echo 'set pgp_replyencrypt=no'; + echo 'set pgp_autosign=no'; + echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail # mutt configuration for the admin user - if [ ! -d /home/$MY_USERNAME/.mutt ]; then - mkdir /home/$MY_USERNAME/.mutt + if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then + mkdir "/home/$MY_USERNAME/.mutt" fi - cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt - sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail - sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt + cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt" + sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail" + sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail" + chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt" bdsmail_configure_users - cd $BDSMAIL_DIR - $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD" + cd $BDSMAIL_DIR || exit 2457245 + $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD" APP_INSTALLED=1 } diff --git a/src/freedombone-app-cryptpad b/src/freedombone-app-cryptpad index 1a3d7c4b..4f0731ca 100755 --- a/src/freedombone-app-cryptpad +++ b/src/freedombone-app-cryptpad @@ -101,7 +101,7 @@ function upgrade_cryptpad { function_check set_repo_commit set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 254724 cryptpad_create_config npm upgrade npm install @@ -156,7 +156,7 @@ function restore_local_cryptpad { } function backup_remote_cryptpad { - if grep -q "cryptpad domain" $COMPLETION_FILE; then + if grep -q "cryptpad domain" "$COMPLETION_FILE"; then temp_backup_dir=$CRYPTPAD_DIR/datastore if [ -d $temp_backup_dir ]; then systemctl stop cryptpad @@ -226,7 +226,7 @@ function remove_cryptpad { remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT} remove_app cryptpad remove_completion_param install_cryptpad - sed -i '/cryptpad/d' $COMPLETION_FILE + sed -i '/cryptpad/d' "$COMPLETION_FILE" userdel -r cryptpad } @@ -236,123 +236,123 @@ function cryptpad_create_config { cryptpad_prefix= if [[ "$cryptpad_install_type" == "mesh" ]]; then - cryptpad_prefix=$rootdir + # shellcheck disable=SC2154 + cryptpad_prefix="$rootdir" fi - echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " 'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + { echo '/*@flow*/'; + echo '/*'; + echo ' globals module'; + echo '*/'; + echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';"; + echo 'module.exports = {'; + echo " httpAddress: '::',"; + echo ' httpHeaders: {'; + echo ' "X-XSS-Protection": "1; mode=block",'; + echo ' "X-Content-Type-Options": "nosniff",'; + echo ' "Access-Control-Allow-Origin": "*"'; + echo ' },'; + echo ''; + echo ' contentSecurity: ['; + echo " \"default-src 'none'\","; + echo " \"style-src 'unsafe-inline' 'self' \" + domain,"; + echo " \"script-src 'self'\" + domain,"; + echo " \"font-src 'self' data:\" + domain,"; + echo ''; + echo ' "child-src blob: *",'; + echo ' "frame-src blob: *",'; + echo ' "media-src * blob:",'; + echo ''; + echo " \"connect-src 'self' ws: wss: blob:\" + domain,"; + echo ''; + echo " \"img-src 'self' data: blob:\" + domain,"; + echo ''; + echo ' "frame-ancestors *",'; + echo " ].join('; '),"; + echo ''; + echo ' padContentSecurity: ['; + echo " \"default-src 'none'\","; + echo " \"style-src 'unsafe-inline' 'self'\" + domain,"; + echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,"; + echo " \"font-src 'self'\" + domain,"; + echo ''; + echo ' "child-src *",'; + echo ' "frame-src *",'; + echo ''; + echo " \"connect-src 'self' ws: wss:\" + domain,"; + echo ''; + echo ' "img-src * blob:",'; + echo " ].join('; '),"; + echo ''; + echo " httpPort: ${CRYPTPAD_PORT},"; + echo ''; + echo ' // This is for allowing the cross-domain iframe to function when developing'; + echo " httpSafePort: ${CRYPTPAD_PORT2},"; + echo ''; + echo " websocketPath: '/cryptpad_websocket',"; + echo ''; + echo ' logToStdout: false,'; + echo ''; + echo ' verbose: false,'; + echo ''; + echo ' mainPages: ['; + echo " 'index'"; + echo ' ],'; + echo ''; + echo ' removeDonateButton: true,'; + echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js" if [[ "$cryptpad_install_type" == "mesh" ]]; then - echo " myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js" else CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname) - echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js" fi - echo ' defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + { echo ' defaultStorageLimit: 50 * 1024 * 1024,'; + echo ''; + echo ' customLimits: {'; + echo ' },'; + echo ''; + echo ' adminEmail: false,'; + echo ''; + echo " storage: './storage/file',"; + echo ''; + echo " filePath: './datastore/',"; + echo " pinPath: './pins',"; + echo " blobPath: './blob',"; + echo " blobStagingPath: './blobstage',"; + echo ' channelExpirationMs: 30000,'; + echo ' openFileLimit: 1024,'; + echo " rpc: './rpc.js',"; + echo ' suppressRPCErrors: false,'; + echo ' enableUploads: true,'; + echo ' //restrictUploads: false,'; + echo ' maxUploadSize: 20 * 1024 * 1024,'; + echo ' //logFeedback: true,'; + echo ' //logRPC: true,'; + echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js" if [[ "$cryptpad_install_type" != "mesh" ]]; then - chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js + chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js" else chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js fi } function mesh_install_cryptpad { - if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then + if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then return fi - if [ ! -d $rootdir/var/www/cryptpad ]; then - mkdir $rootdir/var/www/cryptpad + if [ ! -d "$rootdir/var/www/cryptpad" ]; then + mkdir "$rootdir/var/www/cryptpad" fi - if [ -d $rootdir$CRYPTPAD_DIR ]; then - rm -rf $rootdir$CRYPTPAD_DIR + if [ -d "$rootdir$CRYPTPAD_DIR" ]; then + rm -rf "$rootdir$CRYPTPAD_DIR" fi - git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR + git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR" - if [ ! -d $rootdir$CRYPTPAD_DIR ]; then + if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then echo $'Unable to clone cryptpad repo' exit 783251 fi @@ -360,94 +360,94 @@ function mesh_install_cryptpad { # an unprivileged user to run as chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad - cd $rootdir$CRYPTPAD_DIR - git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT + cd "$rootdir$CRYPTPAD_DIR" || exit 34683568 + git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT" chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad - echo 'server {' > $cryptpad_nginx_site - echo " listen 80 default_server;" >> $cryptpad_nginx_site - echo " server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Logs' >> $cryptpad_nginx_site - echo ' access_log /dev/null;' >> $cryptpad_nginx_site - echo ' error_log /dev/null;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Root' >> $cryptpad_nginx_site - echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' index index.html;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site - echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site - echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site - echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site - echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site - echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site - echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site - echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site + { echo 'server {'; + echo " listen 80 default_server;"; + echo " server_name P${PEER_ID}.local;"; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root $CRYPTPAD_DIR;"; + echo ''; + echo ' index index.html;'; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ''; + echo " if (\$uri = /pad/inner.html) {"; + echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";"; + echo ' }'; + echo ''; + echo ' location = /cryptpad_websocket {'; + echo " proxy_pass http://localhost:$CRYPTPAD_PORT;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # WebSocket support (nginx 1.4)'; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection upgrade;'; + echo ' }'; + echo ''; - echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site - echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site - echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site - echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location = /api/config {' >> $cryptpad_nginx_site - echo ' default_type text/javascript;' >> $cryptpad_nginx_site - echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /register/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /login/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /about.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site - echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site - echo '}' >> $cryptpad_nginx_site + echo ' location ^~ /customize.dist/ {'; + echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root'; + echo ' }'; + echo ' location ^~ /customize/ {'; + echo " rewrite ^/customize/(.*)\$ \$1 break;"; + echo " try_files /customize/\$uri /customize.dist/\$uri;"; + echo ' }'; + echo ' location = /api/config {'; + echo ' default_type text/javascript;'; + echo ' rewrite ^.*$ /customize/api/config break;'; + echo ' }'; + echo ''; + echo ' location ^~ /blob/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /register/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /login/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /about.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /contact.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /what-is-cryptpad.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {'; + echo " rewrite ^(.*)\$ \$1/ redirect;"; + echo ' }'; + echo ''; + echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;"; + echo '}'; } > "$cryptpad_nginx_site" - cd $rootdir$CRYPTPAD_DIR + cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527 get_npm_arch - cat < $rootdir/usr/bin/install_cryptpad + cat < "$rootdir/usr/bin/install_cryptpad" #!/bin/bash cd $CRYPTPAD_DIR npm install --arch=$NPM_ARCH --build-from-source @@ -456,37 +456,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR su -c 'bower install' - cryptpad cp config.example.js config.js EOF - chmod +x $rootdir/usr/bin/install_cryptpad + chmod +x "$rootdir/usr/bin/install_cryptpad" chroot "$rootdir" /usr/bin/install_cryptpad - if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then + if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then echo $'Cryptpad config file not found' exit 628252 fi - rm $rootdir/usr/bin/install_cryptpad + rm "$rootdir/usr/bin/install_cryptpad" cryptpad_create_config mesh chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR # daemon - echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service - echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service - echo '' >> $rootdir/etc/systemd/system/cryptpad.service - echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service - echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service - echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service - echo '' >> $rootdir/etc/systemd/system/cryptpad.service - echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service + { echo '[Unit]'; + echo 'Description=Cryptpad'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=cryptpad'; + echo 'Group=cryptpad'; + echo "WorkingDirectory=$CRYPTPAD_DIR"; + echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js"; + echo 'Environment=PATH=/usr/bin:/usr/local/bin'; + echo 'Environment=NODE_ENV=production'; + echo 'Restart=on-failure'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service" chroot "$rootdir" systemctl enable cryptpad.service } @@ -505,7 +505,7 @@ function install_cryptpad_main { if [ -d /repos/cryptpad ]; then mkdir $CRYPTPAD_DIR cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 3468356385 git pull else function_check git_clone @@ -520,7 +520,7 @@ function install_cryptpad_main { # an unprivileged user to run as useradd -d $CRYPTPAD_DIR/ cryptpad - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 34683655 git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT" @@ -529,87 +529,87 @@ function install_cryptpad_main { CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT}) cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad - echo 'server {' > $cryptpad_nginx_site - echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site - echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Logs' >> $cryptpad_nginx_site - echo ' access_log /dev/null;' >> $cryptpad_nginx_site - echo ' error_log /dev/null;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Root' >> $cryptpad_nginx_site - echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' index index.html;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' if ($args ~ ver=) {' >> $cryptpad_nginx_site - echo ' set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site - echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site - echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site - echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site - echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site - echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site - echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site - echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;"; + echo " server_name $CRYPTPAD_ONION_HOSTNAME;"; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root $CRYPTPAD_DIR;"; + echo ''; + echo ' index index.html;'; + echo ''; + echo " if (\$args ~ ver=) {"; + echo " set \$cacheControl max-age=31536000;"; + echo ' }'; + echo " add_header Cache-Control \$cacheControl;"; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ''; + echo " if (\$uri = /pad/inner.html) {"; + echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";"; + echo ' }'; + echo ''; + echo ' location = /cryptpad_websocket {'; + echo " proxy_pass http://localhost:$CRYPTPAD_PORT;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # WebSocket support (nginx 1.4)'; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection upgrade;'; + echo ' }'; + echo ''; - echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site - echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site - echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site - echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location = /api/config {' >> $cryptpad_nginx_site - echo ' default_type text/javascript;' >> $cryptpad_nginx_site - echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /register/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /login/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /about.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site - echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site - echo '}' >> $cryptpad_nginx_site + echo ' location ^~ /customize.dist/ {'; + echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root'; + echo ' }'; + echo ' location ^~ /customize/ {'; + echo " rewrite ^/customize/(.*)\$ \$1 break;"; + echo " try_files /customize/\$uri /customize.dist/\$uri;"; + echo ' }'; + echo ' location = /api/config {'; + echo ' default_type text/javascript;'; + echo ' rewrite ^.*$ /customize/api/config break;'; + echo ' }'; + echo ''; + echo ' location ^~ /blob/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /register/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /login/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /about.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /contact.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /what-is-cryptpad.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {'; + echo " rewrite ^(.*)\$ \$1/ redirect;"; + echo ' }'; + echo ''; + echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;"; + echo '}'; } > $cryptpad_nginx_site function_check nginx_ensite nginx_ensite cryptpad @@ -623,7 +623,7 @@ function install_cryptpad { install_cryptpad_main - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 35483548 npm install npm install -g bower@1.8.0 @@ -639,22 +639,22 @@ function install_cryptpad { chown -R cryptpad:cryptpad $CRYPTPAD_DIR # daemon - echo '[Unit]' > /etc/systemd/system/cryptpad.service - echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service - echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service - echo 'After=network.target' >> /etc/systemd/system/cryptpad.service - echo '' >> /etc/systemd/system/cryptpad.service - echo '[Service]' >> /etc/systemd/system/cryptpad.service - echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service - echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service - echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service - echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service - echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service - echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service - echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service - echo '' >> /etc/systemd/system/cryptpad.service - echo '[Install]' >> /etc/systemd/system/cryptpad.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service + { echo '[Unit]'; + echo 'Description=Cryptpad'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=cryptpad'; + echo 'Group=cryptpad'; + echo "WorkingDirectory=$CRYPTPAD_DIR"; + echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js"; + echo 'Environment=PATH=/usr/bin:/usr/local/bin'; + echo 'Environment=NODE_ENV=production'; + echo 'Restart=on-failure'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service systemctl enable cryptpad.service systemctl daemon-reload systemctl start cryptpad.service @@ -664,7 +664,7 @@ function install_cryptpad { cryptpad_generate_api_config # install again - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 73537453 su -c 'bower install' - cryptpad systemctl restart nginx diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna index 0d44a44f..ab06378f 100755 --- a/src/freedombone-app-dlna +++ b/src/freedombone-app-dlna @@ -49,24 +49,27 @@ function logging_off_dlna { function configure_interactive_dlna { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Media Menu" \ --radiolist $"Choose an operation:" 13 70 3 \ 1 $"Attach a drive containing playable media" off \ 2 $"Remove a drive containing playable media" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in - 1) break;; - 255) break;; + 1) rm -f "$data" + break;; + 255) rm -f "$data" + break;; esac case $(cat $data) in 1) attach-music;; 2) remove-music;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -95,19 +98,19 @@ function configure_firewall_for_dlna { firewall_add DLNA 1900 udp firewall_add DLNA 8200 tcp - echo '' > /etc/avahi/services/dlna.service - echo '' >> /etc/avahi/services/dlna.service - echo '' >> /etc/avahi/services/dlna.service - echo ' %h DLNA' >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo ' _dlna._tcp' >> /etc/avahi/services/dlna.service - echo " 8200" >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo ' _dlna._udp' >> /etc/avahi/services/dlna.service - echo " 1900" >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo '' >> /etc/avahi/services/dlna.service + { echo ''; + echo ''; + echo ''; + echo ' %h DLNA'; + echo ' '; + echo ' _dlna._tcp'; + echo " 8200"; + echo ' '; + echo ' '; + echo ' _dlna._udp'; + echo " 1900"; + echo ' '; + echo ''; } > /etc/avahi/services/dlna.service systemctl restart avahi-daemon @@ -125,7 +128,7 @@ function backup_local_dlna { function restore_local_dlna { if [ -d /var/cache/minidlna ]; then - if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then + if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then echo $"Restoring DLNA cache" temp_restore_dir=/root/tempdlna function_check restore_directory_from_usb @@ -135,6 +138,7 @@ function restore_local_dlna { else cp -r $temp_restore_dir/* /var/cache/minidlna/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -156,7 +160,7 @@ function backup_remote_dlna { function restore_remote_dlna { if [ -d /var/cache/minidlna ]; then - if [ -d $SERVER_DIRECTORY/backup/dlna ]; then + if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then temp_restore_dir=/root/tempdlna function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir dlna @@ -165,6 +169,7 @@ function restore_remote_dlna { else cp -r $temp_restore_dir/* /var/cache/minidlna/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 982 fi @@ -201,7 +206,7 @@ function install_dlna_main { exit 55 fi - if [ ! $USB_MOUNT_DLNA ]; then + if [ ! "$USB_MOUNT_DLNA" ]; then USB_MOUNT_DLNA=/mnt/dlna fi if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then @@ -242,7 +247,7 @@ function install_dlna_main { systemctl reload minidlna sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf - if ! grep -q "max_user_watches" $COMPLETION_FILE; then + if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf fi /sbin/sysctl -p -q @@ -256,37 +261,37 @@ function script_for_attaching_usb_drive { if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi - echo '#!/bin/bash' > /usr/bin/attach-music - echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music - echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music - echo '' >> /usr/bin/attach-music - echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music - echo 'do' >> /usr/bin/attach-music - echo ' source $f' >> /usr/bin/attach-music - echo 'done' >> /usr/bin/attach-music - echo '' >> /usr/bin/attach-music - echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music - echo 'detect_usb_drive' >> /usr/bin/attach-music - echo '' >> /usr/bin/attach-music - echo 'remove-music' >> /usr/bin/attach-music - echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music - echo " mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music - echo 'fi' >> /usr/bin/attach-music - echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music - echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music - echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music - echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music - echo 'systemctl restart minidlna' >> /usr/bin/attach-music - echo 'minidlnad -R' >> /usr/bin/attach-music - echo 'exit 0' >> /usr/bin/attach-music + { echo '#!/bin/bash'; + echo "source /usr/local/bin/${PROJECT_NAME}-vars"; + echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"; + echo ''; + echo "for f in \$UTILS_FILES"; + echo 'do'; + echo " source \$f"; + echo 'done'; + echo ''; + echo 'USB_DRIVE=/dev/sda1'; + echo 'detect_usb_drive'; + echo ''; + echo 'remove-music'; + echo "if [ ! -d $USB_MOUNT_DLNA ]; then"; + echo " mkdir $USB_MOUNT_DLNA"; + echo 'fi'; + echo -n "mount \$USB_DRIVE "; + echo "$USB_MOUNT_DLNA"; + echo "chown root:root $USB_MOUNT_DLNA"; + echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*"; + echo 'systemctl restart minidlna'; + echo 'minidlnad -R'; + echo 'exit 0'; } > /usr/bin/attach-music chmod +x /usr/bin/attach-music - echo '#!/bin/bash' > /usr/bin/remove-music - echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music - echo " umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music - echo " rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music - echo 'fi' >> /usr/bin/remove-music - echo 'exit 0' >> /usr/bin/remove-music + { echo '#!/bin/bash'; + echo "if [ -d $USB_MOUNT_DLNA ]; then"; + echo " umount $USB_MOUNT_DLNA"; + echo " rm -rf $USB_MOUNT_DLNA"; + echo 'fi'; + echo 'exit 0'; } > /usr/bin/remove-music chmod +x /usr/bin/remove-music mark_completed "${FUNCNAME[0]}" diff --git a/src/freedombone-app-dokuwiki b/src/freedombone-app-dokuwiki index 3258cf2c..c998fbe7 100755 --- a/src/freedombone-app-dokuwiki +++ b/src/freedombone-app-dokuwiki @@ -75,18 +75,18 @@ function change_password_dokuwiki { new_user_password="$2" DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") - if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then + if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') - existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1) + existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1) if [[ "$existing_user" == *":admin,"* ]]; then sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php else sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php fi - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password" + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password" fi } @@ -96,21 +96,21 @@ function add_user_dokuwiki { DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') - echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password" + echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password" } function remove_user_dokuwiki { remove_username="$1" read_config_param "DOKUWIKI_DOMAIN_NAME" - if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then - sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki + if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then + sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki fi } @@ -120,7 +120,7 @@ function reconfigure_dokuwiki { function upgrade_dokuwiki { function_check set_repo_commit - set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO + set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO } function backup_local_dokuwiki { @@ -129,18 +129,18 @@ function backup_local_dokuwiki { function_check backup_directory_to_usb # backup the data - source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data - if [ -d $source_directory ]; then + source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" + if [ -d "$source_directory" ]; then dest_directory=dokuwikidat - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" fi # backup the users - source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl - if [ -d $source_directory ]; then + source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" + if [ -d "$source_directory" ]; then dest_directory=dokuwikiacl - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - backup_directory_to_usb $source_directory $dest_directory + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + backup_directory_to_usb "$source_directory" "$dest_directory" fi } @@ -153,11 +153,12 @@ function restore_local_dokuwiki { temp_restore_dir=/root/tempdokuwikidat function_check restore_directory_from_usb restore_directory_from_usb ${temp_restore_dir} dokuwikidat - if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then - cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data + if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then + cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" else - cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data + cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check restore_directory_from_usb set_user_permissions @@ -172,13 +173,14 @@ function restore_local_dokuwiki { temp_restore_dir=/root/tempdokuwikiacl function_check restore_directory_from_usb restore_directory_from_usb ${temp_restore_dir} dokuwikiacl - if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then - cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ + if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then + cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/" else - cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ + cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check restore_directory_from_usb set_user_permissions @@ -189,21 +191,21 @@ function restore_local_dokuwiki { fi rm -rf ${temp_restore_dir} - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib - chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib" + chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" echo $"Restore of Dokuwiki complete" } function backup_remote_dokuwiki { DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") - if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then + if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then echo $"Backing up dokuwiki" - backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl + backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl fi } @@ -212,15 +214,16 @@ function restore_remote_dokuwiki { function_check get_completion_param function_check restore_directory_from_friend - if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then + if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME" temp_restore_dir=/root/tempdokuwikidat restore_directory_from_friend $temp_restore_dir dokuwikidat - if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then - cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ + if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then + cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/" else - cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ + cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 92634 fi @@ -229,15 +232,16 @@ function restore_remote_dokuwiki { echo $"Restore of Dokuwiki data complete" fi - if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then + if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME" temp_restore_dir=/root/tempdokuwikiacl restore_directory_from_friend $temp_restore_dir dokuwikiacl - if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then - cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ + if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then + cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" else - cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ + cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 735287 fi @@ -246,11 +250,11 @@ function restore_remote_dokuwiki { echo $"Restore of Dokuwiki users complete" fi - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib - chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib" + chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" } function remove_dokuwiki { @@ -259,13 +263,13 @@ function remove_dokuwiki { fi function_check remove_onion_service remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT} - nginx_dissite $DOKUWIKI_DOMAIN_NAME - remove_certs $DOKUWIKI_DOMAIN_NAME - if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_dissite "$DOKUWIKI_DOMAIN_NAME" + remove_certs "$DOKUWIKI_DOMAIN_NAME" + if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" fi - if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then - rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME + if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then + rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME" fi if [ -d /var/lib/dokuwiki ]; then rm -rf /var/lib/dokuwiki @@ -278,14 +282,14 @@ function remove_dokuwiki { fi remove_completion_param "install_dokuwiki" remove_completion_param "dokuwiki domain" - sed -i '/dokuwiki/d' $COMPLETION_FILE + sed -i '/dokuwiki/d' "$COMPLETION_FILE" function_check remove_ddns_domain - remove_ddns_domain $DOKUWIKI_DOMAIN_NAME + remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME" } function install_dokuwiki { - if [ ! $DOKUWIKI_DOMAIN_NAME ]; then + if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then return fi @@ -293,25 +297,25 @@ function install_dokuwiki { apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-memcached memcached - if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then - mkdir /var/www/$DOKUWIKI_DOMAIN_NAME + if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then + mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME" fi - if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then - cd /var/www/$DOKUWIKI_DOMAIN_NAME + if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then + cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824 if [ -d /repos/dokuwiki ]; then - mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" + cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" + cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462 git pull else function_check git_clone - git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" fi - cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT + cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832 + git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT" set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT" fi @@ -322,40 +326,40 @@ function install_dokuwiki { echo $'Removed Apache installation after Dokuwiki install' fi - echo ' /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php + { echo ' "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" + ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php" - chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data + chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" + chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" - if [ -f $IMAGE_PASSWORD_FILE ]; then - DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then - DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then + DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') - echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php + echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" - if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then - echo 'ogv video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf + if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then + echo 'ogv video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf" fi - if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then - echo 'mp4 video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf + if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then + echo 'mp4 video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf" fi - if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then - echo 'webm video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf + if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then + echo 'webm video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf" fi DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT}) @@ -363,178 +367,178 @@ function install_dokuwiki { if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $DOKUWIKI_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;"; + echo " server_name $DOKUWIKI_DOMAIN_NAME;"; + echo ' access_log /dev/null;'; + echo " error_log /dev/null;"; + echo ' index index.php;'; + echo ' charset utf-8;'; + echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_ssl - nginx_ssl $DOKUWIKI_DOMAIN_NAME + nginx_ssl "$DOKUWIKI_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security "max-age=0;";'; + echo ''; + echo ' # rewrite to front controller as default rule'; + echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;"; + echo ' }'; + echo ''; + echo ' # statically serve these file types when possible'; + echo ' # otherwise fall back to front controller'; + echo ' # allow browser to cache them'; + echo ' # added .htm for advanced source code editor library'; + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {'; + echo ' expires 30d;'; + echo " try_files \$uri /index.php?q=\$uri&\$args;"; + echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; + echo ' # or a unix socket'; + echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo ' # Zero-day exploit defense.'; + echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; + echo " # Won't work properly (404 error) if the file is not stored on this"; + echo " # server, which is entirely possible with php-fpm/php-fcgi."; + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; + echo " # another machine. And then cross your fingers that you won't get hacked."; + echo " try_files \$uri \$uri/ /index.php;"; + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; + echo ' # With php-cgi alone:'; + echo ' # fastcgi_pass 127.0.0.1:9000;'; + echo ' # With php-fpm:'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' include fastcgi_params;'; + echo ' fastcgi_index index.php;'; + echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' #deny access to store'; + echo ' location ~ /store {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /(data|conf|bin|inc)/ {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; + echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" else - echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" fi - echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + { echo 'server {'; + echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;"; + echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;"; + echo " server_name $DOKUWIKI_ONION_HOSTNAME;"; + echo ' access_log /dev/null;'; + echo " error_log /dev/null;"; + echo ' index index.php;'; + echo ' charset utf-8;'; + echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security "max-age=0;";'; + echo ''; + echo ' # rewrite to front controller as default rule'; + echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;"; + echo ' }'; + echo ''; + echo ' # statically serve these file types when possible'; + echo ' # otherwise fall back to front controller'; + echo ' # allow browser to cache them'; + echo ' # added .htm for advanced source code editor library'; + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {'; + echo ' expires 30d;'; + echo " try_files \$uri /index.php?q=\$uri&\$args;"; + echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; + echo ' # or a unix socket'; + echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo ' # Zero-day exploit defense.'; + echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; + echo " # Won't work properly (404 error) if the file is not stored on this"; + echo " # server, which is entirely possible with php-fpm/php-fcgi."; + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; + echo " # another machine. And then cross your fingers that you won't get hacked."; + echo " try_files \$uri \$uri/ /index.php;"; + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; + echo ' # With php-cgi alone:'; + echo ' # fastcgi_pass 127.0.0.1:9000;'; + echo ' # With php-fpm:'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' include fastcgi_params;'; + echo ' fastcgi_index index.php;'; + echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' #deny access to store'; + echo ' location ~ /store {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /(data|conf|bin|inc)/ {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check create_site_certificate - create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes' + create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes' function_check configure_php configure_php - nginx_ensite $DOKUWIKI_DOMAIN_NAME + nginx_ensite "$DOKUWIKI_DOMAIN_NAME" systemctl restart php7.0-fpm systemctl restart nginx function_check add_ddns_domain - add_ddns_domain $DOKUWIKI_DOMAIN_NAME + add_ddns_domain "$DOKUWIKI_DOMAIN_NAME" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD" APP_INSTALLED=1 } diff --git a/src/freedombone-app-edith b/src/freedombone-app-edith index 89b4e829..7abd6cbb 100755 --- a/src/freedombone-app-edith +++ b/src/freedombone-app-edith @@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME function remove_bad_links_edith { read_config_param EDITH_DOMAIN_NAME - edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs + edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs" # copy jquery locally jquery_version='1.12.4' if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then - cd $edith_dir + cd $edith_dir || exit 246824628 wget https://code.jquery.com/jquery-${jquery_version}.js if [ -f $edith_dir/jquery-${jquery_version}.js ]; then jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}') @@ -79,9 +79,9 @@ function change_password_edith { new_user_password="$2" sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd - echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username} + echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password" } function logging_on_edith { @@ -102,21 +102,20 @@ function edith_enable_login { dialog --title $"Enable Edith login" \ --backtitle $"Freedombone Control Panel" \ --defaultno \ - --yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60 + --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60 sel=$? case $sel in - 0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then - sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME + 0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then + sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" systemctl restart nginx fi - read_config_param $MY_USERNAME - EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith) + read_config_param "$MY_USERNAME" + EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith) dialog --title $"Enable Edith login" \ --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65 - EDITH__PASSWORD= ;; - 1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then - sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME + 1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then + sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" systemctl restart nginx fi dialog --title $"Disable Edith login" \ @@ -127,31 +126,34 @@ function edith_enable_login { function edith_browse { read_config_param EDITH_DOMAIN_NAME - cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data - editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642 + editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" } function configure_interactive_edith { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Edith" \ --radiolist $"Choose an operation:" 10 50 3 \ 1 $"Enable login" off \ 2 $"Browse notes" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in - 1) break;; - 255) break;; + 1) rm -f "$data" + break;; + 255) rm -f "$data" + break;; esac - case $(cat $data) in + case $(cat "$data") in 1) edith_enable_login;; 2) edith_browse;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -165,24 +167,24 @@ function upgrade_edith { # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO + set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO" remove_bad_links_edith - chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs - chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data + chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs" + chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" } function backup_local_edith { read_config_param EDITH_DOMAIN_NAME function_check suspend_site - suspend_site ${EDITH_DOMAIN_NAME} + suspend_site "${EDITH_DOMAIN_NAME}" - source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check backup_directory_to_usb dest_directory=edith - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check restart_site restart_site @@ -192,12 +194,12 @@ function restore_local_edith { read_config_param EDITH_DOMAIN_NAME temp_restore_dir=/root/tempedith - edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir edith if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$edith_dir ]; then + if [ -d $temp_restore_dir$edith_dir ]; then cp -rp $temp_restore_dir$edith_dir $edith_dir/ else if [ ! -d $edith_dir ]; then @@ -215,13 +217,13 @@ function backup_remote_edith { read_config_param EDITH_DOMAIN_NAME function_check suspend_site - suspend_site ${EDITH_DOMAIN_NAME} + suspend_site "${EDITH_DOMAIN_NAME}" - source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check backup_directory_to_friend dest_directory=edith - backup_directory_to_friend $source_directory $dest_directory + backup_directory_to_friend "$source_directory" "$dest_directory" function_check restart_site restart_site @@ -231,12 +233,12 @@ function restore_remote_edith { read_config_param EDITH_DOMAIN_NAME temp_restore_dir=/root/tempedith - edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir edith if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$edith_dir ]; then + if [ -d $temp_restore_dir$edith_dir ]; then cp -rp $temp_restore_dir$edith_dir $edith_dir/ else if [ ! -d $edith_dir ]; then @@ -253,17 +255,17 @@ function restore_remote_edith { function remove_edith { nginx_dissite $EDITH_DOMAIN_NAME - if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" fi - if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then - rm -rf /var/www/$EDITH_DOMAIN_NAME + if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then + rm -rf "/var/www/$EDITH_DOMAIN_NAME" fi function_check remove_onion_service remove_onion_service edith ${EDITH_ONION_PORT} - sed -i '/edith/d' $COMPLETION_FILE + sed -i '/edith/d' "$COMPLETION_FILE" if [ -f /etc/nginx/.edithpasswd ]; then rm /etc/nginx/.edithpasswd @@ -286,26 +288,26 @@ function install_edith { function_check install_nodejs install_nodejs edith - if [ ! ${EDITH_PASSWORD} ]; then - if [ -f ${IMAGE_PASSWORD_FILE} ]; then - EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ ! "${EDITH_PASSWORD}" ]; then + if [ -f "${IMAGE_PASSWORD_FILE}" ]; then + EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then - rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs + if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then + rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs" fi if [ -d /repos/edith ]; then - mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs - cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs - cd /var/www/$EDITH_DOMAIN_NAME/htdocs + mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs" + cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs" + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462 git pull else function_check git_clone - git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs + git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs" fi if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then @@ -313,102 +315,102 @@ function install_edith { exit 537593569 fi - cd /var/www/$EDITH_DOMAIN_NAME/htdocs - git checkout $EDITH_COMMIT -b $EDITH_COMMIT + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248 + git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT" set_completion_param "edith commit" "$EDITH_COMMIT" - if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then - mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data + if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then + mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" fi EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT}) - edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME - if [[ $ONION_ONLY == "no" ]]; then + edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" + if [[ "$ONION_ONLY" == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php" - echo 'server {' >> $edith_nginx_site - echo ' listen 443 ssl;' >> $edith_nginx_site - echo ' #listen [::]:443 ssl;' >> $edith_nginx_site - echo " server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site - echo '' >> $edith_nginx_site + nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $EDITH_DOMAIN_NAME;"; + echo ''; } >> "$edith_nginx_site" function_check nginx_compress - nginx_compress $EDITH_DOMAIN_NAME - echo '' >> $edith_nginx_site - echo ' # Security' >> $edith_nginx_site + nginx_compress "$EDITH_DOMAIN_NAME" + echo '' >> "$edith_nginx_site" + echo ' # Security' >> "$edith_nginx_site" function_check nginx_ssl - nginx_ssl $EDITH_DOMAIN_NAME + nginx_ssl "$EDITH_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $EDITH_DOMAIN_NAME + nginx_disable_sniffing "$EDITH_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' access_log /dev/null;' >> $edith_nginx_site - echo ' error_log /dev/null;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' index index.php;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # PHP' >> $edith_nginx_site - echo ' location ~ \.php {' >> $edith_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site - echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # Location' >> $edith_nginx_site - echo ' location / {' >> $edith_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$edith_nginx_site" function_check nginx_limits - nginx_limits $EDITH_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site - echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site - echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '}' >> $edith_nginx_site + nginx_limits "$EDITH_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ /index.php?\$args;"; + echo " auth_basic \"${EDITH_LOGIN_TEXT}\";"; + echo ' auth_basic_user_file /etc/nginx/.edithpasswd;'; + echo ' }'; + echo '}'; } >> "$edith_nginx_site" else - echo -n '' > $edith_nginx_site + echo -n '' > "$edith_nginx_site" fi - echo 'server {' >> $edith_nginx_site - echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site - echo " server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site - echo '' >> $edith_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;"; + echo " server_name $EDITH_ONION_HOSTNAME;"; + echo ''; } >> "$edith_nginx_site" function_check nginx_compress - nginx_compress $EDITH_DOMAIN_NAME - echo '' >> $edith_nginx_site + nginx_compress "$EDITH_DOMAIN_NAME" + echo '' >> "$edith_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $EDITH_DOMAIN_NAME - echo '' >> $edith_nginx_site - echo ' access_log /dev/null;' >> $edith_nginx_site - echo ' error_log /dev/null;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' index index.php;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # PHP' >> $edith_nginx_site - echo ' location ~ \.php {' >> $edith_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site - echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # Location' >> $edith_nginx_site - echo ' location / {' >> $edith_nginx_site + nginx_disable_sniffing "$EDITH_DOMAIN_NAME" + { echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$edith_nginx_site" function_check nginx_limits nginx_limits $EDITH_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site - echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site - echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '}' >> $edith_nginx_site + { echo " try_files \$uri \$uri/ /index.php?\$args;"; + echo " auth_basic \"${EDITH_LOGIN_TEXT}\";"; + echo ' auth_basic_user_file /etc/nginx/.edithpasswd;'; + echo ' }'; + echo '}'; } >> "$edith_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $EDITH_DOMAIN_NAME 'yes' + create_site_certificate "$EDITH_DOMAIN_NAME" 'yes' # create a password for users if [ ! -f /etc/nginx/.edithpasswd ]; then @@ -417,24 +419,23 @@ function install_edith { if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd fi - echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME + echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME" if [ ! -f /etc/nginx/.edithpasswd ]; then echo $'/etc/nginx/.edithpasswd not found' exit 6537683563 fi - ${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD" - cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess - cd /var/www/$EDITH_DOMAIN_NAME/htdocs + cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess" + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468 npm install -g coffeescript uglify-js - cake build - if [ ! "$?" = "0" ]; then + if ! cake build; then echo $'Unable to build Edith' exit 7396483635 fi cp config.example.php config.php - if [[ $ONION_ONLY == "no" ]]; then + if [[ "$ONION_ONLY" == "no" ]]; then sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php else sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php @@ -445,20 +446,20 @@ function install_edith { remove_bad_links_edith - chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs - chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data - nginx_ensite $EDITH_DAEMON_NAME + chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs" + chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" + nginx_ensite "$EDITH_DAEMON_NAME" systemctl restart nginx APP_INSTALLED=1 } function install_interactive_edith { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then GHOST_DOMAIN_NAME='edith.local' write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME" else diff --git a/src/freedombone-app-emacs b/src/freedombone-app-emacs index 8bb7207a..1056c3e3 100755 --- a/src/freedombone-app-emacs +++ b/src/freedombone-app-emacs @@ -57,13 +57,13 @@ function backup_local_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -d /home/$USERNAME/.emacs.d ]; then + if [ -d "/home/$USERNAME/.emacs.d" ]; then echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + if [ -f "/home/$USERNAME/.emacs" ]; then + cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs" fi function_check backup_directory_to_usb - backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME + backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME" fi fi done @@ -71,24 +71,25 @@ function backup_local_emacs { function restore_local_emacs { temp_restore_dir=/root/tempemacs - if [ -d $USB_MOUNT/backup/emacs ]; then + if [ -d "$USB_MOUNT/backup/emacs" ]; then for d in $USB_MOUNT/backup/emacs/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME + if [ ! -d "/home/$USERNAME" ]; then + "${PROJECT_NAME}-adduser" "$USERNAME" fi echo $"Restoring Emacs config for $USERNAME" function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir emacs/$USERNAME - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ + restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME" + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/" else - if [ ! -d /home/$USERNAME/.emacs.d ]; then - mkdir /home/$USERNAME/.emacs.d + if [ ! -d "/home/$USERNAME/.emacs.d" ]; then + mkdir "/home/$USERNAME/.emacs.d" fi - cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d + cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -97,10 +98,10 @@ function restore_local_emacs { backup_unmount_drive exit 664 fi - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs" else - cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs + cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs" fi rm -rf $temp_restore_dir fi @@ -112,13 +113,13 @@ function backup_remote_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -d /home/$USERNAME/.emacs.d ]; then + if [ -d "/home/$USERNAME/.emacs.d" ]; then echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + if [ -f "/home/$USERNAME/.emacs" ]; then + cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs" fi function_check backup_directory_to_friend - backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME + backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME" fi fi done @@ -126,24 +127,25 @@ function backup_remote_emacs { function restore_remote_emacs { temp_restore_dir=/root/tempemacs - if [ -d $USB_MOUNT/backup/emacs ]; then + if [ -d "$USB_MOUNT/backup/emacs" ]; then for d in $USB_MOUNT/backup/emacs/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME + if [ ! -d "/home/$USERNAME" ]; then + "${PROJECT_NAME}-adduser" "$USERNAME" fi echo $"Restoring Emacs config for $USERNAME" function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir emacs/$USERNAME - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ + restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME" + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/" else - if [ ! -d /home/$USERNAME/.emacs.d ]; then - mkdir /home/$USERNAME/.emacs.d + if [ ! -d "/home/$USERNAME/.emacs.d" ]; then + mkdir "/home/$USERNAME/.emacs.d" fi - cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/* + cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -152,10 +154,10 @@ function restore_remote_emacs { backup_unmount_drive exit 664 fi - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs" else - cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs + cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs" fi rm -rf $temp_restore_dir fi @@ -166,7 +168,7 @@ function restore_remote_emacs { function remove_emacs { apt-get -yq remove --purge emacs update-alternatives --set editor /usr/bin/nano - sed -i '/install_emacs/d' $COMPLETION_FILE + sed -i '/install_emacs/d' "$COMPLETION_FILE" # remove emacs as the mutt email editor if [ -f /etc/Muttrc ]; then @@ -176,9 +178,9 @@ function remove_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -f /home/$USERNAME/.muttrc ]; then - if grep -q "set editor=" /home/$USERNAME/.muttrc; then - sed -i '/set editor=/d' /home/$USERNAME/.muttrc + if [ -f "/home/$USERNAME/.muttrc" ]; then + if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then + sed -i '/set editor=/d' "/home/$USERNAME/.muttrc" fi fi fi @@ -194,74 +196,74 @@ function install_emacs { #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs #echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs - echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs - echo "'goto-line)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs - echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs - echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs - echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs - echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs - echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs - echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs - echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs - cp /home/$MY_USERNAME/.emacs /root/.emacs - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs + { echo $';; ===== Remove trailing whitepace ======================================'; + echo ''; + echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)"; + echo ''; + echo ';; Goto a line number with CTRL-l'; + echo -n '(global-set-key "\C-l" '; + echo "'goto-line)"; + echo ''; + echo $';; ===== Show line numbers =============================================='; + echo ''; + echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))"; + echo ''; + echo $';; ===== Enable line wrapping in org-mode ==============================='; + echo ''; + echo " (add-hook 'org-mode-hook"; + echo " '(lambda ()"; + echo " (visual-line-mode 1)))"; + echo ''; + echo $';; ===== Enable shift select in org mode ================================'; + echo ''; + echo '(setq org-support-shift-select t)'; + echo ''; + echo $';; ===== Set standard indent to 4 rather that 4 ========================='; + echo ''; + echo '(setq standard-indent 4)'; + echo '(setq-default tab-width 4)'; + echo '(setq c-basic-offset 4)'; + echo ''; + echo $';; ===== Support Wheel Mouse Scrolling =================================='; + echo ''; + echo '(mouse-wheel-mode t)'; + echo ''; + echo $';; ===== Place Backup Files in Specific Directory ======================='; + echo ''; + echo '(setq make-backup-files t)'; + echo '(setq version-control t)'; + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))'; + echo ''; + echo $';; ===== Make Text mode the default mode for new buffers ================'; + echo ''; + echo "(setq default-major-mode 'text-mode)"; + echo ''; + echo $';; ===== Line length ===================================================='; + echo ''; + echo '(setq-default fill-column 72)'; + echo ''; + echo $';; ===== Enable Line and Column Numbering ==============================='; + echo ''; + echo '(line-number-mode 1)'; + echo '(column-number-mode 1)'; + echo ''; + echo $';; ===== Turn on Auto Fill mode automatically in all modes =============='; + echo ''; + echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of'; + echo ';; newlines when the cursor goes over the column limit.'; + echo ''; + echo ';; This should actually turn on auto-fill-mode by default in all major'; + echo ';; modes. The other way to do this is to turn on the fill for specific modes'; + echo ';; via hooks.'; + echo ''; + echo '(setq auto-fill-mode 1)'; + echo ''; + echo $';; ===== Enable GPG encryption ========================================='; + echo ''; + echo "(require 'epa)"; + echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs" + cp "/home/$MY_USERNAME/.emacs" /root/.emacs + chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs" # add a mutt entry to use emacs to compose emails if [ -f /etc/Muttrc ]; then @@ -273,92 +275,92 @@ function install_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -f /home/$USERNAME/.muttrc ]; then - if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then - echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc + if [ -f "/home/$USERNAME/.muttrc" ]; then + if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then + echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc" else - sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc + sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc" fi fi # create an Emacs configuration specifically for use with Mutt, which # has word wrap and spell checking on by default - if [ ! -f /home/$USERNAME/.emacs-mutt ]; then - echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt - echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt - echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt - echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt - echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt - echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt - echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt - echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt - echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt + if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then + { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)"; + echo '(setq org-support-shift-select t)'; + echo '(setq standard-indent 4)'; + echo '(setq-default tab-width 4)'; + echo '(setq c-basic-offset 4)'; + echo '(mouse-wheel-mode t)'; + echo '(setq make-backup-files t)'; + echo '(setq version-control t)'; + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))'; + echo "(setq default-major-mode 'text-mode)"; + echo "(dolist (hook '(text-mode-hook))"; + echo ' (add-hook hook (lambda () (flyspell-mode 1))))'; + echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt" if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then - echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then - echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then - echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then - echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then - echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then - echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then - echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then - echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then - echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then - echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then - echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then - echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then - echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then - echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then - echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then - echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then - echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then - echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt" fi - echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt - echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt - echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt - chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt + { echo '(setq auto-fill-mode 0)'; + echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)"; + echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt" + chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt" # add the emacs mutt configuration to the user profile skeleton if [ ! -f /etc/skel/.emacs-mutt ]; then - cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt + cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt chown root:root /etc/skel/.emacs-mutt fi fi diff --git a/src/freedombone-utils-go b/src/freedombone-utils-go index 4f673f71..8e032764 100755 --- a/src/freedombone-utils-go +++ b/src/freedombone-utils-go @@ -51,7 +51,7 @@ function select_go_version { else sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc fi - cd $GVM_ROOT/bin + cd "$GVM_ROOT/bin" || exit 3873658 [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm" gvm use go${GO_VERSION} --default @@ -60,21 +60,21 @@ function select_go_version { exit 629825 fi - systemctl set-environment GOPATH=$GOPATH + systemctl set-environment GOPATH="$GOPATH" } function mesh_upgrade_golang_from_source { chroot "$rootdir" adduser --disabled-login --gecos 'go' ipfs - git clone $GO_REPO $rootdir/home/go/go${GO_VERSION} - cd $rootdir/home/go/go${GO_VERSION} - git checkout go${GO_VERSION} -b go${GO_VERSION} + git clone "$GO_REPO" "$rootdir/home/go/go${GO_VERSION}" + cd "$rootdir/home/go/go${GO_VERSION}" || exit 3463635 + git checkout "go${GO_VERSION}" -b "go${GO_VERSION}" - git clone $GO_REPO $rootdir/home/go/go${GO_INTERMEDIATE_VERSION} - cd $rootdir/home/go/go${GO_INTERMEDIATE_VERSION} + git clone "$GO_REPO" "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}" + cd "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}" || exit 672845624 git checkout go${GO_INTERMEDIATE_VERSION} -b go${GO_INTERMEDIATE_VERSION} - cat < ${rootdir}/root/upgrade_golang.sh + cat < "${rootdir}/root/upgrade_golang.sh" #!/bin/bash apt-get -yq install build-essential libc6-dev @@ -119,20 +119,20 @@ systemctl set-environment GOROOT=\$GOROOT exit 0 EOF - chroot ${rootdir} chmod +x /root/upgrade_golang.sh - chroot ${rootdir} /root/upgrade_golang.sh - if [ ! -f ${rootdir}/home/go/go${GO_VERSION}/bin/go ]; then + chroot "${rootdir}" chmod +x /root/upgrade_golang.sh + chroot "${rootdir}" /root/upgrade_golang.sh + if [ ! -f "${rootdir}/home/go/go${GO_VERSION}/bin/go" ]; then echo $'Failed to upgrade golang' - cat ${rootdir}/root/upgrade_golang.sh - rm -f ${rootdir}/root/upgrade_golang.sh + cat "${rootdir}/root/upgrade_golang.sh" + rm -f "${rootdir}/root/upgrade_golang.sh" exit 836535 fi - rm -f ${rootdir}/root/upgrade_golang.sh + rm -f "${rootdir}/root/upgrade_golang.sh" } function mesh_upgrade_golang { prefix= - if [ $rootdir ]; then + if [ "$rootdir" ]; then prefix="chroot $rootdir" fi $prefix adduser --disabled-login --gecos 'go' go @@ -177,43 +177,43 @@ function mesh_upgrade_golang { fi GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz - if [ ! -d ${rootdir}${INSTALL_DIR} ]; then - chroot "$rootdir" mkdir -p ${INSTALL_DIR} + if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then + chroot "$rootdir" mkdir -p "${INSTALL_DIR}" fi - cd ${rootdir}${INSTALL_DIR} - if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then + cd "${rootdir}${INSTALL_DIR}" || exit 236487365 + if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then wget ${GO_SOURCE} fi - if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then + if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then exit 26524 fi - $prefix tar -C /home/go -xzf ${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz - if [ ! -d ${rootdir}/home/go/go/bin ]; then + $prefix tar -C /home/go -xzf "${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" + if [ ! -d "${rootdir}/home/go/go/bin" ]; then echo 'Go binary not installed' exit 763562 fi - mv ${rootdir}/home/go/go ${rootdir}/home/go/go${GO_VERSION} - echo "export GOROOT=/home/go" >> ${rootdir}/root/.bashrc - echo "export GOROOT=/home/go" >> ${rootdir}/etc/skel/.bashrc - echo "export GOROOT=/home/go" >> ${rootdir}/home/$MY_USERNAME/.bashrc - echo "export GOROOT=/home/go" >> ${rootdir}/home/go/.bashrc + mv "${rootdir}/home/go/go" "${rootdir}/home/go/go${GO_VERSION}" + echo "export GOROOT=/home/go" >> "${rootdir}/root/.bashrc" + echo "export GOROOT=/home/go" >> "${rootdir}/etc/skel/.bashrc" + echo "export GOROOT=/home/go" >> "${rootdir}/home/$MY_USERNAME/.bashrc" + echo "export GOROOT=/home/go" >> "${rootdir}/home/go/.bashrc" - echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/root/.bashrc - echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/etc/skel/.bashrc - echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/$MY_USERNAME/.bashrc - echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/go/.bashrc + echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/root/.bashrc" + echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/etc/skel/.bashrc" + echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/$MY_USERNAME/.bashrc" + echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/go/.bashrc" - echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/root/.bashrc - echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/etc/skel/.bashrc - echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/$MY_USERNAME/.bashrc - echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/go/.bashrc - $prefix chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME + echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/root/.bashrc" + echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/etc/skel/.bashrc" + echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/$MY_USERNAME/.bashrc" + echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/go/.bashrc" + $prefix chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME" $prefix chown -R go:go /home/go - cp ${rootdir}/home/go/go${GO_VERSION}/bin/* ${rootdir}/usr/bin + cp "${rootdir}/home/go/go${GO_VERSION}/bin/*" "${rootdir}/usr/bin" } function upgrade_golang { - if grep -Fxq "upgrade_golang:$GO_VERSION" $COMPLETION_FILE; then + if grep -Fxq "upgrade_golang:$GO_VERSION" "$COMPLETION_FILE"; then return fi diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg index e5790582..fc02cd3a 100755 --- a/src/freedombone-utils-gpg +++ b/src/freedombone-utils-gpg @@ -29,57 +29,57 @@ # along with this program. If not, see . function gpg_update_mutt { - key_username=$1 + key_username="$1" - if [ ! -f /home/$key_username/.muttrc ]; then + if [ ! -f "/home/$key_username/.muttrc" ]; then return fi CURR_EMAIL_ADDRESS=$key_username@$HOSTNAME - CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//') + CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//') # If the default key is specified within gpg.conf - if [ -f /home/$key_username/gpg.conf ]; then - if grep -q "default-key" /home/$key_username/gpg.conf; then - default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key") + if [ -f "/home/$key_username/gpg.conf" ]; then + if grep -q "default-key" "/home/$key_username/gpg.conf"; then + default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf") if [[ "$default_gpg_key" != *'#'* ]]; then - default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') + default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf" | awk -F ' ' '{print $2}') if [ ${#default_gpg_key} -gt 3 ]; then - CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') + CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//') fi fi fi fi - sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc - sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc + sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc" + sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc" - chown $key_username:$key_username /home/$key_username/.muttrc + chown "$key_username":"$key_username" "/home/$key_username/.muttrc" } function gpg_import_public_key { - key_username=$1 - key_filename=$2 + key_username="$1" + key_filename="$2" - gpg --homedir=/home/$key_username/.gnupg --import $key_filename - gpg_set_permissions $key_username + gpg --homedir="/home/$key_username/.gnupg" --import "$key_filename" + gpg_set_permissions "$key_username" } function gpg_import_private_key { - key_username=$1 - key_filename=$2 + key_username="$1" + key_filename="$2" - gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename - gpg_set_permissions $key_username + gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$key_filename" + gpg_set_permissions "$key_username" } function gpg_export_public_key { - key_username=$1 - key_id=$2 - key_filename=$3 + key_username="$1" + key_id="$2" + key_filename="$3" - chown -R $key_username:$key_username /home/$key_username/.gnupg - su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username + chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg" + su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - "$key_username" } function gpg_export_private_key { @@ -87,68 +87,68 @@ function gpg_export_private_key { key_id=$2 key_filename=$3 - chown -R $key_username:$key_username /home/$key_username/.gnupg - su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username + chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg" + su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - "$key_username" } function gpg_create_key { - key_username=$1 - key_passphrase=$2 + key_username="$1" + key_passphrase="$2" - gpg_dir=/home/$key_username/.gnupg + gpg_dir="/home/$key_username/.gnupg" - echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf - echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf - echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf - echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf - echo "Name-Real: $MY_NAME" >> /home/$key_username/gpg-genkey.conf - echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf - echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf - cat /home/$key_username/gpg-genkey.conf - if [ $key_passphrase ]; then - echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf + { echo 'Key-Type: eddsa'; + echo 'Key-Curve: Ed25519'; + echo 'Subkey-Type: eddsa'; + echo 'Subkey-Curve: Ed25519'; + echo "Name-Real: $MY_NAME"; + echo "Name-Email: $MY_EMAIL_ADDRESS"; + echo 'Expire-Date: 0'; } > "/home/$key_username/gpg-genkey.conf" + cat "/home/$key_username/gpg-genkey.conf" + if [ "$key_passphrase" ]; then + echo "Passphrase: $key_passphrase" >> "/home/$key_username/gpg-genkey.conf" else - echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf + echo "Passphrase: $PROJECT_NAME" >> "/home/$key_username/gpg-genkey.conf" fi - chown $key_username:$key_username /home/$key_username/gpg-genkey.conf + chown "$key_username":"$key_username" "/home/$key_username/gpg-genkey.conf" echo $'Generating a new GPG key' - su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username - chown -R $key_username:$key_username /home/$key_username/.gnupg + su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - "$key_username" + chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg" KEY_EXISTS=$(gpg_key_exists "$key_username" "$MY_EMAIL_ADDRESS") if [[ $KEY_EXISTS == "no" ]]; then echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created" exit 63621 fi - shred -zu /home/$key_username/gpg-genkey.conf + shred -zu "/home/$key_username/gpg-genkey.conf" CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS") if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS" exit 825292 fi - gpg_set_permissions $key_username + gpg_set_permissions "$key_username" } function gpg_delete_key { - key_username=$1 - key_id=$2 + key_username="$1" + key_id="$2" - chown -R $key_username:$key_username /home/$key_username/.gnupg - su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - $key_username - su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - $key_username + chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg" + su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - "$key_username" + su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - "$key_username" } function gpg_set_permissions { key_username=$1 if [[ "$key_username" != 'root' ]]; then - chmod 700 /home/$key_username/.gnupg - chmod -R 600 /home/$key_username/.gnupg/* - printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr - if [ -d /home/$key_username/.gnupg/crls.d ]; then - chmod +x /home/$key_username/.gnupg/crls.d + chmod 700 "/home/$key_username/.gnupg" + chmod -R 600 "/home/$key_username/.gnupg/*" + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$key_username/.gnupg/S.dirmngr" + if [ -d "/home/$key_username/.gnupg/crls.d" ]; then + chmod +x "/home/$key_username/.gnupg/crls.d" fi - chown -R $key_username:$key_username /home/$key_username/.gnupg + chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg" else chmod 700 /root/.gnupg chmod -R 600 /root/.gnupg/* @@ -156,7 +156,7 @@ function gpg_set_permissions { if [ -d /root/.gnupg/crls.d ]; then chmod +x /root/.gnupg/crls.d fi - chown -R $key_username:$key_username /root/.gnupg + chown -R "$key_username":"$key_username" /root/.gnupg fi } @@ -164,22 +164,22 @@ function gpg_reconstruct_key { key_username=$1 key_interactive=$2 - if [ ! -d /home/$key_username/.gnupg_fragments ]; then + if [ ! -d "/home/$key_username/.gnupg_fragments" ]; then return fi - cd /home/$key_username/.gnupg_fragments + cd "/home/$key_username/.gnupg_fragments" || exit 3468346 + # shellcheck disable=SC2012 no_of_shares=$(ls -afq keyshare.asc.* | wc -l) if (( no_of_shares < 4 )); then - if [ $key_interactive ]; then + if [ "$key_interactive" ]; then dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70 else echo $'Not enough fragments to reconstruct the key' fi exit 7348 fi - gfcombine /home/$key_username/.gnupg_fragments/keyshare* - if [ ! "$?" = "0" ]; then - if [ $key_interactive ]; then + if ! gfcombine "/home/$key_username/.gnupg_fragments/keyshare*"; then + if [ "$key_interactive" ]; then dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70 else echo $'Unable to reconstruct the key' @@ -188,8 +188,8 @@ function gpg_reconstruct_key { fi KEYS_FILE=/home/$key_username/.gnupg_fragments/keyshare.asc - if [ ! -f $KEYS_FILE ]; then - if [ $key_interactive ]; then + if [ ! -f "$KEYS_FILE" ]; then + if [ "$key_interactive" ]; then dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70 else echo $'Unable to reconstruct the key' @@ -197,22 +197,21 @@ function gpg_reconstruct_key { exit 52852 fi - gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $KEYS_FILE - if [ ! "$?" = "0" ]; then - shred -zu $KEYS_FILE - rm -rf /home/$key_username/.tempgnupg - if [ $key_interactive ]; then + if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then + shred -zu "$KEYS_FILE" + rm -rf "/home/$key_username/.tempgnupg" + if [ "$key_interactive" ]; then dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70 else echo $'Unable to import gpg key' fi exit 96547 fi - shred -zu $KEYS_FILE + shred -zu "$KEYS_FILE" - gpg_set_permissions $key_username + gpg_set_permissions "$key_username" - if [ $key_interactive ]; then + if [ "$key_interactive" ]; then dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70 else echo $'Key has been reconstructed' @@ -224,9 +223,9 @@ function gpg_agent_setup { if [[ $gpg_username == 'root' ]]; then if ! grep -q 'GPG_TTY' /root/.bashrc; then - echo '' >> /root/.bashrc - echo 'GPG_TTY=$(tty)' >> /root/.bashrc - echo 'export GPG_TTY' >> /root/.bashrc + { echo ''; + echo "GPG_TTY=\$(tty)"; + echo 'export GPG_TTY'; } >> /root/.bashrc fi if grep -q '# use-agent' /root/.gnupg/gpg.conf; then sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf @@ -234,37 +233,37 @@ function gpg_agent_setup { if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then echo 'use-agent' >> /root/.gnupg/gpg.conf fi - echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf - echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf - echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf + { echo 'default-cache-ttl 300'; + echo 'max-cache-ttl 999999'; + echo 'allow-loopback-pinentry'; } > /root/.gnupg/gpg-agent.conf if [ -f /root/.gnupg/S.dirmngr ]; then rm /root/.gnupg/S.dirmngr fi echo RELOADAGENT | gpg-connect-agent else - if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then - echo '' >> /home/$gpg_username/.bashrc - echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc - echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc - chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc + if ! grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then + { echo ''; + echo "GPG_TTY=\$(tty)"; + echo 'export GPG_TTY'; } >> "/home/$gpg_username/.bashrc" + chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc" fi - if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then - sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf + if grep -q '# use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then + sed -i 's|# use-agent|use-agent|g' "/home/$gpg_username/.gnupg/gpg.conf" fi - if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then - echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf + if ! grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then + echo 'use-agent' >> "/home/$gpg_username/.gnupg/gpg.conf" fi - if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then - echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf + if ! grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then + echo 'pinentry-mode loopback' >> "/home/$gpg_username/.gnupg/gpg.conf" fi - echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf - echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf - echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf - if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then - rm /home/$gpg_username/.gnupg/S.dirmngr + echo 'default-cache-ttl 300' > "/home/$gpg_username/.gnupg/gpg-agent.conf" + echo 'max-cache-ttl 999999' >> "/home/$gpg_username/.gnupg/gpg-agent.conf" + echo 'allow-loopback-pinentry' >> "/home/$gpg_username/.gnupg/gpg-agent.conf" + if [ -f "/home/$gpg_username/.gnupg/S.dirmngr" ]; then + rm "/home/$gpg_username/.gnupg/S.dirmngr" fi if [[ "$gpg_username" != "$USER" ]]; then - su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username + su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username" else echo RELOADAGENT | gpg-connect-agent fi @@ -277,21 +276,21 @@ function gpg_agent_enable { if [[ $gpg_username == 'root' ]]; then return else - if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then - sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc - chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc + if grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then + sed -i '/GPG_TTY/d' "/home/$gpg_username/.bashrc" + chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc" fi - if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then - sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf + if grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then + sed -i '/use-agent/d' "/home/$gpg_username/.gnupg/gpg.conf" fi - if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then - sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf + if grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then + sed -i '/pinentry-mode loopback/d' "/home/$gpg_username/.gnupg/gpg.conf" fi - if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then - rm /home/$gpg_username/.gnupg/gpg-agent.conf + if [ -f "/home/$gpg_username/.gnupg/gpg-agent.conf" ]; then + rm "/home/$gpg_username/.gnupg/gpg-agent.conf" fi if [[ "$gpg_username" != "$USER" ]]; then - su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username + su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username" else echo RELOADAGENT | gpg-connect-agent fi @@ -303,46 +302,46 @@ function gpg_pubkey_from_email { key_email_address=$2 key_id= if [[ $key_owner_username != "root" ]]; then - key_id=$(su -c "gpg --list-keys $key_email_address" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//') + key_id=$(su -c "gpg --list-keys $key_email_address" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//') # If the default key is specified within gpg.conf - if [ -f /home/$key_owner_username/gpg.conf ]; then - if grep -q "default-key" /home/$key_owner_username/gpg.conf; then - default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key") + if [ -f "/home/$key_owner_username/gpg.conf" ]; then + if grep -q "default-key" "/home/$key_owner_username/gpg.conf"; then + default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf") if [[ "$default_gpg_key" != *'#'* ]]; then - default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') + default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf" | awk -F ' ' '{print $2}') if [ ${#default_gpg_key} -gt 3 ]; then - key_id=$(su -c "gpg --list-keys $default_gpg_key" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//') + key_id=$(su -c "gpg --list-keys $default_gpg_key" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//') fi fi fi fi else - key_id=$(gpg --list-keys $key_email_address | sed -n '2p' | sed 's/^[ \t]*//') + key_id=$(gpg --list-keys "$key_email_address" | sed -n '2p' | sed 's/^[ \t]*//') # If the default key is specified within gpg.conf if [ -f /root/gpg.conf ]; then if grep -q "default-key" /root/gpg.conf; then - default_gpg_key=$(cat /root/gpg.conf | grep "default-key") + default_gpg_key=$(grep "default-key" /root/gpg.conf) if [[ "$default_gpg_key" != *'#'* ]]; then - default_gpg_key=$(cat /root/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') + default_gpg_key=$(grep "default-key" /root/gpg.conf | awk -F ' ' '{print $2}') if [ ${#default_gpg_key} -gt 3 ]; then - key_id=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') + key_id=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//') fi fi fi fi fi - echo $key_id + echo "$key_id" } function enable_email_encryption_at_rest { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then - sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc - sed -i 's|#:0 f|:0 f|g' /home/$USERNAME/.procmailrc + if grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then + sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc" + sed -i 's|#:0 f|:0 f|g' "/home/$USERNAME/.procmailrc" fi fi done @@ -357,9 +356,9 @@ function disable_email_encryption_at_rest { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if ! grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then - sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc - sed -i 's|:0 f|#:0 f|g' /home/$USERNAME/.procmailrc + if ! grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then + sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc" + sed -i 's|:0 f|#:0 f|g' "/home/$USERNAME/.procmailrc" fi fi done diff --git a/src/freedombone-utils-guile b/src/freedombone-utils-guile index 51a25cf9..1974e10e 100755 --- a/src/freedombone-utils-guile +++ b/src/freedombone-utils-guile @@ -37,14 +37,14 @@ EIGHTSYNC_COMMIT='8cbb7f22227c0afdd3b0bd758ebec0efba2fa1e1' function install_8sync { apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir "$INSTALL_DIR" fi - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 67832456 - git_clone $EIGHTSYNC_REPO $INSTALL_DIR/eightsync - cd $INSTALL_DIR/eightsync - git checkout ${EIGHTSYNC_COMMIT} -b ${EIGHTSYNC_COMMIT} + git_clone "$EIGHTSYNC_REPO" "$INSTALL_DIR/eightsync" + cd "$INSTALL_DIR/eightsync" || exit 23468346 + git checkout "${EIGHTSYNC_COMMIT}" -b "${EIGHTSYNC_COMMIT}" export GUILE_BASE_PATH=/opt/guile-${GUILE_VERSION} export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include" @@ -67,31 +67,31 @@ function install_guile { apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo lzip wget - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir "$INSTALL_DIR" fi - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 4298497 - if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then - wget https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz + if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then + wget "https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" fi - if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then + if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then echo 'Unable to download guile pack' exit 6735238 fi - CURR_GUILE_HASH=$(sha256sum guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz | awk -F ' ' '{print $1}') + CURR_GUILE_HASH=$(sha256sum "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" | awk -F ' ' '{print $1}') if [[ "$CURR_GUILE_HASH" != "$GUILE_HASH" ]]; then echo 'Guile hash does not match' exit 7237625 fi - cd / - tar xvf $INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz - if [ ! -d /opt/guile-${GUILE_VERSION}/bin ]; then + cd / || exit 73563635 + tar xvf "$INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" + if [ ! -d "/opt/guile-${GUILE_VERSION}/bin" ]; then echo 'Guile was not installed' exit 825269 fi echo "export GUILE_PATH=/opt/guile-${GUILE_VERSION}/bin" >> ~/.bashrc - echo 'export PATH=$PATH:$GUILE_PATH' >> ~/.bashrc + echo "export PATH=\$PATH:\$GUILE_PATH" >> ~/.bashrc } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-utils-i2p b/src/freedombone-utils-i2p index d3693660..0925eeff 100755 --- a/src/freedombone-utils-i2p +++ b/src/freedombone-utils-i2p @@ -34,12 +34,12 @@ I2P_DOMAIN='deb.i2p2.de' function install_i2p { - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir -p "$INSTALL_DIR" fi # install the gpg key - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 346735 if [ -f i2p-debian-repo.key.asc ]; then rm i2p-debian-repo.key.asc fi @@ -121,3 +121,5 @@ function i2p_enable_sam { sed -i 's|clientApp.1.startOnLoad=.*|clientApp.1.startOnLoad=true|g' /var/lib/i2p/i2p-config/clients.config systemctl restart i2p } + +# NOTE: deliberately no exit 0 diff --git a/src/freedombone-utils-interactive b/src/freedombone-utils-interactive index dfbd4314..65378e37 100755 --- a/src/freedombone-utils-interactive +++ b/src/freedombone-utils-interactive @@ -32,14 +32,13 @@ function interactive_configuration_remote_backups { if [[ $SYSTEM_TYPE == "mesh"* ]]; then return fi - if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then - if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then + if [ ! -f "/usr/local/bin/${PROJECT_NAME}-remote" ]; then + if [ ! -f "/usr/bin/${PROJECT_NAME}-remote" ]; then echo $"The command ${PROJECT_NAME}-remote was not found" exit 87354 fi fi - ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$FRIENDS_SERVERS_LIST" -m "$MINIMUM_PASSWORD_LENGTH" -r yes; then echo $'Command failed:' echo '' echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes" @@ -49,8 +48,8 @@ function interactive_configuration_remote_backups { } function interactive_configuration { - if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then - if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then + if [ ! -f "/usr/local/bin/${PROJECT_NAME}-config" ]; then + if [ ! -f "/usr/bin/${PROJECT_NAME}-config" ]; then echo $"The command ${PROJECT_NAME}-config was not found" exit 63935 fi @@ -59,32 +58,32 @@ function interactive_configuration { rm -f /tmp/meshuserdevice fi - if [ $SOCIALINSTANCE ]; then - ${PROJECT_NAME}-config \ - -f $CONFIGURATION_FILE \ - -w $PROJECT_WEBSITE \ - -m $MINIMUM_PASSWORD_LENGTH \ + if [ "$SOCIALINSTANCE" ]; then + "${PROJECT_NAME}-config" \ + -f "$CONFIGURATION_FILE" \ + -w "$PROJECT_WEBSITE" \ + -m "$MINIMUM_PASSWORD_LENGTH" \ --minimal "yes" \ - --social $SOCIALINSTANCE + --social "$SOCIALINSTANCE" else if [[ $ONION_ONLY == "no" ]]; then if [[ $MINIMAL_INSTALL == "no" ]]; then - ${PROJECT_NAME}-config \ - -f $CONFIGURATION_FILE \ - -w $PROJECT_WEBSITE \ - -m $MINIMUM_PASSWORD_LENGTH + "${PROJECT_NAME}-config" \ + -f "$CONFIGURATION_FILE" \ + -w "$PROJECT_WEBSITE" \ + -m "$MINIMUM_PASSWORD_LENGTH" else - ${PROJECT_NAME}-config \ - -f $CONFIGURATION_FILE \ - -w $PROJECT_WEBSITE \ - -m $MINIMUM_PASSWORD_LENGTH \ + "${PROJECT_NAME}-config" \ + -f "$CONFIGURATION_FILE" \ + -w "$PROJECT_WEBSITE" \ + -m "$MINIMUM_PASSWORD_LENGTH" \ --minimal "yes" fi else - ${PROJECT_NAME}-config \ - -f $CONFIGURATION_FILE \ - -w $PROJECT_WEBSITE \ - -m $MINIMUM_PASSWORD_LENGTH \ + "${PROJECT_NAME}-config" \ + -f "$CONFIGURATION_FILE" \ + -w "$PROJECT_WEBSITE" \ + -m "$MINIMUM_PASSWORD_LENGTH" \ --onion "yes" fi fi @@ -93,6 +92,7 @@ function interactive_configuration { rm -f /tmp/meshuserdevice exit 0 fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then echo $'Command failed:' echo '' @@ -107,7 +107,7 @@ function interactive_configuration { dialog --title $"Encrypted backup to other servers" \ --backtitle $"${PROJECT_NAME} Configuration" \ --defaultno \ - --yesno $"\nDo you wish to configure some remote backup locations?" 7 60 + --yesno $"\\nDo you wish to configure some remote backup locations?" 7 60 sel=$? case $sel in 0) interactive_configuration_remote_backups;; @@ -121,53 +121,55 @@ function interactive_site_details { SITE_BACKTITLE=$"Freedombone Configuration" SITE_CONFIG_TITLE=$"${site_name^} Configuration" - SITE_FORM_TEXT=$"\nPlease enter your ${site_name^} details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" + SITE_FORM_TEXT=$"\\nPlease enter your ${site_name^} details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" SITE_DOMAIN_NAME= SITE_CODE= SITE_DETAILS_COMPLETE= while [ ! $SITE_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle "$SITE_BACKTITLE" \ --title "$SITE_CONFIG_TITLE" \ --form "$SITE_FORM_TEXT" 14 55 3 \ - $"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ - $"Code:" 2 1 "$(grep '${site_name_upper}_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \ - 2> $data + $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ + $"Code:" 2 1 "$(grep "${site_name_upper}_CODE" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \ + 2> "$data" else dialog --backtitle "$SITE_BACKTITLE" \ --title "$SITE_CONFIG_TITLE" \ --form "$SITE_FORM_TEXT" 11 55 3 \ - $"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ - 2> $data + $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - SITE_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $SITE_DOMAIN_NAME ]; then + SITE_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$SITE_DOMAIN_NAME" ]; then TEST_DOMAIN_NAME=$SITE_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $SITE_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$SITE_DOMAIN_NAME" ]]; then SITE_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else - if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - SITE_CODE=$(cat $data | sed -n 2p) + if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then + SITE_CODE=$(sed -n 2p < "$data") validate_freedns_code "$SITE_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then SITE_DOMAIN_NAME= fi fi fi fi - if [ $SITE_DOMAIN_NAME ]; then + if [ "$SITE_DOMAIN_NAME" ]; then SITE_DETAILS_COMPLETE="yes" fi + rm -f "$data" done # save the results in the config file @@ -192,31 +194,31 @@ function interactive_site_details_with_title { SITE_DETAILS_COMPLETE= while [ ! $SITE_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title "$SITE_BACKTITLE" \ --form "$SITE_FORM_TEXT" 14 55 4 \ - $"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ - $"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ - $"Code:" 3 1 "$(grep '$SITE_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \ - 2> $data + $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ + $"Code:" 3 1 "$(grep "$SITE_CODE" temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \ + 2> "$data" else dialog --backtitle "$SITE_BACKTITLE" \ --title "$SITE_CONFIG_TITLE" \ --form "$SITE_FORM_TEXT" 11 55 3 \ - $"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ - $"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ - 2> $data + $"Title:" 1 1 "$(grep "$SITE_TITLE" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ + $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - SITE_TITLE=$(cat $data | sed -n 1p) - SITE_DOMAIN_NAME=$(cat $data | sed -n 2p) + SITE_TITLE=$(sed -n 1p < "$data") + SITE_DOMAIN_NAME=$(sed -n 2p < "$data") site_domain_name_str="$SITE_DOMAIN_NAME" if [ ${#site_domain_name_str} -gt 1 ]; then TEST_DOMAIN_NAME="$SITE_DOMAIN_NAME" @@ -225,10 +227,10 @@ function interactive_site_details_with_title { SITE_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else - if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - SITE_CODE=$(cat $data | sed -n 3p) + if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then + SITE_CODE=$(sed -n 3p < "$data") validate_freedns_code "${SITE_CODE}" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then SITE_DOMAIN_NAME= fi fi @@ -240,6 +242,7 @@ function interactive_site_details_with_title { SITE_DETAILS_COMPLETE="yes" fi fi + rm -f "$data" done # save the results in the config file diff --git a/src/freedombone-utils-keys b/src/freedombone-utils-keys index 42201cb4..9bd19f21 100755 --- a/src/freedombone-utils-keys +++ b/src/freedombone-utils-keys @@ -41,137 +41,137 @@ function interactive_gpg_from_usb { do detect_usb_drive - if [ ! -b $USB_DRIVE ]; then + if [ ! -b "$USB_DRIVE" ]; then if (( GPG_CTR > 0 )); then - gpg_reconstruct_key $MY_USERNAME interactive - gpg_update_mutt $MY_USERNAME + gpg_reconstruct_key "$MY_USERNAME" interactive + gpg_update_mutt "$MY_USERNAME" return 0 fi dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30 exit 739836 fi - backup_mount_drive ${USB_DRIVE} ${MY_USERNAME} + backup_mount_drive "${USB_DRIVE}" "${MY_USERNAME}" - if [ ! -d $USB_MOUNT ]; then + if [ ! -d "$USB_MOUNT" ]; then if (( GPG_CTR > 0 )); then - backup_unmount_drive ${USB_DRIVE} - gpg_reconstruct_key $MY_USERNAME interactive + backup_unmount_drive "${USB_DRIVE}" + gpg_reconstruct_key "$MY_USERNAME" interactive return 0 fi dialog --title $"Recover Encryption Keys" \ --msgbox $"There was a problem mounting the USB drive $USB_DRIVE to $USB_MOUNT" 6 70 - backup_unmount_drive ${USB_DRIVE} + backup_unmount_drive "${USB_DRIVE}" exit 74393 fi - if [ ! -d $USB_MOUNT/.gnupg ]; then - if [ ! -d $USB_MOUNT/.gnupg_fragments ]; then + if [ ! -d "$USB_MOUNT/.gnupg" ]; then + if [ ! -d "$USB_MOUNT/.gnupg_fragments" ]; then if (( GPG_CTR > 0 )); then - backup_unmount_drive ${USB_DRIVE} - gpg_reconstruct_key $MY_USERNAME interactive - gpg_update_mutt $MY_USERNAME + backup_unmount_drive "${USB_DRIVE}" + gpg_reconstruct_key "$MY_USERNAME" interactive + gpg_update_mutt "$MY_USERNAME" return 0 fi dialog --title $"Recover Encryption Keys" \ --msgbox $"The directory $USB_MOUNT/.gnupg or $USB_MOUNT/.gnupg_fragments was not found" 6 70 - backup_unmount_drive ${USB_DRIVE} + backup_unmount_drive "${USB_DRIVE}" exit 723814 fi fi - if [ -d $USB_MOUNT/letsencrypt ]; then + if [ -d "$USB_MOUNT/letsencrypt" ]; then if [ ! -d /etc/letsencrypt ]; then mkdir /etc/letsencrypt fi echo $'Recovering LetsEncrypt keys' - cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt + cp -r "$USB_MOUNT/letsencrypt/*" /etc/letsencrypt addgroup ssl-cert chown -R root:ssl-cert /etc/letsencrypt fi - if [ -f $USB_MOUNT/.mastergpgkey ]; then + if [ -f "$USB_MOUNT/.mastergpgkey" ]; then # Recovering keys from file rather than just copying the gnupg # directory may help to avoid problems during upgrades/reinstalls - if [ ! -f $USB_MOUNT/.backupgpgkey ]; then + if [ ! -f "$USB_MOUNT/.backupgpgkey" ]; then echo $'No backup key file found on USB drive' exit 725729 fi CURR_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME - CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//') - CURR_GPG_BACKUP_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//') + CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//') + CURR_GPG_BACKUP_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//') # If the default key is specified within gpg.conf - if [ -f $HOME_DIR/gpg.conf ]; then - if grep -q "default-key" $HOME_DIR/gpg.conf; then - default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key") + if [ -f "$HOME_DIR/gpg.conf" ]; then + if grep -q "default-key" "$HOME_DIR/gpg.conf"; then + default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf") if [[ "$default_gpg_key" != *'#'* ]]; then - default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}') + default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf" | awk -F ' ' '{print $2}') if [ ${#default_gpg_key} -gt 3 ]; then - CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//') + CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//') fi fi fi fi echo $'Making backup copy of existing gpg keys' - if [ -d $HOME_DIR/.gnupg ]; then - if [ -d $HOME_DIR/.gnupg_old ]; then - rm -rf $HOME_DIR/.gnupg_old + if [ -d "$HOME_DIR/.gnupg" ]; then + if [ -d "$HOME_DIR/.gnupg_old" ]; then + rm -rf "$HOME_DIR/.gnupg_old" fi - cp -r $HOME_DIR/.gnupg $HOME_DIR/.gnupg_old - chmod 700 $HOME_DIR/.gnupg_old - chmod -R 600 $HOME_DIR/.gnupg_old/* - chown -R $MY_USERNAME:$MY_USERNAME $HOME_DIR/.gnupg_old + cp -r "$HOME_DIR/.gnupg $HOME_DIR/.gnupg_old" + chmod 700 "$HOME_DIR/.gnupg_old" + chmod -R 600 "$HOME_DIR/.gnupg_old/*" + chown -R "$MY_USERNAME":"$MY_USERNAME" "$HOME_DIR/.gnupg_old" fi echo $'Removing old gpg keys' - gpg_delete_key $MY_USERNAME $CURR_GPG_BACKUP_ID - gpg_delete_key $MY_USERNAME $CURR_GPG_ID + gpg_delete_key "$MY_USERNAME" "$CURR_GPG_BACKUP_ID" + gpg_delete_key "$MY_USERNAME" "$CURR_GPG_ID" echo $'Importing master keys' - gpg --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey - echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey - if [ -d $HOME_DIR/.gnupg ]; then + gpg --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.mastergpgkey" + echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.backupgpgkey" + if [ -d "$HOME_DIR/.gnupg" ]; then echo $'Setting permissions' - gpg_set_permissions $MY_USERNAME + gpg_set_permissions "$MY_USERNAME" echo $"Updating muttrc for $MY_USERNAME" - gpg_update_mutt $MY_USERNAME + gpg_update_mutt "$MY_USERNAME" fi GPG_LOADING="no" dialog --title $"Recover Encryption Keys" \ --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70 else - if [ -d $USB_MOUNT/.gnupg ]; then - if [ ! -d $HOME_DIR/.gnupg ]; then - mkdir $HOME_DIR/.gnupg + if [ -d "$USB_MOUNT/.gnupg" ]; then + if [ ! -d "$HOME_DIR/.gnupg" ]; then + mkdir "$HOME_DIR/.gnupg" fi echo $'Recovering GPG keys' - cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg + cp -r "$USB_MOUNT/.gnupg/*" "$HOME_DIR/.gnupg" GPG_LOADING="no" dialog --title $"Recover Encryption Keys" \ --msgbox $"GPG Keyring directory loaded to $HOME_DIR" 6 70 else # Collect fragments from the USB drive - if [ ! -d $HOME_DIR/.gnupg_fragments ]; then - mkdir $HOME_DIR/.gnupg_fragments + if [ ! -d "$HOME_DIR/.gnupg_fragments" ]; then + mkdir "$HOME_DIR/.gnupg_fragments" fi - cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments + cp -r "$USB_MOUNT/.gnupg_fragments/*" "$HOME_DIR/.gnupg_fragments" fi fi - if [[ $SSH_IMPORTED == "no" ]]; then - if [ -d $USB_MOUNT/.ssh ]; then - if [ ! -d $HOME_DIR/.ssh ]; then - mkdir $HOME_DIR/.ssh + if [[ "$SSH_IMPORTED" == "no" ]]; then + if [ -d "$USB_MOUNT/.ssh" ]; then + if [ ! -d "$HOME_DIR/.ssh" ]; then + mkdir "$HOME_DIR/.ssh" fi - cp $USB_MOUNT/.ssh/* $HOME_DIR/.ssh + cp "$USB_MOUNT/.ssh/*" "$HOME_DIR/.ssh" dialog --title $"Recover Encryption Keys" \ --msgbox $"ssh keys imported" 6 70 SSH_IMPORTED="yes" fi fi - if [ -d $USB_MOUNT ]; then - backup_unmount_drive ${USB_DRIVE} + if [ -d "$USB_MOUNT" ]; then + backup_unmount_drive "${USB_DRIVE}" fi if [[ $GPG_LOADING == "yes" ]]; then dialog --title $"Recover Encryption Keys" \ @@ -185,15 +185,15 @@ function interactive_gpg_from_remote { REMOTE_SERVERS_LIST=/home/$MY_USERNAME/keyshareservers.txt # get a list of remote servers - ${PROJECT_NAME}-remote -u $MY_USERNAME -l $REMOTE_SERVERS_LIST -t "Remote server" + "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST" -t "Remote server" - if [ ! -f $REMOTE_SERVERS_LIST ]; then + if [ ! -f "$REMOTE_SERVERS_LIST" ]; then dialog --title $"Encryption Keys Recovery" --msgbox $'Error obtaining server list' 6 70 return 1 fi # check the number of entries in the file - no_of_servers=$(cat $REMOTE_SERVERS_LIST | wc -l) + no_of_servers=$(wc -l < "$REMOTE_SERVERS_LIST") if (( no_of_servers < 3 )); then dialog --title $"Encryption Keys Recovery" \ --msgbox $'There must be at least three servers to recover the key' 6 70 @@ -201,8 +201,7 @@ function interactive_gpg_from_remote { fi # try to recover the key from the servers - ${PROJECT_NAME}-recoverkey -u $MY_USERNAME -l $REMOTE_SERVERS_LIST - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST"; then dialog --title $"Encryption Keys Recovery" --msgbox $'Your key could not be recovered' 6 70 return 3 fi @@ -217,36 +216,36 @@ function interactive_gpg { while [[ $GPG_CONFIGURED != "yes" ]] do GPG_CONFIGURED="yes" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Configuration" \ --radiolist $"GPG/PGP keys for your system:" 13 70 3 \ 1 $"Generate new keys (new user)" on \ 2 $"Import keys from USB drive/s" off \ - 3 $"Retrieve keys from friends servers" off 2> $data + 3 $"Retrieve keys from friends servers" off 2> "$data" sel=$? case $sel in - 1) exit 1;; - 255) exit 2;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 2;; esac - case $(cat $data) in - 1) if [ -d /home/${MY_USERNAME}/.gnupg ]; then - rm -rf /home/${MY_USERNAME}/.gnupg + case $(cat "$data") in + 1) if [ -d "/home/${MY_USERNAME}/.gnupg" ]; then + rm -rf "/home/${MY_USERNAME}/.gnupg" fi break;; 2) interactive_gpg_from_usb break;; - 3) interactive_gpg_from_remote - if [ ! "$?" = "0" ]; then + 3) if ! interactive_gpg_from_remote; then GPG_CONFIGURED="no" fi;; esac + rm -f "$data" done } function interactive_key_recovery { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Encryption Keys Recovery" \ --backtitle $"Freedombone Configuration" \ @@ -254,14 +253,16 @@ function interactive_key_recovery { --yesno $"Do you wish to recover your previous encryption keys from a USB master keydrive?" 7 60 sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac clear apt-get -yq install cryptsetup - ${PROJECT_NAME}-recoverkey -u $MY_USERNAME - if [ -d /home/$MY_USERNAME/.gnupg ]; then - cp -rf /home/$MY_USERNAME/.gnupg /root + "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME" + if [ -d "/home/$MY_USERNAME/.gnupg" ]; then + cp -rf "/home/$MY_USERNAME/.gnupg" /root chmod 700 /root/.gnupg chmod 600 /root/.gnupg/* printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr @@ -269,6 +270,7 @@ function interactive_key_recovery { chmod +x /root/.gnupg/crls.d fi fi + rm -f "$data" } function set_password_for_all_users { @@ -278,7 +280,7 @@ function set_password_for_all_users { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - ${PROJECT_NAME}-pass -u "${USERNAME}" -a "${app_name}" -p "${change_password}" + "${PROJECT_NAME}-pass" -u "${USERNAME}" -a "${app_name}" -p "${change_password}" fi done } diff --git a/src/freedombone-utils-login b/src/freedombone-utils-login index 32cf290a..397c7f1a 100755 --- a/src/freedombone-utils-login +++ b/src/freedombone-utils-login @@ -38,14 +38,13 @@ function change_login_message { rm -f /etc/init.d/motd fi - echo '' > /etc/motd - echo ".---. . . " >> /etc/motd - echo "| | | " >> /etc/motd - echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd - echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd - echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd - echo $' Freedom in the Cloud' >> /etc/motd - echo '' >> /etc/motd + { echo ".---. . . "; + echo "| | | "; + echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. "; + echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' "; + echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'"; + echo $' Freedom in the Cloud'; + echo ''; } > /etc/motd mark_completed "${FUNCNAME[0]}" } diff --git a/src/freedombone-utils-mesh b/src/freedombone-utils-mesh index 84742a41..6b1ddcc9 100755 --- a/src/freedombone-utils-mesh +++ b/src/freedombone-utils-mesh @@ -35,11 +35,11 @@ MESH_DEFAULT_PROTOCOL=/root/.mesh_protocol_default function mesh_generate_ipv6_address { network=fd66:66:66 - if [ $1 ]; then - search_ipv6=$(ifconfig $1 | grep $network) - if [ $search_ipv6 ]; then - result=$(ifconfig $1 | grep $network | awk -F ' ' '{print $2}') - ip -6 addr add ${result}/128 dev $1 + if [ "$1" ]; then + search_ipv6=$(ifconfig "$1" | grep "$network") + if [ "$search_ipv6" ]; then + result=$(ifconfig "$1" | grep "$network" | awk -F ' ' '{print $2}') + ip -6 addr add "${result}/128" dev "$1" return fi fi @@ -51,7 +51,7 @@ function mesh_generate_ipv6_address { d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]} e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]} result=$network:$a:$b:$c:$d:$e - ip -6 addr add ${result}/128 dev $1 + ip -6 addr add "${result}/128" dev "$1" } function mesh_protocol_init { @@ -67,21 +67,21 @@ function mesh_protocol_init { # Mesh definition WIFI_SSID='mesh' - if [ -f $COMPLETION_FILE ]; then - if grep -q "WIFI_SSID:" $COMPLETION_FILE; then - WIFI_SSID=$(cat $COMPLETION_FILE | grep "WIFI_SSID:" | awk -F ':' '{print $2}') + if [ -f "$COMPLETION_FILE" ]; then + if grep -q "WIFI_SSID:" "$COMPLETION_FILE"; then + WIFI_SSID=$(grep "WIFI_SSID:" "$COMPLETION_FILE" | awk -F ':' '{print $2}') fi - sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" $COMPLETION_FILE + sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" "$COMPLETION_FILE" fi CELLID='any' CHANNEL=2 HOTSPOT_CHANNEL=6 - if [ -f $COMPLETION_FILE ]; then - if grep -q "Wifi channel:" $COMPLETION_FILE; then - CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}') + if [ -f "$COMPLETION_FILE" ]; then + if grep -q "Wifi channel:" "$COMPLETION_FILE"; then + CHANNEL=$(grep "Wifi channel:" "$COMPLETION_FILE" | awk -F ':' '{print $2}') fi - sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" $COMPLETION_FILE + sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" "$COMPLETION_FILE" fi ZERONET_PORT=15441 @@ -101,18 +101,18 @@ function mesh_protocol_init { EIFACE=eth0 WLAN_ADAPTORS=$(count_wlan) - if [ $WLAN_ADAPTORS -eq 0 ]; then + if [ "$WLAN_ADAPTORS" -eq 0 ]; then echo $'No wlan adaptors found' exit 0 fi } function get_ipv6_wlan { - echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}') + ifconfig "${IFACE}" | grep inet6 | awk -F ' ' '{print $2}' } function mesh_hotspot_ip_address { - echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}') + ifconfig "${BRIDGE}" | grep inet6 | awk -F ' ' '{print $2}' } function global_rate_limit { @@ -129,7 +129,7 @@ function global_rate_limit { function assign_peer_address { for i in {1..6}; do number=$RANDOM - let "number %= 255" + (( "number %= 255" )) octet=$(echo "obase=16;$number" | bc) if [ ${#octet} -lt 2 ]; then octet="0${octet}" @@ -142,7 +142,7 @@ function assign_peer_address { } function mesh_create_app_downloads_page { - if [ ! -d /root/$PROJECT_NAME/image_build/mesh_apps ]; then + if [ ! -d "/root/$PROJECT_NAME/image_build/mesh_apps" ]; then return fi if [ ! -d /var/www/html ]; then @@ -163,27 +163,27 @@ function mesh_create_app_downloads_page { mv /home/fbone/Desktop/cryptpad.desktop /home/fbone/.cryptpad.desktop fi - cp /root/$PROJECT_NAME/website/EN/meshindex.html /var/www/html/index.html + cp "/root/$PROJECT_NAME/website/EN/meshindex.html" /var/www/html/index.html if [ ! -f /var/www/html/ssb.apk ]; then - cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk + cp "/root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk" /var/www/html/ssb.apk fi if [ ! -f /var/www/html/trifa.apk ]; then - cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk + cp "/root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk" /var/www/html/trifa.apk fi if [ ! -d /var/www/html/images ]; then mkdir /var/www/html/images fi if [ ! -f /var/www/html/images/logo.png ]; then - cp /root/$PROJECT_NAME/img/logo.png /var/www/html/images/logo.png + cp "/root/$PROJECT_NAME/img/logo.png" /var/www/html/images/logo.png fi if [ ! -f /var/www/html/images/ssb.png ]; then - cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png + cp "/root/$PROJECT_NAME/img/icon_patchwork.png" /var/www/html/images/ssb.png fi if [ ! -f /var/www/html/images/trifa.png ]; then - cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png + cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png fi if [ ! -f /var/www/html/freedombone.css ]; then - cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css + cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css fi chown -R www-data:www-data /var/www/html/* } @@ -191,8 +191,8 @@ function mesh_create_app_downloads_page { function enable_mesh_firewall { iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT - iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT + iptables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT iptables -A INPUT -p udp --dport 6240 -j ACCEPT iptables -A INPUT -p tcp --dport 6240 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT @@ -203,16 +203,16 @@ function enable_mesh_firewall { iptables -A INPUT -p udp --dport 5353 -j ACCEPT iptables -A INPUT -p tcp --dport 5354 -j ACCEPT iptables -A INPUT -p udp --dport 5354 -j ACCEPT - iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT - iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT - iptables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT - iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT + iptables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT + iptables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT + iptables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT + iptables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT + iptables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT + iptables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT + iptables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT # SSB/Scuttlebot/Patchwork - iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT iptables -A INPUT -p udp --dport 8008 -j ACCEPT iptables -A INPUT -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p udp --dport 8010 -j ACCEPT @@ -227,8 +227,8 @@ function enable_mesh_firewall { ip6tables -A INPUT -p ipv6-icmp -j ACCEPT ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT - ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT - ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT + ip6tables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT ip6tables -A INPUT -p udp --dport 6240 -j ACCEPT ip6tables -A INPUT -p tcp --dport 6240 -j ACCEPT ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT @@ -239,16 +239,16 @@ function enable_mesh_firewall { ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT ip6tables -A INPUT -p tcp --dport 5354 -j ACCEPT ip6tables -A INPUT -p udp --dport 5354 -j ACCEPT - ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT - ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT - ip6tables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT - ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT - ip6tables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT - ip6tables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT - ip6tables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT - ip6tables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT + ip6tables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT + ip6tables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT + ip6tables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT # SSB/Scuttlebot/Patchwork - ip6tables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT + ip6tables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT ip6tables -A INPUT -p udp --dport 8008 -j ACCEPT ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT @@ -266,12 +266,12 @@ function enable_mesh_firewall { # to discover local peers iptables -A INPUT -p tcp --dport 653 -j ACCEPT iptables -A INPUT -p udp --dport 653 -j ACCEPT - iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT + iptables -A INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT - iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE + iptables -A FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE iptables -A OUTPUT -o tun+ -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf @@ -280,8 +280,8 @@ function enable_mesh_firewall { } function disable_mesh_firewall { - iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT + iptables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT iptables -D INPUT -p udp --dport 6240 -j ACCEPT iptables -D INPUT -p tcp --dport 6240 -j ACCEPT iptables -D INPUT -p tcp --dport 80 -j ACCEPT @@ -292,17 +292,17 @@ function disable_mesh_firewall { iptables -D INPUT -p udp --dport 5353 -j ACCEPT iptables -D INPUT -p tcp --dport 5354 -j ACCEPT iptables -D INPUT -p udp --dport 5354 -j ACCEPT - iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT + iptables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT + iptables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT + iptables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT + iptables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT + iptables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT + iptables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT + iptables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT + iptables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT # SSB/Scuttlebot/Patchwork - iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT iptables -D INPUT -p udp --dport 8008 -j ACCEPT iptables -D INPUT -p tcp --dport 8008 -j ACCEPT iptables -D INPUT -p udp --dport 8010 -j ACCEPT @@ -315,8 +315,8 @@ function disable_mesh_firewall { ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT - ip6tables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT - ip6tables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT + ip6tables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT ip6tables -D INPUT -p udp --dport 6240 -j ACCEPT ip6tables -D INPUT -p tcp --dport 6240 -j ACCEPT ip6tables -D INPUT -p tcp --dport 80 -j ACCEPT @@ -327,17 +327,17 @@ function disable_mesh_firewall { ip6tables -D INPUT -p udp --dport 5353 -j ACCEPT ip6tables -D INPUT -p tcp --dport 5354 -j ACCEPT ip6tables -D INPUT -p udp --dport 5354 -j ACCEPT - ip6tables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT - ip6tables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT - ip6tables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT - ip6tables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT - ip6tables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT - ip6tables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT - ip6tables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT - ip6tables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT - ip6tables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT + ip6tables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT + ip6tables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT + ip6tables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT + ip6tables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT # SSB/Scuttlebot/Patchwork - ip6tables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT + ip6tables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT ip6tables -D INPUT -p udp --dport 8008 -j ACCEPT ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT @@ -352,12 +352,12 @@ function disable_mesh_firewall { # vpn over the internet iptables -D INPUT -p tcp --dport 653 -j ACCEPT iptables -D INPUT -p udp --dport 653 -j ACCEPT - iptables -D INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT + iptables -D INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT iptables -D INPUT -i tun+ -j ACCEPT iptables -D FORWARD -i tun+ -j ACCEPT - iptables -D FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -D FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE + iptables -D FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -D FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE iptables -D OUTPUT -o tun+ -j ACCEPT echo 0 > /proc/sys/net/ipv4/ip_forward @@ -401,25 +401,25 @@ function enable_mesh_tor { } function enable_mesh_seconary_wifi { - if [ $secondary_wifi_available ]; then + if [ "$secondary_wifi_available" ]; then sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd mesh_hotspot_address=$(mesh_hotspot_ip_address) if [[ "$mesh_hotspot_address" == *'.'* ]]; then - echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf - echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf - echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf - echo "country_code=UK" >> /etc/hostapd/hostapd.conf - echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf - echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf - echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf - echo 'wpa=2' >> /etc/hostapd/hostapd.conf - echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf - echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf - echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf - echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf - echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf - echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf + { echo "interface=${IFACE_SECONDARY}"; + echo "bridge=${BRIDGE}"; + echo 'driver=nl80211'; + echo "country_code=UK"; + echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}"; + echo 'hw_mode=g'; + echo "channel=${HOTSPOT_CHANNEL}"; + echo 'wpa=2'; + echo "wpa_passphrase=$HOTSPOT_PASSPHRASE"; + echo 'wpa_key_mgmt=WPA-PSK'; + echo 'wpa_pairwise=TKIP'; + echo 'rsn_pairwise=CCMP'; + echo 'auth_algs=1'; + echo 'macaddr_acl=0'; } > /etc/hostapd/hostapd.conf sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf @@ -437,7 +437,7 @@ function enable_mesh_seconary_wifi { fi fi - if [ ! $secondary_wifi_available ]; then + if [ ! "$secondary_wifi_available" ]; then systemctl stop hostapd systemctl disable hostapd diff --git a/src/freedombone-utils-meteor b/src/freedombone-utils-meteor index d60d6def..5caa5b50 100755 --- a/src/freedombone-utils-meteor +++ b/src/freedombone-utils-meteor @@ -41,14 +41,14 @@ function meteor_cleanUp { } function install_meteor_script { - meteor_dir=$1 + meteor_dir="$1" - if [ ! $meteor_dir ]; then + if [ ! "$meteor_dir" ]; then echo $'No meteor install directory specified' exit 692025 fi - if [ ! -d $meteor_dir ]; then + if [ ! -d "$meteor_dir" ]; then echo $'Meteor install directory not found' exit 845382 fi @@ -67,19 +67,19 @@ function install_meteor_script { DIR_PREFIX="/usr/local" - TARBALL_URL="$https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz" + TARBALL_URL="https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz" INSTALL_TMPDIR="$meteor_dir/.meteor-install-tmp" TARBALL_FILE="$meteor_dir/.meteor-tarball-tmp" # Remove temporary files now in case they exist. meteor_cleanUp - if [ -d $INSTALL_TMPDIR ]; then - rm -rf $INSTALL_TMPDIR + if [ -d "$INSTALL_TMPDIR" ]; then + rm -rf "$INSTALL_TMPDIR" fi mkdir "$INSTALL_TMPDIR" - if [ ! -f ${TARBALL_FILE} ]; then + if [ ! -f "${TARBALL_FILE}" ]; then echo "Downloading Meteor distribution" # keep trying to curl the file until it works (resuming where possible) MAX_ATTEMPTS=10 @@ -90,11 +90,8 @@ function install_meteor_script { do ATTEMPTS=$((ATTEMPTS + 1)) - curl --progress-bar --fail --continue-at - \ - "$TARBALL_URL" --output "$TARBALL_FILE" - - if [ $? -eq 0 ] - then + if curl --progress-bar --fail --continue-at - \ + "$TARBALL_URL" --output "$TARBALL_FILE"; then break fi @@ -103,14 +100,14 @@ function install_meteor_script { done fi - if [ ! -f ${TARBALL_FILE} ]; then + if [ ! -f "${TARBALL_FILE}" ]; then echo $'meteor tarball could not be downloaded' exit 7272452 fi tar -xzf "$TARBALL_FILE" -C "$INSTALL_TMPDIR" -o - if [ ! -f ${INSTALL_TMPDIR}/.meteor/meteor ]; then + if [ ! -f "${INSTALL_TMPDIR}/.meteor/meteor" ]; then echo $'tarball not extracted' exit 693252 fi @@ -201,10 +198,10 @@ EOF function install_meteor { apt-get -yq install curl - if [ ! -d $INSTALL_DIR/meteor ]; then - mkdir $INSTALL_DIR/meteor + if [ ! -d "$INSTALL_DIR/meteor" ]; then + mkdir "$INSTALL_DIR/meteor" fi - cd $INSTALL_DIR/meteor + cd "$INSTALL_DIR/meteor" || exit 72345274 install_meteor_script } diff --git a/src/freedombone-utils-mongodb b/src/freedombone-utils-mongodb index b19e37b4..255408ee 100755 --- a/src/freedombone-utils-mongodb +++ b/src/freedombone-utils-mongodb @@ -35,14 +35,14 @@ MONGODB_APPS_FILE=$HOME/.mongodbapps function store_original_mongodb_password { if [ ! -f /root/.mongodboriginal ]; then echo $'Storing original mongodb password' - ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb) + ORIGINAL_MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb) # We can store this in plaintext because it will soon be of historical interest only echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal fi } function get_mongodb_password { - MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb) + MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb) if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then echo $'Could not obtain mongodb password' exit 7835272 @@ -63,14 +63,14 @@ function install_mongodb { function_check get_mongodb_password get_mongodb_password - if [ ! $MONGODB_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ ! "$MONGODB_PASSWORD" ]; then + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + MONGODB_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" + MONGODB_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - ${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD" + "${PROJECT_NAME}-pass" -u root -a mongodb -p "$MONGODB_PASSWORD" apt-get -yq install mongodb mongo-tools apt-get -yq remove --purge apache2-bin* @@ -84,9 +84,9 @@ function install_mongodb { exit 78352 fi - if [ $app_name ]; then - if ! grep -q "$app_name" $MONGODB_APPS_FILE; then - echo "$app_name" >> $MONGODB_APPS_FILE + if [ "$app_name" ]; then + if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then + echo "$app_name" >> "$MONGODB_APPS_FILE" fi fi @@ -96,14 +96,14 @@ function install_mongodb { function remove_mongodb { app_name=$1 - if [ ! $app_name ]; then + if [ ! "$app_name" ]; then return fi removemongo= - if [ -f $MONGODB_APPS_FILE ]; then - sed -i "/$app_name/d" $MONGODB_APPS_FILE - if [ ! -s $MONGODB_APPS_FILE ]; then + if [ -f "$MONGODB_APPS_FILE" ]; then + sed -i "/$app_name/d" "$MONGODB_APPS_FILE" + if [ ! -s "$MONGODB_APPS_FILE" ]; then removemongo=1 fi else @@ -125,7 +125,7 @@ function remove_mongodb { if [ -f /etc/init.d/mongodb ]; then rm /etc/init.d/mongodb fi - sed -i '/install_mongodb/d' $COMPLETION_FILE + sed -i '/install_mongodb/d' "$COMPLETION_FILE" fi } @@ -146,10 +146,10 @@ function drop_database_mongodb { if [[ "$database_name" == 'admin' ]]; then return fi - mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )" - if [ $app_name ]; then - if grep -q "$app_name" $MONGODB_APPS_FILE; then - sed -i "/$app_name/d" $MONGODB_APPS_FILE + mongo "$database_name" --eval "db.runCommand( { dropDatabase: 1 } )" + if [ "$app_name" ]; then + if grep -q "$app_name" "$MONGODB_APPS_FILE"; then + sed -i "/$app_name/d" "$MONGODB_APPS_FILE" fi fi } @@ -157,8 +157,7 @@ function drop_database_mongodb { function initialise_database_mongodb { database_name=$1 database_file=$2 - mongorestore $database_file - if [ ! "$?" = "0" ]; then + if ! mongorestore "$database_file"; then exit 8358365 fi } @@ -166,11 +165,13 @@ function initialise_database_mongodb { function create_database_mongodb { app_name="$1" app_admin_password="$2" - app_admin_username=$3 + app_admin_username="$3" mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })" - if [ $app_name ]; then - if ! grep -q "$app_name" $MONGODB_APPS_FILE; then - echo "$app_name" >> $MONGODB_APPS_FILE + if [ "$app_name" ]; then + if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then + echo "$app_name" >> "$MONGODB_APPS_FILE" fi fi } + +# NOTE: deliberately there is no "exit 0" diff --git a/src/freedombone-utils-monkeysphere b/src/freedombone-utils-monkeysphere index 1ca49684..d1883571 100755 --- a/src/freedombone-utils-monkeysphere +++ b/src/freedombone-utils-monkeysphere @@ -34,22 +34,22 @@ function install_monkeysphere { fi apt-get -yq install monkeysphere msva-perl #su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME - mkdir /home/$MY_USERNAME/.monkeysphere - chmod 755 /home/$MY_USERNAME/.monkeysphere - echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids - chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere + mkdir "/home/$MY_USERNAME/.monkeysphere" + chmod 755 "/home/$MY_USERNAME/.monkeysphere" + echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids" + chmod 644 "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids" + chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.monkeysphere" monkeysphere-authentication update-users if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then echo $'monkeysphere import: ssh host key not found' exit 76295 fi - monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME + monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME" SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}') - monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME + monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME" - if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then + if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME") if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME" @@ -57,8 +57,8 @@ function install_monkeysphere { fi fi # The admin user is the identity certifier - fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}') - monkeysphere-authentication add-identity-certifier $fpr + fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}') + monkeysphere-authentication add-identity-certifier "$fpr" mark_completed "${FUNCNAME[0]}" } diff --git a/src/freedombone-utils-network b/src/freedombone-utils-network index 7b9a5df4..95d6ba89 100755 --- a/src/freedombone-utils-network +++ b/src/freedombone-utils-network @@ -62,11 +62,11 @@ function install_static_network { echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces - echo 'auto eth0' > /etc/network/interfaces.d/static - echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static - echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces.d/static - echo ' netmask 255.255.255.0' >> /etc/network/interfaces.d/static - echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces.d/static + { echo 'auto eth0'; + echo 'iface eth0 inet static'; + echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS"; + echo ' netmask 255.255.255.0'; + echo " gateway $ROUTER_IP_ADDRESS"; } > /etc/network/interfaces.d/static mark_completed "${FUNCNAME[0]}" } @@ -77,23 +77,23 @@ function get_external_ipv4_address { function get_ipv4_address { IPv4dev=$(ip route get $IPV4_ADDRESS_TEST_DESTINATION | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') - echo $(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}') + ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}' } function get_ipv6_address { retval=$(ip -6 route get $IPV6_ADDRESS_TEST_DESTINATION 2> /dev/null) - echo $(echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }') + echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }' } function update_external_ip { ip_update_script=/usr/bin/externalipupdate - echo '#!/bin/bash' >> $ip_update_script - echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script - echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script - echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script - echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script - echo " echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt" >> $ip_update_script - echo 'fi' >> $ip_update_script + { echo '#!/bin/bash'; + echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'"; + echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')"; + echo "if [[ \"\$curr_ip\" != \"\$existing_ip\" ]]; then"; + echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE"; + echo " echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt"; + echo 'fi'; } > $ip_update_script cron_add_mins 10 $ip_update_script }